PART ONE
October 30, 2017 | Author: Anonymous | Category: N/A
Short Description
prepared by the Ministry of Finance and. Economic User PART ONE INTERNAL AUDIT MANUAL Part One Ministr ......
Description
INTERNAL AUDIT STANDARDS AND CODE OF ETHICS FOR INTERNAL AUDITORS AND INTERNAL AUDIT PROCEDURAL MANUAL
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMEN
TABLE OF CONTENTS Section
Page Part - One Introduction
I II III IV
Background Basic Concepts of Auditing Advice to Users of the Manual Scope and Responsibility
1 2 8 12
Part Two – Internal Audit Standards and Code of Ethics I II III
Introduction Internal Audit Standards of Public Bodies of Government of Ethiopia Code of Ethics
I II III IV V VI
Part Three - Basic Concepts and Principles of Internal Audit Internal Control System Evaluating Internal Control System Audit Approaches Planning and Controlling Internal Audit Documenting Internal Audit Reporting Audit Findings
16 17 37
44 57 66 78 89 97
Part Four - Procedural Guidance on Financial Audits I II III IV V VI VII VIII
Introduction Cash and Bank Balances Receipts and Receivables Stocks Fixed Assets Payroll Expenditures Procurements
103 104 114 126 134 139 145 149
Part Five - Procedural Guidance on Special Audits I II III IV V
Fraud and Investigation Value for Money Project and Contract Audit Computer Auditing Social and Environmental Audit Annexes Glossary of Terms
158 167 180 183 192 195 281
1 INTERNAL AUDIT MANUAL
PART ONE
SECTION I: BACKGROUND
1. The Internal Audit Manual has been prepared by the Ministry of Finance and Economic Development and is issued under the authority of part two of the Council of Ministers Financial Regulations (No. 17/1997). It gives the Ministry of Finance and Economic Development the power to formulate and distribute directives that detail the Government Financial Policies and to develop and maintain appropriate standards of work and conduct of internal audit for application throughout all public bodies. 2. The Manual applies to all public bodies. Public body means “any organ of the Federal Government which is partly or wholly financed by Government allocated budget” (Part One, article two of the Financial Administration Proclamation of the Federal Government of Ethiopia – No 57/1996). In practice this means that the manual applies to ministries and their departments and subordinate offices, and other entities wholly funded by the budget. 3. The Manual provides guidelines as to how the Internal Audit Services of each public body have to organize and mange their work. As internal audit should adopt the continuous changes in public bodies and in Society, the Ministry of Finance and Economic Development will modify the Manual as and when necessary. 4. If public bodies have any questions or queries regarding this Manual they should contact the Ministry of Finance and Economic Development.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
2 INTERNAL AUDIT MANUAL
PART ONE
SECTION II : BASIC CONCEPTS OF AUDITING
Introduction 1.
Audit is derived from a Latin word, meaning, “he hears”. In ancient times, the accounts of an estate, domain or manor were checked by having them called out to those in authority by those who had compiled them.
2.
Currently, auditing can be defined as the process by which a competent, independent person, accumulates and evaluates evidence about quantifiable information related to a specific economic entity for the purpose of determining and reporting on the degree of correspondence between the quantifiable information and established criteria.
Types of audits Auditing can be mainly grouped into four types:3.
Financial audit: involves verification of financial data to express opinion on their validity and reliability
4.
Compliance audit: involves verifying adherence to policies, plans, procedures, laws and regulations
5.
Value for money (performance) audit: is a forward looking evaluation of operations to identify areas in which economy, efficiency and effectiveness (the three E’s) may be improved or to evaluate compliance with and the adequacy of operational policies, plans and procedures. It involves evaluation of inputs, process and outputs. Other names used to describe this type of audit include Operational, Management and Three E audit.
6.
Environmental audit : is an audit which confirms the degree of compliance with both internally and externally determined emission and pollution standards. Types of auditor [Internal and External Auditors]
7.
Internal auditors are auditors employed by the organization to carry out an independent appraisal within the organization, which operate as a service to the Organization by measuring and evaluating the effectiveness of internal control system. Internal auditors of public bodies are auditors employed to: -
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
3 INTERNAL AUDIT MANUAL
8.
PART ONE
•
Provide an independent and objective opinion to the Head of public body on risk management, control and governance, by measuring and evaluating their effectiveness in achieving the public body’s agreed objectives. Risk management, control and governance comprise the policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and external reporting and accountability processes, compliance with applicable laws and regulations and compliance with the behavioral and ethical standards set for the public body.
•
Provide an independent and objective consultancy service specifically to help management improve the public body’s risk management, control and governance. Internal audit applies professional skills through a systematic and disciplined evaluation of the policies, procedures and operations that management put in place to ensure the achievement of the public body’s objectives, and through recommendations for improvement. Such consultancy work contributes to the opinion which internal audit provides on risk management, control and governance.
External auditors are auditors who are entirely independent of the audited entity. Their duty is to report primarily to third parties (in the case of audit of limited companies they report to shareholders; in the case of Government of Ethiopia the external auditor is the Office of the Auditor-General which reports to parliament). External auditors in undertaking an audit of financial statements will: •
Carry out procedures designed to obtain sufficient and appropriate audit evidence, in accordance with Generally Accepted Auditing Standards to determine with reasonable confidence whether the financial statements are free from material misstatement;
•
Evaluate the overall presentation of the financial statements, in order to ascertain whether they have been prepared in accordance with relevant legislation and accounting standards;
•
Issue a report containing a clear expression of their opinion on the financial statements.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
4 INTERNAL AUDIT MANUAL
9.
PART ONE
Below are given the differences between the internal and external auditors : -
Internal auditor
External auditor
1
is an employee of the organization which is being audited
1
is not an employee of the organization which is being audited
2
reports to the management
2
reports to third parties
3
reviews the internal controls primarily to improve compliance and develop improved controls
3
reviews the internal controls primarily to determine whether reliance can be placed upon them in carrying out the audit
4
carries out his work according to relative risk and management responsibilities
4
carries out his work according to relative risk and the need to give an audit opinion on the financial statements
5
is directly concerned with the detection and prevention of fraud
5
is incidentally concerned with the detection and prevention of fraud
6
is independent of the financial function of the entity
6
is independent of the entity
7
audits the organization throughout the year
7
audits the organization periodically, usually once or at most twice a year
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
5 INTERNAL AUDIT MANUAL
10.
PART ONE
Why does the head of the internal audit unit have a duty to work with external auditors? Government financial management is an integrated process, which works best when each component (budgeting, financial control, accounting, reporting, auditing) is working well, and all are well coordinated. Because there are at least two types of government auditors (external and internal), government auditing has to be coordinated in order to avoid duplication or omission of audit work. Too many uncoordinated audits would be a burden and an unnecessary waste of resources. Since internal auditors are employees of the entity, they cannot have as much independence as external auditors. Sometimes they will identify significant risks, which managers do not address, or their audit findings may be ignored. Management may have also steered them away from certain audits or put obstacles in the way of collecting certain types of information. Having a duty to make findings and papers available to the external auditor is a necessary safety valve.
11.
What are the major risks/dangers facing internal auditors? •
Lack of expertise, leading to trivial audit findings and lack of management respect;
•
Lack of opportunity for professional development;
•
Domination by dishonest management and staff members, leading to the neglect of sensitive areas where controls are weak and encourage abuses;
•
Repetitive audit routines which staff members can predict;
•
Being assigned to tasks such as accounting and pre-control of expenditures which the internal auditor will subsequently have to audit (conflict of interest);
•
Inability to insist on getting significant information because of fears of losing promotion opportunities and job security (lack of independence);
•
Being ignored;
•
Top managers who are engaged in avoiding controls to the detriment of the entity.
•
Management and employees do not maintain and demonstrate a positive and supportive attitude toward internal controls;
•
Wrong perception of the audit function and auditors by staff of the public body.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
6 INTERNAL AUDIT MANUAL
PART ONE
Preaudits and Postaudits 12.
Auditing specially in government offices takes two forms, commonly referred to as “preaudit” and “postaudit.” Preaudit is the examination of transactions before payment. It is the more traditional audit function. Postaudit represents an after-thefact examination and is more recent in origin. Scope and concept of preaudit
13.
The preaudit, perhaps more accurately described as prepayment audit, is generally an integral part of the central accounting and payment process. The basic objectives of preaudit are to provide assurance that; •
expenditures are not unreasonable or extravagant;
•
sufficient funds are available to enable payment of the invoice; and
•
there has been compliance with government proclamations, regulations, directives, procedural and budgetary requirements. It may include an examination of contracts prior to approval and encumbrance, scrutiny of all invoices, and all payrolls before payment.
Limitations of preaudit 14.
Preaudit tends to be clerical and routine in nature. Even the most effective preaudit has significant limitations. For example preaudit procedures may provide adequate assurance that prices shown on invoices for supplies are in accordance with contract prices, but they cannot provide assurance that the supplies were actually needed and efficiently utilized. Previously preaudit was considered as a significant element of internal control. However, through time the internal auditor was considered as a part of management in authorizing payments and as a result of which management tended to rely on the internal auditor instead of discharging its own responsibilities.
15.
Finally, regardless of the effectiveness of preaudit, it must be recognized that the full implications of an Organization basic policy or procedure cannot be discovered through the preaudit piecemeal examination of individual isolated invoices or transactions. Comprehensive audit for financial accountability, efficient performance, or effective program accomplishment must be done through the postaudit process.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
7 INTERNAL AUDIT MANUAL
PART ONE
Scope and concept of postaudit 16.
17.
The scope of postaudit may be grouped into two general categories: •
Financial accountability and legality – the verification of accounting records and review of internal controls;
•
Value for money – the examination of the efficiency, effectiveness and economy of operations which includes the broad examination of the extent to which objectives are accomplished.
These categories tend to overlap, but they are useful in demonstrating the changing concepts of auditing. The basic limitation of the postaudit is that it concentrates on detection of irregularities rather than preventing their occurrence as in the case of preaudit.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
8 INTERNAL AUDIT MANUAL
PART ONE
SECTION III: ADVICE TO USERS OF THIS MANUAL Introduction
1. This manual is primarily intended for the use of internal auditors of Public Bodies. It is a source of ideas and gives them guidance on the principles and practices of auditing. It does not seek to establish detailed mandatory rules. An essential feature of auditing is that it must be adaptable to a particular situation of the Public Body under audit. Contents of the Manual 2. The manual contains five parts dealing with different areas of internal audit functions. Part One 3. This is an introduction which provides the basic concept of auditing, including types of audit and types of auditors and the relationship of these auditors. The last section of the Introduction part describes the scope and responsibilities of the Ministry of Finance and Economic Development, Head of public bodies, Head of Internal Audit and internal auditors from the current Government Regulations and Directives point of view. Part Two 4. The draft Internal Audit Standard of Public Bodies of Government of Ethiopia and Code of ethics are provided in this part of the manual. All internal auditors should ensure that their performance and behavior adhere to the Standard and Code of Ethics. Part Three 5. This part contains the following:•
It presents the main concepts and principles of internal audit function;
•
It describes different areas of the internal control system of a public body including types of Internal Control Systems, feature of effective internal control system and their limitations;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
9 INTERNAL AUDIT MANUAL
PART ONE
•
It explains how the internal auditor evaluates the effectiveness of the internal control system using different auditing techniques;
•
It elaborates the three types of audit approaches and describes as to how the Internal Auditor can carry out the audit assignment using these approach;
•
It deals with the planning of audit assignment and provides explanations on different stages of planning which will give practical advice to the Internal Auditor for planning the audit assignment effectively;
•
It discusses controlling the audit assignment audit procedures such as internal review, peer review and external review;
•
It discusses the principles of the documenting of internal audit including content and organization of working papers;
•
It explains how working papers should be prepared and its ownership and custody;
•
It describes the characteristics, content and format of effective audit reports.
Part Four 6. Procedural guidances for financial and compliance audits are included in this part. Each section of this part contains an introduction definition, audit objectives, internal control system and the audit procedures to be carried out by the internal auditors to discharge their responsibilities. Internal auditors should carry out these activities by taking into account the basic concepts and principles explained in Part Three. The audit procedures provided in this part should only be used as guidance for the internal auditor to design an audit program, which specifically meets the requirement of the public body under audit. The internal auditor should select audit procedures, which are materially related to risk feasible to the audit and likely to generate useful findings. Part Five 7. Procedural guidances on special audits of investigation of fraud, value for money, computer auditing, contract audit social and environmental audit are provided in this part. The internal auditor should adopt these procedures to particular special audit assignments.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
10 INTERNAL AUDIT MANUAL
PART ONE
8. The skill and experience of internal auditors of all public bodies is not at the same level. Hence internal auditors of some public bodies may not be able to undertake few of the tasks incorporated in this Manual. Therefore, Head of the Internal Audit should evaluate the existing capacity of the internal auditor and develope a suitable audit programme using the Manual as a source. In the meantime the management should find ways to train the existing internal auditors or employ qualified internal auditors who can undertake the audit in accordance with the Manual.
Other Users of this Manual Head of Public Bodies 9. If improving internal control is the aim, the Heads of the public bodies are the prime means. They are responsible for introducing and maintaining effective internal control systems in public bodies. The internal auditor is only management’s adviser and cannot bring about changes directly. Improvements in systems of internal control are the responsibility of the Head of the public body. Therefore the Head including other management members must fully understand their full responsibilities for improving internal control. Without full management involvement, internal audit cannot be effective. The responsibility of the Head of public body and the scope of internal audit functions is covered in this Part Section IV and in the draft Internal Audit Standard of Public Bodies of Government of Ethiopia in Part Two Section II. Internal control systems and management’s responsibility for them are covered in Part Three, Section I of this manual. These are the key sections of the manual for management. We advise the management of public bodies to give particular attention to these Sections. Staff of Public Bodies 10. It is often wrongly assumed that internal control systems are solely the concern of the Head of the public body. It is true that the Head of the public body establishes these systems for the proper management of the public body. But in order for them to be effective, staff co-operation is needed. Staffs need to know how the systems work, who is required to take specific actions etc. and the nature of their own responsibilities. If the internal audit is to make its full contribution, it has to be strongly linked to other financial management processes. Such links are easily achieved via internal audit, provided that both parties (internal auditors on the one hand, and management and other support staffs (e.g. budget controllers, accountants, and book-keepers) on the other, develop harmonious working relationships and mutual respect.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
11 INTERNAL AUDIT MANUAL
PART ONE
External Auditors 11. To the extent that internal audit is of high quality and effective, and the internal control systems of the public body are proved to be reliable, external auditors can accept the work of internal auditors and adapt their audits accordingly. This is an important advantage. It means that audits as a whole can be more intensive; duplicative audit work is avoided and external auditors can extend their audits into areas, which might not otherwise have received scrutiny. It all depends on the quality of internal audit and the strength of the entity’s internal control systems. This manual is intended to strengthen internal audit. Better internal audit will help the Head of the public body to establish better and more effective internal control systems. In other words the aim is to establish a virtuous circle resulting in improved use and control of resources, and ultimately to better public services at lower cost for the people of Ethiopia. We do not under-estimate the difficulty of establishing such a virtuous circle.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
12 INTERNAL AUDIT MANUAL
PART ONE
SECTION IV: SCOPE AND RESPONSIBILITY – FROM CURRENT GOVERNMENT REGULATIONS AND DIRECTIVES PERSPECTIVE
Introduction 1.
The Financial Regulations of the Council of Ministers (No 17/1997) and Article 68 of the Proclamation on Financial Administration (No. 57/1996) establish the basis for internal audit and internal control of the Government of Ethiopia. Ministry of Finance and Economic Development
2.
3.
Ministry of Finance and Economic Development is responsible to:•
Formulate and distribute Directives that details the Governments Financial policies in all areas of the Government finances;
•
Develop and maintain appropriate standards of work and conduct for application throughout all public bodies internal audit functions.
The council of Ministers Regulation (No. 17/1997) states that the Head of Public Bodies should: •
Ensure that the system developed within the public body is functioning well;
•
Issue delegations of authority to subordinates;
•
Establish signing authorities for all employees involved in the processes of receiving and disbursing public money and in procurement;
•
Ensure that the internal audit system is appropriately staffed with trained and qualified manpower and that internal audits are carried out efficiently, effectively and economically;
•
Ensure that sufficient numbers of appropriately trained employees are assigned to perform discrete function so that proper separation is maintained in the internal control system;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
13 INTERNAL AUDIT MANUAL
PART ONE
•
Develop internal directives and procedures which complement the Financial Administration Proclamation, Financial Regulations and any financial directives of the Ministry of Finance, which are unique to the particular public body;
•
Ensure that timely, relevant and reliable financial information analysis is prepared and disseminated;
•
Ensure that the employees of the public body are performing their duties in compliance with the Financial Administration Proclamation, Financial Regulations and directives laid down in accordance with the Proclamation; and that the internal audit is carried out timely.
Internal Audits 4.
The same regulation defines internal audit as a systematic, independent appraisal of all operations including administrative activities for the purpose of advising on management practices and controls. The responsibilities of internal auditors are to: •
Conduct internal audits at specific time intervals to ascertain that public money and property are used for intended purposes;
•
Develop audit programs and audit procedures which are specifically designed to meet the requirements of the public body;
•
Develop a monitoring system which will at regular intervals test and report to management on the public body’s compliance with applicable internal and external directives and procedures;
•
Advise management at regular intervals on its internal practices and controls and on whether they are efficient, effective and economical;
•
Submit audit reports to the head of the public body.
5.
The focus of the above provisions is mostly on financial and compliance audits. This focus is reflected in this audit manual.
6.
Internal audit units are established in public bodies, for the purpose of carrying out internal audits. In large public bodies there will be a Head of internal audit and under that person, several members of staff (senior and junior internal auditors). Smaller public bodies have smaller internal audit units. The responsibility of the Head of internal audit is to:
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
14 INTERNAL AUDIT MANUAL
7.
PART ONE
•
Respect the Internal Audit Standards of Government of Ethiopia including the Code of Ethics;
•
Supervise and lead the internal audit unit;
•
Monitor, counsel and advise internal audit staff;
•
Consult with the management of the public body on internal audit and internal control;
•
Advise on and approve audit topics proposed by internal auditors;
•
Propose internal audit topics and summary programs to management;
•
Consult with internal auditors on audit programs, fieldwork and draft audit findings;
•
Advise on and approve the audit reports of internal auditors and ensure that for each audit carried out there is a final audit report;
•
Provide quality control on all aspects of internal auditing;
•
Report audit findings to management and monitor management’s followup of findings;
•
Respond to the enquiries and requests for information of external auditors and send copy of responses given to management. The duties of internal auditors are to: •
Respect the Internal Audit Standards of Government of Ethiopia including the Code of Ethics;
•
Consult with the head of Internal Audit unit and respect the leadership on all aspects of auditing;
•
Propose audit topics and draft audit programs;
•
Carry out all aspects of auditing in accordance with the most appropriate standards and guidelines (including those appearing in this manual);
•
Ensure that the Head of internal audit conducts all final audit reports and official dealings with management.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
15 INTERNAL AUDIT MANUAL
8.
9.
PART ONE
For internal audit to be successful it must fully respond to management needs. Internal auditors are therefore expected to: •
Make efforts to understand management’s needs;
•
Work in a spirit of cooperation rather than confrontation;
•
Choose topics leading to audit findings which will be relevant and significant and which will help management to improve the relevance and integrity of its controls;
•
Report audit findings clearly and present them in a way that leads naturally to the necessary remedial actions;
•
Explain clearly what is to be done in response to adverse audit findings and how it might be done, and ensuring that auditors are not directly involved in taking the necessary remedial actions which are the sole responsibility of management;
•
Explain audit findings and recommendations orally as well as in writing to enable management to “own” the findings.
At the same time Internal auditors have to maintain a degree of independence by: •
Not accepting assignments which would result in carrying out audits of procedures and systems that they themselves have designed or maintained;
•
Declaring conflicts of interest (or declining to accept assignments) where they are not fully independent of the activities which they audit;
•
Presenting objective and reliable findings to management;
•
Responding objective and reliable findings to management;
•
Responding to external auditors when they request access to findings and working papers;
•
Management of the public body has to be informed when formal communications occur; the Head of internal audit should make such communications.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
16 INTERNAL AUDIT MANUAL
PART TWO
SECTION ONE INTRODUCTION
1.
This part of the Manual includes draft Internal Audit Standards and Code of Ethics for internal auditors of a Public Bodies of the Government of Ethiopia.
2.
The Standards define the way in which the Internal Audit Service should be established and undertake its functions. The Standards cover both the attributes and performance of internal audit service in public bodies.
3.
The Code of Ethics includes principles that are relevant to the professional and practice of internal auditing and rules of conduct that describe behavioral norms expected from internal auditors of the public bodies.
4.
The current Standards and Code of Ethics of the Institute of Internal Auditors are reflected in this part.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
17 INTERNAL AUDIT MANUAL
PART TWO
SECTION TWO DRAFT INTERNAL AUDIT STANDARDS OF PUBLIC BODIES OF GOVERNMENT OF ETHIOPIA
I
II
ATTRIBUTE STANDARDS 100
Responsibilities and scope of work
200
Independence
300
Relationships with management and other auditors
400
Staffing, training and development
PERFORMANCE STANDARDS 500
Audit strategy and planning
600
Risk assessment
700
Audit working paper
800
Audit evidences
900
Deterrence, detection, investigation and reporting of fraud
1000
Auditing compliance with policies, plans, procedures, laws and regulations
1100
Quality assurance
1200
Reporting
1300
Follow-up on reported audit findings and recommendations
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
18 INTERNAL AUDIT MANUAL
I
PART TWO
ATTRIBUTE STANDARDS
100
RESPONSIBILITIES AND SCOPE OF WORK 110
Responsibility Of Head Of Public Body The Head of Public Body is responsible for establishing policies, procedures and operations for appropriate management of risk, the reliability of internal and external reporting and accountability processes, compliance with applicable laws and regulations, and compliance with the behavioral and ethical standards set for the public body in order to ensure the achievement of its objectives.
120
Responsibility Of Audit Committees Audit committees should be formed constituting employees of the Public Body who have an appropriate knowledge of its day to day operations and can assist the Internal Audit in discharging its responsibilities. The Audit Committee is responsible for advising the head of public body in respect of: • • • • • • •
130
The terms of reference for internal audit; The effectiveness of the internal audit strategy and periodic plan in addressing the public body’s risks; The resourcing of internal audit; The periodic work plans of internal audit, and material changes to these plans and the implications arising from internal auditor’s findings and opinion; The arrangements for and the results of quality assurance process; The adequacy of management response to internal audit advice and recommendations; The arrangements made for co-operation between internal audit, external audit and other review bodies.
Responsibility Of Internal Audit The Internal Audit is responsible for an independent, objective assurance and consulting activity designed to add value and improve the public body’s operations. It helps the public body accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
19 INTERNAL AUDIT MANUAL
140
PART TWO
Scope Of Work For Internal Audit Internal audit should fulfill its duty by systematic review and evaluation of risk management, control and governance which comprises the policies, procedures and operations in place to: •
Establish, and monitor the achievement of the public body’s objectives;
•
Identify, assess and manage the risks in achieving the public body’s objectives;
•
Ensure the economical, effective and efficient use of resources;
•
Ensure compliance with established policies (including behavioral and ethical expectations), procedures, laws and regulations;
•
Safeguard the public body’s assets and interests from losses of all kinds, including those arising from fraud, irregularity or corruption;
•
Ensure the integrity and reliability of information, accounts and data, including internal and external reporting and accountability processes.
Internal audit should devote particular attention to any aspects of the risk management, control and governance affected by material changes to the public body’s risk environment.
200
INDEPENDENCE 210
The Principles of Independence 210.1 Internal audit should be sufficiently independent of the activities, which it audits to enable auditors to perform their duties in a manner, which facilitates impartial and effective professional judgments and recommendations. It should have no executive responsibilities.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
20 INTERNAL AUDIT MANUAL
PART TWO
210.2 Accountability for responses to the advice and recommendations of internal audit lies with the line managers who either accept and implement the advice or formally reject it. Audit advice and recommendations are without prejudice to the right of internal audit to review the relevant policies, procedures and operations at a later date. 220
230
Organizational Independence 220.1
Internal audit should report directly to the Head of the Public Body and Audit Committee of the Public Body. A copy of annual internal audit report, which will be addressed to the head of the public body, should be submitted to the Ministry of Finance and Economic Development for follow up on reported audit findings and recommendations.
220.2
Their Audit Committee should advise the Heads of the Public Bodies on the discharge of their responsibilities in respect of internal audit. The Audit Committee should not obstruct the Head of Internal Audit’s direct access to the Head of the Public Body.
220.3
The Heads of Public Bodies should make appropriate arrangements for the routine supervision and management of the budget and resources of internal audit (including staff appraisal arrangements) without prejudice to the direct accountability of internal audit to the Head of Public Body.
220.4
The internal audit activity should be free from interference in determining the scope of internal auditing, performing work, and communicating results.
Status Of The Head Of Internal Audit The Head of Internal Audit should be graded with sufficient status to facilitate the effective discussion and negotiations of the results of internal audit work with senior management in the organization. Evaluation tools used to grade the post should give due weight to the influence of the Head of Internal Audit on the risk management, control and governance of the organization.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
21 INTERNAL AUDIT MANUAL
240
250
Independence Of Individual Auditors 240.1
Individual auditors should have an impartial, unbiased attitude, characterized by integrity and an objective approach to work, and should avoid conflicts of interest. They should not allow external factors to compromise their professional judgment.
240.2
Objectivity is presumed to be impaired when individual auditors review any activity in which they have previously had executive responsibility, or in which they have provided consultancy advice. Auditors should not be assigned to assurance work where they have had an executive or other involvement, and where the Head of Internal Audit deems that this may impair their objectivity, until a suitable period has elapsed. The Head of Internal Audit should develop appropriate guidelines for determining the duration of such periods.
240.3
Long-term responsibility for the audit of a particular aspect of a public body can also affect independence; assignment of ongoing audit responsibilities should be rotated from time to time.
Declaration Of Conflict Of Interest (Impairments to Independence or Objectivity) 250.1
260
PART TWO
Individual auditors should declare any conflicts of interest arising from audit work assigned to them by the head of Internal Audit. Such potential conflicts of interest include previous executive or consultancy responsibilities and personal relationships with staff with current executive responsibilities.
Proficiency and Due Professional Care 260.1 Proficiency Internal auditors should possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively should possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities. The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
22 INTERNAL AUDIT MANUAL
PART TWO
260.2 Due Professional Care Internal auditors should apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility. The internal auditor should exercise due professional care by considering the: • Extent of work needed to achieve the engagement's objectives. • Relative complexity, materiality, or significance of matters to which assurance procedures are applied. • Adequacy and effectiveness of risk management, control, and governance processes. • Probability of significant errors, irregularities, or noncompliance. • Cost of assurance in relation to potential benefits. 260.3 The internal auditor should be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.
300
RELATIONSHIPS WITH MANAGEMENT AND OTHER AUDITORS 310
Principles of Good Relationships Heads of Internal Audit should co-ordinate internal audit plans and activities with the management, other internal auditors, external auditors, and other review agencies to ensure the most effective audit coverage is achieved and duplication of effort is minimized.
320
Relationships with Management 320.1 Internal Audit provides a service to management. Its strategy, planning and delivery should aim to maximize the value added for management without jeopardizing internal audit’s responsibilities to the management. 320.2 Management and staff at all levels of the public body should have complete confidence in the integrity, independence and capability of internal audit. The relationship between internal auditors and management is a privileged one, and information gained in the course of audit assignment should remain confidential to those with a legitimate interest within the public body.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
23 INTERNAL AUDIT MANUAL
PART TWO
320.3 Co-operative relationships with management enhance the ability of internal audit to achieve its objectives effectively. Audit assignment should be planned in conjunction with management as far as possible, particularly in respect of the timing of the assignment (except where unannounced visits are essential to the achievement of the audit objectives). 320.4 When fraud is suspected or detected, decisions to involve external agencies such as the police should be taken by management. If internal audit does not consider that management at all levels of public body has made appropriate decisions in this respect, this should be reported to the Ministry of Finance and Economic Development. 330
Relationships with Other Internal Auditors Where Internal Auditors need to work with Internal Auditors of another organization, the roles and responsibilities of each party should be agreed and endorsed by the Head of each Public Body. Whenever possible agreement to joint working or to placing professional reliance on work carried out by one party should be sought.
340
Relationship with External Auditors 340.1 Internal audit should seek to meet regularly with the external auditor to consult on audit plans, discuss matters of mutual interest, discuss common understanding of audit techniques, methods and terminology and seek opportunities to rely on their work where appropriate, provided this does not prejudice internal audit’s independence. 340.2 In any case of conflict with the External Auditor, the Head of Internal Audit will consult with or refer the matter to the Head of Public Body.
400
STAFFING, TRAINING AND DEVELOPMENT 410
Principles of Staffing, Training and Development Internal audit should be appropriately staffed in terms of numbers, grades, qualification levels and experience, having regard to its objectives and to these standards. Internal auditors should be properly trained to fulfill their responsibilities and should maintain their professional competence through an appropriate ongoing development programme.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
24 INTERNAL AUDIT MANUAL
420
PART TWO
Qualification of Internal Auditors Ministry of Finance and Economic Development defines the minimum level of skill, knowledge and experience required of an internal auditor and the Head of Internal Audit. The Head of Internal Audit should be qualified and have a wide experience of management.
430
Staffing the Internal Audit Unit 430.1 The Ministry of Finance and Economic Development is responsible for ensuring that they have access to the full range of knowledge, skills, qualifications and experience to meet the unit’s audit objectives and these standards. In addition to internal audit skills, the Ministry of Finance and Economic Development should specify any other professional skills, which may be needed by the internal audit unit. It should also make provision for appropriate administrative support. 430.2 The Ministry of Finance and Economic Development should set criteria for the appointment of the more senior staff in the internal audit unit based on training and experience of the Internal Auditor.
440
Continuing Professional Development 440.1 All Internal Auditors should undertake a programme of continuing professional development to maintain and develop their skills. 440.2 Heads of Internal Audit should ensure that appropriate provision is made for maintaining and developing the competence of audit staff. They should monitor the ongoing training activity of all staff in their internal audit unit.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
25 INTERNAL AUDIT MANUAL
PART TWO
II PERFORMANCE STANDARDS 500 AUDIT STRATEGIES AND PLANNING 510
Developing the Internal Audit Strategy
510.1 The Head of Internal Audit should develop and maintain a strategy for providing the Head of public body economically and efficiently, with objective evaluation of and opinion on the effectiveness of the public body’s risk management, control and governance arrangements. The internal audit activity should evaluate risk exposures relating to the public body's governance, operations, and information systems regarding the: • Reliability and integrity of financial and operational information. •
Effectiveness and efficiency of operations.
•
Safeguarding of assets.
•
Compliance with laws, regulations, and contracts.
510.2 The strategy should also aim to add value for the Heads of the public bodies by providing them with audit analysis, findings and recommendations. In addition, where internal audit unit judges it appropriate, it could offer consultancy to support management in implementing the recommendations. 510.3 The strategy should be developed to meet the audit needs of the public body as assessed by the Head of Internal Audit, using the public body’s objectives and risk assessment as a primary resource. 510.4 The strategy should include provision for the Head of Internal Audit to consider, at least annually, the adequacy of the public body’s risk assessment and, if necessary, make recommendations for its review. 510.5 The strategy should include a systematic and prioritized review of how effectively the public body’s risks are managed by its policies, procedures and operations.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
26 INTERNAL AUDIT MANUAL
PART TWO
510.6 The Head of Internal Audit should consider any risk, which he thinks, may be material to the public body’s risk management, control and governance, even if it is not included in management’s risk priorities. 510.7 The strategy should establish the resources and skills required for its delivery. 510.8 The strategy should describe the audit techniques selected as the most effective for delivering the audit objectives. 510.9 The strategy should set out the relative allocation of audit resources between assurance work and consultancy work. The exact allocation will be determined in the periodic plans.
510.10 The Strategy should include acceptance of risks or other areas of potential audit coverage, which cannot be resourced, and identification of consequent residual risk exposure.
520
Developing the Periodic Audit Plans
520.1 Internal audit should prepare periodic work plans, designed to implement the audit strategy for approval by the Head of the Public Body. 520.2 The periodic plans should set out details of the assignments to be carried out in the period covered by the plans, providing sufficient detail for the management of the public body to understand the assignments’ purpose and scope. They should establish the resources and skills required for each assignment, and should set relative priorities for each assignment. 520.3 The periodic audit plans should be kept under review to identify any amendment needed to reflect changing priorities and emerging audit needs. They should make provision for an element of contingency to accommodate audit assignments, which could not have been reasonably foreseen.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
27 INTERNAL AUDIT MANUAL
530
PART TWO
Planning Audit Assignments 530.1 For each audit assignment a detailed plan should be prepared and discussed with the Head of the public body. These plans should establish detailed objectives for the assignment, the level of assurance that management wishes to derive from the opinion to be delivered, resource requirements, audit outputs and target dates. They should set out: •
The scope and objectives and timing of the work to be done, allocating internal audit resources and establishing their targets;
•
If internal auditors develop reservations about the scope during the engagement, these reservations should be discussed with the client to determine whether to continue with the engagement.
•
Any requirements for participation by the management of the public body;
•
The schedule and timing of the assignment;
•
To whom the assignment findings will be disclosed;
•
The resources necessary to perform the audit assignment should be determined in the planning process. The number and experience level of the internal auditing staff required should be based on an evaluation of the nature and complexity of the audit assignment, time constraints and available resources.
530.2 Assignment plans should be agreed with the management before work is done, and the agreement recorded. They should take account of any concerns of the management about aspects of the policies, procedures and operations within the area to be audited.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
28 INTERNAL AUDIT MANUAL
540
PART TWO
Nature of Work The internal auditors should assess and improve the public body’s risk management, control, and governance processes. 540.1 The internal auditor should assist the public body in managing risk by evaluating and identifying significant organizational risks, assessing risk during the course of engagements, and improving the risk management process. 540.2 The internal auditor should assist the public body in maintaining effective controls by evaluating the public body’s controls to determine their effectiveness and efficiency and by developing recommendation for improvement. 540.3 The internal auditor should assist the public body in achieving its goals by evaluating and improving the process through which goals and values are established and communicated, the accomplishment of goals is monitored, accountability is ensured, and values are preserved. 540.4 Internal auditors should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the public body. 540.5 Internal auditors should review operations and programs to ascertain the extent to which results are consistent with established goals and objectives to determine whether operations and programs are being implemented or performed as intended. 540.6 Internal auditors should ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors should use such criteria in their evaluation. 540.7 During consulting engagements, internal auditors should address controls consistent with the engagement’s objectives and be alert to the existence of any significant control weaknesses.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
29 INTERNAL AUDIT MANUAL
PART TWO
540.8 Internal auditors should incorporate knowledge of controls gained from consulting engagements into the process of identifying and evaluating significant risk exposures of the organization. The internal audit activity should assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization. •
Ensuring effective organizational performance management and accountability.
•
Effectively communicating risk and control information to appropriate areas of the organization.
•
Effectively coordinating the activities of and communicating information among the board, external and internal auditors and management. International Standards for the Professional Practice of Internal Auditing 540.9 The internal audit activity should evaluate the design, implementation, and effectiveness of the organization’s ethics elated objectives, programs and activities.
550
Audit Programme To achieve audit objective of each assignment, it is essential to develop an audit programme, which provides a means of monitoring the progress and completion of the audit. The audit programme should state the objective of the audit assignment and document Internal Auditors' procedure for collecting, analysing, interpreting and documenting information during the audit. The audit programme should also include the following: •
It should state the scope and degree of testing required to achieve the audit objective in each phase of the audit.
•
It should identify the system and transaction which should be examined.
•
It should be prepared prior to the commencement of audit work and modified during the course of the audit, if necessary.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
30 INTERNAL AUDIT MANUAL
600
PART TWO
RISK ASSESSMENT 610
Principles of Risk Assessment The Internal Auditor should identify the different systems that exist in the public body and the risk factors that are relevant to those systems and should assess their relative significance. Risk refers to the possibility of a system having so poor internal control that the public body does not achieve its objectives effectively and efficiently. Risk assessment should enable the Internal Auditor to assess the relative vulnerabilities of the systems and those which are more riskier than others and should, therefore, be audited sooner and more often.
620
Identification of System The Internal Auditor should identify each system of the public body in which resources (input) organized (processed) to provide results (out puts) in accordance with predetermined purposes (objectives).
630
Risk Factors The Internal Auditor should use appropriate risk factors, which will be used to assess the relative significance, and likelihood that conditions and/or events may occur that could adversely affect the public body to achieve its objective.
640
Risk Assessment The Internal Auditor should systematically assess and integrate professional judgment about probable adverse conditions and/or events. The risk assessments process should provide a means of organizing and integrating professional judgment for development of a prioritized audit work schedule. The Internal Auditor should:
•
identify and record the objectives of the system, risks and controls;
•
establish the congruence of the objectives with higher-level corporate objectives;
•
evaluate management's risk analysis, taking account of their acceptance of specific risks;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
31 INTERNAL AUDIT MANUAL
700
PART TWO
•
evaluate the controls in principle to decide whether or not they are appropriate and can be reasonably relied upon to achieve their purpose;
•
identify any instances of over-control;
•
determine an appropriate strategy to test the effectiveness of risk management and controls;
•
arrive at conclusions and report, making recommendations, as necessary, and providing an opinion on the effectiveness of risk management and control in the audited area.
AUDIT WORKING PAPERS 710
Principles of Audit Working Papers The Internal Auditor should prepare working papers, which provide the principal evidential supports for the audit report, and demonstrate the Internal Auditors' compliance with standard of Internal Auditors and support for audit conclusion reached.
720
Content of Audit Working Papers The Internal Auditor should document in the working papers the following aspects of the audit process of: •
planning, examination and evaluation of the effectiveness of risk management;
•
control and governance process;
•
the auditing procedures performed and the conclusion reached, review, reporting and follow-up.
Audit working papers should be designed in such a way that they provide the principal evidential support in the planning, performance and review of audits and documents whether audit objectives were achieved. The Internal Auditor should keep in mind that the content and arrangement of the working papers reflect the degree of the Internal Auditors' proficiency, experience and knowledge. Working papers should be sufficiently complete and detailed to enable an experienced auditor, having no previous connection with the audit to ascertain that the necessary audit work was performed to support the audit conclusions.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
32 INTERNAL AUDIT MANUAL
730
PART TWO
Preparation of Working Paper The Internal Auditor should follow standardized policies for the types of audit working paper files maintained, stationery used, indexing and other related matters. Each working paper should show the name of the public body being examined, the title or description of the contents or purposes of the working papers, and the date or period covered by the audit. Each working paper should be signed, dated and cross-referenced. Audit verification symbols should be explained. The working papers should be reviewed, signed and dated by the Head of the Internal Audit or by a Senior Internal Auditor assigned by him.
740
Ownership and Custody of Audit Working Papers Audit working papers are the property of the public body being examined. Audit working papers should remain under the control of the Internal Audit Department and the Head of the Public Body should approve request for access to it by parties outside the public body.
800
AUDIT EVIDENCES 810
Principles of Audit Evidences The Internal Auditor should obtain sufficient and appropriate audit evidences to be able to draw reasonable conclusions and recommendations regarding the risk management, control and governance of the public body. The internal auditor should adequately document the audit evidences in the working papers, including the basis and extent of planning, work performed and the findings of the audit.
820
Sufficient Appropriate Audit Evidences The Internal Auditor should use his professional judgment to assess whether he obtained sufficient and appropriate audit evidence. Sufficient is the measure of the quantity of audit evidence whereas appropriate is the measure of the quality or reliability of audit evidence and its relevance to a particular audit conclusion and recommendations.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
33 INTERNAL AUDIT MANUAL
830
PART TWO
Procedures for Obtaining Audit Evidence The Internal Auditor should have a sound understanding of the techniques and procedures such as inspection, enquiry and confirmation, to collect audit evidences. The Internal Auditor should ensure that the procedures employed are sufficient to reasonably detect all material errors and irregularities. The Internal Auditor should also give consideration to the quality of evidences in choosing the techniques and procedures to be employed.
900
DETERRENCE, DETECTION, INVESTIGATION AND REPORTING OF FRAUD 910
Principles of Deterrence, Detection, Investigation and Reporting of Fraud The Internal Auditor should examine and evaluate the adequacy and effectiveness of actions taken by management of the public body to deter fraud, be able to identify indicators that fraud might have been committed, investigate fraud and issue a written report at the conclusion of the investigation phase.
920
Deterrence of Fraud The Internal Auditor is responsible for assisting in the deterrence of fraud, by examining and evaluating the adequacy and effectiveness of control, commensurate with the extent of the potential exposure in the various segments of the public body's operation. The Internal Auditor should determine: •
The public body's environment foster control consciousness;
•
Realistic goals and objectives are set;
•
Appropriate authorization policies for transaction are established and maintained;
•
Policies, practices, procedures, reports and other mechanisms are developed to monitor activities and safeguard assets, particularly in high -risk areas;
•
Recommendations needed to be made for the establishment or enhancement of cost-effective control to help deter fraud.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
34 INTERNAL AUDIT MANUAL
930
PART TWO
Detection of Fraud The Internal Auditor should identify indicators of fraud sufficient to warrant recommending an investigation. These indicators may arise as a result of controls established by management, tests conducted by auditors and other sources both within and outside the public body. The Internal Auditor should:
940
•
Have sufficient knowledge of fraud to be able to identify indicators that fraud might have been committed. This knowledge includes the need to know the characteristics of fraud, the techniques used to commit fraud, and the types of fraud associated with the activities audited.
•
Be alert to opportunities, such as control weaknesses, that could allow fraud. If significant control weaknesses are detected, additional tests conducted by Internal Auditors should include tests directed towards identification of other indicators of fraud.
•
Evaluate the indicator that fraud might have been committed and decide whether any further action is necessary or whether an investigation should be recommended.
•
Notify the head of the public body if a determination is made that there are sufficient indicators of the commission of a fraud to recommend an investigation.
Investigation of Fraud When indicators suggest that fraud has been committed, the Internal Auditor should perform extended procedures necessary to determine whether the fraud, as suggested by the indicators, has been committed. The extended procedures should include gathering sufficient evidential matter about the specific details of a discovered fraud. The Internal Auditor should: •
Assess the probable level and the extent of complexity in the fraud within the public body. This can be critical to ensuring that the internal auditor avoids providing information to or obtaining misleading information from persons who may be involved;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
35 INTERNAL AUDIT MANUAL
950
PART TWO
•
Determine the knowledge, skills, and disciplines needed to effectively carry out the investigation. The Internal Auditor should ensure that the investigation is conducted by individuals having the appropriate type and level of technical expertise and competence.
•
Design the procedures to be followed in attempting to identify the perpetrators, extent of the fraud, techniques used and cause of fraud.
Reporting of Fraud A written report should be issued to the head of the public body at the conclusion of the investigation phase. It should include all findings, conclusions and recommendations for corrective action to be taken.
1000
AUDITING COMPLIANCE WITH POLICIES, PLANS, PROCEDURES, LAWS AND REGULATIONS 1010
Principles Of Auditing Compliance with Policies, Plans, Procedures, Laws and Regulations Internal Auditors should review the systems established to ensure compliance with applicable policies, plans, procedures, laws and regulations and should determine whether the public body is in compliance.
1020
Responsibility of Head of the Public Body The Head of the public body is responsible for establishing the systems designed to ensure compliance with such requirements as policies, plans, procedures, applicable laws and regulations. The policies, plans and procedures designed and implemented by the Head of the Public body should be sufficient to reasonably ensure prevention and/or detection of non-compliance with applicable laws and regulations. The Head of the public body is also responsible for determining whether non-compliance brought to his/her attention by auditors, or by discovery, may violate laws or regulations and/or constitute illegal acts. In addition, the Head of the public body is responsible for initiating such corrective actions necessary to achieve compliance. This may require reporting by the Head of the public body to the legal and/or regulatory authorities.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
36 INTERNAL AUDIT MANUAL
1030
PART TWO
Responsibility of Internal Auditors Internal Auditors are responsible for establishing objectives that include planning and performing a scope of work which provides a reasonable basis for reporting on the extent of public body compliance with policies, plans, procedures, laws and regulations. Internal Auditors should perform additional procedures which provide insight as to the existence and impact of exposure to significant instances of non-compliance. The Internal Auditor should promptly inform management of all relevant facts when information gathered from performance of internal auditing procedures indicate the existence of significant non-compliance or an unreasonable exposure to significant instances of non-compliance.
1100
QUALITY ASSURANCE 1110
Principles of Quality Assurance The Head of Internal Audit should design a quality assurance programme to provide reasonable assurance that audit assignments conform to all applicable standards and guidelines. Internal audit assignments should be supervised and objectively reviewed for overall effectiveness and compliance with relevant policies and standards. Supervision, internal and external review should be carried out to maintain the internal auditing department's capability to perform its functions in an efficient and effective manner.
1120
Supervision of Internal Audit Assignments Supervision of internal audit works should be carried out continually to ensure conformance with internal auditing standards, public body directives and audit programmes. Supervision should include adequate planning and provision of suitable instructions to subordinates and determination that the audit programme has been properly carried out and documented. Supervision should be performed throughout the planning, examination, evaluation, reporting and follow-up process. Supervision should include ensuring that audits are conducted as planned or that variations are approved; appropriate audit techniques are used and audit findings, conclusions and recommendations are adequately supported by relevant and sufficient evidence. Supervision should also ensure that reports are accurate, objective, clear, concise and timely. It should also extend to training and employee performance evaluation.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
37 INTERNAL AUDIT MANUAL
1130
PART TWO
Internal Review of Audit Assignments Internal reviews should be performed periodically by experienced members of the internal auditing staff to appraise the quality of the audit assignment performed. These reviews should indicate the degree of compliance with the Internal Audit Standards and guidelines and level of the effectiveness and efficiency of the audit assignment. The review should provide recommendations for improvement to be addressed to the Head of the Internal Audit.
1140
External Review of Audit Assignments Ministry of Finance and Economic Development should coordinate an external review of the internal auditing department by persons who are independent of the public body to appraise the quality of the audit assignment. Experienced internal auditor of other public body may carry out external review as a peer-review. These reviews should be conducted within reasonable period of time depending upon the significance of internal review, monitoring and in depth reviews by independent external auditors, and provide recommendations for improvement. The external review should appraise the independence and objectivity of internal audit, the efficiency and effectiveness of the approach to formulating the audit strategy and plans, the quality of supervision and achievement of performance standard. . A copy of the review report, which will be addressed to the head of the public body, should be submitted to the Ministry of Finance and Economic Development for follow up on the review findings and recommendations
1200
REPORTING 1210
Principles of Reporting After the audit examination is completed, the Internal Auditor should discuss conclusions and recommendations at appropriate levels of management and issue a signed, objective, clear, concise, constructive and timely written report with appropriate format (content). The report should be addressed to the Head of the Public Body and should not be issued to third parties without his knowledge.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
38 INTERNAL AUDIT MANUAL
1220
PART TWO
Objective, Clear, Concise, Constructive and Timely Reports Internal audit reports should be objective. Objective reports are factual, unbiased and free from distortion. Findings, conclusions and recommendations should be included in the report without prejudice. Internal audit reports should be clear, which can be easily understood and logical. The Internal Auditor should avoid unnecessary technical language and provide sufficient supportive information. Internal audit reports should be concise and to the point and avoid unnecessary detail. The reports should also be constructive which, as a result of their content and tone, help the public body to achieve its objective effectively and efficiently and lead to improvement where needed. The Internal Auditors should issue their report timely without undue delay to enable prompt effective action.
1230
Content and Format of Audit Reports Audit reports should present the purpose, scope and results of the audit and where appropriate, reports should also contain an expression of the auditor's opinion. Purpose statement should describe the audit objectives and may, where necessary, inform the reader why the audit was conducted and what it was expected to achieve. Scope statement should identify the audited activities and should include, where appropriate, supportive information such as time period audited. The nature and extent of auditing performed should also be described. Results may include findings, conclusions (opinion) and recommendations.
1300
FOLLOW-UP ON REPORTED AUDIT FINDINGS AND RECOMMENDATIONS 1310
Principles of Follow-up on Reported Audit Findings The Internal Auditor should determine the adequacy, effectiveness and timeliness of action taken by management of the public body on reported findings.
1320
Nature, Timing and Extent of Follow-up The Internal Auditor should determine appropriate follow-up procedures depending upon the significance of the reported findings; risks that may occur should the corrective action fail and the complexity of the corrective action. The Internal Auditor should also consider the degree of effort, the time period involved and the cost needed to correct the reported condition.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
39 INTERNAL AUDIT MANUAL
1330
PART TWO
Techniques and Procedures of Follow-up The Internal Auditor should establish a time frame within which management's response to the audit findings is required and evaluate the response received. The responses should include sufficient information for the Internal Auditor to evaluate the adequacy and timeliness of corrective action. The Internal Auditor should receive periodic updates from management in order to evaluate the status of management's efforts to correct previously reported conditions. The Head of Internal Audit should develop escalation procedures for any management responses, which are judged to be inadequate in relation to the identified risk. These procedures should ensure that the risks of not taking action have been understood and accepted at a sufficiently senior management level.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
40 INTERNAL AUDIT MANUAL
PART TWO
SECTION THREE CODE OF ETHICS
Introduction The purpose of Code of Ethics is to promote an ethical culture in the profession of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. The Code of Ethics extends beyond the definition of internal auditing to include two essential components: 1.
Principles that are relevant to the profession and practice of internal auditing;
2.
Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.
APPLICABILITY AND ENFORCEMENT This Code of Ethics applies to both individuals and units that provide internal auditing services.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
41 INTERNAL AUDIT MANUAL
PART TWO
PRINCIPLES Internal auditors are expected to apply and uphold the following principles: Integrity Integrity is the core valve of a Code of Ethics. Internal auditors have a duty to adhere to a high standard of behavior (e.g. honesty and candidness) in the course of their work. The relationship with fellow colleagues and external contacts should be one of honesty and fairness. This establishes an environment of trust, which provides the basis for reliance on all activities carried out by the internal audit team. Integrity can be measured in terms of what is right and just. Integrity requires the internal auditors to observe both the form and the spirit of auditing and ethical standards. Objectives Objectivity is a state of mind that has regard to all considerations relevant to the activity or process being examined without being unduly influenced by personal interest or the views of others. Members of the internal audit team should display appropriate professional objectivity when gathering, evaluating, providing their opinions, assessments and recommendations. Confidentiality Members of the internal audit team should safeguard the information they receive in carrying out their duties. There should not be any unauthorized disclosure of information unless there is a legal or professional requirement to do so. Confidential information gained in the course of audit duties should not also be used to effect personal gain. Competency Members of the internal audit team should apply the knowledge, skills and experience needed in the performance of their duties. They should carry out their work according to the standards set out in the Government Internal Audit Standard. They should not accept or perform work that they are not competent to undertake unless they receive adequate advice and support to competently carry out the work.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
42 INTERNAL AUDIT MANUAL
PART TWO
RULES OF CONDUCT 1.
Integrity Internal Auditors:
2.
1.1
shall perform their work with honesty, diligence, and responsibility;
1.2
shall observe the law and make disclosures expected by the law and the profession;
1.3
shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization;
1.4
shall respect and contribute to the legitimate and ethical objectives of the organization.
Objectivity Internal Auditors: 2.1 shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment. 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of the activities under review.
3.
Confidentiality Internal Auditors: 3.1
shall be prudent in the use and protection of information acquired in the course of their duties.
3.2
Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
43 INTERNAL AUDIT MANUAL
4.
PART TWO
Competency Internal Auditors: 4.1
Shall engage only in those services for which they have the necessary knowledge, skills and experience.
4.2
Shall perform internal auditing services in accordance with the Internal Audit Standards of Public Bodies of Government of Ethiopia.
4.3
Shall continually improve their proficiency and the effectiveness and quality of their services
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
44 INTERNAL AUDIT MANUAL
PART THREE
SECTION I : INTERNAL CONTROL SYSTEM
Introduction 1. Internal control system includes all the policies and procedures adopted by the Head of the public body to assist in achieving its objective and ensuring, as far as practicable, the orderly, economical, efficient, and effective conduct of its operation, including adherence to internal policies, government’s policies, rules and regulations, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial and management information and fairly disclosing that data in a timely report. 2. It is a responsibility of the Head of the public body to determine the internal control system, which is appropriate to the public body. The nature and extent of controls will vary between public bodies and also from one part of a public body to another. The controls used will depend on the nature, size and volume of the activities, the degree of control which management is able to exercise personally, geographical distribution, and many other factors. The choice of controls may reflect a comparison of the cost of operating individual controls against the benefits expected to be derived there from. 3. Internal control system comprises the control environment and control procedure. Control environment means the overall attitude, awareness and actions of the management regarding internal control and their importance in the public body. The control environment encompasses the management style and culture, and values shared by all employees. It provides the background against which the various controls are carried out. However, a strong control environment does not, by itself, ensure the effectiveness of the overall internal control system. Factors reflected in the environment include: •
The philosophy and operating style of the management;
•
The public body’s organizational structure and methods of assigning authority and responsibility (including segregation of duties and supervision controls); and
•
The management’s method of imposing control, including the internal audit function, personnel policies and procedures, in particular the competence and integrity of internal auditors.
4. Control procedures are those policies and procedures in addition to the control environment, which are established to achieve the public body’s specific objectives.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
45 INTERNAL AUDIT MANUAL
PART THREE
Types of Internal Control. 5. When describing internal controls by their role in the public body, they have often been organized into two: financial controls, which are primarily concerned with legitimacy of expenditure and the security of assets and income; and management controls, which are created and maintained by management to ensure that an activity is relevant to the needs of a public body and is carried out in the most effective manner. These categories are interdependent, and should not be regarded in isolation, as both have an impact on the performance of activities and their consequent cost and value to the public body. Financial Control 6. Financial control is a series of actions which is considered to be part of the total internal control system concerned with realizing the financial goals of the entity. This includes compliance with accounting and financial policies and procedures, safeguarding the entity’s resources and preparing reliable financial reports. The main areas of financial control can be more closely defined as follows:•
Budgetary Control: The public body should plan and control its expenditure and income to meet its predetermined objectives.
•
Legitimacy of Income and Expenditure: All income and expenditure should be in accordance with the policies of the public body, should be properly authorized and should be within the law.
•
Security of Assets: Assets of the public body should be kept in proper custody and not wrongly applied, either by error or intent.
•
Accounting Controls: All transactions should be correctly recorded and accurately processed, and control accounts maintained
Management Control 7. Management control is a series of actions, being an integral part of the internal control system, concerned with administrative procedures needed to make managerial decisions in orders to archive, the highest possible economic and administrative efficiency and ensure the implementation of administrative policies, whether related to financial affairs or otherwise. The nature of management controls will vary widely according to the type of activity, which is under review. However, there are several basic control areas which could be applied including:
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
46 INTERNAL AUDIT MANUAL
PART THREE
•
Objectives: The public body should regularly review its objectives relating to any operational activity and determine the methods needed to achieve them. The Head of public body has the responsibility for determining objectives, policies and plans, and the internal auditor should not intervene in such processes. An audit may show inadequate controls on the supply of information to management for decision making. These aspects are legitimate areas of audit concern, and may well require comments on the correctness of the decisions themselves, but the internal auditor should be wary of basing comments purely on the advantages given by hindsight.
•
Procedures: Staff at all levels need to be regularly informed both of their overall objectives and the organizational procedures which are to be followed in order to ensure the achievement of the operational activity.
•
Organization: The organizational structure should be clearly defined and adequate to ensure that staffs appreciate their role, responsibilities and obligations.
Control Objectives 8. Control objectives can be defined as the purpose for which controls have been designed and in a large organization doing many different things, these can vary substantially. Control objectives have the following features: •
Essentially, control objectives relate to the purpose to which the control relates i.e. what it is designed to do in relation to the system under consideration.
•
The purpose of setting control objectives is to ensure that it is not just the greatest number of controls which are evaluated, but rather to identify those most efficient and effective in achieving the objectives for the particular systems being evaluated.
•
Because systems can serve so many different objectives, a complete list of control objectives for all areas which are auditable is not practicable. However, control objectives for many of the common systems used for planning purposes such as payments, payroll, etc., can be standardized to a far greater degree. This is dealt with further in part four.
•
Management Information: Management needs to be continually informed with relevant and up-to-date information, of the financial and operational performance of any activity under its control.
•
Supervision: Systems of supervision and internal check e.g.. division of duties, independent checking of work, quality of control etc., should be maintained to ensure that breakdowns, including irregularities and fraud, or weaknesses within the operation are revealed at an early stage.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
47 INTERNAL AUDIT MANUAL
•
PART THREE
Reviews of Operational Effectiveness: management should regularly review the effectiveness and efficiency of operations under its control, and consider their continued relevance in the light of changing circumstances.
9. The particular controls which are used to achieve these objectives generally fit in one of the following categories: •
directive - to cause or encourage a desirable event to occur (for example, by establishing procedure for an operation)
•
preventive – to deter undesirable event (for example, by segregation of duties and authorization requirements)
•
detective – to detect and correct undesirable events that have occurred (for example, by establishing standard to detect various irregularities)
•
corrective –to correct errors that have been detected ( for example, by collecting an over payment to a vendor)
10. In practice, the distinction among these categories and types is often difficult to recognize because an effective internal control structure requires elements of each. Even the descriptions of each category of control can vary among individuals. However, regardless of how internal controls are organized or defined, they should not be thought of as alternatives to each other. They should be complementary. Any one control has advantages and disadvantages, so an effective internal control structure uses a mix of controls to compensate for the particular disadvantages of individual controls. 11. Controls can also be identified at three levels: organizational arrangements, basic controls and methods of supervising basic controls. 11.1 Organizational arrangements include: •
organizational structure
•
levels of authority
•
competence of staff
•
accounting records
•
documentation
•
management information
•
internal audit
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
48 INTERNAL AUDIT MANUAL
PART THREE
11.2 Basic controls include: •
Documentation: A public body must have written evidence of its internal control structure, including its objectives and control procedures, and all pertinent aspects of significant events and transactions. Also, the documentation must be available and easily accessible for examination by appropriate personnel and the auditors. Documentation of the internal control structure should include identification of an organization’s structure and policies and its operating categories and related objectives and control procedures. These should appear in documents such as management directives, administrative policies, procedures manuals, and accounting manuals. Documentation of transactions or significant events should be complete and accurate and should enable each transaction or event (and related information) to be traced from its inception, while it is in process, to after it is completed.
•
Pre-numbering originating documents, such as goods received notes, cash receipts and sales invoices, and accounting for all numbers. If the system provides that all transactions must originate and be authorized on specified forms, and these forms are sequentially numbered at the time of printing, then by controlling the issue of the forms and accounting for all numbers issued, the department can ensure that all authorized transactions are recorded in the books or that all missing numbers are identified. Such missing numbers then need to be investigated. For this purpose cancelled documents should be marked accordingly and retained. Originating documents from outside the department, such as purchase invoices, can be numbered serially as received and entered in a register. This numbering technique is designed to ensure that all transactions are accounted for, i.e. to secure the completeness of recording of transactions.
•
Prompt and proper recording of transactions and events: Transactions and significant events are to be promptly recorded and properly classified. Transactions and events must be promptly recorded when they occur if information is to maintain its relevance and value to management in controlling operations and making decisions. This applies to the entire process or life cycle of a transaction or event, including the initiation and authorization, all stages while in process, and its final classification in summary records. It also applies to promptly updating all documentation to keep it relevant. Proper classification of transactions and events is also required to ensure that reliable information is available to management. Proper classification is the organizing and formatting of information from which reports, schedules, and financial statements are prepared.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
49 INTERNAL AUDIT MANUAL
PART THREE
•
Maintaining total accounts: to provide an independent overall control over the ledgers to which they relate. Value totals of items to be processed are recorded in a control account and the balance on the control account is agreed periodically with the total of the balances on the appropriate ledger. Thus sales or purchase invoices are posted in total to the control account as well as being posted in detail to the appropriate ledger accounts. The total of the balances on the individual ledger accounts should then be reconciled with the control account balance at regular intervals and any differences investigated. This technique is designed to ensure the completeness and arithmetical accuracy of postings to the detailed ledgers, e.g. for debtors or creditors. However, it should be appreciated that it will not detect postings made in error to one detailed account instead of another in the same ledger, nor any incorrect amounts that are recorded in both the control account and the detailed ledger.
•
Detailed checking of one document or accounting record against another: for example, the comparison of a cheque drawn in settlement of an invoice with the relevant invoice and goods received note will provide assurance that the cheque has been accurately prepared and is a valid payment.
•
Authorization of documents after examination and checking by a responsible person before any further processing takes place. The authorization should be evidenced by the person’s signature on the document or the file copy thereof. This is the most common technique to ensure validity of transactions.
•
Verifying records with evidence from outside sources such as the regular comparison of the cash book with the bank statement. This technique can ensure the validity of transactions and the accuracy of the records.
•
Checking the records by verifying the physical existence of the assets to which they relate, such as continuous stocktaking, periodical surprise cash counts and periodic inspection of the items recorded in the fixed asset register. Such checking helps to ensure the validity of transactions and the accuracy of the records.
•
Scrutinizing or overall reviews to identify large or unusual items, which may not have been picked up by means of one of the other, control techniques. This technique may also identify errors, which have occurred in spite of the use of the techniques already mentioned.
11.3 Supervision of basic controls includes: •
Supervisory controls (final approvals by senior staff after detailed checking has occurred)
•
Segregation of duties (this ensures that no one individual handles a transaction from beginning to end)
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
50 INTERNAL AUDIT MANUAL
•
PART THREE
Physical controls (these mostly concern the custody and protection of assets)
Economic Use of Resources/Value for Money 12. Primarily, the responsibility of internal audit is to examine systems of control. Nevertheless, the auditor should look beyond controls to the relationship of expenditure to the objectives of the organization, e.g. cost effectiveness, utilization of resources. Effective Internal Control System 13. To be effective, internal controls must satisfy three basic criteria:•
They must be appropriate (that is, the right control in the right place and commensurate to the risk involved).
•
They must function consistently as planned throughout the period (that is, be complied with carefully by all employees involved and not bypassed when key personnel are away or the workload is heavy).
•
They must be cost effective (that is, the cost of implementing the control should not exceed the benefits derived).
Reasonable Assurance 14. Internal control structures are to provide reasonable assurance that the general objectives will be accomplished. Reasonable assurance equates to a satisfactory level of confidence under given considerations of costs, benefits, and risks. Determining how much assurance is reasonable requires judgment. In exercising that judgment, managers should:•
Identify the risks inherent in their operations and the acceptable levels of risk under varying circumstances; and
•
Assess risk both quantitatively and qualitatively.
15. Reasonable assurance recognizes that the cost of internal control should not exceed the benefit derived. Cost refers to the financial measure of resources consumed in accomplishing a specified purpose and the economic measure of a lost opportunity, such as a delay in operations, a decline in service levels or productivity, or low employee morale. A benefit is measured by the degree to which the risk of failing to achieve a stated objective is reduced. Examples include increasing the probability of detecting fraud, waste, abuse, or error; preventing an improper activity; or enhancing regulatory compliance.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
51 INTERNAL AUDIT MANUAL
PART THREE
16. Designing internal controls that are cost beneficial while reducing risk to an acceptable level requires that managers clearly understand the overall objectives to be achieved. Government managers may design systems with excessive controls in one area of their operations that adversely affect other operations. For example, employees may try to circumvent burdensome procedures, inefficient operations may cause delays, and diluted responsibilities may make it difficult to identify accountable individuals. Thus, benefits derived from excessive controls in one area may be outweighed by increased costs in other activities. Limitations of Internal Control Systems 17. However well designed, internal control systems are still vulnerable. Thus the presence of internal controls is no guarantee that their objectives will be fulfilled. Some of the obvious risks are:•
Abuse of authorization responsibilities
•
Collusion between two or more members of staff (thus negating the segregation of duties)
•
Collusion with interests outside the entity (e.g. with suppliers)
•
Fraud
•
Systems which present obvious opportunities for abuse
•
Failure of top management to act decisively on breaches of internal control systems
•
Destruction of evidence by those responsible for abuses
To maintain an internal control structure that would eliminate the risk of loss is not realistic and would probably cost more than is warranted by the benefit derived. 18. Because any internal control structure depends on the human factor, it is subject to flaws in design, errors of judgment or interpretation, misunderstanding, carelessness, fatigue, or distraction. While the competence and integrity of the personnel designing and operating the system may be controlled by selection and training, these qualities may alter due to pressures from within and outside the public body. Furthermore, no matter how competent the staff, the control they operate may become ineffective if they do not correctly understand their function in the control process or choose to ignore it.
Conclusion
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
52 INTERNAL AUDIT MANUAL
PART THREE
19. Complying with instructions and regulations is an important part of maintaining internal controls. But it is quite a small part of the picture. For healthy internal control systems the active involvement of management is needed. The following are some of management’s major responsibilities: •
Establishing compliance controls of two types (a) External Control to ensure compliance with rules established by bodies external to the entity (e.g. laws, proclamations and regulations) and (b) Internal Control to ensure compliance with rules established by management for the proper management of the entity.
•
Disseminating information to staff members so that they are familiar with Accounting Controls (e.g. understand the segregation of duties; authorization procedures; recording instructions, systems of internal check etc.) and know where to look for written procedural guidance for Administrative Controls.
•
Employing internal auditors to evaluate the status of controls and to report on their adequacy.
•
Improving controls and addressing weaknesses in response to the findings and recommendations of internal auditors.
•
Taking rapid and decisive action against those found guilty of breaking internal controls.
•
Informing staff of the presence of controls, of instances of detected abuse and of the penalties imposed, as a deterrent to further abuse.
•
Maintaining the effectiveness of the internal control system on a continuous basis.
Notes on preventive control 20. The types of control which management can deploy as preventive control include: Planning 20.1 Planning involves:•
Clear definitions of objectives and targets;
•
Forecasts of activity, operational requirements and external factors which may affect the achievement of objectives;
•
Specification of the desired level of control;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
53 INTERNAL AUDIT MANUAL
PART THREE
•
Setting of standards of performance;
•
Definition, wherever possible, of the outputs of a system and the criteria for measuring them;
•
Evaluation of different options for achieving objectives;
•
Anticipation of contingencies, and the devising of suitable action to take in response;
•
An indication of the relative priorities of objectives, targets and their related activities.
Organizing 20.2 Organizing involves: •
Clear and documented definition of the responsibilities of individuals and groups for resources, activities, objectives and targets;
•
Establishing clear reporting lines;
•
Finding the most efficient balance of duties between organizational groups: for example, headquarters and operations; management and staff; specialists and generalists;
•
Establishing the most effective spans of command;
•
Establishing effective means of communication throughout the public body;
•
Separating duties to avoid conflicts of interest or opportunities for abuse;
•
Avoiding undue reliance on one individual, particularly for internal control. Delegating Authority and Establishing Levels of Authorization
20.3
In large organizations, delegation of authority is made from superior to lower levels of management to permit improved decision-making. Delegation of authority has to be clear and related to the organizational responsibilities of the persons concerned. Delegations of authority are usually set according to the nature of activity delegated and the types of decision, which the manager may make without referring the matter upwards for permission from the immediate superior.
20.4
Levels of authorization are set to clarify the nature and limits of delegations of authority. Key features are:
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
54 INTERNAL AUDIT MANUAL
PART THREE
•
Setting of monetary limits for various types of decision.
•
Allocation of defined authority to particular managers for particular types of decision.
•
Segregation of delegated authority so that no one manager may commit the organization with respect to certain types of decision.
•
Checks to ensure that delegated authority is exercised as intended. Segregation of Duties
20.5
Key duties and responsibilities in authorizing, processing, recording, and reviewing transactions and events should be separated among individuals. To reduce the risk of error, waste, or wrongful acts and the risk of not detecting such problems, no one individual or section should control all key stages of a transaction or event. Rather, duties and responsibilities should be assigned systematically to a number of individuals to ensure that effective checks and balances exist. Key duties include authorizing and recording transactions, issuing and receiving assets, making payments, and reviewing or auditing transactions. Collusion, however, can reduce or destroy the effectiveness of this internal control technique. Staffing
20.6
Adequate staffing is essential for a system to function to its full capability. Weakness in staffing can lead to mismanagement, error and abuse, which can negate the effect of other controls. The major areas requiring attention are as follows: • Identification and review of the staffing needs: numbers, grades, experience and expertise levels. • Recruiting, selecting and training staff to meet the needs. • Monitoring performance of individuals and groups. • Staff development including training to achieve the full potential of staff.
20.7
Management and employees are to have personal and professional integrity and are to maintain a level of competence that allows them to understand the importance of
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
55 INTERNAL AUDIT MANUAL
PART THREE
developing, implementing, and maintaining good internal controls and to accomplish the general objectives of internal controls. 20.8
Management and their staff must maintain and demonstrate personal and professional integrity and ethical values, a level of skill necessary to ensure effective and efficient performance, and an understanding of internal controls sufficient to effectively discharge their responsibilities.
20.9
Many elements influence the integrity of Heads of public bodies and their staff. The tone at the top is important. Personnel should periodically be reminded of their obligations under an operative code of conduct that comes from top management. Counseling and performance appraisals are also important. Overall performance appraisals are also important. Overall performance appraisals should be based on an assessment of many critical factors, including the implementation and maintenance of effective internal controls. Access to and accountability for resources and records
20.10 Access to resources and records is to be limited to authorized individuals who are accountable for their custody or use. To ensure accountability, the resources are to be periodically compared with the recorded amounts to determine whether the two agree. The assets’ vulnerability should determine the frequency of the comparison. 20.11 Restricting access to resources reduces the risk of unauthorized use or loss to the government and helps in achieving the public body's directives. The degree of restriction depends on the vulnerability of the resource and the perceived risk of loss, both of which should be periodically assessed. The major aspects are:•
Access controls such as secure custody, identity cards, passwords and computer log-in.
•
Physical checks on assets and records such as taking of inventory, security inspections etc.
•
Environmental controls such as thermostats, health and safety inspections.
•
The locations chosen for activities, assets and records.
Supervision of Operations
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
56 INTERNAL AUDIT MANUAL
PART THREE
20.12 Supervision requires seniors to monitor the work done by their juniors. It covers aspects such as conformity with instructions, timeliness, completeness, propriety of actions, conformity with delegated authority, behavior etc. The scrutiny of work done by subordinates helps to ensure its quality. It provides a check that staff is performing according to the standards, needs and objectives of the public body. Providing Manuals, Instructions and Standard Formats 20.13 Public bodies directives and procedures should be documented. Staff should be aware of them and trained to ensure that they are followed. Written guidance and procedural manuals should be clear, unambiguous and easy to refer to. They should be accessible to all relevant staff. Management should check that they are read, understood and implemented. Guidance documents should be reviewed regularly. Changes should be brought to the attention of staff. Standards of documentation should be established and enforced to ensure an adequate information base for decisions. This enables management, auditors and other reviewers to follow the course of operations and transactions and to identify errors or poor performance.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
57 INTERNAL AUDIT MANUAL
PART THREE
SECTION II: EVALUATING INTERNAL CONTROLS
Introduction 1. Evaluating and reporting on internal controls for improvements is the internal auditor's main responsibility. This involves: •
identifying existing controls, documenting their characteristics and identifying the areas not covered by controls.
•
understanding the purposes of existing controls.
•
establishing criteria with which to judge the adequacy of internal controls.
•
testing controls to check whether they operate effectively (meet the criteria, achieve their purposes).
•
reporting to management on the operation of controls.
•
recommending remedial action where necessary to improve internal controls.
The aim is to provide the necessary assurance to management that controls are adequate in principle and practice. 2.
Criteria for evaluating controls are: relevance, cost of operation (both direct and indirect), feasibility, effectiveness in meeting control objectives, complexity/simplicity and adequacy.
3.
The internal auditor can use questionnaires to evaluate the internal control system of a public body. Internal control questionnaires and internal control evaluation questionnaires will be discussed in this section. Internal control questionnaires
4.
Internal control questionnaires (ICQS) are used to ask whether controls exist which meet specific control objectives. The major question which internal control questionnaires are designed to answer is ‘How good is the system of controls?’ Where strengths are not identified, the auditors will perform work in the relevant areas. If, however, weaknesses are discovered they should then ask what errors or irregularities could be made possible by these weaknesses.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
58 INTERNAL AUDIT MANUAL
PART THREE
5.
Although there are many different forms of ICQS in practice, they mainly comprise a list of questions designed to determine whether effective controls are implemented. Since it is the primary purpose of an ICQ to evaluate the system rather than describe it, one of the most effective ways of designating the questionnaire is to phrase the questions so that all the answers can be given as ‘YES’ or ‘NO’ and a ‘NO’ answer indicates a weakness in the system. Example of ICQs are given in Annex XIX - XXVII.
6.
One of the strengths of ICQs is that they facilitate the orderly evaluation of controls present in a system. A weakness of ICQs is that they can promote a somewhat standardized approach to evaluation. The answering of the question become an end in itself, rather than the means to an end. The auditors are concerned whether the controls do or do not prevent the possibility of material errors occurring. This is not always easy to determine with an ICQ where the questions are notionally of equal weight. In many systems a particular ‘No’ answer (Say, referring to a lack of segregation of duties) may cancel the apparent value of a string of ‘Yes’ answers. Each situation must be judged on its own merits and hence, although the ICQs are a standard pre-printed pack, they should be used with imagination. As using ICQs is a skilled and responsible task, the evaluation should be performed by a senior member of the audit team. Internal Control Evaluation Questionnaires (ICEQS)
7.
Internal Control Evaluation Questionnaires (ICEQS) are used to determine whether there are controls which prevent or detect specified errors or omissions. This is an evaluation technique more concerned with assessing whether specific errors (or frauds) are possible rather than establishing whether certain effective controls are present. This is achieved by reducing the control criteria for each transaction stream down to a handful of key questions (or control questions) whose characteristics is that they concentrate on the significant errors or commission that could occur at each phase of the appropriate cycle if controls are weak. Each key control question is supported by detailed control points to be considered in relation to key control question for the system. An example of ICEQ is given in annex XXVIII.
8.
Two types of test of controls can be identified: •
substantive tests (tests that check that the output of a system is correct e.g. that the financial statements have been correctly compiled in relation to the accounting records)
•
compliance tests (tests that check whether observed actions conform with the relevant regulations, requirements, instructions etc.)
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
59 INTERNAL AUDIT MANUAL
PART THREE
External auditors are more concerned with the former because they need to express an opinion on the reliability of the financial statements. Internal auditors are more concerned with the latter because their job is to advise the Head of the public body on the adequacy of internal controls. 9.
Compliance testing presents four major issues: •
what controls are to be checked.
•
what types of compliance test are to be carried out.
•
how much compliance testing to carry out.
•
determining the impact of errors etc. on the effectiveness of controls.
What controls to check? 10.
This is probably the most important of all audit choices. The auditor must understand the entity which is to be audited: its structure, locations, staffing, methods of work, resources, responsibilities, objectives and controls. The auditor must also understand that the resources available for carrying out the audit are limited. Then the fact that a choice is needed (of what controls to check) becomes more obvious.
11.
The key to this choice is the ability to distinguish what is relevant and important, from what is not. In deciding what is relevant and important the following may be considered: •
the amounts of money involved (for instance if 80% of expenditure is made up of 30 large transactions and the other 20% of 4000 transactions, a good audit coverage could be obtained by auditing all 30 large transactions and a sample of the 4000 small transactions. It would cover more than the 80% of expenditure by value, but a much smaller proportion by number of transactions checked).
•
the major responsibilities of the public body (for instance if the responsibilities of the public body lie in three main areas) a. with 60% of the expenditure; b. with 30% of the expenditure; and
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
60 INTERNAL AUDIT MANUAL
c.
12.
PART THREE
with the rest, the resources available for audit could be allocated in similar proportions and this would lead to controls being checked throughout the entity.)
•
the amounts and types of asset held by the public body (for instance if the public body holds large inventories or uses a large fleet of vehicles these may be the focus of compliance tests).
•
the areas of greatest risk (this is partly a reflection of the amounts of money involved as already discussed, but the choice is also influenced by the possible extent of losses. An indicator might be losses, frauds etc. uncovered by previous audits or by other means. The auditor has to gain some idea of the probability of loss and combine it with an idea of the amounts of money/resources which may be vulnerable to loss).
•
the areas where the management considers itself most vulnerable to loss, abuse etc.
•
procurement (this is inherently an area of high risk. The auditor must assess the importance of procurement relative to other activities of the public body. If procurement is important, the audit will have to reflect this).
•
the strength of internal control systems as revealed by previous audits (identified weaknesses will be the focus of tests of controls).
Using criteria of this sort the auditor should be able to explain why particular controls are to be checked intensively and why others are to be checked less intensively and why the audit takes a particular shape. What types of compliance test to carry out?
13.
The following are the major types of compliance check, the first being by far the most prevalent and in the majority of cases, the most important: •
Verification of documents - Each process leaves a documentary trail. This can be followed for all like transactions (e.g. all purchase invoices) or it can be followed throughout the entire history of a transaction (e.g. all purchases covering order, delivery, entry into stores, payable amount and payment and issue from stores). The one verifies whether a single process is operating correctly; the other whether linked processes are working correctly as a chain.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
61 INTERNAL AUDIT MANUAL
PART THREE
Possible verification techniques include: vouching (checking all the relevant details of sampled documents); confirmation by third parties (for example checking amounts payable to suppliers, or cash book transactions against bank statements); comparison of similar transactions (for example checking of a series of documents for similar signatures). •
Observation - Sometimes documentary evidence is missing or actual procedures differ from official instructions. Observation supplements verification of documents. It is necessary for example in counting physical inventory and the payment of wages when payment is made in notes and coin. It can also be used to see how safes and secure areas are managed and how documents are kept.
•
Enquiry/interview - Actual procedures may differ from designed procedures. Enquiry may be necessary to find out how staff members interpret and implement controls and necessary actions. Enquiry and interview throw important light on informal as well as formal procedures.
•
Re-performance - It may be possible to set up dummy transactions and to test how transactions are in fact handled. This allows comparison between controls as designed and controls in operation. Alternatively a task that has been verified as part of a system of internal control, may be re-verified by the auditor (for example checking the correctness of a bank reconciliation).
How much compliance testing to carry out? 14.
One hundred per cent checking is impossible because of limited audit resources. Selection is therefore necessary. The main selection criteria are: •
size of transaction (i.e. monetary amount).
•
risk to the entity.
•
importance to management.
•
"sensitivity" of the transaction (i.e. particular transactions such as entertaining expenses may be quite small but still important due to their sensitivity).
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
62 INTERNAL AUDIT MANUAL
15.
PART THREE
Let us assume that we employ only one of the above criteria (size of monetary amount) and that the audit concerns physical controls on the acquisition of materials to be used in construction contracts, the decision on compliance testing might be as follows: Purchase amount in 000 Birr 1-5 6-10 10-25 25-50 Over 50
% of cases to be examined 5 10 25 50 100
The result of this is that the intensity of compliance testing is related directly to the amounts of money involved. 16.
On the one hand more cases will give greater certainty about findings; on the other the larger the number of cases examined the higher the cost. Take for example an examination of vehicle log books. Ninety per cent of logbooks have been examined and audit findings established. What will be the likely effect on audit findings, if the final 10 % are checked? If the characteristics which are the subject of audit are evenly distributed throughout the universe of logbooks, the likely effect will approach zero. But if the logbooks in the final 10% of cases are quite different from the other logbooks (e.g. they are the logbooks of vehicles allocated to managers), the effect on audit findings could be considerable.
17.
If information systems are computerized (depending on the adequacy of these systems) the population of transactions subject to audit and their key characteristics can be down-loaded to the auditor's computer and manipulated so that sampling can take place. However, many systems lack the capacity for this. The auditor is left with less than ideal sampling methods: judgmental sampling and stratified sampling (an example is given in paragraph 15 above). Provided that sampling follows the basic criteria explained in paragraph 10 above, it will result in selective compliance checks proportionate to risk, and this is what is needed. Audit sampling
18.
The internal auditor can arrive at valid conclusion using audit sampling. 'Audit sampling' means the application of audit procedures to less than 100% of the items within an account balance or class of transactions to enable auditors to obtain and evaluate audit evidence about some characteristics of the items selected in order to form or assist in forming a conclusion concerning the population which makes up the account balance or class of transactions.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
63 INTERNAL AUDIT MANUAL
19.
PART THREE
It is important to recognize that certain testing procedures do not come within the definition of sampling. Tests performed on 100% of the items within a population do not involve sampling. Likewise applying audit procedures to all items within a population which have a particular characteristic (for example all items over a certain amount) does not qualify as audit sampling with respect to the portion of the population examined, nor with regard to the population as a whole, since the items were not selected from the total population on a basis that was expected to be representative. Design of the sample
20.
When designing the size and structure of an audit sample, auditors should consider the specific internal control objective the nature of the population from which they wish to sample, and the sampling and selection methods. When audit sampling is appropriate, considerations or other characteristics relating to that evidence assists internal auditors in defining what constitutes an error and what population to use for procedures; auditors may be concerned with matters such as whether an invoice was clerically checked and properly approved.
21.
To assist in the efficient and effective design of the sample, stratification may be appropriate. Stratification is the process of dividing a population into subpopulations, each of which is a group of sampling units, which have similar characteristics (often monetary value). The strata are explicitly defined so that each sampling unit can belong to only one stratum. This process can be used to reduce the variability of the items within each stratum. Stratification therefore enables auditors to direct audit effect towards the items which, for example, contain the greatest. Sample size
22.
When determining sample sizes, internal auditors should consider sampling risk and the extent to which they expect to find errors. Sampling risk arises from the possibility that internal auditors' conclusion, based on a sample, may be different from the conclusion that would be reached if the entire population were subjected to the same audit test.
23.
Sampling risk can be contrasted with non-sampling risk which arises when internal auditors use any audit procedures. Non-sampling risk arises because, for example, most audit evidence is persuasive rather than conclusive, or internal auditors might use inappropriate procedures or might misinterpret evidence and thus fail to recognize an error or irregularities. Internal auditors should attempt to reduce nonsample risk to a negligible level by appropriate planning, direction, supervision and review.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
64 INTERNAL AUDIT MANUAL
24.
PART THREE
If internal auditors expect errors to be present in the population, a larger sample than when no error is expected generally has to be examined. The size and frequency of errors is important in assessing the sample size. Large sample sizes arise, for the same overall error, if there are a few large errors compared to where there are many small ones. Smaller sample sizes result when the population is expected to be error free. If the expected error rate is high then sampling may not be appropriate. In determining the expected error in a population, auditors consider such matters as the size and frequency of errors identified in previous audits, changes in the public body's procedures and evidence available from other procedures. Selection of the sample
25.
Internal auditor should select sample items in such a way that the sample can be expected to be representative of the population in respect of the characteristics being tested. For a sample to be representative of the population, all items in the population are required to have an equal or known probability of being selected.
26.
While there are a number of selection methods, three methods commonly used are: •
random selection, which ensures that all items in the population have an equal chance of selection, for example by use of random number tables;
•
systematic selection, which involves selecting items using a constant interval between selections, the first interval having a random start. When using systematic selection, internal auditors ensure that the population is not structured in such a manner that the sampling interval corresponds with a particular pattern in the population; and
•
haphazard selection, which may be an acceptable alternative to random selection provided internal auditors are satisfied that the sample is representative of the entire population. This method requires care to guard against making a selection which is biased, for example towards items which are easily located, as they may not be representative.
Evaluation of sample results
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
65 INTERNAL AUDIT MANUAL
PART THREE
27.
It does not follow that internal control systems are ineffective, just because errors have been detected in them. A judgment is needed on the significance of errors and their frequency before any judgment can be made. For example, the signatures on purchase orders have been wrong for several months because of absence and temporary replacement of the concerned member of staff, without any change in authorized signatories. There is certainly a control weakness (not updating authorized signatories) but it may not be a serious weakness (for example if no adverse consequences could be detected because other compensating controls were working).
28.
Internal auditors therefore need to understand fully the implications of errors discovered. The common reaction to internal audit is that it is all about faultfinding. Internal auditors are seen as petty policemen. This perception has to be changed. One way to do this is to assess: •
the severity and frequency of errors discovered.
•
their impact on the integrity of the internal control system.
•
the actual evidence of loss, wastage, abuse etc.
•
whether internal control systems are at real risk.
29.
The internal auditor should consider the above situations and advise management accordingly.
30.
We do not want internal auditors to be ignored because of their previous reputations. We therefore require them to raise the alarm only when the alarm needs to be raised. This requires judgment and an approach similar to that given in paragraph 27. The nature of the alarm has to be proportionate to the severity of the problems discovered. To do this requires the internal auditor to restrain what may be customary impulses: •
taking undue pleasure from the discovery and reporting of errors.
•
regarding the discovery of errors as the final objective of internal audit.
•
walking away from helping management to take necessary remedial actions.
Instead, internal auditors have to exercise objectivity, tact and maturity in helping managers to understand the nature and severity of their internal control problems, and in advising on appropriate remedies. Of course an appropriate remedy cannot be in the form, "in future don't make such errors". That is why a risk based systematic approach to audit (Part II, Section Three) is so important.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
66 INTERNAL AUDIT MANUAL
PART THREE
SECTION III: AUDIT APPROACHES
Introduction
1. The history of auditing shows a gradual change over time, as different approaches to auditing emerged including: •
The vouching approach
•
The system based approach
•
The risk based systematic approach
2. These approaches will be described in this section. The vouching approach 3. The initial stage of audit was primarily based on the concept of vouching. This approach involved the checking of entries in the accounting records with the appropriate vouchers, i.e. the documentary evidence. It was very common for the auditor to check in detail a substantial portion of all documentary evidences before concluding the audit. For instance, audit programmes under the vouching concept of audit would normally specify rigidly predetermined testing volumes unrelated to the particular situation, such as “vouch three months purchase invoices”. 4. Under the vouching concept of audit the apparently extensive coverage was exceptionally shallow, being confined to one “horizontal plane” of entries all of an identical nature. Tests at any particular stage were unrelated to any other state. For example, auditors may vouch a vast number of day book entries against supplier’s invoices (all tests being in the same “plane”, hence the term “horizontal”), without considering the need to test these entries against purchase orders or any other documents related “vertically”. 5. Each transaction or event is considered on its own as unrelated phenomena and checked for its validity. The defects of this approach are readily evident: •
it would be, in the majority of cases, extremely time - consuming as well as being extremely costly.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
67 INTERNAL AUDIT MANUAL
PART THREE
•
it would prove little about 'Completeness' of financial records since the internal auditor would only be checking transactions or events which are disclosed.
•
all transactions or events, however insignificant, have an equal opportunity of audit which results in audit of trivial matters but leaves significant matters unaudited.
•
the events/transactions which are subject to audit are treated as unrelated phenomena, not as components of systems.
•
the results of audit findings tell us how many transactions etc. were found to be defective and the types of defect found, but tell us nothing about the systems which were "responsible" for the errors.
•
gives no assurance that major systems are working as intended.
6. With the mushrooming of large groups of companies and conglomerates and the defects of the vouching approach, it soon become obvious that auditors would have to adopt a far more scientific approach to their work if they were to justify the relatively small number of audit tests carried out in relation to the enormous growth in the volume of transactions. This led to the emergence of the systems based approach to auditing. The system based approach 7. The system based audit approach correctly incorporates the principle that the nature and depth of audit tests should take into account the extent to which the system of internal control in operation “audits itself”. 8. In the system based approach, the internal auditor examines and tests the public body’s internal control systems to see whether they are appropriate and effective for the public body to achieve its objective. The system of internal control in force determines the nature, the extent and the timing of subsequent audit tests to be executed. 9. Generally, in a system based approach a much smaller number of audit tests are required to be carried out in relation to the enormous volume of transactions and in contrast to the extensive coverage under the traditional vouching approach to audit. The justification for the relatively smaller number of audit tests lies in the auditor placing reliance on the control in the “system”.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
68 INTERNAL AUDIT MANUAL
PART THREE
Procedures of the system based approach 10. The system based approach is a procedure whereby the internal auditors identify, ascertain, record and confirm the system of a public body operations and establish the objective of the control designed in the system and evaluate the appropriateness and effectiveness of the control in achieving the objective of the system. 11. A system is defined by the Institute of Internal Auditors as "an arrangement, set or collection of concepts, parts, activities and/or people that are connected or inter-related to achieve objectives and goals". A public body has systems for managing personnel, recording and reporting financial data, acquiring inputs from suppliers, etc. Each system is made up of a number of smaller components (procedures, steps, checks, reviews, reports, decisions etc.). Clearly a system is as good as its components, and will not achieve its objectives unless the components are properly linked and controlled. The system components 12. Systems vary in nature and purpose (systems for procurement, inventory, recruitment, accounting, etc.). Systems are designed and their operations monitored in order to enable the organization to meet its objectives. Resources (inputs) are processed to provide results (outputs) in accordance with predetermined purposes (objectives). Systems can be thought of as having five basic components:
objectives inputs processes outputs controls
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
69 INTERNAL AUDIT MANUAL
PART THREE
Objectives 13. Objectives are statements of what is to be achieved. Each system within the public body has its own objective: a) procurement systems are to procure items of adequate quality at lowest cost. b) financial reporting systems are to inform decision-makers of essential facts about the financial performance and status of the entity. c) stores systems are to control their receipts and issuances, to make them available in relation to need and to protect the items held. 14. Different systems should be coherent and mutually supportive (e.g. payroll and accounting). However, where objectives are contradictory this may not be possible (e.g. cost reduction may not be compatible with achieving maximum impact). Managers of public bodies may need to think more about systems and their objectives, as simply complying with regulations is only part of their job. Inputs 15. Inputs are the resources used by the system (e.g. salaries are paid to secure the services of staff). Inputs may include staff time, materials, services, supplies, information and so on. Process 16. Processing is the conversion of inputs to produce outputs. Public bodies have numerous processes (e.g. authorization actions, purchasing supplies, issuing inventory, controlling the quality of work etc.). Outputs 17. Outputs are the products, effects and achievements of a system which result from the processing of inputs. Some outputs are intermediate (e.g. invoices paid, staff recruited, suppliers evaluated, stores items issued). Others are final (e.g. services rendered to clients). Outputs are affected by quality factors such as their timeliness, suitability and usefulness and the degree to which they are adapted to the needs of clients.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
70 INTERNAL AUDIT MANUAL
PART THREE
Controls 18. Controls are actions taken or procedures established by management to ensure that outputs meet the objectives of the entity. Examples include authorizations, inspections, physical checks, documentary checks, reviews of performance, reviews of the quality of the services supplied. Understanding the systems 19. Internal Auditors must fully understand the systems that they audit. They gain the necessary understanding in four ways: •
by ascertaining the system. This is the step where the Internal Auditor researches the system by examining various reference materials;
•
by recording the system that they have ascertained. This involves using suitable techniques, both written and diagrammatic, to assist the Internal Auditors to understand the system as a whole and the elements within it;
•
by confirming that the understanding of the Internal Auditor is correct; and
•
by establishing the objectives of each of the system’s internal controls.
Each of these aspects will be examined in this Section. Ascertaining the system 20. The main components of systems have already been outlined. To ascertain systems the internal auditor has a large range of sources (e.g. staff directive, organization chart, financial regulation, budget document etc.). In practice, the internal auditor should refer to all relevant and reliable sources as possible. The following approach is recommended: •
Identify and agree the objectives of the system with managers.
•
Obtain as much relevant and reliable written information regarding the system as is possible.
•
Carry out interviews with relevant managers and staff members to confirm understanding.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
71 INTERNAL AUDIT MANUAL
PART THREE
21. The objective of systems should be consistent with the aims and objectives of the public body as a whole. In most cases, the internal auditor may have to identify the system objective from scratch because of absence of written instructions. Here are some commonly found systems with a description of their objectives: •
Procurement system - procuring the right quality and quantity of items at the right time, and reasonable cost, from the most appropriate source.
•
Financial reporting system - to effectively produce financial statements required by the Ministry of Finance on behalf of the Government and donors on time and with no material errors.
22. Interviewing managers and staff members helps the internal auditor to understand how the systems work in practice. Interviews can be undertaken formally or informally. However they are undertaken, they should be: •
planned in advance;
•
conducted professionally; and
•
the findings summarized and agreed with the interviewee.
Conclusions made on the basis of interviews may sometimes be unreliable unless cross-checked against other information (such as the outcome of other interviews). Recording the system 23. The internal auditor should record the system and how it works. There are two principal ways of recording the system: •
written, narrative notes of the system and its components.
•
a diagrammatic flowchart of the system.
24. The Internal Auditor should have full understanding but should be wary of the danger of drawing flowcharts which are not needed. The auditor's written narrative should cover the system and its components. The notes can form the basis for a flowchart. The notes should be clearly structured so that others can understand them.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
72 INTERNAL AUDIT MANUAL
PART THREE
25. Flowcharting is the accepted method of recording systems and internal controls. When the internal auditor prepares flowcharts, they should be based on narrative notes. Well-written flowcharts are designed to leave no doubts as to the nature of the system recorded. The main advantages of using flowcharts are: •
the system is presented in a logical sequence, rather than in discrete, and unrelated elements
•
the interrelationships within the system become clear
•
the flowchart enables the system to be understood quickly
•
the flowchart serves as a permanent record, and can be easily verified or updated as necessary.
Confirming the system 26. At this stage the systems will probably have been recorded on the basis of a verbal description provided by management. However, the tendency is to describe the systems, as they should operate, rather than how they actually operate in practice. It is only human nature to cut corners, but often this weakens the controls, which have been built into systems. 27. To overcome this, it is necessary, having recorded the system, to select sample of transactions and to conduct a "walk through test". A walk-through test involves tracing one or more transactions through the accounting system and observing the application of relevant aspects of the internal control system. In this way any departures can be identified and recorded. Thus an accurate picture can be obtained of how the systems work in practice. Establishing the control objectives of the system 28. The internal auditor should establish the objectives of the systems recorded to ensure that the control objectives are appropriate. Control objectives should be specific so that it is possible to evaluate whether or not they are being achieved. Consequently, generalizations such as “to ensure that support services are adequate” should be kept to a minimum. Control objectives should reveal the purpose of the control, not the means used to carry it out or the control itself. Internal controls and their evaluations are discussed more fully in the next two sections.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
73 INTERNAL AUDIT MANUAL
PART THREE
Evaluate the controls 29. Methods of evaluating internal control systems by questionnaire and flowcharts have obvious limitations. The former does not discriminate between different controls in terms of importance; neither do they specify objectives for the system as a whole. A flowchart depicts a system but is neutral as regards its evaluation. The internal auditor can form an opinion by looking at a flowchart but it will not be a structured assessment and will vary according to the experience of the internal auditor. The outcome of this stage is to find out whether internal check and other control factors exist. It is also important to identify any weakness in controls due to absence of internal check and other control factors. At the same time, it may be possible to locate inefficient or unnecessary procedures. Evaluations of internal control are discussed in Part Three Section II in detail. Conclusion and report 30. Based on the result of the evaluation of internal control system the internal auditor can reach to conclusions whether the current control system is efficient and effective in achieving the public body's stated objectives. Furthermore, the internal auditor should give recommendations on those internal control systems areas where weaknesses are observed and improvement is needed. 31. Finally, the internal auditor is required to report the weaknesses in the internal control, the conclusions reached and recommendations made for improvements. Weakness of the system based audit approach 32. It is axiomatic that controls in any organization should be commensurate with its risks because, excessive controls result in unnecessary costs whereas inadequate controls lead to unacceptable exposures. Excessive controls would lead to high costs which may not be commensurate with the advantage accruing to the Organization, namely, the prevention of possible loss arising from the operation of the relevant control. 33. The evaluation of internal controls is a complex task calling for great skill. Each Organization will have different internal control requirements and any given control level may be achieved in a variety of ways. There appears to be no definite standard against which to judge what is appropriate and effective internal control.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
74 INTERNAL AUDIT MANUAL
PART THREE
34.
It is important to recognize that management may circumvent or override internal controls. It is critically important to recognize that illegal and improper activities can and will occur regardless of the strength of internal controls, because no system has yet been devised that can withstand collusive behavior or circumvention by management.
35.
There are inherent limitation on the effectiveness of any system of internal control. No system of internal control, however elaborate, can by itself guarantee efficient administration and completeness and accuracy of the records; nor can it be proof against fraudulent collusion, especially on the part of those holding positions of authority or trust. In particular, internal controls that depend on segregation of duties can be avoided by collusion. The internal controls that depend on authorization can be abused by the person in whom the authority is vested.
36.
Critics of the system based audit approach have pointed out that it is cold and clinical and ignores what is generally referred to as “management style”. That the application of this approach is common to all types of management; it does not recognize the underlying philosophy and motivation of the management.
37.
In recent years, a further evolution has taken place. The great wave of litigation charges against external auditors coupled with soaring audit costs have led individual audit firms to develop systems of quality control and also research into new methods of auditing. Recognition of the need to improve the excellence of audit together with emphasis on reduction in unproductive time spent on audit has led to the emergency of risk based auditing. Risk based systematic approach
38.
The risk based systematic approach to auditing is the most effective of all the other approaches. It requires the internal auditor to assess the relative vulnerabilities of the systems and identify those systems which are more risky than the others and should, therefore, be audited sooner and more often. This approach includes identification of the system (which is covered under system approach above), identification of relevant risk factors, and assessment of their relative significance. Risk
39.
Risk refers to the possibility of a system having so poor internal control that the public body does not achieve its objectives effectively and efficiently. The effect of risk can involve: •
Failure to adhere to public body's policies, plans, and procedures, or not complying with government's laws and regulations; MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
75 INTERNAL AUDIT MANUAL
PART THREE
•
An erroneous decision from using incorrect, untimely, incomplete, or otherwise misleading information;
•
Acquiring resources uneconomically or using them inefficiently or ineffectively;
•
Failure to adequately safeguard assets of the public body;
•
Failure to accomplish established objectives and goals for operations or programs.
Risk factors 40.
Risk factors are the criteria used to identify the relative significance of, and likelihood that, conditions and/or events may occur that could adversely affect the public body. The risk factors utilized should be sufficient to provide a comprehensive risk assessment.
41.
Risk factors may include :
42.
•
Adequacy and effectiveness of the system of internal control.
•
Competence, adequacy, and integrity of personnel.
•
Asset size, liquidity, or transaction volume.
•
Complexity or volatility of activities.
•
Geographical dispersion of operations.
•
Organizational, operational, or economic changes.
•
Acceptance of audit findings and corrective action taken.
The Head of Internal Audit may decide to weigh the risk factors to determine their relative significance. The weighing of risk factors reflects the Head's judgment of the relative impact that it may have on selecting a system for an audit. This section is not intended to prescribe a rigid process that specifies how risk assessment must be conducted. However, steps of risk assessment and example of calculation of the Risk Index is provided in Annex I.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
76 INTERNAL AUDIT MANUAL
PART THREE
Risk assessment 43.
Risk assessment is a systematic process for assessing and integrating professional judgments of the probable adverse conditions and/or events. Risk assessment process is crucial to the development of effective audit work schedule. In developing an audit work schedule, the Head of Internal Audit should allocate the resources of the Internal Audit department in a manner that gives appropriate consideration to the various risks confronting the public body. The Head should generally assign higher audit priorities to systems with higher risks.
44.
The Head of Internal Audit can obtain information from a variety of sources for the risk assessment process. Such sources include: •
Discussion with the management of public body;
•
Discussion with external auditors;
•
Consideration of applicable government laws and regulations;
•
Review of prior audits.
45.
Audit priorities determined through the risk assessment process may be reviewed and updated continuously. There should be a periodic assessment of the effect of any major changes of the system or related risk factor which have occurred since the audit work schedule was prepared.
46.
To summarize, internal auditors using the risk based systematic approach should:•
Identify and record the objectives of the system, risks and controls;
•
Establish the congruence of the objectives with higher-level corporate objectives;
•
Evaluate management's risk analysis, taking account of their acceptance of specific risks;
•
Evaluate the controls to decide whether or not they are appropriate and can be reasonably relied upon to achieve their objectives;
•
Systematically assess the probable exposure of the public body by taking into account the risk factor;
•
Identify instances of over-control;
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
77 INTERNAL AUDIT MANUAL
47.
48.
PART THREE
•
Determine an appropriate strategy to test the effectiveness of risk management and controls;
•
Arrive at conclusions and report, making recommendations as necessary and providing an opinion on the effectiveness of risk management and control in the audited area.
Advantages of the risk based systematic approach include:•
The systematic assessment of risk of the public body enables the internal auditor to have a profound knowledge of the public body;
•
The approach focuses the audit on the high risk areas which are material to the public body;
•
The approach adds value to the audit;
•
The approach tends to make the Head of the internal audit and senior internal auditors much more involved in the planning stage of an audit assignment.
To summarize, the development of auditing can be traced from the traditional vouching approach to the system based approach and then to the risk based approach each of which is not at the exclusion of the other. The system based approach contains the concept of vouching, but in digestible portion, just as the risk based approach contains one of the inputs of the system based approach, the evaluation of the internal control system.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
78 INTERNAL AUDIT MANUAL
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
PART THREE
78 INTERNAL AUDIT MANUAL
PART THREE
SECTION IV PLANNING AND CONTROLLING INTERNAL AUDIT
PLANNING Introduction
1.
Planning is an essential element in the audit process. This section deals with the aspects of planning, the level of plans involved, their preparation and characteristics in general. The responsibility of planning the audit lies with the Head of the Internal Audit department. Audits require adequate planning for a variety of reasons.
2.
The major ones include:-
3.
•
It helps to define the objectives and scope of the audit.
•
It provides a basis for allocating adequate resources in terms of human and other resources.
•
It provides a basis for communicating to the Head of the public body and its likely demands.
•
It provides a base line for assessing, monitoring and controlling the progress of each audit.
•
It enables the audit to be carried out more efficiently and effectively.
Planning is not simply a process of scheduling a set of mechanistic audit operations. It involves in general establishing objectives, understanding systems, prioritizing the audit works including extent of work (deciding on auditable activity or area based on risk assessment), determining resource allocation and other issues. The operational standards No. 500 of the Internal Audit Standard of Government of Ethiopia deals with, in detail, the planning aspects of the internal audit. It requires the preparation of :• • •
strategic plan - usually the 5 – year plan. periodic plan – the annual plan. planning of individual audit assignments.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
79 INTERNAL AUDIT MANUAL
PART THREE
Strategic plan 4.
The first level of planning is the preparation of the strategic plan, the duration of which is set to be 5 years. The necessary criteria for the preparation of strategic plan differ from one audit approach to the other. It therefore appears useful to mention the basic criteria for the preparation of strategic plan at different audit approach for internal auditors in order that they can apply them in line with their stage of development. It follows that in the vouching (traditional) audit approach the internal auditor intends to check all documentary evidences of an entity as far as possible. In the system based audit approach the intention was changed to evaluation of the internal control of all systems of the entity. In the emergence of the risk based systematic audit approach the internal auditor commences to prepare a strategic plan in which the risk materiality of the systems is ranked and their scheduling together with the resource required is determined.
5.
In the vouching (traditional) audit approach the internal auditor checks in detail a substantial proportion of all documentary evidences before reaching his conclusion. When it becomes impossible to check all documentary evidences due to the volume of transactions, the internal auditor designs audit programmes which normally specify rigidly predetermined testing volumes unrelated to the particular situation such as "vouch three months of purchase invoices."
6.
In the system based audit approach the internal auditor evaluates the internal control systems of an entity by giving equal weight to all systems. In this approach a much smaller number of tests are required to be carried out in contrast to the extensive converge under the traditional vouching audit approach. The level of testing under this approach would be primarily guided by two determining factors which are the frequency with which a control is performed and the type of tests. The more frequently the control is performed the more it will need to be tested. Testing which requires re-performance would necessitate substantially lower level of tests than testing which requires examination of evidence.
7.
The important characteristic of the strategic plans prepared under the risk based systematic approach is that it should be made on the basis of risk and materiality assessment with a view to systematically prioritize audit work. The strategic plan prepared under all approaches has the following characteristics; •
It should be developed to meet the needs of the public body i.e. it should be value adding;
•
It should be flexible for subsequent improvements and reviews;
•
It should establish long term resource and skill requirement and allocation issues;
•
It should describe major audit assignments and overall audit techniques selected;
•
It should provide basis for other levels of planning. MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
80 INTERNAL AUDIT MANUAL
8.
PART THREE
Preparation of strategic plans •
Identifying and understanding of the systems of the public body, its operations and environments in general;
•
Assessing the risks and materiality issues involved in those systems using risk factors and ranking of those systems based on the assessment. This will enable the auditor to prioritize between systems and identify vulnerable /riskier/ systems with the objective of auditing them sooner and more often;
•
Once the risk materiality is assessed and ranked, the next step is determining audit and their scheduling over the strategy period (5 years). This involves determining which system to be audited, audit objectives, their frequency, timing, type and nature of audits and audit techniques to be followed, and other issues;
•
Determining the long term resources needed to achieve the strategic plan with regard to adequacy of staffing both in quantity and quality. Long term knowledge upgrading such as training should be addressed to increase the quality of staff. Consideration of the use of experts of both internal and external sources, where required, should be planned as well.
Periodic plan – Annual plan 9.
The strategic plan is then used as a basis to prepare periodic work plans. The annual plan is prepared by the Head of the Internal Audit in consultation with the audit staff by breaking the strategic plan into periods of audit i.e. usually a year and is put forward to management of the public body for approval. Performances Standard No. 520 of the Internal Audit Standard of Government of Ethiopia deals with the developing of periodic audit plans. The objectives of this plan is to implement the strategy by detailing it further within the period (a year). It also puts emphasis on resource allocation. In translating the 5 year plan into the annual plans, care should be taken as to whether the assumptions and judgments that underpin the 5 years plan are still valid. The following points thus have to be considered in this regard: •
Risk assessment and prioritization is still valid (for risk based systematic approach);
•
Changes in the activities and system of the public body;
•
Changes in the resources availability;
•
Any audit works brought forward (not carried out) in previous year; MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
81 INTERNAL AUDIT MANUAL
•
PART THREE
Emerging audit needs like newly established activities and systems, areas seen by management requiring attention, activities where there have been allegations of wrong doing or inefficiency etc.
10.
Therefore the annual plan should be kept under review to identify and reflect changing priorities, resource allocations, timing issues and other emerging audit needs. The annual plan should sufficiently set out the details of the assignments so that management understands the purpose and scope of the assignments. The plan should establish resource and skill requirements and set relative priorities for each assignment. It thus matches available resources and the audit assignments.
11.
Preparation of annual plans •
Taking into account of the re-appraisal of risk assessment and prioritization, select appropriate audit assignments and respective audit techniques for the period under review (one year);
•
Assess the total time required for each audit assignment and the total time available in the period;
•
Schedule the audit assignments into weeks considering reporting requirements. The format could be in charts (gant chart), or notes;
•
Determining communication of audit results – reporting requirements. This involves identification of users, the manner of reporting and the frequency and timing of reporting;
•
Review staff and other resources allocations over the period of audit assignments taking into account: •
The quantity and experience level of staff;
•
The nature and complexity of the audit assignment;
•
The time constraints;
•
The knowledge, skill and discipline of the staff;
•
Other issues such as consideration of use of external resource in instances where additional knowledge, skill and disciplines are needed, training study time, leave period and other commitments, etc.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
82 INTERNAL AUDIT MANUAL
12.
PART THREE
After considering the above and other issues that could influence audit assignments, the periodic/annual/audit plan is prepared and forwarded to management or Audit Committee for approval. This process allows the management or the Audit Committee to review the plan to place emphasis upon areas that may be of particular interest. The next step in the planning process, is the planning of each individual audit assignment based on the approved annual audit plan. Planning Audit assignments
13.
For every audit assignment a detailed plan of work should be prepared. The plan should establish detailed objectives of the assignment, resources requirement, outputs, target dates and other issues. The plans have to be discussed with Head of the public body or Audit Committee and agreed upon. This enables to take into account any concerns of the Head of public body and Audit Committee over policies, procedures and operations in the relevant audit area.
14.
On the basis of the strategic plan and especially the annual plan the detailed plan is prepared. It includes: •
The scope, objectives, extent and priority of audit work depending on risk assessments;
•
The schedule and timing (starting and finishing dates) and reporting issues as well (when, how, to whom);
•
Detailed staff and resource allocation for each aspect of the audit assignment. This includes the number, experience level, knowledge and skill level of staff;
•
The need for expertise from external/internal sources;
•
Narration of special aspect of audit to be carried out (as needed);
•
Documents that ascertain that an understanding is reached concerning the operations/activities to be audited;
•
An audit program;
•
Documents of review of plans by management;
•
Other issues as relevant.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
83 INTERNAL AUDIT MANUAL
PART THREE
Preparation of Audit Assignment Plans 15.
Obtaining background information about the activities to be audited. 15.1 A review of background information should be performed to determine the impact on the audit. Such items include: •
Mission statements, goals, and plans.
•
Organizational information, e.g. number and names of employees, key employees, job descriptions, policy and procedure manuals, and details about recent changes in the organization, including major system changes.
•
Budget information, operating results, and financial data of the activity to be audited.
•
Prior audit working papers.
•
Results of other audits, including the work of external auditors, completed or in process.
•
Correspondence files to determine potential significant audit issues.
•
Authoritative and technical literature appropriate to the activity.
15.2 Other requirements of the audit, such as the audit period covered and estimated completion dates, should be determined. The final audit report format should be considered, since proper planning at this stage facilitates writing the final audit report. 16.
Establishing audit objectives and scope of work •
Audit objectives are broad statements developed by internal auditors and define intended audit accomplishments. Audit procedures are the means to attain audit objectives. Audit objectives and procedures, taken together, define the scope of the internal auditor’s work.
•
Audit objectives and procedures should address the risks associated with the system under audit. The risk based systematic approach to internal audit is discussed in part two section one in detail.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
84 INTERNAL AUDIT MANUAL
17.
PART THREE
Writing the audit program 17.1 To achieve audit objectives of each assignment it is essential to develop an audit program. It is the link between the survey and the actual audit work. Audit program serves as a guide for the actual audit and provides a means of monitoring and controlling the progress and completion of the audit. It also helps as a basis for assigning each aspect of the audit assignment. In addition, it provides a record of the work done. 17.2 Audit programs should:
18.
•
Document the internal auditor’s procedures for collecting, analyzing, interpreting, and documenting information during the audit.
•
State the objectives of the audit.
•
Set forth the scope and degree of testing required to achieve the audit objectives in each phase of the audit.
•
State the nature and extent of testing required.
•
Be prepared prior to the commencement of audit work and modified, as appropriate, during the course of the audit.
Communicating with all who need to know about the audit 18.1 The head of internal auditing is responsible for determining how, when, and to whom audit results will be communicated. This determination should be documented and communicated to management, to the extent deemed practical, during the planning phase of the audit. Subsequent changes which affect the timing or reporting of audit results should also be communicated to management, if appropriate. 18.2 An entry conference should be held with management or audit committee responsible for the activity being examined. Topics of discussion may include: •
Planned audit objectives and scope of work.
•
The timing of audit work.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
85 INTERNAL AUDIT MANUAL
18.3
19.
PART THREE
•
Internal auditors assigned to the audit.
•
The process of communicating throughout the audit, including the methods, time frames, and individuals who will be responsible.
•
Business conditions and operations of the activity being audited, including recent changes in management or major systems.
•
Concerns or any requests of management.
•
Matters of particular interest or concern to the internal auditor.
•
Description of the internal auditing department’s reporting procedures and follow up process.
A summary of matters discussed at meetings and any conclusions reached should be prepared, distributed to individuals, as appropriate, and retained in the audit working papers.
Obtaining approval of the audit work plan 19.1 Audit work plans should be approved in writing by the management or audit committee of internal audit prior to the commencement of audit work . 19.2 Adjustments to audit work plans should be approved in a timely manner. Initially, approval may be obtained orally, if factors preclude obtaining written approval prior to commencing audit work.
CONTROLLING AUDIT ASSIGNMENTS 20.
Internal audit have objectives, and to ensure that its objectives are achieved, the work should be controlled at each level of the audit to ensure that a continuously effective level of performance that comply with standards is being maintained. This is the scope of quality assurance dealt with in Performance Standard No. 1100 of the Internal Audit Standard of Government of Ethiopia. It involves the management of audit assignment in aspects of supervision and review to assure the quality of the work. Supervision of Audit Assignment
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
86 INTERNAL AUDIT MANUAL
21.
PART THREE
The overall management supervision of audit assignments should be continuously carried out to monitor progress and assess quality of work and coach staff. Supervision should include: •
Ensuring compliance with internal auditing standards, the public body’s policies and audit plans and programs.
•
Reviewing the allocation of work tasks based on the experience training and proficiency of staff. It extends to providing training and skill upgrading courses.
•
Ensuring adequate planning and providing suitable instructions and briefings of audit staff at the outset of an audit.
•
Approving audit objectives and work plans.
•
Ensuring that audits are conducted as planned or that variations are approved.
•
Ensuring that appropriate audit techniques are used.
•
Ensuring that full and adequate working papers are maintained that properly document the work carried out and the conclusions arrived at along with recommendations are adequately supported by relevant evidences.
•
Maintaining a system of review along with quality control procedures whereby the work of each member of the assigned audit staff is reviewed by a senior member.
•
Ensuring that reports are accurate, objective, clear, concise and timely.
•
Ensuring that the work is achieved within resource budgets or variations are approved.
•
Using audit completion check lists to ensure that important issues are not overlooked.
•
Maintaining employee performance evaluations predetermined performance measures and criteria.
based
on
Quality Reviews of Audit Assignment 22.
Another aspect of quality assurance is review. Quality reviews should be performed by both internal and external parties to appraise the quality of the audit assignments that are carried out as well as ongoing assignments, so as to take corrective measures on time, and to appraise the efficiency and effectiveness MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
87 INTERNAL AUDIT MANUAL
PART THREE
of the staff engaged in the audit assignment and to provide guidance for future audit assignments.
Internal Quality Review 23.
This type of review should be undertaken by an experienced member of the internal audit function. The review should indicate the degree of compliances with Internal Audit Standards, policies, plans and guidelines. In addition, it should show the effectiveness and efficiency of the audit assignment and the audit staff. It should also provide for recommendations for improvement.
24.
Internal Reviews should appraise:
25.
26.
•
The quality of audit work – from planning to conclusion of the audit.
•
The quality of supervision.
•
Compliance with standards, policies and plans, procedure manuals and guidelines.
•
The achievement of performance standards/indicators
The reviews could be undertaken at three stages of the audit process: •
At the planning stage – to ensure that the audit assignment is adequately planned with satisfactory quality.
•
During the audit (interim review) – to ensure that the audit is progressing in a manner of satisfactory quality, to identify where changes are required and review other issues like man power allocation, etc.
•
At the completion stage – to ensure that the audit has been satisfactorily performed in all aspects.
These reviews should be documented and kept in working papers. See attached review sheets under annex VI-VIII. External Quality Review
27.
This review is undertaken by persons who are independent of the public body. The review is carried out to assess the performance of Internal Audit Department. As it is stated in the Internal Audit Standard of Public Bodies of Government of Ethiopia such reviews should be conducted within a reasonable period of time depending on various issues. MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
88 INTERNAL AUDIT MANUAL
28.
PART THREE
External quality review should appraise: •
The terms of reference of the internal audit function.
•
The independence and objectivity of internal audit.
•
The efficiency and effectiveness of the approach in formulating the audit strategy and plans.
•
The quality of audit work by selecting sample audit assignments. The review here includes all aspects of the audit process i.e., from planning to conclusion.
•
Compliance with Internal Auditing Standards policies, plans and procedure manuals.
•
Achievement of performance standards/indicators
Significance of Audit Programs in Controlling Audit Assignments 29.
The audit program provides a means of monitoring the progress of audits. It is not always possible to stick to each aspect of the audit program. Time estimates may have been wrong, unforeseen events may occur, judgments and assumptions may prove to be wrong, etc. All these would lead to amendment of audit programs and respective audit works. Therefore, original audit programs as amended due to subsequent events will be valid throughout the audit.
30.
Audit program helps to plan and budget time available with the objective of setting a framework of control in which planned and actual time is compared. In addition, audit programs provide the starting point for discussions between the head of internal audit and the auditors carrying out the audits. The auditor in charge can indicate how the audit is progressing, whether it is on track, whether unexpected problems have arisen and the likely chances of completing the program as planned. The reviewers can keep abreast of progress, observe quality of work, obtain an interim understanding of the audit findings and take corrective actions (eg. Allocating more time to particular aspects; adjust the location and intensity of compliance checks in relation to interim review findings, etc.). In particular, it will be possible for reviewers to assess whether tests conducted provide sufficient evidence for the development of reliable audit findings.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
89 INTERNAL AUDIT MANUAL
PART THREE
SECTION V : DOCUMENTING INTERNAL AUDIT
1.
Internal audit is a systematic process, which must be carried out with due care and attention. Audit findings must be supported by sufficient evidences. Consequently, record keeping is very important indeed. It provides a trail of verifiable evidence.
2.
Documenting is made possible through the use of working papers. Working papers are the records kept by the auditor of the procedures applied or followed, the tests performed, the information obtained and the pertinent conclusions reached.
3.
As per the Performance Standard No.710 of the Internal Audit Standard of the Government of Ethiopia, the internal auditor should prepare working papers, which provide the principal evidential support for the audit report and demonstrate the internal auditors’ compliance with the internal audit standards and support for audit conclusions reached.
4.
Specific objectives of documenting the internal audit assignments are it:•
Provides a historical record of the information collected during the conduct of audits.
•
Provides a record of the audit tasks performed.
•
Identifies audit objectives and methods chosen as a basis for planning future audits and for review purposes.
•
Allows an audit supervisor or manager to make an interim review of what has been done during the audit to date.
•
Allows an audit supervisor or manager to carry out final assessment of the validity of draft audit conclusions before they are expressed as audit findings.
•
Provides support for audit findings and evidence of compliance with the internal audit standards.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
90 INTERNAL AUDIT MANUAL
PART THREE
•
Establishes a record for the purposes of peer review.
•
Provides a framework for further review in cases where management disagrees with audit findings and the audit methods and conclusions have to be reassessed.
•
Provides a framework of control whereby delegated work is monitored.
Principles of Documentation 5.
Good documentation is achieved by implementing the following principles: 5.1
Consistency and Standardization When carrying out audits internal auditors should use consistent reporting methods. Consistency is achieved by using the standard formats appearing in this manual. Completing the recommended formats will make documentation easier to understand and review. For instance if an auditor takes over a work that has been started by another auditor, the use of standardized formats will promote continuity. However, practical experience may dictate the need for amendment of standard formats. Moreover, the auditor could use additional formats as necessary.
5.2
Accuracy and Timeliness Documentation should accurately reflect the tests planned, the tests carried out and the result of these tests. There should also be documents that show the timing of the work carried out.
5.3
Clarity and Conciseness The aim is to provide working papers that will make it easy to understand the way the audit was carried out. For this the working papers should be well organized and cross-referenced with clear and concise language and structure. The information recorded should be sufficient for the purposes of subsequent review by someone other than the responsible auditor.
5.4
Completeness The audit papers should be complete in the sense of covering the whole audit; the tests carried out, the meetings held, the queries raised, management responses and the draft conclusions reached.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
91 INTERNAL AUDIT MANUAL
5.5
PART THREE
Authorship and Review Audit papers should reveal who carried out each piece of work. In addition, working papers should be reviewed. Information regarding the identity of reviewers and their instructions/advice should be documented.
5.6
Confidentiality Audit papers are in principle confidential. The Head of the Internal Audit unit may decide to share audit papers, only if there is good reason. If the external auditor or the Ministry of Finance and Economic Development requests access, this is good reason in itself. If, in the case of fraud, the police or a court of law requests information, the Head of internal audit will comply. When access is requested, the circumstances, reasons, persons with whom information was shared and the information shared should be recorded in permanent files. It should be noted that principle of confidentiality prevents the sharing of audit information with third parties (e.g. suppliers). In general, internal auditors should be very wary about sharing audit information, because of possible conflicts of interest. As audit papers are confidential, measures should be taken to restrict access to them.
Content of Working Papers 6.
The Performance Standard No.720 of the Internal Audit Standard of Government of Ethiopia stated what working papers should contain. It should sufficiently document the audit process with emphasis on the:•
Planning;
•
Examination and evaluation of the adequacy and effectiveness of the system of internal control;
•
The auditing procedures performed, the information obtained and the conclusions reached;
•
Review;
•
Reporting;
•
Follow-up; and
•
Governance and organizational aspects.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
92 INTERNAL AUDIT MANUAL
7.
PART THREE
These and other aspects of documentations should be kept in an orderly and organized manner in two files : Permanent File and Current File. Permanent File 7.1
Permanent file is used for retaining key information of continuing audit relevance, which changes little from year to year. It contains data of historical or continuing nature pertinent to the audit. The permanent file typically include:
•
Extracts or copies of the public body document that deal with the organizational aspects. It includes organization structure (chart); organizational history detailing authority and duty;
•
Proclamations dealing with establishment, organizational authority and responsibility, Job descriptions and general organizational issues and other documents showing how the public body is organized, sub-divided, managed, staffed and directed;
•
Information related to the understanding of the accounting system, internal control structure and assessment of control risk. This includes accounting policies, flow charts, internal control questionnaire or internal control/evaluation, manuals, organizational chart, system descriptions and notes along with specimen of documents, and other information on internal control and accounting system;
•
Information relating to understanding the rules and regulations pertaining to activities within the public body. This is with respect to directives, Statement of policies, rules, regulations, proclamations internal instructions and manuals;
•
The results of previous years’ audit. This includes previous audit findings, management actions and follow-up, weak areas, outstanding audit queries, and matters deserving continuous follow-up;
•
Other relevant information of continuing nature. For instance details of contracts, committee members (e.g. tender committee), key personnel who authorize various types of decisions, details of projects being implemented along with agreements, all bank accounts, signatories, authority limit, safes, stores and other information like plans, etc.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
93 INTERNAL AUDIT MANUAL
•
PART THREE
Correspondence with the Head of the Public Body, audit committee and outside parties concerning various issues. Note that a separate file could be maintained for all correspondence depending on the size, frequency and necessity.
Current Files 7.2
The current files include all working papers applicable to the year under audit. They contain relevant information of the audit for the current year. Their contents include: •
General information - This information is current information that is of a general nature rather than dealing with specific issue. This includes such items as audit planning memos, abstracts or copies of minutes or contract or agreements not included in permanent files, notes on discussion with management, working paper review comments, check lists, time summaries and comparison with budget, financial statements etc.
•
Audit report - This is the final output of the audit process. It includes the final and draft version.
•
Audit program which is initialed when each procedure is performed. It is reviewed and approved. It is cross-referenced with each section of the audit procedures.
•
Financial Statements - This is relevant in financial audit.
•
Trial balance – list of accounts with their balance supporting financial statements. This is relevant in financial audit.
•
Schedules and working papers prepared by the internal auditor in performing certain audit procedure. There are lead schedules that support the items in the trial balance. Lead schedules could also be summaries of certain audit procedure (especially in the case of audit other than financial audit). Supporting schedules are detail schedules. There are many types or forms of schedules. The major ones are:•
Analysis – show the activity (entries) in an account. It includes opening balance, description of sample, transactions tested, summary of those not tested, ending balances, sampling method, etc.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
94 INTERNAL AUDIT MANUAL
8.
PART THREE
•
Examinations of supporting document – These are various schedules that show detail tests performed.
•
Reconciliation of amounts – that support a specific amount and is normally expected to tie the amount recorded in financial statement or auditee record to other sources of information, e.g. bank reconciliation.
•
Information supporting schedules e.g. notes.
•
Queries of the auditors along with responses.
•
Documentation – documents from both internal and external sources.
•
Listings – List of items, balances, etc.
Preparation of working papers An important aspect with respect of documentation of audit work is the preparation of working papers (schedules). The Performance Standard No. 730 of the Internal Audit Standard of Government of Ethiopia advocate the use of standardized policies and procedures in this regard. It also mentions some techniques or essential characteristics that should prevail in working papers. Although the design depends on the objectives and activities involved, certain common points or characteristics should be given due regard. These are: 8.1
Each working paper should be properly identified with such information as: •
The name of the public body being examined;
•
The title or description of the content or purpose of the working paper;
•
The period covered by the audit;
•
The preparer and reviewer with respective dates of preparation and review;
•
the index code.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
95 INTERNAL AUDIT MANUAL
8.2
Each working paper should be signed (or initialed) by the preparer and the reviewer.
8.3
Each working paper should be properly indexed and cross-referenced to aid in organizing and filing. Indexing is done at the front of each paper using a combination of letters and whereby if lead schedules are given a letter, e.g. "A" then for supporting schedule a suffix indicating the sequence in the file is added e.g., "A1". Cross referencing between lead schedules and supporting schedules or between two supporting schedules should be done in a logical and consistent manner. Please refer to Annex XII for the relationship of working papers, indexing and crossreferencing.
8.4
Each working paper should include sufficient information to fulfill the objectives for which it was designed.
8.5
Completed working papers must clearly indicate the audit work performed including sampling methods and samples selected. This is accomplished in three ways:
8.6
9
PART THREE
•
By a written statement in a form of memorandum;
•
By initialing the audit procedures in the audit program;
•
By notations on working paper directly on working paper schedules. Notation on working paper are accomplished by use of "tick marks" which are symbols written adjacent to the details on the body of the schedule. These notations must be clearly explained at the bottom of the working paper.
The conclusions that were reached along with the respective recommendations about the segment of the audit under consideration should be plainly stated.
Organization/structure of working papers The documents in working paper should be organized or structured in a manner that enhances efficiency and facilitates accessibility. Although working papers could be organized differently depending on the nature of the organization, an example of a lay-out and an index is provided in Annex X which can be customized as required.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
96 INTERNAL AUDIT MANUAL
10.
PART THREE
Review of working papers Audit working papers should be reviewed to ensure that they properly support the audit report and that all necessary auditing procedures have been performed. Evidence of the supervisory review should be documented in the working paper. The Head of the Internal Audit or designated senior auditor has the responsibility for review. Generally, review has to be conducted at a level of responsibility higher than that of the preparer of the working paper. Evidence of review consists of the reviewer initialing and dating the working paper after it is reviewed. It could also consist of completing a working paper review checklist and/or preparing a memorandum stating the nature, extent and result of the review. In addition, reviewers may also make a written record (review notes) of questions arising from the review process, which should be satisfactorily resolved.
11
Retention of working papers In order to comply with the financial regulation No. 17/1997, records should be retained for a minimum of ten years. It should be noted that permanent files should be retained permanently.
12.
Ownership and custody of working papers Working papers are the property of the public body and remain under the custody of the Internal Audit Department. The Head of the public body may request access to the working paper in which case the Head of Internal Audit approves the issue. Where parties outside the public body request the working papers, the Head of the Public Body should approve the request.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
97 INTERNAL AUDIT MANUAL
PART THREE
SECTION VI : REPORTING AUDIT FINDINGS
Introduction 1. The Internal Audit Standard of Government of Ethiopia requires that after the audit examination is completed, the Internal Auditor should discuss conclusions and recommendations at appropriate level of management and issue a signed, objective, clear, concise, constructive and timely written report with appropriate format (content). Audit findings 2. Internal auditors report their findings and recommendations in a formal way. Audit findings are the outcome of the audit. The value of auditing can be judged by the quality, relevance, timeliness and reliability of audit findings and the deterrent effect that audit creates. Here, we are concerned only with audit findings and the way they are reported. 3. Audit findings are much more than simple opinions. The audit process is a meticulous process for building up very specific information. It is meticulous because it must result in reliable and relevant information, sufficient to support robust conclusions. A robust conclusion is one which is objective and fully supported by the evidence. An auditor using the same audit methodology could repeat the audit and arrive at the same conclusion. 4. Audit findings emerge by a process of comparing "what should be" with "what is". Whether or not there is a difference, the internal auditor has a foundation on which to build the report. When conditions meet the criteria, acknowledgement in the audit report of satisfactory performance may be appropriate. Findings should be based on the following attributes:•
Criteria - The policies, procedures, directives, regulations, laws, standards, measures, or expectations used in making an evaluation and/or verification (what should exist).
•
Condition - The factual evidence which the internal auditor found in the course of the examination (what does exist). If there is a difference between the expected and actual conditions, then:
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
98 INTERNAL AUDIT MANUAL
PART THREE
•
Cause - The reason for the difference between the expected and actual conditions (why the difference exists).
•
Effect - The risk or exposure the auditee organization and/or others encounter because the condition is not the same as the criteria (the impact of the difference).
5. The Head of Internal Audit is employed for his/her expertise and experience. A critical element of this is judging the adequacy of information gathered through the audit process as a basis for arriving at conclusions. 6. A process is needed for developing conclusions and testing their robustness before they are embodied in audit findings. This may involve:•
developing audit interim conclusions by auditors in charge as the audit is in progress.
•
discussing these interim conclusions by the Heads of internal audit (and giving guidance on their validity and indicating whether more evidence is needed to substantiate them).
•
auditors drafting their final conclusions at the end of their audits.
•
heads of internal audit carrying out further evaluation of the validity of conclusions.
•
redrafting these conclusions as audit findings.
7. Validity of the findings is an important over-riding consideration. But when it comes to reporting, other concerns are also of great importance. Audit reports are intended to be read. So it is important to consider the needs of readers. The main readers are the Heads of the public bodies. We presume that they are:•
busy people who have to read many reports on a lot of subjects and who do not want to plough through a lot of detail before reaching key conclusions.
•
not familiar with auditing terminology or processes.
•
less interested in processes than in findings.
•
much more interested in significant matters than trivial ones.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
99 INTERNAL AUDIT MANUAL
PART THREE
Characteristics of effective audit reports 8. These presumed characteristics are the key to writing effective audit reports. An effective audit report is one which is objective, clear, concise, constructive and timely. •
Objective reports are factual, unbiased, and free from distortion. Findings, conclusions, and recommendations should be included without prejudice.
•
Clear reports are easily understood and logical. Clarity can be improved by avoiding unnecessary technical language and providing sufficient supportive information.
•
Concise reports are to the point and avoid unnecessary detail. They express findings completely in the fewest possible words.
•
Constructive reports are those which, as a result of their content and tone, help the organization to make the necessary improvements where needed.
•
Timely reports are those which are issued without undue delay and enable prompt and effective action to be taken.
Content and format of audit reports 9. Although audit report formats and content may vary, they should at least contain the purpose, scope, and results of the audit. •
Purpose statements should describe the audit objectives and may, where necessary, inform the reader why the audit was conducted and what it was expected to achieve.
•
Scope statements should identify the audit activities and include, where appropriate, supportive information such as time period audited. Related activities not audited should be identified, if necessary, to delineate the boundaries of the audit. The nature and extent of auditing performed should also be described.
•
Results may include findings, conclusions (opinions), and recommendations.
•
Findings are pertinent statements of fact. Those findings which are necessary to support or prevent misunderstanding of the internal auditor's conclusions and recommendations should be included in the final audit report. Less significant information or findings may be communicated orally or through informal correspondence.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
100 INTERNAL AUDIT MANUAL
PART THREE
•
Conclusion (opinions) are the internal auditor's evaluations of the effects of the findings on the activities reviewed. They usually put the findings in perspective based upon their overall implications. Audit conclusions, if included in the audit report, should be clearly identified as such. Conclusions may encompass the entire scope of an audit or specific aspects. They may cover but are not limited to whether operating or program objectives and goals conform with those of the public body, whether the public body's objectives and goals are being met, and whether the activity under review is functioning as intended.
•
Recommendations are based on the internal auditor's findings and conclusions. They call for action to correct existing conditions or improve operations. Recommendations may suggest approaches to correcting or enhancing performance as a guide for management in achieving desired result. Recommendations may be general or specific. For example, under some circumstances, it may be desirable to recommend a general course of action and specific suggestions for implementation. In other circumstances, it may be appropriate only to suggest further investigation or study.
An example of audit report is provided in Annex IX. 10. One of the conspicuous weaknesses of auditors all over the world is their inability to write effective audit reports, so this aspect requires attention and effort. When writing their reports, internal auditors should bear in mind that there is no report that cannot be improved, however many times it may have to be rewritten. 11. It is the responsibility of the Head of internal audit to ensure that audit reports reach high standards of relevance and readability. The Head should examine all draft audit conclusions for relevance, robustness, economy of language, clarity, tactfulness, helpfulness and positive tone. The last three are important, as effective audit reports should not alienate the reader. The reader should be treated as a friend rather than an enemy. After all, if the ultimate usefulness of audit is effective remedial action, it is wise to treat those responsible for such actions with respect. The idea is to help them, not to embarrass or anger them. Stages of audit reports 12. Writing audit reports entail drafting, redrafting, discussing, eliminating redundant information, and so on. It requires patience and care. But this process is worthwhile at the end of the day as it guarantees that internal audit reports will be read and understood.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
101 INTERNAL AUDIT MANUAL
PART THREE
13. Audit reports go through several stages:•
report of conclusions by the auditor in charge of an audit (interim).
•
draft report of audit findings submitted by the Head of internal audit to the Head of the public body for discussion(interim).
•
final report of audit findings formally submitted to the Head of the public body.
14. The internal auditor should held exit conference to discuss conclusions and report recommendations at appropriate level of management before issuing the final report. The discussion will help to ensure that there have been no misunderstandings or misinterpretations of facts by providing the opportunity for the auditee to clarify specific items and to express views of the findings, conclusions, and recommendations. Although the level of participants in the discussion may vary by public body and by the nature of the report, they will generally include those individuals who are knowledgeable of detailed operations and those who can authorize the implementation of corrective action. 15. Heads of internal audit units must ensure that:•
for every completed audit, a final audit report is submitted to the Head of public body in a timely manner.
•
for every year there is a brief annual report showing the audits carried out during the year, the auditor's general opinions on the status of internal control systems and the manner in which management has followed up on audit findings.
The annual report is submitted to the Head of the public body with copies to the Audit Committee and the Ministry of Finance and Economic Development. 16. Formal audit reports are not the only way (and certainly not the most effective way) of reporting audit results to management. Auditors should think of additional ways of bringing their work to the attention of management. Material can be presented orally in seminars, workshops, meetings, briefings and one-to-one sessions in a variety of formats ranging from presentations on what management needs to know, management tools, principles and concepts, advice on best practice, recommendations and actual audit findings.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
102 INTERNAL AUDIT MANUAL
PART THREE
17. Internal audit reports are sent to the management of the public body for the following reasons:•
to ensure that audit findings are known to management.
•
to prevent the Head of the public body from keeping audit findings secret from his management team.
•
to ensure that significant matters resulting from audit receive collective management attention.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
103 INTERNAL AUDIT MANUAL
PART FOUR
SECTION I - INTRODUCTION
This part of the Manual includes procedural guidance for financial and compliance audits. Each section of this part contains an introduction definition, audit objectives, internal control system and the audit procedures to be carried out by the internal auditors to discharge their responsibilities. Internal auditors should carry out these activities by taking into account the basic concepts and principles explained in Part Three. The audit procedures provided in this part should only be used as guidance for the internal auditor to design an audit program, which specifically meets the requirement of the public body under audit. The internal auditor should select audit procedures, which are materially related to risk, feasible to the audit and likely to generate useful findings.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
104 INTERNAL AUDIT MANUAL
PART FOUR
SECTION II CASH AND BANK BALANCES
Introduction
1. Of all assets, cash is the most susceptible to misappropriation, theft and loss. It follows that the control mechanism established, for the proper monitoring and custody of cash, has to be carefully designed. The implementation and follow-up of control procedures is the responsibility of all eligible staff of the public body. The internal auditor should frequently check the extent of compliance with established policies and procedures for proper use of cash and bank accounts. The audit of cash and bank balances is commenced by a surprise cash count. The accuracy of the cash balance is determined by examining records and supporting documents kept by the public body for the collection of receipts, effecting of payments and banking of money. The audit of cash and bank balances verifies cash and bank balances at a specific date. In this section, the definition, audit objectives, internal control system and audit procedures for cash and bank balances are briefly presented. Definition 2. Cash is the balance of money, which is found in the hands of cash collectors and main and assistant cashiers, and in bank, at a specific date and time. Cash includes paper notes, coins, bank notes, e.g. certified payment orders (CPOs), cheques, bank balances, etc. Internal Control System 3. The overall internal control system for the management and control of cash and other liquid assets are the responsibility of the Head of the public body. The system should include: •
Having adequately trained and qualified staff in charge of all aspects of the management and control of cash and other liquid assets.
•
Establishing adequate formal procedures for all aspects (e.g. authorizing actions; making entries in accounting records; ensuring the accuracy of accounting records; safeguarding cash and other valuables; specifying limits and ceilings for insurance for the issue of cheques and payment by petty cash; keeping of records and supporting documents; etc.).
•
Providing a procedural manual and/or official instructions and giving training to ensure that staff know official procedures and how to comply with them.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
105 INTERNAL AUDIT MANUAL
PART FOUR
•
Specifying clear lines of responsibility for all actions regarding cash management and banking including the responsibility for authorizing actions and transactions.
•
Ensuring that a system of reporting to management is in place and that it is appropriate to management needs.
•
Carrying out checks to ensure that the procedures established by management are working as intended.
•
Making sure that when failures in management and control have occurred, appropriate remedial actions are taken to prevent their recurrence.
•
Establishing a system whereby the normal duty of one person is checked by another.
•
Segregation of duties – the structure should be organized in a manner that those in custody of cash are not involved in recording of cash.
•
Compliance with directives/proclamations/policies. Making sure that the Financial Administration Proclamation, Regulation and directives are adhered to.
•
Rotating duties between staff in as much as time, necessary skill and staff availability permits.
4. The internal auditor should evaluate the internal control system of the public body with a view to assessing whether proper procedures exist for managing and controlling cash, suspense vouchers and bank accounts and whether the procedures operate as intended. In addition to the overall control environment listed above, the detailed internal control system for controlling cash and bank balances includes the following: 4.1 Main and Assistant Cashiers (Main Cash) •
Collections and payments should be made on a legal (official) receipt, voucher and payment vouchers, respectively.
•
Cash collected and other receipts should be deposited intact into bank, on a daily basis wherever possible.
•
The public body should maintain an appropriate cashier’s office and a safe for proper management and safeguarding of cash.
•
Recording of cash and cheques collected daily is to be made after compiling them in the summary collection form.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
106 INTERNAL AUDIT MANUAL
PART FOUR
•
Individual collections and payments should be immediately entered into the books of account (registers, cash books, ledger cards) to ensure the accuracy and completeness of the records.
•
Cash accounts, transactions, registers and cash books kept on a daily or monthly basis should be summed and checked at frequent time intervals to prove their accuracy.
•
Cash kept in safe should be counted and checked against the balance of cash shown in the accounting records of the public body at specific time intervals.
•
Separate individuals should carry out the handling of cash transactions and their recording.
•
The cash in hand should be insured against risks of theft and burglary (fidelity guarantee insurance should also be acquired).
•
A system of internal check should be established to check: •
Daily cash and cheque summaries against receipts;
•
Sequence of cash receipt vouchers;
•
Whether the collections are deposited into bank on time and intact.
4.2 Petty Cash •
The petty cash fund should be maintained using the imprest system by which a petty cash float is established and replenishments are made upon presentation of payments made with their supporting documents.
•
The system should determine the following:
•
-
The maximum amount to be paid from the petty cash fund;
-
The level at which used-up petty cash fund is replenished;
-
Type /nature of expenditures to be paid by petty cash fund. Those responsible for keeping petty cash should be properly trained and should ensure that there is a correct voucher for every petty cash transaction, properly checked and approved.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
107 INTERNAL AUDIT MANUAL
•
PART FOUR
•
A petty cash book must be kept and transactions recorded in it on a timely basis.
•
Approved petty cash payment vouchers along with supporting documents should be filed sequentially.
•
The petty cash balance is only to be replenished after presentation of all payment documents commensurate with the replenishment amount.
At specific time intervals the correctness of the petty cash book, petty cash vouchers and supporting documents must be checked in order to prove that the balance of cash in hand is correct.
4.3 Suspense Account Payment through suspense account is only effected for salary advances and running costs. The following controls should be exercised: •
Payment should be authorized and signed by a designated official.
•
The payment voucher should be signed by the cashier, the chief accountant and the person receiving the cash.
•
A control mechanism should be established for ensuring that requests for payments are appropriate in amount and purpose.
•
No payment should be effected for salary advance in excess of the established ceiling.
•
Advances of salary and running costs should be refunded within 30 and 7 days, respectively.
•
The document used for an advance payment should be cancelled when refund is made and the suspense account balance reduced accordingly.
•
No additional suspense account request should be allowed before former suspense account transactions have been cleared. Strict control is necessary to ensure that this control operates.
4.4 Bank Account •
Bank accounts should be opened and closed only by the order of the Ministry of Finance and Economic Development.
•
All transactions on bank accounts including deposits should be supported by relevant documents and properly recorded.
•
Withdrawal from bank should be authorized only by designated officials.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
108 INTERNAL AUDIT MANUAL
PART FOUR
•
Withdrawals should be properly recorded and checked against payment vouchers and check stubs.
•
The accuracy of computations in the cash book should be checked.
•
Bank reconciliations should be carried out monthly and these should be checked and certified by senior staff for accuracy.
4.5 Bank Reconciliation Bank reconciliations may follow different formats but must clearly show the following, whichever format is chosen: •
The date at which the reconciliation is carried out and the amounts of closing balances taken from the cash book and bank statement.
•
A list of all payments appearing in the cash book which have not yet passed through the bank account (usually unpaid cheques).
•
A list of all receipts appearing in the cash book which have not yet passed through the bank account (usually cheques received and other bank credits not yet credited by bank).
•
A list of items appearing in the bank statements but not in the cash book and an explanation of how these items have been treated (i.e. the adjustment entries made in order for the cash book to reflect the correct information).
•
A reconciliation statement proving the difference between the cash book and bank statement balances, signed by the preparer and by senior staff.
Audit Objectives 5. The objectives of an audit of cash and bank balances include, but are not limited to: •
Ensuring that collection and payment of cash are made on legal receipt and payment vouchers, respectively.
•
Ascertaining that cash collected by the public body is deposited intact into bank in a timely manner.
•
Ensuring that payments above a certain level specified by the head of the public body are effected by cheque.
•
Ascertaining that every cash and bank transaction is properly registered in the books of account.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
109 INTERNAL AUDIT MANUAL
PART FOUR
•
Verifying that bank accounts opened for particular purposes are used for those purposes and that no unauthorized bank accounts exist.
•
Verifying that the public body deposits money in excess of its requirements in an appropriate bank account, making sure that if no bank branch is conveniently located, the money is transferred to the treasury department of the Ministry of Finance and Economic Development.
•
Ensuring that proper actions are taken with regard to safeguarding of cash.
•
Ensuring compliance with proclamations, directives, rules and regulations, and policies with regard to the handling of cash.
•
In as much as possible, audit procedures should be designed to prevent and detect fraud or irregularities.
•
Ensuring that those in custody of cash be separated from accounting functions.
Audit Procedures 6. The following are the audit procedures to be followed in order to ensure the adequacy of control over cash and bank balances. 6.1 Overall Procedures 6.1.1 Review the personal files of cashiers to check that: •
Complaints were not made against the cashier's honesty with a view to assessing the degree of risk involved;
•
A fidelity guarantee insurance and money insurance are acquired;
•
There exists clear job description detailing all duties, responsibilities and accountability of the cashier;
•
The cashier has proper education and training levels.
6.1.2 Ensure proper safeguarding of cash is made by verifying the existence of: •
Secure cashier’s office/safe box;
•
Strict control over used and unused receipt vouchers;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
110 INTERNAL AUDIT MANUAL
• •
6.1.3
6.1.4
PART FOUR
Proper and timely handover of cash by collectors is made to main cashiers; Adequate control over cheques in that: -
Blank cheques are not signed in advance.
-
Cancelled cheques remain undetached in the pad being marked “VOID”.
-
Safe box keys should be kept with the cashier only.
Review the organizational structure, duties and responsibilities of accounts department to verify the existence of: •
Adequate qualified staff;
•
Sufficient and satisfactory internal check mechanisms;
•
Adequate and effective segregation of duties;
•
Clear and precise job descriptions.
Ascertain that Ministry of Finance and Economic Development directives as well as rules and regulations, policies and proclamations are complied with: •
Identifying relevant directives, policies, rules and regulations and proclamations pertaining to cash and bank balances;
•
Review the practical situation prevailing in the public body;
•
Compare and assess the directives, rules, regulations etc. against the current situation.
6.2 Main and Assistant Cashiers' Balances 6.2.1
Ascertain the location of cash safes and identify suspense account documents with money value.
6.2.2
Verify the existence of prenumbered official receipt vouchers.
6.2.3
Ensure that cash and cheque collection summaries are maintained and check the summaries against cash receipts and cheques on sample basis.
6.2.4
Verify that the cash and cheque collection summaries are checked by a person other than the preparer as part of one’s duty.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
111 INTERNAL AUDIT MANUAL
PART FOUR
6.2.5 Ascertain that daily receipts are deposited into bank on time and intact. 6.2.6 Check that updated records exist (when undertaking count), i.e. cash book, transactions register, cash ledger. Record any unrecorded receipts and expenditures. 6.2.7 Check the accuracy of cash book (rows, columns, balances). 6.2.8 Perform the cash count procedure on regular basis (e.g. monthly) and a surprise count on irregular basis. •
Ensure the presence of the cashier and the chief accountant until the end of the count of cash and cash equivalents.
•
Having listed all relevant documents and valuables found in the safe, seal the safe. The cashier and the chief accountant should sign the list.
•
Similarly the cashier and the chief accountant should sign on the last used page of the cash book (register of receipt and payment) and other books of account and last used receipt to establish cutoff point used for the audit.
•
Administer safe – opening questionnaire and ask the cashier and senior finance officer to sign it.
•
Take care to prevent double counting of cash, cheques and stamps, etc..
•
Count and record the amount of cash, suspense account and other documents which have money value kept in the safe.
•
Ascertain that all cash, cheques, stamps, etc. are counted.
•
Sign along with the cashier and chief accountant on the count form.
•
Compare the cash counted against the record balance (cash book).
•
Make the cashier and chief accountant sign the cash balance comparison form.
•
Perform similar checks on other books of account which record receipts and expenditures.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
112 INTERNAL AUDIT MANUAL
PART FOUR
6.3 Petty Cash Balance •
Count the cash found in safe and cash boxes of petty cashiers and register details of payment vouchers not replenished. The count sheet should be signed by the petty cashier and the chief accountant.
•
Seal the petty cashier’s safe.
•
Ascertain the accuracy of computations in the petty cash book or equivalent.
•
Ascertain that all payments are authorized by a designated official.
•
Verify that payments made are consistent with the rules of the petty cash fund which should stipulate the types and maximum amounts of permitted expenditure.
•
Ask petty cashiers and the chief accountant to sign the petty cash balance comparison record form.
•
For further audit procedures please refer to petty cash payment procedures under “Expenditure” section.
6.4 Suspense Accounts •
Ensure that the designated official, the cashier, the chief accountant and the receiver have signed all documents giving rise to suspense account payments.
•
Verify with care all suspense account expenditures made in the name of the cashier, the chief accountant or the head of the public body.
•
Reconcile suspense account documents issued with payment documents and cash held in the safe.
•
Verify with care repaid/cleared suspense accounts where the relevant documents (torn off stubs) are not available for examination.
•
Ask the cashier and the chief accountant to sign the suspense account count sheet.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
113 INTERNAL AUDIT MANUAL
•
PART FOUR
Check the age of suspense accounts (the period from issue to the date of audit). Identify overdue suspense accounts and investigate the reason for their outstanding.
6.5 Bank Balance •
Identify all bank accounts held in the name of the public body.
•
Check bank balances with the bank by making several visits to the bank during the month. Checking bank balances only after receiving bank statements is not advisable.
•
Ascertain the accuracy of the bank reconciliation statement prepared by the accounts section of the public body .
•
Check that outstanding cheques shown in the bank reconciliation statement for the current month are included in the bank statements of the public body for the following month or months.
6.5.5 Ascertain there are no cheques outstanding for more than six months. 6.5.6 If there are long outstanding cheques, ask accounting staff to make the necessary adjustments in respect of them (for instance make write-back entries in cash book to cancel the overdue cheques). 6.5.7 Ascertain that the cashier does not present “bounced” cheques during the cash count in order to prevent means of covering defalcation. 6.5.8 Ascertain the inclusion in the following month’s bank statement of deposits in transit shown in the cash book in the previous month (by checking their accuracy against bank deposit slips) to prevent their use for covering misappropriation. 6.5.9 Make further investigation when uncommon and high value adjustments appear in the bank reconciliation. Check also unusual high value withdrawals appearing in the bank statement. 6.5.10 Ensure that bank reconciliation statements are prepared monthly. 6.5.11 Ensure that errors made by bank are notified to the bank as soon as possible.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
114 INTERNAL AUDIT MANUAL
PART FOUR
SECTION III RECEIPTS AND RECEIVABLES Introduction 1.
Money collected by way of taxes, custom duties and other revenues enables the Government to carry out its social and economic programs. The methods used for ensuring collection are, therefore, critical to the government’s ability to deliver public services. While taxation and customs provide the largest sources of revenue, most government entities collect smaller sums of revenue arising from fees, licenses and other charges. Consequently, all government entities require adequate collection and revenue management systems, to ensure that sums due to the State are properly collected and paid into government bank accounts. Revenues, particularly when collected in cash, are vulnerable to diversion and loss. Moreover, some government staff may be tempted to forgive debts due to the state, for personal gains. Therefore, the internal control measures put in place by management to control and safeguard receipts and debtors, need to be proportionate to the risks involved.
Definition 2.
Government receipts include collections received in cash and kind. These can be divided into five major parts: • • • • •
3.
Tax Revenue Non-Tax Revenue Grants Proceeds of loans from both domestic and foreign sources Capital Revenue
These guidelines apply to all government revenues. However, it is realized that taxation, customs and excise may require more specific treatment than is stated here.
Internal Control System 4.
Over all internal control systems for the management and control of receipts and receivables are the responsibility of the Head of the public body concerned. They include:
•
Having adequately trained and qualified staff in charge of all aspects of revenue management and control.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
115 INTERNAL AUDIT MANUAL
5.
PART FOUR
•
Establishing adequate official procedures for all aspects of revenue and debt management (e.g. authorizing actions; making entries in accounting records; ensuring the accuracy of accounting records; safeguarding cash and other valuables; ensuring that cash received is quickly banked and accounted for; keeping adequate records and supporting documents; etc.).
•
Providing a procedural manual and/or official instructions (in the case of public bodies with large revenues) and giving training to ensure that staff know official procedures and how to comply with them.
•
Specifying clear lines of responsibility for all actions regarding revenue collection and management of debtors including the responsibility for authorizing actions and transactions.
•
Ensuring that a system of reporting to the Head of the public body is in place and that it is appropriate to his/her needs.
•
Carrying out checks to ensure that the procedures established by the Head of the public body are working as intended.
•
Making sure that when failures in management and control have occurred, appropriate remedial actions are taken to prevent their recurrence.
•
Ensuring a system of internal check whereby the work of one employee is checked by the other.
•
Making sure that there is segregation of duties of those who are in custody of assets, those who keep records and those who determine, assess and adjust revenues.
•
Ensuring a system that ascertains compliance with proclamations, directives, rules and regulations.
•
Rotating the duties of staff in as much as time, skill and staff availability allows.
The internal auditor should evaluate the internal control system of the public body with a view to assessing whether proper procedures exist for managing and controlling receipts and receivables and whether the procedures operate as intended. The internal control system for controlling receipts and receivables includes the following:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
116 INTERNAL AUDIT MANUAL
5.1.
PART FOUR
Income From Budget Transfers (Recurrent and Capital Budget), Disposal Of Property And Sundry Accounts The cashier must issue official cash receipt vouchers for collections from all sources including those from the budget, resulting from disposal of property and sundry accounts. Sufficient control mechanisms should be established to ensure that only appropriate income is collected. Such collections should be properly recorded in the books of accounts. The above procedures apply to: • • •
5.2
5.3
all deductions withheld by the Ministry of Finance and Economic Development (e.g. income tax, pension contribution). deposits collected from third parties such as bid and performance securities, etc. proceeds of repayment of loans made to other parties, unclaimed salary, and income from fines and other sources.
Tax Revenue •
A control mechanism is needed to ensure that taxes and custom duties are properly assessed and adjusted in accordance with existing law and tariffs, and that sums due are efficiently recorded and collected.
•
For all taxes and customs duties there should be complete separation of responsibility between assessment and adjustment, and between responsibility for recording sums due and the actual collection of those sums. There should be an effective "firewall" between assessment and collection.
•
For all receipts there should be a monitoring mechanism to record variations between estimated and actual collections and to ascertain the causes of large variations.
Non-Tax Revenue •
The income collected from sale of goods and services rendered by the public body must be in accordance with rates set by the government.
•
The determination of fees and charges and the preparation, collection and recording of receipts should be done by different staffs of the public body.
•
There should be a strong control mechanism for recording and controlling advance payments and their subsequent liquidation to prevent misrepresentation and defalcation.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
117 INTERNAL AUDIT MANUAL
5.4
PART FOUR
Collection from debtors account
5.5
•
There should be a debtors’ register in which debtors are recorded alphabetically by name so that their records can be conveniently accessed.
•
A debtors’ schedule should be prepared showing an age analysis of sums due. It should be regularly submitted to top management of the public body on a timely basis. Sums collected from debtors should be similarly reported.
Grants and Loan
5.6
•
There should be a system of control that ensure the compliance with the grant or credit agreement.
•
The use of official receipt vouchers.
•
Proper maintenance of books of account.
Receipts (common to all) • • •
Ensuring that collections are made by official receipt vouchers. Making sure that adequate control is made over used and unused receipt vouchers. Ensuring that collections are properly summarized, checked, recorded and deposited.
Audit Objectives 6.
The Financial Administration Proclamation requires that no public money shall be collected unless (a) it is authorized by law and (b) it is recorded on official receipts of the Ministry of Finance and Economic Development. Therefore, the objectives of the audit of receipts and receivables include but are not limited to: •
ensuring that all collections are in compliance with the proclamation.
•
ascertaining that all receipts are deposited to central treasury account regularly.
•
making sure that all receipts are recorded properly and that the books of account show the correct receipts for the specific financial period.
•
ascertaining that all deductions withheld are properly recorded and accounted for.
•
ensuring that financial reports are in accordance with the books of accounts.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
118 INTERNAL AUDIT MANUAL
•
making sure that there is appropriate segregation of duties.
•
ensuring that in as much as possible there is proper rotation of duties.
•
ascertaining the system of internal check.
•
ascertaining compliance with relevant proclamations, rules and regulations.
PART FOUR
Audit Procedures 7.
The following audit procedures are to be followed to verify the existence and operation of appropriate controls.
8.
Overall Substantive Procedures
9.
8.1
Secure financial statements or reports concerning receipts (income) and receivables.
8.2
Check that proper supporting schedules exist that support financial statement or reported figures.
8.3
Ascertain that items stated in financial statement or reports agree with ledger balances.
8.4
Compare the current years revenue with that of last year and that of the budget. Secure necessary justifications for major variations.
8.5
Check accuracy of schedules /financial statements and reports - casting.
8.6
Perform reconciliations where possible.
Receivables The audit of receivables includes but is not limited to: 9.1
checking that a schedule of receivables is regularly and accurately prepared incorporating an age analysis and that it is reported to management.
9.2
Examining the nature, age and amount of receivables.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
119 INTERNAL AUDIT MANUAL
10
PART FOUR
9.3
Ascertaining that proper and up-dated general (control) and subsidiary ledger cards are maintained. Ensure also that the total subsidiary ledger balances agree with that of the control ledger balance.
9.4
Check schedule balances against ledgers.
9.5
Ascertaining that there is a proper register of sums charged, money received in settlement and amounts outstanding.
9.6
Ensuring that all necessary measures are taken to collect debts.
9.7
Seeing that there is a strong follow up mechanism for collecting from overdue debtors in particular regarding delinquent cases already reported to court.
9.8
Ensuring that debts which cannot be collected after repeated attempts, are written off in accordance with official procedures and that the write-off of debts is properly controlled and authorized.
9.9
Ascertaining that the cash collected from debtors is properly accounted for and recorded in individual ledger cards corresponding to each debtor.
9.10
Ascertaining whether statement of accounts of receivable balances are exchanged with major debtors.
9.11
Sending request of confirmation for major receivable balances, depending on materiality and risk involved. Review responses received.
9.12
Ascertaining compliance with directives in respect to both short and long term loans to staff.
Income From Budget Transfers (Recurrent and Capital Budget), Disposal of Property And Sundry Accounts 10.1
Ascertain that official vouchers are used for recording collection of all types of receipts, including receipts from budget transfers, disposal of property, sundry accounts, etc.
10.2
Check that all recurrent and capital budgets transferred to bank from Ministry of Finance and Economic Development or collected directly from Treasury Department in cash, are in line with the authorized and allocated budget.
10.3
Ascertain that all personal income taxes, fines and pension contributions are properly computed and deducted from employees' salaries.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
120 INTERNAL AUDIT MANUAL
11.
PART FOUR
10.4
Ensure that there are receipt vouchers for all deductions withheld and that the amounts are properly calculated and recorded in the accounts.
10.5
Ascertain that all public bodies which make charges for services rendered do so in accordance with the relevant proclamations and regulations.
10.6
Ensure that receipts resulting from services rendered, the disposal of assets, charges, fines, donation, etc. are properly transferred to central treasury account.
10.7
Ascertain that disposals of assets are conducted as per the Financial Administration Proclamation, regulation and directives.
10.8
Ascertain that the collection of money from other sources are in accordance with the relevant agreements and Financial Administration Regulations, adequately supported by documents where appropriate and that they are reported to the Ministry of Finance and Economic Development in a timely manner.
10.9
Examine receipts to ensure that they have been properly classified, summarized and recorded in the books of accounts.
Tax Revenue 11.1
Receipts from income, excise and value added taxes: 11.1.1 Ensure that official cash receipt vouchers are used to collect all taxes. 11.1.2 Ensure that ledger cards and tax file are maintained for taxpayers and that relevant and detailed documents are kept in the tax files. 11.1.3 Ensure that the names, addresses, identification numbers and other details are recorded in an appropriate register or tax file. 11.1.4 To ensure the adequacy of control over collection and recording process: •
Select sample of collections – state the sample, sampling method, population etc.
•
Check that sums collected are properly, classified and coded.
•
Check that all sums collected are recorded on to registers (journals) and ledger cards.
•
Ensure that sums collected are deposited in tact and on time to central treasury account.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
121 INTERNAL AUDIT MANUAL
PART FOUR
•
Ensure that taxes are collected within the period prescribed in the relevant tax regulation.
•
Ensure that relevant details are kept in the taxpayer file.
•
Check that the fines imposed on those who fail to pay their taxes in time, are in accordance with relevant tax regulations.
11.1.5 To ensure that taxes are assessed in accordance with the relevant tax regulations: •
From taxpayer file: •
Select sample of taxpayers files state the sample, sampling methods, population, etc. (by each category/class);
•
Check whether the income of the taxpayer is declared and that tax returns are filed.
•
Check whether the taxpayer is audited by tax inspectors (to ascertain whether the tax payer is assessed or not).
•
If the tax payer is assessed by tax inspectors: - Check the assessments made by tax inspectors as to whether it is in accordance with the relevant tax regulation. - Check that the assessments are reviewed and approved by a higher official
•
If the taxpayer is not assessed by inspectors: - Check that proper income declaration and tax returns are filed. - Assess the tax due in accordance with tax rules and regulations and review it against tax returns and payments made by the taxpayer.
•
Ascertain that penalties are levied from late taxpayers as per the tax regulation.
•
Check cash collection against the cash receipt voucher and relevant assessments.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
122 INTERNAL AUDIT MANUAL
•
PART FOUR
From inspectors work/assessment forms:
•
•
Select sample of assessments.
•
Ensure that tax assessments are as per relevant tax regulation.
•
Ensure that the assessment is reviewed by higher officials.
From cash receipt vouchers: •
For the samples selected under procedure 11.1.4: •
Check the cash receipt against tax assessments.
•
Check tax assessments against tax regulations.
11.1.6 Verify that the duties and responsibilities of tax assessment, collection of cash and record keeping are effectively segregated and carried out by different staffs. 11.1.7 To ensure that all taxpayers are identified with an objective of ascertaining completeness of income: •
Select sample taxpayers from business licences or VAT registration number lists.
•
Ensure that tax file is maintained for the taxpayers selected.
•
Ensure relevant information like addresses, names and other details are kept in the tax files.
•
Review the files for tax assessment and payment by the taxpayer.
11.1.8 Where tax relief is granted ensure that it is given as per directives, regulation, official letters of approval, etc. 11.1.9 Ensure the existence of a system of internal check whereby the work of one employee is checked by another. 11.2
Income from non-excise taxes 11.2.1 Ascertain that customs duties are properly assessed and collected.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
123 INTERNAL AUDIT MANUAL
PART FOUR
11.2.2 Identify variations between the estimated and actual collection from customs duties and when significant verify their causes. 11.2.3 Ensure that all exported and imported goods are properly taxed in accordance with relevant regulations. 11.2.4 Ascertain that all rent, transit charges, income from the sale of customs declaration forms, and license fees are collected in accordance with the customs duty regulations, 11.2.5 Ascertain that goods left in customs warehouses for more than six months and smuggled goods are disposed of according to the requirements of official regulations, including recording and storing procedures. 11.2.6 Ensure that appropriate receipt vouchers are raised for foreign currency and valuables confiscated because of illegal transfer and that they are properly recorded. 11.2.7 Ensure that cash collected from disposal of confiscated assets is deposited intact to the central treasury account. 11.2.8 Ascertain that separate individuals have carried out duties of confiscation, issuing of appropriate receipt vouchers, recording and disposal. 11.3 Income from other taxes: 11.3.1 Ensure that all other taxes are properly assessed as per tax regulation. 11.3.2 Ensure that other taxes are properly summarized, classified and recorded into books of accounts. 11.3.3 Ensure the use of official receipt vouchers. 11.3.4 Ensure maintenance of tax files. 11.3.5 Ascertain that collections are deposited intact and on time. 11.3.6 Other procedures as relevant can be applied from above. 12.
Non-Tax Revenue Government institutions such as hospitals, health centers, colleges, universities, etc. render services and also generate and collect income when they charge for the supply of services. The audit of receipts from sale of goods and services includes but is not limited to:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
124 INTERNAL AUDIT MANUAL
13.
PART FOUR
12.1
Ensuring that all incomes are properly classified and recorded in the books of account.
12.2
Ascertaining that the rates used for the calculation of charges are in accordance with the relevant regulations.
12.3
Ascertaining that all receipts have been properly determined and that no income has escaped control or recording to ensure completeness.
12.4
Verifying that all used and unused receipt vouchers are properly kept.
12.5
Ensuring that all cash receipt vouchers are sequentially numbered and are used accordingly.
12.6
Ensuring that all the daily collections are forthwith deposited to bank or handed over to the main cashier.
12.7
Ascertaining that all money collected is deposited intact to the central treasury account.
12.8
Ensuring that the duties of collection and recording are carried out by separate individuals.
12.9
In cases where the public body uses a part or the whole of sums collected, ensuring that the sums so used are properly authorized by Ministry of Finance and Economic Development and/or by appropriate regulation and that they are adequately controlled.
Income from Grant and Loans 13.1
Secure all lists of grant and loans. Ensure that all are approved by Ministry of Finance and Economic Development (MOFED)
13.2
Ensuring that all separate bank accounts are notified to MOFED.
13.3
Select major grants/loans agreement and receipts and perform procedures mentioned below.
13.4
Secure and review the grant/loan agreement.
13.5
Check compliance with the grant/loan agreement, its conditions and requirement concerning collection.
13.6
Ensure that official receipts are issued along with acknowledgement letters (if required) concerning cash receipts.
13.7
Ascertain that cash collected are recorded in the books of account (registers, ledgers).
13.8
Where appropriate review the adequacy of supporting documents that support cash collections.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
125 INTERNAL AUDIT MANUAL
13.9
PART FOUR
For donation in kind, ensure that proper goods receiving note is issued.
13.10 Ascertain that receipt of the goods is completely and properly recorded in: • •
Stock cards; Books of accounts.
13.11 Check valuation of aid in kind is carried out as per the Financial Administration Regulation and Directives. Review the adequacy and relevance of supporting documents. 13.12 Review receipts against budget. 14
Common Procedures for all Receipts The following procedures are common to all receipts of the public body. Although some of them are included in specific income procedure dealt above, they are repeated here to emphasize their importance. 14.1 Ensure that adequate control is maintained over used and unused receipt vouchers: •
Check the whereabouts of unused receipts and that restricted access is exercised over them.
•
Check that stock cards and bin cards are maintained that show receipts, issues and the unused balances.
•
Check that cancelled receipts are kept undetached with the pad being marked “VOID”;
•
Check the sequence of used receipt vouchers to ascertain completeness.
14.2
Ensure that collections are summarized.
14.3
Ascertain that the collection summaries are checked by an employee other than the one who has prepared it.
14.4
Ensure that collections are deposited intact and on time to central treasury account.
14.5
Check that approval is secured where the collections are used (after they are deposited to bank intact) to finance the budget of the public body.
14.6
Check that an independent person oversee (review) that all collections are deposited intact and on time.
14.7
Ensure that receipts are properly recorded to books of account (ledgers, registers).
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
126 NTERNAL AUDIT MANUAL
PART FOUR
SECTION IV STOCKS
Introduction 1. As many stock items are portable, easily exchangeable and readily convertible to cash, they are susceptible to theft, loss and misappropriation. It follows that a strong internal control system should be established and followed in order to safeguard such items. The internal auditors of public bodies should, therefore, thoroughly review the existing internal control system in this area, comment on its weaknesses and recommend what should be done to improve it. In this section, the definition, audit objectives, internal control system and audit procedures for stock items are briefly presented. Definition 2. Stock items are part of current assets, which are normally purchased, but may also be produced by the entity. They are held as stock, and used and replaced during the year. At the year-end there are normally stock items which are carried forward for use in future periods. Items which make up the stock of a public body vary from case to case. In general, stock items include, but are not limited to, the following categories:•
Stationery and office supplies
•
Cleaning materials
•
Fuel and lubricants
•
Spare parts
•
Medicine and medical supplies
•
Other items which are consumed or sold in the normal course of operation within a year or business cycle.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
127 NTERNAL AUDIT MANUAL
PART FOUR
Internal Control System 3. Internal control systems for stock items are the responsibility of the senior managers of the public sector body. They include:•
Having adequately trained and qualified staff in charge of all aspects of the storage, receipt, issue and management of stock.
•
Establishing adequate official procedures for all aspects (e.g. authorizing actions, receiving and issuing stock, making entries in accounting records, ensuring the accuracy of accounting records, safeguarding stock items, specifying limits and ceilings for the holding of particular items, establishing procedures for stock acquisition and disposal, keeping of records and supporting documents, etc.).
•
Providing a procedural manual and/or official instructions and giving training to ensure that staff know official procedures and how to comply with them.
•
Specifying clear lines of responsibility for all actions regarding stock including the responsibility for authorizing actions and transactions.
•
Ensuring that a system of reporting to management is in place and that it is appropriate to management needs.
•
Carrying out checks to ensure that the procedures established by management are working as intended.
•
Preventing the purchase of items which are not needed and the build-up of excessive stock.
•
Making sure that when failures in management and control have occurred, appropriate remedial actions are taken to prevent their recurrence.
4. The audit section should evaluate the internal control system of the public body with a view to assessing whether proper procedures exist for managing and controlling stock and whether the procedures operate as intended. The internal control system for managing and controlling stock includes the following:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
128 NTERNAL AUDIT MANUAL
PART FOUR
4.1 Acquisition of Stock Items •
Public bodies should arrange purchases according to a plan.
•
All public bodies must purchase required materials in accordance with existing financial administration regulations and directives.
•
The purchasing system should aim at achieving value for money in terms of price, quality and suitability of the items to be bought.
•
Items of stock acquired through means other than purchase should be properly valued and recorded.
4.2 Receipt of stock items •
Stock items acquired should be inspected and counted, measured or weighed and compared with invoices and delivery notes to verify adequate delivery.
•
All stock items (e.g. acquired through purchase, donation, expropriation, inheritance and the like) should be entered into the store of the public body only after a goods receipt note has been created.
•
Goods return notes should be issued if previously distributed stock items are returned to store.
4.3 Issue of Stock Items •
Only when requested by means of an authorized goods requisition form printed by the Ministry of Finance and Economic Development should the storekeeper of a public body issue stock items.
•
A designated official should authorize the issue of stock items to individual users.
•
When stock items are issued, they should be listed on a goods issue note which is signed by the receiver.
4.4 Recording of Stock Items •
All stock items whether acquired through purchase, donation, inheritance, or expropriation should be recorded in the receipt column of the bin card and stock card maintained for each stock item.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
129 NTERNAL AUDIT MANUAL
PART FOUR
•
Authorized issues of stock items are to be recorded in the issue column of the bin card and stock card maintained for each stock item.
•
The arithmetical accuracy and the proper recording of stock items in each bin card and stock card are to be ascertained at regular time intervals.
4.5 Storage and Security of Stock Items •
The store should be close to a road or other means of transport to facilitate the receipt and issuance of stock items.
•
The store shall be built and organized in such a way that stock items are safely kept, and damaged, defective or obsolete stock items can be easily identified.
•
The arrangement of materials in the store should be in terms of their type and nature to ensure proper control.
•
Obsolete and slow moving materials shall be segregated from other materials and kept apart until a decision to dispose of them is taken.
•
No one except the storekeeper should be allowed to enter the store without permission from an authorized official.
•
No stock items should enter or be issued from the store without the raising of goods receiving and goods issuance notes, respectively.
•
As far as possible the store should be safeguarded from fire, flood, theft and other natural and human made calamities.
4.6 Physical Count of Stock Items •
Stock should be counted according to an established system. For this, a specific instruction regarding stock counts is needed.
•
A physical stock count should be carried out at least once a year.
•
Independent staff members who are responsible for stock custody should be selected by the head of the public body to carry out the physical count which should occur in the presence of the storekeeper.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
130 NTERNAL AUDIT MANUAL
•
PART FOUR
The physical count for each item should be compared with the balance appearing on the stock card. Significant differences between the count and the amount recorded on the card should be properly investigated and appropriate action taken.
Audit Objectives 5. The objectives of audit of stock items include but are not limited to: •
Ascertaining that there is a strong internal control system regarding the receipt, storage and issuance of items of stock.
•
Ascertaining that there are appropriate stock receiving notes and stock issue vouchers.
•
Ensuring that stock items acquired through purchase, donation, inheritance or expropriation are properly recorded, safeguarded and utilized in accordance with principles of good management and public finance administration regulations and directives.
•
Ascertaining that all issues from stores are on the basis of approved stock requisition forms.
•
Ensuring that there are bin cards/stock cards for recording the quantity and value of stock items. Bin cards contain quantity movements only.
•
Ensuring that there is segregation of duties of staff between activities such as maintaining stock records and dealing with physical receipt and issuance of stock.
•
Ensuring also that there is segregation of duties among responsibilities for ordering stock items, receiving stock items and authorizing payments for the acquisition of stock items.
•
Ascertaining that necessary caution is exercised to ensure that the stock balance in store is within the optimal prescribed limit and is not in excess of periodic requirements.
•
Ensuring that appropriate measure is taken in respect of slow moving and damaged stock items and that the disposal of surplus stock follows public finance administration regulations and directives.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
131 NTERNAL AUDIT MANUAL
PART FOUR
•
Ensuring that the environment in which stock items are stored is adequate and appropriate bearing in mind the need for physical safeguard against loss.
•
Ascertaining that there is a physical stock count at least at the end of each fiscal year to ensure the accuracy of stock records and stocks actually held.
Audit Procedures 6. The ensuing are audit procedures to be followed in order to assess the adequacy of control of stock items:6.1
Acquisition, Receipt, Distribution, Recording, Storage and Security of Stock Items •
Review the internal control system covering stock items and identify problem areas if there are any.
•
Ascertain that there is a mechanism for the storekeeper to verify that stock items purchased are similar to samples submitted by suppliers before purchase.
•
Ascertain that a system exists for measuring, counting and weighing stock items acquired through purchase, donation and other means.
•
Ensure that goods receiving notes are issued for all stock items received and that they are properly recorded in stock records.
•
Ensure that an authorized requisition form supports the issuance of stock items.
•
Check that separate individuals carry out the duties of procurement, store keeping, and record keeping.
•
Identify high value stock items and determine whether their conditions of storage are adequate.
•
Seek professional advice if there is difficulty in understanding the nature and content of special stock items.
•
Verify that shortage or damage of stock items is promptly reported to the responsible authority for appropriate action to be taken.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
132 NTERNAL AUDIT MANUAL
PART FOUR
6.2 Activities To Be Carried Out Before The Physical Count Of Stock Items •
Identify the number and location of stores.
•
Identify the staff members involved in different aspects of inventory management.
•
Present internal control questionnaires for stock items (see Appendix) to the head of general service and the storekeeper and complete them carefully.
•
Mark the cut off date on the last used page of the stock register books, stock cards, goods receiving notes and goods issuance notes and ask the responsible persons to sign them.
6.3 Activities To Be Carried Out During Physical Count Of Stock Items •
The internal auditor should ensure that the physical count is taken in accordance with the stock count instruction provided by the head of the public body and that the instruction has been properly followed.
•
If there is doubt concerning the adequacy of the stock count, a sample of stock items may be recounted to ensure that they are in agreement with the count sheet.
•
The auditor should ascertain the methods to be used for identifying damaged, obsolete, broken or slow-moving stock items. The internal auditor should take note of damaged, broken, obsolete and slow moving stock items and ensure that they are written down to net realizable values.
•
The auditor should take note of any variations that come outside the physical count instruction.
•
The auditor should ascertain that goods belonging to third parties are segregated from other stock items before the physical count is carried out.
6.4 Activities To Be Carried Out After The Physical Count Of Stock Items •
The auditor should ascertain that all the goods receiving notes, goods issuance notes, stock cards and bin cards are marked and signed as of the cut off date.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
133 NTERNAL AUDIT MANUAL
PART FOUR
•
The auditor should check the arithmetical accuracy, the quantity and total value of stock items in the stock count sheet and ensure that it is signed by the responsible individuals.
•
The auditor should also check that the physical count sheet is in agreement with bin cards and stock cards balances so that there are no differences between the physical count and the records.
•
If the auditor suspects that the physical count of stock items has not been taken properly the head of the public body should be informed.
•
The auditor should seek external confirmation of stock items held in the name of third parties. There should be a physical count to verify stock items held on behalf of third parties.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
134 NTERNAL AUDIT MANUAL
PART FOUR
SECTION V
FIXED ASSETS
Introduction
1.
Fixed assets, as per financial administration regulation, is any tangible asset costing Birr 200 or more that is in operational use and that has a useful economic life of more than one year. Examples are computers, buildings equipment, vehicles, airplane, ships, etc. Since governments and donors invest substantial amount. Capital expenditure in acquiring fixed assets, it is very important that management should adopt strong internal control system to accurately record and adequately safeguard the assets ensuring at the same time effective and efficient use of them. On the other hand, the auditor must generally ensure that the measures taken by management in controlling and managing fixed assets are sound and consistent with current standards and applicable government directives. Internal Control System
2.
General •
Establish clearly stated procedures for delegation and segregation of duties;
•
Ensure compliance with Authority limit and procedures for processing of transactions with applicable directives and law/ regulation of government;
•
To keep accounting records which are both accurate and up-to-date.
Ensure that there are procedures and policies established by Management which are not easily over ridden. 3.
Acquisition •
Ensure that acquisition of fixed assets is well planned and that alternative means have also been equally considered;
•
Ensure that competitive purchasing methods are adopted (e.g. by open tender) as far as practicable;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
135 NTERNAL AUDIT MANUAL
•
4.
5.
PART FOUR
For detail requirement of purchasing – refer section on (Audit of Procurement).
Registration •
Set up a system to correctly and fully record fixed assets owned by a public body and projects financed by donors in separate fixed asset registers;
•
Ensure that fixed asset registers provide all necessary information as required by the applicable directive of the government;
•
Identification number should be given to each fixed asset and the number should be recorded as reference in the register of fixed asset;
•
Ensure that the register is immediately updated when fixed assets are moved from one location to another.
Protection/safeguarding/ Establish procedure for protecting all fixed assets. Particular consideration should be given to the following factors;
6.
7.
•
Employment of securities and operators;
•
Restricting access to the assets;
•
Adequately insuring high value assets, and
•
Servicing regularly.
Physical verification •
Establish a policy to conduct inventory of fixed assets at least once a year and to compare the results with the records;
•
Produce regular reports about physical condition of fixed assets, regarding obsolescence, damage, breakage, etc. to respective senior managers;
•
Identify phased out projects of donors and ensure that all fixed assets of the projects are handed over to the concerned authority as per the agreement.
Disposal
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
136 NTERNAL AUDIT MANUAL
PART FOUR
•
Ensure that list of disposable assets has been prepared and reviewed and commented by an appropriate technically qualified persons;
•
Ensure that disposal whether through sales or other means should be authorized by designated official;
•
Observe the required procedures of government directives which deal with disposal of fixed assets;
•
Institute a system of reporting the reasons for and result of the disposal to senior management.
8.
Audit Objectives •
To design an audit procedure to provide reasonable assurance on whether internal controls are applied properly;
•
To design audit steps to provide reasonable assurance of compliance with applicable laws and regulations;
•
To examine accounts and fixed assets register, with a view to assuring that all acquisitions and disposals are accurately and fully recorded.
9.
Audit Procedures Examine a sample of invoices and contracts to ensure that:•
Purchases of fixed assets are supported by budget;
•
Relevant supporting documents such as purchase requisitions, purchase orders, goods receiving reports, etc. are in order;
•
Acquisition is authorized;
•
To avoid duplication of work refer procedures covered in “Audit of procurement”
10.
Examine A Sample Of Issue Vouchers To Ascertain: •
That store requisitions are made by the appropriate user department;
•
That all issuances are approved;
•
That issued fixed assets are immediately recorded on fixed assets register.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
137 NTERNAL AUDIT MANUAL
11.
PART FOUR
To Confirm Existence, Maintenance And Insurance •
Ascertain that all registered assets are given identification numbers (fixed with tag number);
•
Carry out physical inspection of fixed assets periodically and/or annually and compare this against fixed assets register;
•
Where there are various agents and/or projects which are located far from the Head Office, inspection visits should be made on a sample basis in such a way that the sampling would enable you to visit all numbers of the group at least within five year plan of government;
•
Observe and note the condition of fixed assets held by public body (for being scrap, obsolescence, damage, excess etc.) and compare with the report of management.
12.
Determine Whether •
Insurance coverage of fixed assets was adequate in value;
•
Insuring methods used are efficient.
13.
To Confirm disposals and write-offs Obtain schedule for fixed assets disposed of and written off during the year and ensure that: •
Senior management has approved the disposal and the writing off;
•
Whether management has properly evaluated other factors including alternative uses of the fixed assets prior to disposal;
•
The procedure applied in disposing of and writing off fixed assets is consistent with the directives and regulations of the government.
14.
To Confirm Accounting Records Select large and unusual amounts (debit or credit) out of current year movements in general ledger account of fixed assets and :-
•
Vouch to source documents such as, invoices, suppliers receipts, goods receiving notes, purchase order, etc.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
138 NTERNAL AUDIT MANUAL
PART FOUR
•
Compare amount credited representing disposal of a fixed asset with that amount recorded in fixed asset register as “original cost”
•
Ascertain that all entries in general ledger account are approved by designated persons;
•
Ensure that there is segregation of duties between custody of fixed assets and recording on registers and ledger accounts;
•
Identify adjustments and ensure that they are substantiated by genuine and properly approved documents.
15.
The Protection And Handling Of Government Vehicles •
Ensure that the public body acquires and disposes vehicles on the basis of relevant directives of the Government.
•
Ascertain that there is a chief of transport (or other designated senior manager) who controls all aspects of vehicle management;
•
Ascertain the existence of control mechanisms (driver’s log books; checks on mileage readings etc.) to ensure that the vehicles of the public body are only used for government duties;
•
Ascertain that the vehicles of the public body are only driven by the drivers and eligible officials of the public body;
•
Make sure that all eligible officials and drivers are using government vehicles properly and with due care as per relevant guidlines;
•
Ascertain the reporting procedures in principle and in practice when drivers and eligible officials are involved in accidents causing damage to government vehicles;
•
Make sure that drivers and eligible officials who damage government vehicles as a result of their own carelessness or negligence, are held responsible for the cost of repairs;
•
Ensure that vehicles of the public body receive maintenance at regular intervals;
•
Ensure that those who receive transport allowances do not at the same time utilize a vehicle of the public body.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
139 NTERNAL AUDIT MANUAL
PART FOUR
SECTION VI PAYROLL Introduction 1. As Government sets aside substantial amounts for salaries and allowances, the systematic and proper management of the same should be ascertained by the audit of salaries and allowances. 2. In this section, the objectives, internal controls and audit procedures for salaries and allowances are briefly stated. Internal control system 3. All public bodies should maintain an appropriate internal control system with regard to controlling salaries and allowances including the following: 3.1
3.2
Personal files of employees •
ascertaining that the personnel section maintains adequate records regarding employees’ salary information (e.g. information originating from staff recruitment, the salary of incoming and outgoing staff; changes in salary scales; changes in personal circumstances that have an impact on salary, deductions and allowances; the amount of approved deductions and the formal documents supporting the current level of payments);
•
ensuring that staff employment, transfer, departure, change in salary, details of deductions and the like are approved under the signature of an authorized official and sent to payroll section before the payroll sheet is prepared;
•
ascertaining that the personal files of employees are in the safekeeping of a designated staff member who is not part of the Accounts Division and Payroll Section.
Attendance sheet •
ensuring the accuracy of attendance sheets (or other documents confirming the performance of distinct duties) and their approval by designated officials;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
140 NTERNAL AUDIT MANUAL
3.3
3.4
3.5
PART FOUR
•
ensuring that documents confirming entitlements to over-time or other monetary benefits are signed by the immediate superior of the employee (the superior must not be engaged in payroll preparation and effecting of salary payment);
•
verifying that duties such as ascertaining the accuracy of attendance sheets and the preparation of payroll are not carried out by the same staff.
Payroll sheet •
checking that gross pay, deductions, allowances and unclaimed salary have been computed accurately and on the basis of current scales and eligibility;
•
ascertaining that the accuracy of payroll calculations is verified by a staff member other than those preparing the payroll;
•
checking that staff engaged in payroll preparation and the computation of pay are independent of staff engaged in the keeping of personnel files.
Deductions from salary •
ensuring that deductions of a repetitive nature such as those for personal income tax, pension, repayment of loan and the like, are allocated separate columns in the payroll sheet;
•
ascertaining that deductions other than those determined by law (such as deduction for edir contribution, resettlement bank loan, family allowance, and the like) are deducted from the salary of an employee only after a written application from the employee is authorized by the concerned official and that such documents are kept in the personal file of the employee;
•
checking that collections from salary deductions are paid to the concerned public bodies and other beneficiaries in full and in a timely manner.
Payment of salary •
Checking that any changes to staff salaries, arising from such factors as the employment of new staff, promotion, dismissal, fine or court judgment, are communicated to the payroll section before the preparation of the payroll sheet;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
141 NTERNAL AUDIT MANUAL
PART FOUR
•
Assuring when allowances are paid in addition to basic salary, that documents exist in the individual personnel files of officials and ordinary staff members receiving allowances, which certify their eligibility to the allowances;
•
Ascertaining that the payroll sheet prepared for effecting the payment of wages to daily laborers is supported by contracts of employment and a signed attendance sheet;
•
Confirming that the different duties in the payroll section ranging from initiation of payroll calculations to delivering the payroll sheet for the effecting of salary payment are carried out by different persons;
•
Checking that the various staff members who are engaged in preparing, reviewing and approving the payroll sign in their respective places on the payroll sheet;
•
Ascertaining that the accuracy of details in the payroll sheet such as names, working hours, over time, salary scale and the computation of deductibles, is verified by a staff member who is entirely independent of those who have prepared the payroll sheet;
•
Ensuring that the total salary payment for each month is compared with the payment made in the previous month and that the causes of any difference are identified and explained.
Audit objectives 4. The objectives of the audit of salaries and allowances include but are not limited to the following: •
to ascertain that there is a strong internal control system to prevent theft and fraudulent acts during the preparation of payroll sheet, recording and effecting of salary payment;
•
to ascertain that deductions from salaries are made in accordance with the existing proclamation and other relevant legislation;
•
to ascertain that the salary payment being effected is for services rendered by employees and to ensure that the persons who receive salaries actually exist, and are in fact entitled to the payment of salary;
•
to ascertain that the payment of allowances is effected strictly in accordance with the relevant legislation;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
142 NTERNAL AUDIT MANUAL
PART FOUR
•
to ensure that the arrangements made with respect to unclaimed salary are in accordance with regulations and that the unpaid sums are correctly retained and properly recorded;
•
to ensure that the necessary controlling mechanisms exist to prevent unclaimed salary being utilized improperly.
5. Audit procedures •
The following audit procedures should be followed in order to ensure the proper control of salaries and wages: 5.1
5.2
Personal file of employees •
See whether the personnel section holds employees’ personal files, which contain information such as letter of engagement, letter of resignation, notification letter of salary scale, documents related to special deductible items, and other relevant information;
•
Ensure that employees’ engagement, resignation, change in salary scale and details of special deductible items have been approved by a designated official and that appropriate instructions are sent to the payroll section before the payroll for the month is prepared;
•
Check that documents kept in employees’ personal files have been signed by officials who are not involved in payroll preparation;
•
Ascertain that employees personal files are kept in the custody of a staff member who is not part of the accounts division or payroll section.
Attendance sheet •
Ensure that the accuracy of attendance sheets (or similar documents for those under contract) have been approved by appropriate officials not involved in the preparation of payroll;
•
Ascertain that staff members who are responsible for ensuring the accuracy of attendance sheets are not involved in the preparation of payroll;
•
Check that documents giving an entitlement to the payment of overtime and other benefits are signed by the immediate superior of the employee who is eligible for that entitlement (and that such superior is not involved in the preparation of payroll and effecting of salary payment).
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
143 NTERNAL AUDIT MANUAL
5.3
5.4
5.5
PART FOUR
Computation of Payroll •
Ascertain that the payroll clerk does not have direct access to employees’ personal files;
•
Ensure that the computation of gross pay and deductibles have been made in compliance with the present scales of pay and eligibility;
•
Check that the staff member who verifies the accuracy of the computation of payroll, has no involvement in payroll preparation.
Deductions from salary •
See that a separate column is maintained in the payroll sheet for deductibles of a repetitive nature such as income tax, pension, repayment of loan and the like;
•
Check deductions other than those authorized by law (such as deduction for edir contribution, resettlement bank loan, family allowance, and the like) to ensure that the deduction is in accordance with an approved written application from the employee (or other official document) and that such documentary evidence is kept in the personal file of the employee;
•
Ascertain that collections from deductibles have been paid to the correct beneficiary account in full and in a timely manner.
Payment of salary •
Ascertain that documentary evidence relating to matters such as salary scale changes, the employment of new staff, promotion, resignation, penalty or court order has been sent to payroll section before the payroll for the month is prepared;
•
Ensure that contracts and properly signed attendance sheets support the payroll sheet for daily laborers;
•
See that documentary evidence of entitlement for the payment of allowances is kept in the personal files of those employees and officials who are eligible for such payment;
•
Check that necessary caution has been exercised to prevent an employee from being involved in the whole process of payroll preparation, from its initiation to the delivery of the payroll sheet for salary payment to be effected;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
144 NTERNAL AUDIT MANUAL
5.6
5.7
PART FOUR
•
Ascertain that the accuracy of details shown in the payroll sheet such as names, gross salary, working hours, over time and the computation of deductibles has been verified by an official with no involvement in payroll sheet preparation;
•
Ascertain that the payroll sheets have been signed by the payroll clerk, the staff member responsible for checking and finally by the designated official who authorizes the payment;
•
Verify that the salary payment for each month has been compared with the payment for the previous month and that the causes of any differences are identified and reconciled;
•
Check that every employee on the payroll signs on the payroll sheet to acknowledge the receipt of the net pay;
•
Check that no employee is allowed to take the salary of another employee without a written delegation.
Unclaimed salary •
Verify unclaimed salaries against summation of net pays unclaimed on payroll sheets;
•
Ascertain that unclaimed salaries are deposited in to the bank within predefined period of time.
Accounting records •
Test postings of payrolls to subsidiary and general ledgers;
•
Compare actual expenditure against the budget.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
145 NTERNAL AUDIT MANUAL
PART FOUR
SECTION VII EXPENDITURES
Introduction 1.
Public bodies should manage their expenditures to ensure that payments are made in accordance with financial regulations and directives. Management should closely follow-up payments not to be made beyond the budget allotted to that particular type of expenditure.
2.
Auditing is carried out to examine compliance with laws & regulations and whether payments have been made properly and whether complete and relevant evidence has been available for every payment made during the year.
3.
Payments made by public bodies can be categorized as disbursement and expenditures. According to the Financial Administration Proclamation No. 57/1996 disbursement means the release of any public money from the Consolidated Fund. Consolidated Fund represents all public moneys that are on deposit to the credit of any public body where the bank account has been opened by the Ministry of Finance and Economic Development under the mentioned Proclamation; all public moneys held in cash by any public body pending disbursement; and all in kind. Disbursements to public bodies should not be made in a fiscal year which exceed the amounts appropriated in the budgetary proclamation for that fiscal year.
4.
Expenditure refers to the act of payments to be made either as capital or recurrent expenditure. According to the financial regulation Proclamation No.57/1997 capital expenditure is defined as follows: •
Cost of acquisition, reclamation, enhancement and laying out of land.
•
Cost of acquisition, construction, enhancement or replacement of road, buildings and structures.
•
Cost of acquisition, installation or replacement of moveable and immoveable plant, machine apparatus, vehicles and vessels.
•
The making of advances, grants, financial assistance to any person in relation to acquisition of investments.
•
Cost of acquisition of share capital or loan.
•
Any associated consultancy, etc.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
146 NTERNAL AUDIT MANUAL
5.
PART FOUR
Any expenditure which may not be categorized as capital expenditure is recurrent expenditure. Recurrent expenditure is also divided into two parts of expenditure recurrent expenditure - salaries and allowances (which is dealt with under a separate section) and recurrent expenditure - others. In this section, therefore, we deal only with capital expenditure and recurrent expenditure other than salaries and allowances. Internal control system
6.
Controlling expenditure is the primary responsibility of the management of the public body. Management should, therefore, establish internal control system which includes the following : 6.1
6.2
General •
Employing adequately trained and qualified staff in charge of all aspects of disbursements.
•
Establishing adequate procedures for all aspects of expenditures to ensure that payments will not be made without budget approval and proper authorization.
•
Providing a procedural manual and/or official instructions based on Financial Administration Proclamation, Regulation and Directives and giving training to ensure that staff know official procedures and how to comply with them.
•
Specifying clear lines of responsibility and their limit of authority for all actions regarding expenditures.
•
Ensuring that there is strong and effective financial reporting system.
•
Install regular reviewing system to check whether control procedures are working as intended.
Cash payments •
Every payment should be authorized by designated person.
•
There should be segregation of duties in initiating, preparing, authorizing, etc. of payments.
•
There should be a maximum established limit for cash payments.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
147 NTERNAL AUDIT MANUAL
6.3
PART FOUR
•
Payment vouchers should be verified by budget control and finance department before payment is made.
•
Payment vouchers together with pertinent supporting documents should be filed sequentially for controlling and future reference.
Check payments •
There should be a control mechanism for receiving and preserving cheque pads.
•
The system should prohibit signing of blank cheques.
•
Cancelled cheques should always be marked with the word "Void" and kept in the pad.
•
Payment vouchers and the supporting documents should be stamped "Paid" immediately after payment is effected.
•
Expenditures should be properly coded and recorded in the books of account.
•
Documentary evidences provided by suppliers should always be original and not photocopies.
Audit objectives 7.
Whether the expenditure is capital or recurrent the objectives of the audit of expenditure deal with the two aspects. •
To test control - to ensure that management's policies and procedures are adhered to and respective laws and regulations are complied with.
•
To substantiate payments by checking that they are made for actual goods and services received and whether there are pertinent supporting documents.
Audit procedures 8.
To test control on petty cash vouchers and payments •
Determine the number of replenishments made during the whole year under review.
•
Select sample replenishments and ensure that: •
Payments are made as per existing Government directives.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
148 NTERNAL AUDIT MANUAL
9.
10.
PART FOUR
•
every petty cash voucher is verified by budget section.
•
cashier, financial officer and designated official have signed on all petty cash vouchers.
•
the word "Paid" is marked on all documents attached with the petty cash voucher.
•
all payments are within the limit established.
•
petty cash vouchers are properly coded and posted to proper ledger card.
•
petty cash summaries are reviewed properly.
Test control - check payments •
Determine the total population of payment vouchers used during the whole year under review.
•
Select sample payment vouchers and ensure that: •
procedures required above for petty cash are also valid for check payments, as appropriate.
•
cheque stubs are signed by cheque signatories and date, amount and purpose of payment are filled there on.
•
signatures are the same as specimen signatures in permanent file.
•
cheque numbers are cross referred with payment vouchers.
•
large sums were not split to circumvent regulations on limiting signatory powers.
Substantive tests on balances of subsidiary ledgers •
Select certain subsidiary ledger balances from both recurrent and capital expenditure.
•
Check the mathematical accuracy of the balances.
•
Ascertain that all transactions are authorized.
•
Compare actual expenditures against the revised budget.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
149 NTERNAL AUDIT MANUAL
PART FOUR
SECTION VIII PROCUREMENT
Introduction 1.
Public procurement demands major commitment of funds. It is also a long and continuous process which consists of the following steps:• • • • •
2.
In order to serve the best interests of a public body, management should be able to adopt a sound procurement system which should be guided, at all times, by the following principles: • • • • •
3.
Authorization to purchase requisitioned items; Determination of product specifications, quantities required and delivery requirements; Selection of suppliers/contractors; Delivery in accordance with purchase order terms; and Payment of invoice(s).
Maximizing economy and efficiency; Encouraging as wide as possible a solicitation of proposals to promote competition, and to secure the best least price; Encouraging local producers and tax payers; Promoting integrity, fairness and maintaining the transparency of the procurement process; and Ensuring that all procurements have complied strictly with existing government’s laws and regulations.
Procurement procedure involves diverse consideration that are complex and difficult to control. It is, therefore, imperative that effective audit techniques should be employed in order to determine compliance with public body's policies, procedures as well as with applicable legal requirements.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
150 NTERNAL AUDIT MANUAL
PART FOUR
Internal Control System 4.
General •
Authority limits of responsible officials of departments/sections and at all levels of the structure are clearly defined;
•
Duties should be segregated so that no one employee would involve in all aspects of the public procurement procedures;
•
Tendering committee should be formulated, whose members are selected from different departments on the basis of a criteria that would promote accountability and transparency;
•
Organizing a strong purchasing department that can adequately manage local and foreign purchases in addition to following up those contracts awarded to bidder suppliers and contractors.
Purchase Requisition 5.
Purchase requisitions should be approved by user department or store-keeper as appropriate specifying the following information: •
Name and type of program/project/activities for which the goods are intended;
6.
•
Full details of the goods required – standards or specifications applicable;
•
Unit of measurement and quantity required of each item.
In order to be consistent with the activities of the public body, it is important to establish priorities of needs among the requisitioned items particularly when budget is small that does not accommodate the above request. Selecting of Bidders
7.
The process of requesting and selecting of bidders/contractors should comply with the existing guidelines, laws and regulations of government. (Refer the detailed standard audit procedure)
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
151 NTERNAL AUDIT MANUAL
PART FOUR
Delivery of Goods 8.
Management under all circumstances must make certain that: •
There are adequate storage facilities before bulk items are received;
•
Items are delivered in accordance with the purchase agreement/order;
•
All items received by the stores are evidenced by pre-numbered receiving vouchers with sufficient number of copies;
•
Any discrepancy in quantity and quality of items delivered should be immediately reported to senior management for appropriate action.
Payments of Invoices
9.
Control over payments must provide all practicable and reasonable assurance that: •
Payment requisitions are supported by pertinent documents;
•
Payments are verified by persons/department other than those who physically manage the procurement;
•
No unauthorized payments are made in any way;
•
For detail of control – refer: internal control system recommended for expenditure.
Audit Objectives 10.
The main objectives of the audit of procurement include:•
To ascertain whether adequate internal control procedures are designed and properly applied throughout the year under review.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
152 NTERNAL AUDIT MANUAL
PART FOUR
•
To ensure whether government’s regulations and directives with regard to procurements have been observed.
•
To check that all goods received are as per contracts and conditions stipulated in the purchase order and properly safe guarded and fully recorded in the accounts.
Audit Procedures 11.
Generally, the internal auditor should be concerned with ensuring the reasonableness and appropriateness of management’s action and overall effectiveness of the procurement process. In each state, however, it is expected to apply at least the following procedures: 11.1
Purchase requisitions and orders Select a sample from the purchase orders issued during the year under review and check: •
that purchase orders have been per-numbered and approved;
•
that purchase requisitions have been made from user departments and they are always approved by authorized persons;
•
whether need priorities have been properly considered and this is evidenced by written documents;
•
whether possibility of repairing and/ or transferring excess holdings in other departments have been properly considered before purchasing;
•
that the provisions of government’s regulations and directives with regard to procurement are strictly observed from the time requisitions are made upto awarding the contract to a selected supplier(s). The auditor should be familiar with each and every requirement of the directives in order to design detailed check list that will be used for making sure that directives are strictly complied with (refer separate audit program).
•
that all delivered goods are within the time specified on purchase orders;
•
that quantity and quality of goods ordered are the same with those recorded on goods receiving vouchers.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
153 NTERNAL AUDIT MANUAL
11.2
11.3
Obtain a list of goods returned during the year under review because of damage or excess delivery and a list of goods received but not ordered and ensure that the existing procedure for such incidences is adequate in: •
Timely reporting to management for appropriate action;
•
Making the necessary follow-up to secure the required refund/credit;
•
Safe guarding the assets until dispatched to supplier/insurance and ensure that they are being segregated from own stocks;
•
Adjusting the books of accounts accordingly.
To ensure that a system of proper documentation and follow up is in place: •
11.4
PART FOUR
Obtain minutes of bid committee for the whole year and review: •
How well suitable were members in terms of competence, skill, composure, etc.;
•
How frequent members have attended meetings held during the year;
•
How well substances of decisions are presented in the minutes etc.;
•
Check that purchase orders and goods receiving vouchers are issued from the store in sequential order;
•
Undertake sequence tests and ensure that both purchase orders and goods receiving vouchers are issued sequentially;
•
Extract list of outstanding purchase orders from purchase follow-up register and look into the related terms and conditions of contract and determine if anything is performed contrary to the terms of the agreement.
•
Discuss with the head of purchase department about overdue purchase orders.
With respect to foreign purchases handled by purchasing department the following audit procedures may be applicable: •
Extract list of letters of credit (L/C) files and identify:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
154 NTERNAL AUDIT MANUAL
11.5
12.
•
Outstanding L/Cs at the beginning of the year;
•
L/Cs opened during the year, and
•
L/Cs closed by full payment during the year.
PART FOUR
Select a sample of L/C files; •
Review correspondence letters in L/C files for completeness;
•
Check that all goods have been received as agreed (purchase order, invoice, packing list and GRN);
•
Ensure letter of credit is paid within grace period;
•
Ensure that margins paid for cancelled letter of credit are refunded in time.
According to the public procurement proclamation, suppliers are invited and selected by one of the four preferred methods of procurement listed below:•
Open tender
•
Restricted bid
•
Requesting Quotation
•
Direct procurement
13.
In most cases, goods and services are procured by open tendering method. Sometimes, however, processing tendering documents may become onerous or inappropriate to apply. It is, therefore, not uncommon to follow one of the other procurement procedures that fit to the given circumstance.
14.
The auditor should ascertain whether the requirements in the procurement proclamation and directive have been strictly complied with by designing an audit procedure for each method. 14.1 Procurement by Open Bid Select sample of procurement made by open bid method and ensure (in each case) that:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
155 NTERNAL AUDIT MANUAL
• • •
PART FOUR
A proper bid document has been prepared; Tender invitation has been made by proper media and for sufficient period as per the law; With regard to detail specification of goods/services ensure whether the detail: •
is prepared by the user department;
•
incorporated the benefit, performance and technical details;
•
indicated no preference to any particular branch/manufacturer name;
•
has taken into account the minimum level of standard expected by government.
•
All tenders are registered on a roster of suppliers at MOFED;
•
Proposals submitted by bidders have incorporated every detail as required by bid invitation document and the directive;
•
A tenderer will be disqualified only when the bidder: •
Could not satisfy conditions stipulated by Finance Administration Proclamation and regulation, or
•
Violated requirements of the tender documents, or
•
Has consistently poor government’s tenders;
•
Has not deposited the required security for tender;
•
Corrupted or made an attempt to corrupt any authority and employees in order to gain special favour or win the bid, provided this could be proved;
•
Have material false information in the bid documents and this could be proved.
performance
records
in
previous
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
156 NTERNAL AUDIT MANUAL
•
PART FOUR
Procedures applied for evaluating prospective bidder have to take into account the following: i)
Cost of preserving and maintaining
ii)
Delivery time
iii)
Mode and term of payments
iv)
Guarantee given
14.2 Procurement by Restricted Bids Select sample purchases made by restricted bids and ensure that: •
The method is selected by reason of the nature of the goods being highly complex or specialized and, therefore, were available only from few suppliers.
•
The price of the goods/services is not proportionate to the amount of money and time that would be spent on evaluating and examining several tender documents.
•
All suppliers in the roster of qualified suppliers were invitedwithout any discriminatory manner.
•
Whether tender security has been required and that was deposited accordingly.
14.3 Procurement by Quotations Procedure Select sample purchases made by requesting quotations and ensure that: •
The method is selected because of urgent tasks/works which demand immediate purchases of goods/services for that purpose;
•
Suppliers were invited from the roster of qualified suppliers;
•
There were at least three prospective bidders;
•
Every supplier has offered one price only and with no amendment subsequently;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
157 NTERNAL AUDIT MANUAL
PART FOUR
•
Purchase prices which are between Birr 3,000 and Birr 30,000 were approved by bid committee;
•
No purchase was made beyond the maximum limit of Birr 30,000.
14.4 Procurement by Direct procurement Select sample purchases made by direct procurement and ensure that: •
The goods/services were available with a sole supplier or the supplier is the only patented supplier for that particular line of item;
•
Other preferred methods of procurement could not be applied by reason of urgent needs that were unforeseeable by management;
•
Due to emergency, goods and services were required urgently and because of this other methods could not be justifiable;
•
Additional goods/services of the quality and price were purchased from the original supplier provided that the additional works or orders have been unforeseen and made within the limits defined in procurement directive.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
158 INTERNAL AUDIT MANUAL
PART FIVE
SECTION - I FRAUD AND INVESTIGATION
Introduction 1.
Fraud is a significant and sensitive management concern. This concern has grown in recent years owing to a substantial increase in the number and the size of the fraud disclosed. The tremendous expansion in the use of computers and the size of and publicity accorded to computer related fraud intensify this concern.
2.
The internal auditors responsibilities for deterring, detecting, investigating and reporting of fraud have been a matter of controversy. Some of the controversy can be attributed to the differences in internal auditing charters from country to country and from organization to organization. Another cause of the controversy may be unrealistic expectations of the internal auditor's ability to deter and detect fraud.
3.
The information and procedures which the internal auditor uses as a result of fraud investigation could be used in a court law. Therefore, the internal auditor should be required to be sure about any conclusions and recommendations she/he makes.
4.
The objectives of the subsequent sections is to clarify the procedures that the internal auditor should follow during detection, investigation and reporting of fraud.
Definition 5.
Fraud is defined as:•
The use of deception to obtain an unjust or illegal financial advantage.
•
International misstatement or omission of amounts or disclosure from an entity's accounting records of financial statements.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
159 INTERNAL AUDIT MANUAL
6.
PART FIVE
Fraud may involve the falsification of accounting records which is also a criminal offence and theft. It must be appreciated that there is no general definition of fraud in law and that it is ultimately the courts' decision as to whether an illegal fraud has been committed. The auditor is usually dealing with a suspected rather than a proven fraud. The definition will encompass acts that are not necessarily illegal.
Audit objective 7.
The main objectives of fraud investigation include the following:•
To collect sufficient audit evidence to substantiate fraud investigation.
•
To investigate existing evidence for providing a recommendation to take both legal and administrative actions.
•
To introduce a new or strengthen the existing internal control system for preventing further fraud.
Causes of fraud 8.
The main causes of fraud include the following:•
Poor internal control:- If the public bodies have not implemented a strong internal control, there will be high possibilities for occurrences of fraud.
•
Collusion between members
•
The environment which the public bodies work for:- Some types of working environments are likely to be more conducive to fraud.
Characteristics of fraud 9.
10.
Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. It can be:•
Internal fraud:- Committed by the organization or its employees which is perpetrated to the benefit of the organization or its employees.
•
External fraud:- Committed by persons outside the organization which is perpetuated to the detriment of organization for the benefit of persons outside the organization.
Internal fraud designed to benefit the organization or its employees generally produces such benefit by exploiting an unfair or dishonest advantage that also may deceive an outside party. Perpetrators of such frauds benefit directly or indirectly. Personal benefit may accrue when the organization is aided by the act.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
160 INTERNAL AUDIT MANUAL
PART FIVE
Some examples are:-
11.
•
Acceptance of bribes or kickbacks.
•
Embezzlement, as typified by the misappropriation of money or property.
•
Sale or assignment of fictitious or misrepresented assets.
•
Intentional, improper representation or valuation of transactions, assets, liabilities or income.
•
Intentional failure to record or disclose significant information to improve the financial picture of the organization to outside parties.
•
Tax fraud.
External fraud perpetrated to the detriment of the organization generally is for the direct or indirect benefit outside individual or another firm. Some examples are:•
Intentional concealment or misrepresentation of events of data.
•
Claims submitted for services or goods not actually provided to the organization.
Responsibilities of the Head of Public bodies, management and internal auditors 12.
The first responsible person to defend against fraud is the Head of public bodies. It should:•
Establish and operate internal control system that minimizes the opportunity for fraud (including division of responsibility and systems of internal check for risk sensitive tasks).
•
Inform staff members of their responsibility to report suspected fraudulent acts and ensure that they know who to inform, and how to do so.
•
Pursue cases of alleged fraud and ensure that when fraud has been established the perpetrators surrender the benefits derived and receive suitable punishment.
•
Create general awareness that fraud will not be tolerated and will be punished. This provides a deterrent effect.
13.
Responsibilities of internal auditor in respect of fraud include:•
To evaluate internal control systems in terms of their susceptibility to fraud.
•
To inform the Head of the public body of any weaknesses in internal control systems which may give rise to fraud.
•
To advise the Head of the public body on necessary remedial steps which will strengthen internal controls and make them proof against fraud.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
161 INTERNAL AUDIT MANUAL
•
PART FIVE
To evaluate the totality of management's anti-fraud programme.
How to prevent/minimize fraud 14. There are many ways the management of public bodies can discharge their duties towards prevention of fraud:•
Establishing system of internal control, monitoring affectivity and evaluating the system to identify and to correct weaknesses.
•
Establishing an internal audit function.
•
Having an audit committee.
•
Developing a code of conduct, monitoring compliance and taking corrective actions.
15. With respect to preventing fraud, internal auditors are required to ascertain whether the Head of a public body has taken reasonable steps such as setting up an adequate internal control system to provide segregation of duties, proper authorization procedures and an effective internal audit function. How to deter and detect fraud 16. Experts agree that it is easier to prevent fraud than to detect it. Fraud detection is more a matter of mind set than of routine methodology. It involves being aware of how fraud can occur, in particular when, where, and how it is most likely. It also involves understanding people and their motives. In contrast, managing examinations of suspected fraud or other illegal activity involves careful attention to rules for the collection and maintenance of evidence that may later be needed for administrative or judicial proceedings. 17. Deterrence consists of those actions taken to discourage the perpetration of fraud and limit the exposure if fraud does occur. The principal mechanism for deterring fraud is control. Primarily, responsibility for establishing and maintaining control rests with the Head of public body. 18. Internal auditing is responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of control, commensurate with the extent of the potential exposure/risk in the various systems of an entity's operations. In carrying out this responsibility the internal auditor should, for example, determine whether:•
The organization environment fosters control consciousness.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
162 INTERNAL AUDIT MANUAL
PART FIVE
•
Realistic organization goals and objectives are set.
•
Written government policies (Example, code of conduct exist that describe prohibited activities and the action required wherever violation is discovered.
•
Appropriate authorization policies for transactions are established and maintained.
•
Policies, practices, procedures, reports and other mechanisms are developed to monitor activities and safeguard assets, particularly in high-risk area.
•
Communication channels exist to provide management with adequate and reliable information.
•
Recommendations need to be made for the establishment or enhancement of cost effective controls to help deter fraud.
19. Experience has shown that fraud is usually not discovered in the course of conducting an audit using standard audit procedures. To detect fraud the internal auditor must be aware and keep in mind that fraud exists. This does not mean that the auditor should conduct audits assuming that management or employees are dishonest. Rather, the internal auditor should be aware of the risk factors that increase the possibility of fraud. Internal auditors are expected to be aware of the possibility of fraud and the factors that increase the possibility rather than waiting for suspicions to arise in the course of normal auditing. 20. Detection consists of identifying indicators of fraud sufficient to warrant recommending an investigation. These indicators may arise as a result of control established by management, tests conducted by internal auditors and other sources both within and outside the public body. 21. The responsibilities of internal auditor with respect to detection of fraud are:•
Having sufficient knowledge of fraud, be able to identify indicators that fraud might have been committed. This knowledge includes the need to know the characteristics of fraud, the techniques used to commit fraud, and the types associated with the activities audited.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
163 INTERNAL AUDIT MANUAL
PART FIVE
•
Be alert to opportunities, such as control weaknesses, that could allow fraud; if significant control weaknesses are detected, additional tests conducted by internal auditors should include tests directed towards identification of other indicators of fraud. Some examples of indicators are unauthorized transactions, override of controls, unexplained pricing exceptions, and unusually large product losses. Internal auditors should recognize that the presence of more than one indicators at any one time increases the probability that fraud might have occurred.
•
Evaluate the indicators that fraud might have been committed and decide whether any further action is necessary or whether an investigation should be recommended.
•
Notify the appropriate authorities within the public body if a determination is made that there are sufficient indicators of the commission of a fraud to recommend an investigation.
22. Internal auditors are not expected to have knowledge equivalent to that of a person whose primary responsibility is detecting and investigating fraud. Also, audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected. How internal auditor investigates allegation and suspicions of fraud 23. A fraud investigation requires specialized knowledge and techniques, and needs to be handled with extreme care. Any mismanagement of a potential fraud could have farreaching consequences. 24. Investigation consists of performing extended procedures necessary to determine whether fraud has occurred. The role of internal auditor as an investigator is in many ways quite different from his traditional function. It includes gathering sufficient evidential matter about the specific details of a discovered fraud. Internal auditors, lawyers, investigators, security personnel, and other specialists from inside or outside the public body are the parties that usually conduct or participate in fraud investigations. 25. There are two main ways that the internal auditor can become alert to the possibility of fraud:•
By being informed by someone either internally or externally.
•
As a result of the internal auditors own day to day work.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
164 INTERNAL AUDIT MANUAL
PART FIVE
26. The internal auditor should have sufficient understanding of the areas of possible fraud when he is auditing a system to be able to identify when there is a possibility of fraud occurring and when there are symptoms that it has occurred. 27. There are a number of symptoms which possibly lead to suspect fraud, Of these:•
Making no delegation of work while deemed necessary.
•
Conducting repeated procurement from same supplier.
•
Making improper contract with suppliers for generating hidden benefit, ect.
28. When fraud is suspected, either by somebody or on his/her work, intelligent information gathering becomes crucial. Internal auditors must make sure that their focus is not biased by assumptions about people or events or by inside information provided by interested parties. The auditor must remain independent and objective, and consider all possible interpretations of events. 29. In this context, the audit focus shifts to:•
Identifying and summarizing the evidence indicating that a fraud may have been committed.
•
Identifying possible fraud scenarios.
•
Summarizing and explaining the legislative accounting and management control systems involved, the paper trail involved in the expenditure, and the deviations from the systems.
•
Demonstrating the suspect's position and responsibilities within the system.
•
Demonstrating the control exercised by the suspect on the accounting and management control system.
•
Demonstrating the suspect's knowledge of the accounting and management control system.
•
Explaining patterns used in covering up fraud.
•
Identifying the possible extent of the fraud, and
•
Considering the positions of the other people in the public body and the possibility of collusion.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
165 INTERNAL AUDIT MANUAL
PART FIVE
30. When conducting fraud investigation, internal auditor should follow the following procedures:•
Assess the probable level and the extent of complicity in the fraud within the public body. This can be critical to ensuring that the internal auditor avoids providing information to or obtaining misleading information from persons who may be involved.
•
Determine the knowledge, skills, and disciplines needed to effectively carry out the investigation. Assess the qualification and the skills of the internal auditor and of the specialists available to participate in investigation to ensure that it is conducted by individuals having the appropriate type and level of technical expertise. This should include assurance on such matters as professional certifications, license, reputation, and that there is no relationship to those being investigated or to any of the employees or management of the public body.
•
Design procedures to follow in attempting to identify the perpetrators, extent of the fraud, techniques used, and causes of the fraud.
•
Co-ordinate activities with management personnel, legal counsel, and other specialists as appropriate throughout the course of investigation.
•
Be cognizant of the rights of alleged perpetrators and personnel within the scope of the investigation and the reputation of the public body itself.
. 31. Internal auditors should have different types of evidence to facilitate decisions on whether and how to proceed with further examinations, referral to investigative agencies and possible introduction in court. 32. There are two major types of evidences:•
Testimonial (oral evidence)
•
Documentary (written evidence)
33. The documentation of testimonial evidence should identify persons who can testify about things, people and events they have seen or heared first-hand, and the interview records of what they have said. Moreover, written evidences should be photocopied and filed in the working paper in order to substantiate fraud investigation. In addition, the location and the departmental official responsible for the original documents should be noted. 34. Once a fraud investigation is concluded, internal audit should assess the facts known in order to:-
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
166 INTERNAL AUDIT MANUAL
PART FIVE
•
Determine if controls need to be implemented or strengthened to reduce further vulnerability.
•
Design audit tests that help to disclose the existence of similar frauds in the future.
•
Help the internal auditor to maintain sufficient knowledge of fraud and thereby be able to identify future indicators of fraud.
Reporting the results of a fraud investigating 35. The objective of internal auditor during fraud investigation is to obtain sufficient evidence which enables him to draw reasonable conclusions and recommendations and to report to the Head of public body whether fraud has occurred or not. The internal auditor should use the guidance for writing a report in Part Three Section VI in this manual. 36. It is important that reports on fraud investigation are clearly written, have conclusions and recommendations that are justified by the evidence used. The structure that should be used is similar to that for normal audit report, except the following points. The investigation report should disclose:•
The reasons for investigation:- The investigation will either be the result of other routine work of the internal auditor or due to an allegation made by an individual inside or outside of the public body.
•
The objectives of investigation:- The objective of investigation is to establish whether there is sufficient evidence for the suspected fraud occurrences to substantiate legal action and to report findings to the public body.
•
The work carried out:- Documents scrutinized, locations visited, timing and staffing, interviews held and other relevant documents which were inspected.
•
Conclusions and recommendations:- The report should include all findings, conclusions, recommendations and corrective actions to be taken.
38. Finally, a draft of a proposed report on fraud should be submitted to legal departments for review in order to obtain opinion in respect of legal matters and to take further necessary action. 39. Moreover, the auditor should follow whether appropriate action has been taken on findings she/he reported on the perpetrator of fraud. If such action has not been taken it should be reported to the next higher public body till it reaches the Ministry of Finance and Economic Development. In addition, the internal auditor could pass the report to external auditors like Auditor General, if it is necessary to do so.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
167 INTERNAL AUDIT MANUAL
PART FIVE
SECTION II VALUE FOR MONEY/PERFROMANCE/ AUDIT
Introduction
1. Performance measurement/value for money audit/is an important tool for evaluating value for money in the public sector. In the private sector detailed performance measurement is relatively less important because profitability tends to be used as the main overriding indicator. In the public sector the profit indicator is seldom available and the measurement of service output, particularly in areas such as social service can be a difficult task especially in respect of effectiveness. After all, if the quality of product of a commercial company is poor then the public will not buy it, which in turn affects profit. However, in the public sector the client often has no alternative product to use. 2. Measuring the performance of people and activities can have a number of different objectives. The result may be used for all or some of the following:•
Determining that the benefits and impact looked for are being obtained.
•
Getting assurance that goals are being met.
•
Monitoring and controlling progress against plans.
•
Justifying the use of resources.
•
Assessing the overall economy efficiency and effectiveness.
•
Determining overall that the value for money is being obtained.
The subsequent section of this part is discussing audit objectives, procedures, circumstances and overall review of performance (value for money) audit.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
168 INTERNAL AUDIT MANUAL
PART FIVE
Definition 3. Value for money audit/performance audit/ has been defined as: "A forward looking and evaluation of operations by internal auditors to identify areas in which economy, efficiency and effectiveness (the three E's) may be improved or to evaluate compliance with and the adequacy of operational policies, plans and procedures" INTOSAI defines the three E's follows:Economy 4. Judging economy in itself implies forming an opinion on the resources deployed (human, financial and material). The central question is whether - given the political and social context - resources have been acquired, upheld and used economically. Do the means chosen represent the most - or at least a reasonable - economical use of public funds? Economy can be measured only if there is a reasonable criterion - or good arguments - for doing so. 5. Auditing economy embraces for instance: Audit of the economy of administrative activities in accordance with sound administrative principles and practices, and management policies; Audit of whether the government entities have used their resources economically and kept their costs low.
Efficiency 6. Efficiency is related to economy. Here, too, the central issue is about the resources deployed. The main question is whether these resources have been put to optimal or satisfactory use or whether the same or similar results in terms or quality and turn-around time could have been achieved with fewer resources. Are we getting the most output - it terms of quantity and quality - from inputs and actions? The question refers to the relationship between the quality and quantity of goods and services provided and the activities and cost of resources used to produce them in order to achieve results. 7. Auditing efficiency embraces aspects such as whether: •
Human, financial and other resources are efficiently used;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
169 INTERNAL AUDIT MANUAL
PART FIVE
•
Government programmes, entities and activities are efficiently managed, regulated, organized and executed;
•
Government services are delivered in a timely manner;
•
The objectives of government programmes are met cost-effectively.
Effectiveness 8. Effectiveness is essentially a goal-attainment concept. It is concerned with the relationship between objectives set up, outputs provided and objectives met. Are the objectives of the policy being met by the means employed, outputs provided and impacts observed? Are the means employed and the results achieved consistent with the objectives of the policy, and - perhaps most difficult - are the stated impacts really the result of the policy rather than other circumstances? 9. Effectiveness actually consists of two parts: the question of whether the policy objectives have been achieved, and the question of whether the desired events, which have occurred, can be attributed to the policy pursued. In order to judge to what extent the objectives have been achieved, they need to be formulated in a way that makes an assessment of this type possible. This cannot be done with vague or abstract objectives. In order to judge to what extent observed events could be traced back to the policy, a comparison will be needed. Ideally, this consists of a measurement before and after the introduction of the policy and a measurement involving a control group, which has not been subject to the policy. 10. In auditing effectiveness performance audit may for instance: •
Assess whether the objectives of and the means provided (legal, financial, etc) for a new - or ongoing - government programme are proper, consistent, suitable or relevant;
•
Assess the effectiveness of government programmes and/or individual components, i.e. assess whether objectives are met;
•
Assess whether the observed direct or indirect social and economic impacts of policy are due to the policy are due to the policy or to other causes;
•
Identify factors inhibiting satisfactory performance or goal-fulfillment;
•
Assess whether the programme complements, duplicates, overlaps or counteracts other related programmes;
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
170 INTERNAL AUDIT MANUAL
PART FIVE
•
Assess the adequacy of the management control system for measuring, monitoring and reporting a program's effectiveness;
•
Identify relative utility of alternative approaches to yield better activity/programme/undertaking performance or eliminate factors that inhibit activity/programme/undertakng effectiveness;
•
Identify ways of making programs work more effectively.
Difference Between Performance/Value For Money And Financial Auditing 11. Three major differences exist between performance and financial auditing: Purpose of the audit, distribution of the reports and inclusion of non-financial areas in performance auditing. 11.1
Purpose of the Auditing The major distinction between financial and performance (VFM) auditing is the purpose of the tests. Financial auditing emphasized whether historical information was correctly recorded whereas performance auditing emphasized the three E's (Efficiency, Effectiveness and Economy).
11.2
Distribution of the Reports Financial Auditing Reports are distributed to users of financial statements whereas performance audit reports are intended for management only.
11.3
Inclusion of Non-Financial Areas Performance audits cover any aspect if Efficiency, Effectiveness and Economy in an organization and can therefore involve a wide variety of activities, For example, the effectiveness of a public sector would be part of performance audit. But financial audits are limited to matters that directly affect the fairness of financial statements presentation.
Audit Objectives 12. The internal auditors' performance (VFM) evaluation in the accomplishment established objectives and goals may be carried out with respect to an entire operation or programme or only a portion of it. Audit objectives may include the following:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
171 INTERNAL AUDIT MANUAL
PART FIVE
12.1
To ensure that the public body has strong control to achieve value for money.
12.2
To ascertain the resources are utilized Economically, Efficiently and Effectively.
12.3
To identify and analyze indicators of problems of Economy, Efficiency and Effectiveness in government programmes or areas where performance seems to be poor and thus help the management or government more generally, to improve the Economy, Efficiency and/or Effectiveness.
12.4
To ensure that the objectives and goals established by management for a proposed, new or existing operation or programme are adequate and have been effectively articulated and communicated.
12.5
To determine whether an operation or programme is in compliance with policies, plans, procedures, laws and regulations.
12.6
To ensure that the objectives of the operation or programme have achieved the desired level of interim or final results.
12.7
To report on the intended and unintended direct or indirect programme impact whether and to what extent, stated objectives have been met or why they have not been met (by verifying and analyze indications or problems of Economy, Efficiency and Effectiveness).
Audit Procedures 13. The following are the audit procedures that should be followed during value for money (VFM)/Performance Audit. 13.1
Review the previous years audit working papers to see if there are useful points noted about value for money audit (VFM).
13.2
Fill internal control questionnaire for value for money (ref. Internal control ? Questionnaire for Value for Money as Annex in this Section).
13.3
Examine books, documents. letters, minutes, audit reports and other relevant documents that have relation with VFM audit.
13.4
Ascertain that the administrative controls are in accordance with the relevant regulations and laws.
13.5
Ensure that the public body properly:
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
172 INTERNAL AUDIT MANUAL
13.6
PART FIVE
•
safeguards its assets;
•
complies with the existing government proclamations, regulations and directives;
•
maintains Economic, Effective and Efficient system of managing existing resources.
Evaluate that each department within the public body has fulfilled the aims and objectives of the public body with the existing physical, financial and human resources.
13.7
Evaluate the work of projects or programmes from the start to their end state.
13.8
Collect relevant internal and external confirmation from the users of services and measure their level of satisfaction and compare with the yard stick/bench mark.
13.9
Make physical observation to ensure the information flow and workflow are in compliance with the prescribed directives and manuals.
13.10 Prepare temporary file to keep the relevant working paper for the audit work carried out. 13.11 Prepare or up-date permanent file to keep basic documents for the audit.
Overview of the Value for Money Audit Process 14. Value for money (performance) audit undertaken by the internal auditor involves three basic phases: •
Planning
•
Examination
•
Reporting
15. The precise timing and depth of procedures may vary from one audit to the next, but all VFM audits have the three basic phases.
15.1
Planning
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
173 INTERNAL AUDIT MANUAL
15.2
15.3
PART FIVE
15.1.1
The first step in a VFM audit is planning. The purpose of this phase is to provide focus and direction for the detailed examination phase by identifying what the audit objectives will be and the procedures required to be performed to achieve the stated objectives. This focus is based on having an appropriate understanding of the areas in which VFM is to be conducted.
15.1.2
The planning phase in a VFM audit features two distinct stages; the overview and the survey stages. The key to planning a VFM audit is to have a good understanding of the areas in which VFM is to be conducted. The overview stage is the first stage in the planning phase and its primary purpose is to obtain the crucial understanding on the areas to be audited.
15.1.3
The second stage of the planning phase is the survey stage. The purpose of the survey stage is to explore, in an efficient manner, lines of audit inquiry identified during the overview stage and to expand and improve the initial understanding of the lines of audit inquiry that are potentially significant and should be pursued in the next phase, the examination phase.
Examination phase 15.2.1
The examination phase consists of conducting tests, evaluating controls and collecting sufficient and appropriate evidence to conclude whether or not the matters originally identified during the planning phase are potentially significant for reporting purposes.
15.2.2
The examination phase includes the following major activities: •
Selecting or preparing detailed audit programme;
•
Conducting tests and documenting audit findings;
•
Analyzing the associated causes(s) and effect(s);
•
Preparing project report/fact sheets.
•
Developing conclusions and recommendations; and
•
Completing and reviewing audit files.
Reporting Phase
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
174 INTERNAL AUDIT MANUAL
PART FIVE
The reporting phase is the last phase of VFM audit process. The purpose of this phase is to communicate to management findings, conclusions and recommendations. Reporting audit finding is discussed in Part Three - Section VI of the manual in depth. Under What Circumstances VFM Audit is undertaken 16.
17.
18.
Internal auditors of public bodies are expected to spend most of their time and efforts on the financial and compliance issues to ensure: •
The reliability of information;
•
Compliance with policies, procedures, laws, regulations and contracts;
•
The safe guarding of assets.
VFM audit is carried out to ensure: •
The effective, efficient and economic uses or resources
•
The accomplishment of established objectives and goals.
The specific circumstances to undertake VFM audit are as follows: •
The annual programme for financial and compliance audit is relatively comprehensive;
•
Completing the annual programme for financial and compliance audit is well within the capability of the internal audit unit;
•
The programme of financial and compliance audit (taking this year, previous years and next year into account) covers the major risk areas of the entity;
•
The Head of the Internal Audit is confident that relevant audit skills exist to carry our the audit;
•
The proposed VFM audit topic(s) are feasible provided that audit resources are available;
•
Management strongly supports carrying out certain VFM audits.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
175 INTERNAL AUDIT MANUAL
19.
PART FIVE
The effect of the above approaches is to give priority to financial and compliance audits and to make them reasonably comprehensive. Value for money (VFM) audit is treated as a special activity to be conducted selectively on the basis of available resources. Reporting The Results Of Value For Money Audit
20.
The objective of internal auditors during value for money audit is to obtain sufficient audit evidence to evaluate the accomplishment of established objectives and goals and to report any findings and recommendations.
21.
The audit report should be well structured and well written. The report should be reader based and the language should not be suggestive and ambiguous. Performance audit reports should be objective and fair in their presentations. This might for instance require that: •
There are separate presentations of findings and conclusions;
•
Facts are presented and interpreted in neutral terms;
•
Different perspectives and view-points are represented;
•
All relevant findings, arguments and evidences are included;
•
Reports are constructive and positive conclusions are also presented.
22. Published reports arising from performance audits often include the following elements: •
A summary of context in which the activities under scrutiny took place including the historical context;
•
The objectives for those activities, a description of the activities and analysis of the prospects for achieving economy, efficiency and effectiveness, leading to a statement of the objectives of the audit;
•
A description or summary of audit methodologies used for collecting and analyzing data and presentation of the sources of data;
•
An explanation of the criteria used (to verify the hypothesis or to interpret and assess the findings);
•
The audit findings and all arguments that are considered material; and
•
Conclusions relating to the audit objectives.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
176 INTERNAL AUDIT MANUAL
PART FIVE
SECTION III PROJECT AND CONTRACT AUDIT
A. PROJECT FUNDED BY GRANTS AND LOANS
Introduction 1.
Donations and loans are resources secured by the Government or the public body for the support of projects as per agreements with donors or lenders. The proceeds from the loans and donations are used by the implementing agency (public body) as per relevant agreements in undertaking various activities within the recurrent and capital expenditure budgets as well as other special socio-economic projects of the government. Counter part funds are created by means of payments into a special account of the equivalent value in local currency from the proceeds of the sale of commodities or foreign currencies that were provided by grants or loans. They are recorded in the budgetary accounts as receipts and are used to finance capital projects and recurrent budget as well. A public body has now also incorporated additional function, i.e. it acts as a disbursing agent (implementing agent) for the loans obtained from lenders (like World Bank, IDA, ADB) for the health and education sectors.
Audit objectives 2.
The audit objectives with respect to the counter part funds in particular and donor funds in general are as follows: 2.1 •
2.2
General objectives To assure the proper receipt and use of funds designated for a specific purpose and to ensure satisfactory compliance with relevant agreement, Specific objectives
•
To assure proper compliance with bilateral/multilateral agreement.
•
To assure proper collection of funds.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
177 INTERNAL AUDIT MANUAL
PART FIVE
•
To verify that disbursements are made for the purposes designated and are in agreement with the budget.
•
To ensure proper record maintenance.
•
To provide adequate stewardship over grants and loans.
•
To ensure the economic and efficient use of funds.
Audit procedures 3.
Though it is difficult to stipulate detailed procedures with regard to each agreement, some generalized issues can be raised. 3.1
Compliance with agreement •
3.2
Check the details of the agreement and make sure that the points raised are adhered to. This is concerning general and specific responsibilities, requirements, conditions, covenants, etc. Collection
3.2.1
From donors/lenders •
Check correspondence file in relation to donation/loan advice of payment of donors/lenders.
•
Check that official cash receipts are issued for collections of cash of the grant/loan from donors/lenders.
•
Proper acknowledgements be made (if required).
•
Ascertain that goods receiving vouchers are issued for receipt of commodities.
•
Check whether stock cards are used to record receipts and issues of commodities by the public body.
•
Ensure the receipts are as per agreement or budget.
•
Ascertain that the collections are properly registered and recorded in the books of account.
•
Other relevant procedures as mentioned in 'receipt and receivables' and 'cash and bank balances' sections can be used.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
178 INTERNAL AUDIT MANUAL
3.2.2
3.3
PART FIVE
From Sale of Commodity or foreign Currency
•
Ensure that official receipt vouchers are issued when collecting cash.
•
Check that collections or sales are as per plan/budget.
•
Check that the sales prices/rates are in accordance with policies.
•
Ascertain that stock issue vouchers are used when issuing commodities.
•
Check that stock cards are used.
•
Perform reconciliations to check that equivalent local currency is raised by sale of foreign currency or commodity.
•
Ensure that activities are in accordance with relevant agreements.
Payments
•
Ensure that payments are approved.
•
Ensure that payments are made as per plan/program/budget and agreement.
•
Check relevant supporting documents with respect to the payments.
•
Ensure that payments are made for the designated purposes.
•
Check the actual expenditure against budget.
•
Check interest rate computations and loan status (for credit agreements).
•
Ensure the proper recording of expenditure to the right account/ledgers.
•
Other relevant procedures as mentioned in the 'Expenditure' and 'Procurement' sections can be applied here.
3.4
Cash and Bank Balances
•
Check that an imprest system is maintained.
•
Check that any cash in hand is regularly counted.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
179 INTERNAL AUDIT MANUAL
PART FIVE
•
Ensure that monthly bank reconciliations are done.
•
Checks some of the bank reconciliations.
•
Other relevant procedures mentioned in the 'Cash and Bank Account' section can be applied.
3.5
Monitoring and reporting
•
Ensure that proper and timely work program (Narrative) and financial reports are produced and submitted to users.
•
Check that work in progress is monitored to ensure performance as per time schedules.
•
Check that performance reports compare achievements with goals set, with justifications for variances especially for under performance.
•
Check the preparation of other reporting requirements as per agreement.
B. CONTRACT AUDIT Introduction 4.
public authorities spend large sums of money each year on capital expenditure. The process is long and complex commencing with the formulation of a project and conducting with the final account and post-contract review. In the past and even today in some public bodies the internal auditors have been deeply involved in the final account stage. However, whilst this stage is important, so are the others, and it is vital that the auditor is involved in reviewing and testing systems throughout the whole capital project process.
Definition 5.
Contract audit could be defined as follows: "Contract audit is an audit which is intended to ascertain that the construction of buildings, roads, dams drilling water wells and other types of constructions are executed in accordance with the relevant laws and regulations of the government and the agreements entered between the contractor and public body".
Audit objectives __________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
180 INTERNAL AUDIT MANUAL
6.
PART FIVE
Although the audit approach for construction and engineering contracts varies from organization to organization the overall audit objectives should be universal and should include the following: • Assessing and reporting on the adequacy of the public body's standing orders relating to contracts and associated financial regulations. • Reviewing and reporting on the extent to which procedures comply with policies and procedural rules of the public body. • Reviewing the adequacy of systems for controlling the operation of the contracts workers from the initial planning stage to post completion assessment. • Reviewing and reporting on the extent to which management information is prompt, adequate, accurate and designed for the needs of all the users. • Appraisal of the system for controlling and recording the utilization of resources, including staff. • Reviewing the use of consultants and agency services provided by other organizations. • Monitoring the arrangements for the security of the public body's assets and for recovering the cost of rechargeable works. • Prevention and detection of fraud, error and impropriety. • Identification of losses due to waste, inefficiency etc., and recovery where appropriate.
Audit procedures 7.
To attain the audit objectives stated above it will be necessary for the internal auditor to observe the following audit procedures: 7.1 Take a sample of contracts and establish whether the rules for using approved supplier lists have been observed. 7.2
Take a sample of recently prepared bid documents and assess them for clarity and completeness.
7.3
Take a sample of recently advertised tenders (invitation for tender) and ensure that tenders are issued:
•
In a timely manner, so that suppliers had a good chance of responding.
•
In the newspapers, where suppliers would normally look for such invitation.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
181 INTERNAL AUDIT MANUAL
7.4
PART FIVE
Take a sample of bids received for contracts and check that:
•
There exists adequate completion among bidders in terms of the number of bids received and the price quoted.
•
Contract bids are re-advertised, in the absence of adequate competitors.
•
There are not evidences of contracts being awarded without adequate completions.
•
The evaluation given for the bid document is reasonable as per the documents in the respective files and minutes of the tender committee.
•
There are compliances of agreements and note any non-compliances.
7.5
Take a sample of recent contract awards of the tender committee and compare them with:
•
The actual contract awards made by the public body.
•
The terms appearing in the final contracts.
7.6
Examine a sample of contract files and tender committee minutes to identify any of the following:
•
Reported cases of conflict of interest on the part of members of the tender committee or the head of the public body.
•
Complaints by unsuccessful bidders concerning unfair treatment and the response of the public body to their complaints.
•
Breaches of commercial confidentiality.
•
Delivery of materials to unusual sites and addresses.
If such cases exist and seem significant, interview relevant staff members and ask for further explanations from management. 7.7 •
When the contractor claims payment for work completed ensure that: The work has been satisfactorily completed.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
182 INTERNAL AUDIT MANUAL
PART FIVE
•
The public body retains money from the contractor's claim in accordance with the terms of the contract.
•
There are procedures to prevent over-payment of contract price.
•
Periodical payments were supported with approved certificate of payments.
•
Release of retention money is in accordance with the contract.
7.8
Select a sample of completed contracts and:
•
Compare these with final costs and actual completion data.
•
Evaluate the extent of discrepancies.
•
Check for costs over-run and obtain approvals and explanations.
•
Ensure that liquidated damages have been recovered where appropriate.
•
Check the systems for post-contract reporting.
•
Check the systems for post completion assessment.
SECTION IV __________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
183 INTERNAL AUDIT MANUAL
PART FIVE
COMPUTER AUDITING Introduction 1.
Internal auditor, even in a smallest public body, will have to come into contact with computers in the course of his/her work and it is almost certain that in the future basic computer knowledge required of the auditor is mandatory.
2.
Computerization of a public body system does not affect the general principles and objectives of the audit, especially the need to obtain adequate audit evidence and evaluate internal control system. However, the computer does change audit approach that is audit structure needs to take into account the particular features of each public body's computerized system. Thus, the planning stage of the audit has great importance to this end in that internal auditor should appreciate the extent to which the nature of the audit work changes when computerized systems are in operation owing to combination of three important factors: loss of available visible records, shift in emphasis from manual/clerical check to programmed application controls, and programmed generation of data which prevent a simple input/output check.
Definition 3.
Computer auditing is concerned with auditing of computerized system and use of computer in auditing process. Auditing of computerized system requires that review of computer related internal controls present in the computer operating environment and are built into the program application themselves as well as the operating system. Use of computer in audit process, on the other hand, is employment of computer to assist the internal auditor in the performance of his audit work using techniques performed with computer known as Computer Assisted Audit Techniques (CAAT).
Internal Controls in computerized systems 4.
Computer systems record and process transactions in a manner which is significantly different from manual systems, giving rise to such possibilities as a lack of visible evidence and systematic errors. As a result, when auditing in a computer environment, the internal auditor will need to take into account additional considerations relating to the techniques available to him, the timing of his work, the form in which the accounting records are maintained, the internal controls which exist, the availability of the data and the length of time it is retained in readily usable form.
5.
When auditing in a computer environment, the internal auditors should obtain a basic understanding of the fundamentals of data processing and a level of
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
184 INTERNAL AUDIT MANUAL
PART FIVE
technical computer knowledge and skills which, depending on the circumstances, may need to be extensive. This is because the internal auditors' knowledge and skills need to be appropriate to the environment in which they are auditing. 6.
A few years ago it was widely considered that auditors could discharge their duties as auditors of an entity with computer-based systems without having deep knowledge of such systems. The auditors would commonly audit 'round the computer' by ignoring the procedures which take place within the computer programs and concerning solely on the input and corresponding output. Audit procedures would include checking authorization, coding and control totals of input and checking the output with source documents and clerical control totals.
7.
This view is changed and it is now recognized that one of the principal problems facing the auditors is that of acquiring an understanding of the workings of the electronic data processing department and of the computer itself. It is now customary for auditors to audit 'through the computer' to determine whether the controls in the system are adequate to ensure complete and correct processing of all data.
8.
One of the major reasons why the 'round computer' audit approach is no longer considered adequate is that as the complexity of computer systems has increased there has been a corresponding loss of audit trail. An audit trail is the means by which a transaction can be traced sequentially through the system from source to completion, and its loss will mean that normal audit techniques will bread down.
9.
The original concept of an audit trail was to print out data at all stages of processing so that an auditor could follow transactions stage-by-stage through the system to ensure that they had been processed correctly. Computer auditing methods have now cut out much of this laborious, time-consuming stage-by-stage working, and make use of:
10.
•
A more limited audit trail;
•
Efficient control totals;
•
Use of enquiry facilities; and;
•
Audit packages.
An audit trail should ideally be provided so that every transaction in a file contains a unique reference back to the original source of the input. For instance (a sales transaction records include a reference numbers of the customer order, delivery note and invoice. Where master file records are updated several times, or from several sources, the provision of a satisfactory audit trail is more difficult, but some attempt should
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
185 INTERNAL AUDIT MANUAL
PART FIVE
nevertheless be made to provide one. Typical audit problems that arise as audit trails more further away from the hard copy trail include. • •
Testing computer generated totals when no detailed analysis is available; Testing the completeness of output in the absence of controls totals.
In these situations it will often be necessary to employ computer assisted audit techniques. 11.
If internal auditor intends to place reliance upon internal control system he must ascertain, record and evaluate the system via use of compliance test.
12.
Internal control system in a computerized system that is implemented and applied in a public body may be categorized in the following three headings. 12.1
System development controls System development controls relate to the environment within which computer systems are developed which include: •
New proposals and proposed amendments should be subject to an organization-wide present pattern.
•
Feasibility studies should be carried out for new proposals and some of the proposed amendments, subject to materiality limit.
•
Standardized approval procedures be implemented based on named officials or regular committee.
•
Users including internal auditors should participate in the system development process.
•
Standardized documentation and systems specifications and programs be applied so that an organization-wide standard is in force to ensure continuity as staff members come and go.
•
System and program testing involving end users be carried out before operationalising of new system or program, using test data on parallel running or reprocessed 'live' data.
•
Full records of old system files be transferred to the new system to be maintained and controls over totals transferred should be carried out at time of conversion.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
186 INTERNAL AUDIT MANUAL
•
PART FIVE
If significant system amendment is made all the above controls should be carried out.
12.2 Administrative Control Administrative controls are defined as the environment within which computer systems are maintained and operated which include:
12.3
•
Adequate division of staff responsibilities and a formal system of the chain of command in the separation of duties between development staff, operators, controllers, file librarians and so on.
•
Adequate training and job descriptions, provision of manuals and learning materials be provided.
•
Entry and other security controls be introduced.
•
Standard operating procedures such as adequacy of staffing, rotation of duties, clear set-up instruction, well understood and practiced emergency procedures, log and record of all operator's interventions.
•
Work scheduling, adequacy of system documentation controlling the distribution of output, review of actual computer operations, breakdowns, interventions, and revision of access and passwords regularly.
•
Access to file be restricted through physical and software by means of banning access to computer terminals to unauthorized personnel and use of secure passwords and ensuring all disks have unique identification.
•
Back-up file and stand-up controls be implemented, that is duplicate copies of all sensitive files, several generation of transaction files, security over file held on disk at remote location, standby generators, back-up equipment and fire procedures.
Application Controls Application controls are related to the transactions and standing files pertaining to each computer based system and are, therefore, specific to each application. Objectives of application controls are to ensure the completeness and accuracy of
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
187 INTERNAL AUDIT MANUAL
PART FIVE
the records and the validity of the entries made therein resulting from both manual and programmed processing and with specific objectives. •
Input data should accurately reflect that of the prime source documents.
•
Input data should reach the computer input stage.
•
Only authorized data should be completely and accurately entered.
•
Errors occurring during processing should be detected and corrected.
•
Errors and rejected items must be acted upon to correct swiftly and properly.
•
Output reports should reach the designated recipient and dealt with in an appropriate way.
•
Amendments to standing/master file data should be properly authorized and correctly processed.
•
No unauthorized access to standing data should be permitted and no unauthorized changes allowed.
•
Correctness of the overall processing should be confirmed via reconciliations of input with output.
Audit objectives 13.
primary objectives of internal auditing of computerized system is to ascertain the reliability of the system in processing of data and with specific objectives to ascertain that: •
Adequate system development procedures are followed and controls are exercised.
•
All system and program modifications are properly authorized and implemented in disciplined and controlled manner.
•
Appropriate procedures are followed in conversion from old system to new system.
•
Access to computer resources is restricted to authorized personnel only.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
188 INTERNAL AUDIT MANUAL
PART FIVE
•
Disruption caused by file corruption is minimized.
•
Entry and processing of invalid data is detected and prevented.
•
Only authorized input data is submitted for processing.
•
All errors and exceptions are corrected and reprocessed.
•
Master file data is properly maintained.
Audit Procedures 14.
In order to perform quality audit, internal auditor should follow but not be limited to the following procedures: 14.1
14.2
Ensure that standard system development procedure documentation is produced for an application including: •
narrative description of the system
•
flowcharts and block diagram of the system
•
input and output data descriptions
•
file record layouts
•
control procedures
•
program listing
•
test data and results of testing
•
output distribution instructions
•
operating instructions
•
procedural manuals.
is
followed
and
Ascertain that the system is adequately tested by means of processing test data, pilot running, parallel running, and involving the clerical and control procedures in all users concerned with the system.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
189 INTERNAL AUDIT MANUAL
PART FIVE
14.3 Check that result of testing is evaluated and report is produced. 14.4 Ensure that content of master file is checked before a system becomes operational. 14.5 Ensure that completed work is reviewed and approved and further progress authorized by responsible officials at completion stages of system specification, programs and systems testing and accepting new system into operational use. 14.6 Ensure that all changes to system and program are authorized, documented and tested in the same manner as new system and program, subject to significance level. 14.7 Ensure that system development, data preparation, computer operating, file library functions are carried out by different persons. 14.8
Ascertain that the following basic restrictions are applied:•
access to documents containing original data is limited to control and data preparation staff.
•
computer specialist do not have access to records maintained in the computer.
•
access to files and programs is limited to computer operators and file librarian.
•
computer operators and programmers do not amend input data.
•
computer operator and file librarian do not have other duties within the system and program development function.
•
computer specialist does not initiate transactions and change to master files.
•
unauthorized access to the computer terminal is forbidden.
14.9
Review that work of computer operators controlled by the use of administrative procedure manuals, work schedules, operating instructions, computer usage reports and rotation of duties.
14.10
Ensure that copies of master and important files are kept at places outside
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
190 INTERNAL AUDIT MANUAL
PART FIVE
computer operating location. 14.11
Ascertain that adequate reconstruction procedures are instituted by the establishment of retention period for file and copying of file at appropriate interval.
14.12
Ensure that there are adequate fire precautions, stand-by arrangements for processing in case of hardware or software failure.
14.13
Make sure that controls for complete and accurate processing of data establishment are practiced before documents are forwarded to input by using clerical totals or sequence checks.
14.14
Ensure transcription of data to input medium is independently verified.
14.15
Check that input data is authorized before transcription into computer.
14.16
Ensure that computer independently verified.
inputs
are
authorized and their conversion
14.17
Review the existence of list of reasons for which input data should be rejected.
14.18
Review the procedures for investigating, correcting and resubmitting the rejected data.
14.19
Review how the system ensures that all rejections are promptly reprocessed.
14.20
Ascertain that output contains sufficient information to trace source documents, verify computer generated calculations and totals.
14.21
Ensure that totals and detail output are checked with controls established prior to processing of input data.
14.22
Ensure that addition and amendment to standing data is authorized by a person independent of computer operating and programming function.
14.23
Ensure that all amendments are documented and controlled by retention of copies.
Computer assisted audit techniques (CAAT) 15.
Nature of computer based systems give opportunities to use computer to assist internal auditor in the performance of his audit work. Computer assisted audit
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
191 INTERNAL AUDIT MANUAL
PART FIVE
techniques are used to carry out this work. They may vary in nature from techniques used to record control systems (Computerized Internal Control Evaluation and Flowcharting Programs) to specially written computer software which selects, tests and evaluates transactions for substantive testing purposes or which carries out analytical review procedures. 16.
There are two principal categories of computer assisted audit techniques, test data and audit software. Audit test data consists of data submitted by the auditor for processing by the public bodies. For example, an application control to ensure the completeness of input may consist of programmed agreement of batch totals. The internal auditor may choose to test this control by submitting test data with correct and incorrect batch totals.
17.
Audit software comprises computer programs used by the internal auditor to examine the public body's computer files. It may consist package programs or utility programs which are usually run independently of the public body's computer-based accounting system. Package programs consists of prepared generalized programs for which the auditor will specify his detected requirements by means of parameters, and sometimes by supplementary program code. Utility programs consists of programs available for performing simple functions, such as sorting and printing data files.
18.
Advantages of using computers in auditing include:-
19.
•
Internal auditors can use computers for very basic administrative functions, such as time records, work processing and basic mathematical tasks.
•
Automated working paper packages can be used to make the documenting of internal audit work much easier. Such programs will aid preparation of working papers such as lead schedules, and other schedules. The working papers will be neater and easier to review and the risk of error is reduced. These packages help the internal auditor to save time.
•
Internal auditors can use other auditing packages to perform analytical procedures and statistical sampling in which the package can perform tasks such as determining sample size, computing standard ratios, generating random numbers from a given sequences and evaluating results from tests based on samples.
A specimen internal control questionnaire is provided in Annex XXVII.
SECTION V SOCIAL AND ENVIRONMENTAL AUDIT __________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
192 INTERNAL AUDIT MANUAL
PART FIVE
Introduction 1. An environmental audit is an audit which confirms the degree of compliance with both internally and externally determined emission and pollution standards. The results of an environmental audit have implications for the external financial auditor since financial liabilities for causing environmental damage are rapidly increasing. 2. There is widespread recognition that the costs of ignoring environmental issues are potentially high although a key element of such costs can not be easily quantified because it relates to public relation and corporate image. 3. For those public bodies which do not adopt environmentally conscious policies, the immediate effect is usually unfavorable public relation. These public bodies should realize that it is becoming increasingly difficult to conceal their behavior and performance from the increasingly vigilant public. 4.
Some public organizations may have no legal obligation in some instances but a moral obligation will be just as serious. Therefore, most public bodies operating in situations where environmental issues are of particular concern are investing more and more in research to monitor their performance and the way in which they are perceived by the public in the key areas of public relations and corporate image.
5. The following sections of this part focus on audit objectives, impacts of relevant laws and regulations and measuring environmental effects. Definition 6. Environmental audit could have the following definition:6.1 "A management tool comprising a systematic, documented, periodic and objective evaluation of how well organizations management and equipment are performing, with the aim of contributing to safeguarding the environment by facilitating management control of environmental practices and assessing compliance with the organization policies, which would include meeting regulatory requirements and standards applicable".
6.2
"The independent review by a specialist of an enterprise operations to identify any areas of non-compliance with environmental legislation and find ways for the enterprise to make more efficient use of resources, and identify opportunities for enhancement of environmental performance and practices including potential cost savings".
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
193 INTERNAL AUDIT MANUAL
PART FIVE
Audit objectives 7.
The audit objective is to compare actual record emission and discharges of all environmentally sensitive materials against such predetermined limits. The internal auditor should be aware of any national environmental laws and regulations for their compliance. In addition to this, the internal auditor should ensure the compliances of any International Environmental Conventions, which were ratified by the Government of Ethiopia since non-compliance may entail legal action and bad images on the national and international level. Audit procedures
8.
When an internal auditor realizes that his/her organization may have environmental issues which could have an impact on the financial statements, the following steps are appropriate:•
Obtain an appropriate understanding of the organization, its operations and in particular its environmental issue.
•
Evaluate whether there is any possible risks in the public body as a result of environmental issue.
•
Obtain understanding of the control environment operating with your organization.
•
Review any international environmental conventions which were ratified by federal government for compliance.
•
[Please refer annex XXXI of this part for nine International environmental accords which were ratified by the Government of Ethiopia].
•
Review any national environmental laws and regulations for compliance.
•
[During writing of this manual, the national environmental law is at the Council of Ministers in the form of draft for approval].
•
Review publicly available industry information on environmental audit.
• •
Review report issued by environmental experts about the organization. Assess and obtain the environmental impact of previous and existing operation.
•
Assess and obtain possible future changes in activities or the process of operation involved.
Impact of Social And Environmental Law In Respect Of Public Bodies __________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
194 INTERNAL AUDIT MANUAL
9.
PART FIVE
Environmental laws and regulations can have considerable impact on some public bodies. Possible problems associated with environmental laws and regulations include:•
Contingent liabilities. These may be claims against the public bodies for environmental offence including, for example, nuisance or watercourse contamination of damage to health;
•
Asset values may be affected. Stocks may be subject to environmental concern and may need to be modified or replaced. Land may be contaminated and require clean up. Plant and machinery may be replaced because it pollutes or otherwise fails to meet modern environmental standards;
•
Accounting for capital and revenue expenditure. On fitting environmental safeguards and in undertaking remedial treatment following incidents op pollution;
•
provision for future improvements in the plant required to enable the process to continue operating within stricken.
Measuring Environmental Effect 10. Measuring the effect of environmental matters presents particular problems for an organization and its auditor. This includes the following:•
There is often a long delay between an activity that caused an environmental problem and its identification by the entity or by regulators;
•
Accounting estimates may not have an established historical pattern or may have wide ranges or reasonable values because of the number and nature of assumptions underlying the determination of those estimates;
•
Environmental laws or regulations are evolving and interpretation may be difficult or ambiguous. It may be necessary to consult with an expert on the valuation of certain assets;
•
Liabilities may arise other than as a result of legal or contractual obligations. They may arise from the perceived moral obligation of the organization.
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
158 INTERNAL AUDIT MANUAL
__________________________________________________________________________________ MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
PART FIVE
195
Annex I EXAMPLE OF RISK ASSESMENT Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ This Annex gives a worked example of the calculation of the Risk Index for a system. The process has been broken down into 5 distinct steps.
Step 1
Internal Auditors should select the risk factor Example - Transaction volume
Step 2
For each risk factor chosen, Internal auditors should chose a scale of measurement that will be used to compare each system. Example - Classify the transaction into five groups depending on their volume
Step 3
Identify the points rating for each one of the scale of measure. Internal Auditors should use points rating of between 1 and 5 for each element. Example - give 1 for the group with the smallest volume
Step 4
Internal auditors should select a weighing factor for each risk factor. This allows the Internal Auditor to place emphasis upon elements that are more important to the risk assessment.
Step 5
Internal Auditors then should take the appropriate scale of measurement for each one of the systems to be assessed. This will give points rating to be multiplied by the weighing factor and summed for each of the elements.
196
Annex II EXAMPLE OF RISK ASSESMENT Sch. Ref.
Initials Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ STEP 1 Internal Auditors should select the risk factors for the risk assessment Risk factor Value of transactions
Complexity of the system
Stability of the system
Date
197
Annex II EXAMPLE OF RISK ASSESMENT Sch. Ref. Initials Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ STEP 2 For each risk factor chosen, Internal Auditors should chose a scale of measurement that will be used to compare each system Risk factor Value of transactions
Scale of measurement $0 - $1,000 $1,000 - $10,000 $10,000 - $100,000 $100,000 - $1m more than$1m
Complexity of the system
Very simple Simple Average Complex Very complex
Stability of the system
Very stable Stable Average Unstable Volatile
Date
198
Annex II EXAMPLE OF RISK ASSESMENT Sch. Ref. Initials Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ STEP 3 Determine the Rating Points, for example, between 1 and 5 for each one of the scales of measurement. Risk factor
Value of transactions
Complexity of the system
Stability of the system
Scale of
Rating Points
measurement
(a)
$0 - $1,000
1
$1,000 - $10,000
2
$10,000 - $100,000
3
$100,000 - $1m
4
more than$1m
5
Very simple
1
Simple
2
Average
3
Complex
4
Very complex
5
Very stable
1
Stable
2
Average
3
Unstable
4
Volatile
5
Date
199
Annex II EXAMPLE OF RISK ASSESMENT Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ STEP 4 Internal Auditors should select a weighting factor for each of the risk factors. This allows the Internal Auditor to place emphasis upon risk factors that are more important to the risk assessment. For instance, in the example below, the most important risk factor is the complexity of the system, the least important the value of transaction. Risk factor
Scale of measurement
Value of transactions
(a)
$0 - $1,000
1
$1,000 - $10,000
2
$10,000 - $100,000
3
$100,000 - $1m
4
more than$1m
5
Complexity of the system Very simple
Stability of the system
Rating Points Weighting factor (b)
2
1
Simple
2
Average
3
Complex
4
Very complex
5
Very stable
1
Stable
2
Average
3
Unstable
4
Volatile
5
5
3
200
Annex II EXAMPLE OF RISK ASSESMENT Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Risk Assessment Budget Year ________________ STEP 5 Internal Auditors should take the appropriate scale of measurement for each one of the systems to be assessed. This will give rating points to be multiplied by the weighting factor and summed for each of the risk factors. In the example below, the system has been identified as having between $100,000 - $1m of transactions; being of average complexity and being unstable. The Internal Auditor then should compare the total Risk Index of each system and identify those systems, which are more risky than others and, therefore, should be audited sooner and more often. Risk factor
Value of transactions
Complexity of the system
Stability of the system
TOTAL RISK INDEX
Scale of measurement
$0 - $1,000 $1,000 - $10,000 $10,000 - $1000,000 $1000,000 - $1m more than$1m Very simple Simple Average Complex Very complex Very stable Stable Average Unstable Volatile
Rating Points (a)
Weighting Rating factor (b) (a) x (b)
4
2
8
3
5
15
4
3
12
35
201
Annex III
INTERNAL AUDIT PLANNING CHECKLIST Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Planning Checklist Budget Year ________________ YES PRIOR YEARS AUDIT REPORTS 1. Have you reviewed with the in-charge auditor (Senior Auditor), re:• Changes in presentation of disclosure? • Points to which special attention should be paid? • Improvements to the content and style of the audit findings and recommendations report? PRIOR YEARS WORKING PAPERS 2. Have you reviewed with the in-charge auditor, re:• Points for attention at next audit, if any? • Unnecessary schedules? • Inadequate or excessive work? • Changes in procedure or scope of examination? NARRATIVE SYSTEM NOTES AND/OR FLOW CHARTS 3. Are you satisfied that narrative system notes and/or flow charts and updates cover all aspects of the accounting and other relevant systems and explain the significance of any systems weaknesses?
NO
INITIALS
202
Annex III Sch. Ref.
Initials
Date
Prepared by Reviewed by
YES INTERNAL CONTROL EVALUATIONS 4. Are you satisfied that the ICEQ’s have been properly completed and evaluated and the audit implications of weaknesses fully disclosed? AUDIT PROGRAMMES 5. Are you satisfied that the audit programmes fit the particular circumstances and that the scope and extent of the tests adequately cover the implications of systems and control weaknesses disclosed by the narrative system notes/flow charts and ICEQs? TIME BUDGET 6. Have you reviewed and approved the time budget ensuring that total time is within the limit for the type of audit to be carried out? STAFF ASSIGNMENTS 7. Have you reviewed with the in-charge auditor and agreed his provisional assignment of staff to the various audit responsibilities? PLANNING MEETING 8. Have you held a planning meeting with the staff assigned to discuss all aspects of the audit work to be undertaken?
NO
INITIALS
203
Annex IV
INTERNAL AUDIT MONITORING CHECKLIST Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Monitoring Checklist Budget Year ________________ YES WORKING PAPERS 1. Do the working papers properly demonstrate the nature and extent of the work performed? 2. Have all material weaknesses noted during the review and testing of internal control been properly summarized? 3. Have schedules been signed and dated by the prepare and recommendations report? and the reviewer? 4. Has the permanent file been properly updated? 5. Are conclusions given for all areas of the audit, and are these properly worded and soundly based? 6. Have you reviewed and approved the proposed audit adjustments? 7. Have you resolved or otherwise disposed of queries and major points noted for your attention? 8. Are you satisfied that the working papers are complete and accurate and that no further work is required? 9. Are you satisfied that the audit was carried out within the intended scope? REPORT 10. Have you reviewed the draft report? 11. Does the format and terminology of the reports conform to the standards of the Internal Audit Manual?
NO
INITIALS
204
Annex IV
Sch. Ref. Initials
Date
Prepared by Reviewed by YES 12. Has adequate disclosure of all pertinent and material facts been made in the report? 13. Have any subsequent events, of which you are aware, and which may have significant effect on the report, been properly disclosed? 14. Does the Audit Findings and Recommendations Report include sufficient factual evidence and clear recommendations upon which the head of public body can take sound and appropriate decisions and actions? 15. Has adequate consideration been given to recommendations in previous reports and the extent of compliance therewith? 16. Are you satisfied that all material points, findings, and recommendations noted during the audit, and which should be included in the report, are actually included? 17. Are you satisfied that no additional audit work of outstanding items are pending before the working papers and draft report are submitted for final review to the Head of Internal Audit Service? 18. Have you reviewed the completed audit review checklist of the in-charge auditor (Senior auditor) and are you satisfied that his representations as to facts and work done are adequately supported by the working papers? JOB ADMINISTRATION 19. Are major variations of actual time from budget satisfactorily explained? 20. Have you checked agreement of time taken per time control forms with time ledger and completed time control form? 21. Are you satisfied that the staff have accounted for their time on the audit work properly and accurately? 22. Have you discussed with the in-charge auditor and the other members of the team any weaknesses they should overcome to improve their audit skills, efficiency, and work habits?
NO
INITIALS
205
Annex V
INTERNAL AUDIT PLANNING REVIEW SHEET
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Planning Review Sheet Budget Year ________________ Questions
Y/N
Is a correct compliance testing sample size selected? Is the plan includes updating systems flowchart? “ “ “
Comments
Y
N
Plan should be revised to include confirmation that existing systems is still relevant “ “ “
206
Annex VI
INTERNAL AUDIT COMPLETION CHECK LIST
Sch. Ref.
Initials Prepared by Reviewed by
Name of Public Body __________________ Audit Area Completion Checklist Budget Year ________________ INITIALS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Audit Programmes signed All schedules initialed All schedules referenced and cross referenced All outstanding points cleared Audit works reviewed by Head of Internal Audit Audit works reviewed by Audit team leader Draft report discussed with the Head of public body Final report reviewed by Head of Internal Audit Final report passed for typing Report issued
Comments
DATE
Date
207
Annex VII
INTERIM AUDIT REVIEW SHEET
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Review Sheet Budget Year ________________ Questions
Y/N
Comments
Is the time taken to carry out compliance tests corresponds with that of the budgeted time?
Y
---
Are the systems notes fully written up from the interviews with management?
N
“ “
Additional junior Internal Auditor is required for 1 week to fully write up system notes “ “
208
Annex VIII
INTERNAL AUDIT COMPLETION REVIEW SHEET
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Completion Review Sheet Budget Year ________________ Questions
Y/N
Has the compliance testing been completed as per internal audit plan?
Y
Have systems flowcharts been updated?
Y
Has the internal audit report been drafted
N
based clearly on the conclusions reached from the internal audit work?
“ “
Comments
Paragraphs should be redrafted by the internal auditor for inclusion in the Internal Audit report. These should be based on the conclusions of the internal audit work. “ “
209
Annex IX
INTERIM AUDIT REPORT The Head of Public Body ________________ Name of Public Body __________________ Purpose Statement 1. Based on our periodic audit plan we conducted an audit of fixed assets of the public body to ascertain the existence of effective internal control exercised thereon. Scope Statement 2. Accordingly, we have verified the fixed asset register and the physical existence of fixed assets to ascertain that all fixed assets of the public body were registered and also to check the existence of all registered fixed assets. Findings 3. We noted that the fixed asset register was not complete with respect to property identification number, location, date of purchase and other relevant information. We further noted that the fixed assets were not given identification numbers. 4. 5. 6. 7. Conclusion 8. We were therefore unable to check the physical existence of the fixed assets which implies that there is a weakness in the overall control exercised thereon. Recommendation 9. We recommend that all relevant details such as property identification number, location and other relevant information be recorded on the fixed asset register and identification number be given to all fixed assets of the public body. Signature Head of the Internal Audit Date
210
Annex X
ORGANIZATION OF WORKING PAPERS PF - 1
Organizational Information PF-1.1 PF-1.2 PF-1.3 PF-1.4 PF-1.5
PF - 2
Accounting system and Internal Control Structure PF-2.1 PF-2.2
PF-2.3 PF-2.4 PF-2.5 PF-2.6 PF - 3
Directives Rules, Regulations Internal Instructions Official Rates (Price lists)
Previous Year Audit History PF-4.1 PF-4.2 PF-4.3 PF-4.4
PF - 5
Accounting policies System documentation forms PF-2.2.1 System Notes PF-2.2.2 Flow Charts Internal Control Questionnaire Internal Control Evaluations Risk Assessment Index Specimen of Documents (Vouchers)
Rules and Regulations PF-3.1 PF-3.2 PF-3.3 PF-3.4
PF - 4
Nature of the public body: history, establishment etc. Objectives Organizational structure (chart) Job description Staffing
History of Audit Report - Findings Management Action Outstanding Queries Matters Deserving Attention and Follow-up.
Important Memorandum PF-5.1 PF-5.2 PF-5.3 PF-5.4
Contracts - Project Agreements, Other Contracts etc. Committee members Key Personnel: Signatories, Authority Limit etc. Bank Accounts number
211
PF - 6
Correspondence
CURRENT FILE Section 1
Audit Reports AR - 1 AR-1.1 AR-1.2 AR-1.3 AR-1.4 AR-1.5 AR-1.6 AR - 2
Section 2
Final Audit Reports Report on Internal Control Report on Performance Audit Report on Fraud Investigation Reports on Project Audit Ad-hoc Reports Interim Reports Draft Reports
General Information
GI-1 GI-2 GI-3 GI-4
GI-5
GI-6 GI-7
Matters for Attention: Auditor Follow-up, Management Action etc. Summary of Findings Discussion with Management: Comments, Responses etc. Extracts of Minutes GI-4.1 Management GI-4.2 Audit Committee Review and Check Lists GI-5.1 Review Notes GI-5.2 Check Lists Audit Time Summary and Budget Important Memorandum GI-7.1 Financial Statement GI-7.2 Letters
212
Annex X
Section .3
General Audit Procedure GA-1 GA-2 GA-3
Section 4
Audit Planning Audit Programs Other Planning Issues
Financial Audit and Compliance Audit TB A
Trial Balance Cash A1 A2 A3 A4
B
Receivables B1 B2 B3 B4
C
Lead Schedule Summary of Findings Support Schedules B3-.1 Support Sheets Queries/notes
Payables and Letters of Credit C1 C2 C3 C4
D
Lead Schedule Summary of Findings Support Schedules A3-1 Support Schedules Queries/Notes
Lead Schedule Summary of Findings Support Schedules C3.1 Support Sheets Queries/notes
Long Term Debts D1 D2 D3 D4
Lead Schedule Summary of Findings Support Schedules D3.1 Support Sheets Queries/notes
213
Annex X
E
Net Assets/Equity E1 E2 E3 E4
F
Revenue F1 F2 F3 F4
G
Lead Schedule Summary of Findings Support Schedules F3.1 Support Sheets Queries/Notes
Expenditures : Capital and Recurrent G1 G2 G3 G4
TC
Lead Schedule Summary of Findings Support Schedules E3.1 Support Sheets Queries/notes
Lead Schedule Summary of Findings Support Schedules G3.1 Support Sheets Queries/Notes
Tests of Internal Control TC 1
Revenue/Collections TC 1.1 Summary of Findings TC 1.2 Support Schedules TC 1.2.1 Support Sheets TC 1.3 Queries/notes
TC 2
Disbursements TC 2.1 Summary of Findings TC 2.2 Support Schedules TC 2.2.1 Support Sheets TC 2.3 Queries/notes
214
Annex X
TC 3
Procurement TC 3.1 Summary of Findings TC 3.2 Support Schedules TC 3.2.1 Support Sheets TC 3.3 Queries/notes
TC 4
Payroll TC 4.1 Summary of Findings TC 4.2 Support Schedules TC 4.2.1 Support Sheets TC 4.3 Queries/notes
TC 5
Stock/Inventory TC 5.1 Summary of Findings TC 5.2 Support Schedules TC 5.2.1 Support Sheets TC 5.3 Queries/notes
TC 6
Fixed Assets TC 6.1 Summary of Findings TC 6.2 Support Schedules TC 6.2.1 Support Sheets TC 6.3 Queries/notes
TC 7
Computer Audit TC 7.1 Summary of Findings TC 7.2 Support Schedules TC 7.2.1 Support Sheets TC 7.3 Queries/notes
Section 5
Performance Audit PA1 PA2 PA3
Summary of Findings Support Schedules PA2.1 Support Sheets Queries/notes
215
Annex X
Section 6
Fraud Investigation FI1 FI2 FI3
Section 7
Environmental Audit EA1 EA2 EA3
Section 8
Summary of Findings Support Schedules FI2.1 Support Sheets Queries/notes
Summary of Findings Support Schedules EA2.1 Support Sheets Queries/notes
Project Audit 8.1
Contract audit - Constructions CA1 CA2 CA3
8.2
Summary of Findings Support Schedules CA2.1 Support Sheets Queries/notes
Donor Funded Projects DF1 DF2 DF3
Compliance with agreement - same as Section 8.1 Reporting and monitoring - same as Section 8.1 Financial audit - if financial report and statements are prepared - same structure as above in "Section 4"
216
Annex XI - 1
SCHEDULE OF SUMMARY OF FINDINGS Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Summary of Findings Budget Year ________________ •
Audit objective
•
Findings and respective recommendations Schedule Reference 1.
2.
3.
217
Annex XI – 2
AUDIT FINDINGS Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Audit Findings – Cash and Bank Balances Budget Year ________________ Comments (Disposal)
1. Cash receipt voucher number 21273 is missing.
2.
3. • • •
NB Reportable findings are to be taken to Schedule of Summary of Findings. (Annex XI - 1)
Subsequently obtained
218 Annex XII
RELATIONSHIP OF WORKING PAPERS TO FINANCIAL STATEMENTS FINANCIAL STATEMENTS
CASH
REF.
BIRR
A1
1,500
TRIAL BALANCE
TB Debit BIRR
CASH
Credit BIRR
1,500
LEAD SCHEDULE CASH
A1 SCHEDULE REFER.
CASH ON HAND CASH IN BANK ACCOUNT No. XX ACCOUNT No. YY
BIRR
BIRR
A2
400
A3 A4
500 600 1100 1,500
A2 CASH COUNT SHEET
AMOUNT
400 TO A1
A3
A4
BANK RECONCILIATION ACCOUNT NO.XX
BANK RECONCILIATION ACCOUNT NO.XX
AMOUNT
AMOUNT
500 TO A1
600 TO A1
219 Annex XIII
WORKING PAPER - TYPICAL SCHEDULE Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Cash and Bank Balances Budget Year __________________________ BALANCE AS AT 30/10/19XX BIRR
CASH AT BANK
B3
60,000 C
CASH ON HAND
B6
3,000 63,,000
Supporting Schedules on which detail work(such as bank reconciliation, cash count) is done. Tick Marks C
Cross Referencing
Work Done Confirmation sent Balance agree with ledger Footed
Explanation of audit steps Performed or work done
Conclusion We noted that cash counted as 30/10/19xx was less than the record balance by Birr 560 which implies that there is a weak control over cash on hand.
Auditor's Conclusion
TO B
220
Annex XIV AUDIT PROGRAMME Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year ________________ Sampling State Audit Performed
Population Size
Sample Size
1. 2. 3. 4. 5. No.
Estimated Time ______________ Actual Time ______________ Difference _______________ (If significant, give reasons on last page of this form) Audit Procedures to be Performed Audit Objectives
1. 2. 3. General Procedures 1. 2. 3. 4. 5. 6. 7. 1. 2. 3.
Budget Year _______________
Review previous year audit working papers. Review the updating of the permanent file. Fill the internal control questionnaire. Draw or update flow chart or system notes Evaluate the appropriateness and effectiveness of the control system. Conduct walk through test to confirm the control system. Review internal and external reports. Specific Procedures (Obtain information from 'audit procedures' in respective section)
Ref No.
Name of Auditor
Initial of Auditor
Remark
221 Annex XV
AUDIT PROGRAM - CASH AND BANK BALANCES Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year ________________ State Audit Procedures Which varies in sample size
Sampling Population Size
Sample Size
1. 2. 3. 4. 5.
No.
Estimated Time ______________ Actual Time ______________ Difference _______________ (If significant, give reasons on last Page of this form)
Audit procedures Audit Objectives
1
2 3
Budget Year _______________
Ensuring that collection and payment of cash are made on legal receipt and payment vouchers respectively Ascertaining that cash collected by the public body is deposited intact to bank in a timely manner Ensuring that imprest system is established
Ref.
Name of Auditor
Signature
Remark
222
Annex XV
Sch. Ref. Initials
Date
Prepared by Reviewed by No. 4
Audit procedures Ascertaining that every cash and bank transaction is properly registered in the books of account
5
Ensuring that cash is properly safeguarded
6
Ascertaining compliance with laws, regulations, directives.
7
Ensuring segregation of duties. General Procedures
1
Review the previous year audit working paper to see if there are useful points noted about cash and bank balances.
2
Review the permanent file
3
Fill the internal control questionnaire for cash and bank balances
4
5
Draw or update flow charts to represent the existing system for the administration of cash and bank balances of the public body Conduct a walkthrough test or other preliminary review mechanism (observations) to confirm the practicability of the prescribed control system
Ref.
Name of Auditor
Signature
Remark
223
Annex XV
Sch. Ref. Initials
Date
Prepared by Reviewed by
No. 6
Audit procedures Evaluate whether the existing internal control system for cash and bank balances is proper. Specific Procedures
7
Review the organization structures and personal files of cashiers and accountants to: - ensure existence of clear and precise job description; - ensure segregation of duties; - check the education level of cashiers and accountants and whether proper trainings are given - check whether adequate internal check mechanisms are established - check whether there exist rotation of duties
Ref.
Name of Auditor
Signature
Remark
224
Annex XV Sch. Ref. Initials
Date
Prepared by Reviewed by
No. 8
9
10
11
Audit procedures Ensure proper safeguarding of cash and cash documents, check: - Existence of cash safe or cashier offices. - Control over unused receipt vouchers; - Control on movement of cash. If collectors exist, check timely, intact handover - Control over cheque: . check that blank cheques are not signed in advance; . check that cancelled cheques kept undetached on the pad being marked VOID Ascertain that MOFED directives, as well as laws and proclamations are adhered to Check the existence of prenumbered official receipt vouchers. Check that cash and cheque collection summaries are maintained and check whether the summaries are checked by individuals other than cashier (accountants) as part of an internal check.
Ref.
Name of Auditor
Signature
Remark
225
Annex XV Sch. Ref. Initials
Date
Prepared by Reviewed by
No. 12
13
14
15
16
Audit procedures Check the sequence of the receipt ascertaining that cancelled receipts are kept undetached in the pad being marked VOID Ascertain that daily receipts are deposited to bank on time and in tact: - Select sampling method; - Specify sample size and population size - Check receipt vouchers against deposit slips Check if undated accounting records exist – ledgers, cash books, transaction registers etc. Check accuracy/casting of cash book, transactions registers. Perform cash count: - see that cashier and chief accountant are present when undertaking count; - list all relevant documents and valuable found in the safe, sign along with cashier and accountant on the list; - take cut-off on the count date and sign on the last used receipt and books of account; - take steps to prevent
Ref.
Name of Auditor
Signature
Remark
226
Annex XV
Sch. Ref. Initials
Date
Prepared by Reviewed by
No.
Audit procedures double counting of cash; - count and record the amount of cash, suspense account and other documents which have money value found in the safe and ascertain that all are counted; - check count versus the records/float; - sign, along with cashier and accountant on the count forms; - sign confirmation with the cahier and senior finance officer by comparing the cash and suspense account found in the safe against the net book balance at the cut-off point; - follow-up on differences of cash counted Vs. record balance – short/over - ensure that cash or cash equivalents that are not the property of the public body are not kept in safe. If so note details; - ensure that cashier do not present “balance” cheques during the count as part of cash.
Ref.
Name of Auditor
Signature
Remark
227
Annex XV Sch. Ref. Initials
Date
Prepared by Reviewed by
No. 17 18
19
20
21
22
Audit procedures Check whether suspense payment vouchers are approved. Check also the age of suspense payments. Review the status of long overdue suspense payments not yet cleared. Check that an impresit system is established and that the rules regarding the impresit system are complied with. Identify all bank accounts held by the public body along with signatories. For all bank account check that bank reconciliation is prepared at the end of each month; check also that the reconciliation is checked by individual other than the preparer. Check the bank reconciliation: - check the reconciling items against bank statements; - see that the balances of book (record) and bank statement agree taking the reconciling items into consideration - check the accuracy of summation; - enquire into long outstanding reconciling
Ref.
Name of Auditor
Signature
Remark
228 Annex XV
Sch. Ref. Initials
Date
Prepared by Reviewed by
No.
Audit procedures item (outstanding cheques and deposits); - check that the outstanding cheques are withdrawn in subsequent months. - Ascertain this against bank statements; - check that the outstanding deposits are credited by the bank in subsequent months. Ascertain this against bank statements. - Check that appropriate action be taken for outstanding cheques over six months; - Enquire into inter bank transfers; - review adjustments against supporting documents; - check that proper notification is made to bank on time when bank errors are observed; - review unusual, high value withdrawals appearing in the bank statement.
Ref.
Name of Auditor
Signature
Remark
229
Annex XV
Sch. Ref. Initials
Date
Prepared by Reviewed by
No.
23
Audit procedures Ensure that proper records are kept – receipt, registers, ledgers, bank statements and bank deposit slips.
24
Prepare a file for the audit works carried out throughout the period.
25
Update the permanent file.
Ref.
Name of Auditor
Signature
Remark
230
Annex XVI
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Annual Plan Budget Year ________________ 1. Estimated time required to complete the audit assignments
Audit Areas • •
•
•
Planning each audit assignments • Audit program • Entry conference Cash and bank balance • Main cash • Petty cash • Bank balances • Cash count Receipt and receivables • Receipts • Budget transfers (Recurrent and Capital) • Grants and loans • Fees and charges • Disposal of property • Sequence of cash receipt voucher • Sundry • Receivables Stocks • Stocks movement • Receipt of stocks • Issue of stocks • Recording of stocks • Stocks count
Estimated Hours Senior Auditor 100 20 15 10 30 10
Junior Auditor 20 15 20
40 60 50 10 -
15 50 30 150
40
30
40 50 100
150 160 150 150
231 Annex XVI
Sch. Ref.
Initials
Date
Prepared by Reviewed by •
•
• •
•
Fixed assets • Acquisition • Recording of fixed assets • Acquisition • Disposal (Sales, issue, write-offs) • Physical verification Payroll • Payroll sheet • Attendance sheet • Personal files Expenditures • Cash payments • Check payments Procurement • Purchase requisition • Selecting of bidders • Delivery of goods • Payment of invoices Finalizing each audit assignments • Report writing • Exit conference • Contingency (for special assignments)
200
-
80 80 120
60 60 110
60 10 40
95 60 -
100 235
180 240
60 70 80 60
100 30
100 30 100 2,000
100 1,975
2. Estimated Available Time
Total hours in the year Less : Public holidays Annual leave Estimated sick leave Estimated morning leave Total Hours Available
Senior Auditor Hours 2,080 80 160 40 16 1,784
Junior Auditor Hours 2,080 80 120 40 16 1,824
232
Annex XVI
Sch. Ref.
Initials
Date
Prepared by Reviewed by
3. Required time in excess of available time
Estimated time required Available time
Senior Auditor Hours 2,000 1,784 216
Junior Auditor Hours 1,975 1,824 151
NB. The Head of the Internal Audit should discuss about the additional time needed with the Head of the Public Body and find ways to make the deficit good.
233
Annex XVII-1 CASH COUNT FORM Sch. Ref. Initials Prepared by Reviewed by Name of Public Body __________________ Audit Area Cash Count Cash Count Date Fund
1.
_________________________ _________________
Budget Year ________________
LOCAL CURRENCY 1.1
Notes and Coins Denomination 100 50 10 5 1 0.50 0.25 0.10 0.05 0.01
Notes
Coins
Quantity
Amount
Total of notes and coins 1.1
Cheques Cheque No.
Date of Issuance
Payee
Amount
Total of checques 1.3 Other documents with money value Postage stamps Fuel coupons Total of other documents
Total Local Currency Record balance/petty cash float Difference short (over) 2.
FOREIGN CURRENCY Denomination
Quantity
Amount
Total foreign currency Record balance/petty cash float Difference short (over) I, Ato/W/ro/W/t. ____________________________ the cashier of the ______________________ (name of the public body) confirm that the cash amounting to Birr ________________ (in words) and the foreign currency as detailed above were counted in my presence and returned to me intact. Cashier Name: _______________ Signature ______________
Senior Finance Official ___________________ ___________________
Auditor ______________ ______________
Date
234 Annex XVII-2
SUSPENSE ACCOUNT - COUNT SHEET
Prepared by Reviewed by
S c Initials h . Ref.
Date
Name of Public Body __________________ Audit Area Suspense Count Sheet Budget Year ________________ Cash Count Date _____________ Suspense Payment Voucher No.
Date of Payment
Name of Authorized Person who Allowed the Payment
Name of Person Who received The payments
Reason for payments
AMOUNT OF MONEY Salary Recurrent Capital Advance Expenditure Expenditure
TOTAL I (Ato, W/ro./W/t.) ______________________, cashier of __________________ confirm that the suspense account vouchers amounting to Birr _______________ (in words). Were counted in my presence and returned to me intact. Cashier Name Signature
_________________ _________________
Finance Officer
Auditor
________________________
________________________
________________________
________________________
TOTAL
235
Annex XVIII
BANK RECONCILIATION Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Bank Reconciliation Budget Year ________________
Birr Balance per bank statement
X
Add: Outstanding deposit (list receipt number, date, amount)
X
Less: Outstanding cheques (list cheque number, PV. No., date, amount) Balance per book
(X) X
236
Annex XIX
INTERNAL CONTROL QUESTIONNAIRE-CASH AND BANK BALANCES Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Cash and Bank Balance Budget Year ________________
No.
Questionnaire
1.
Does the public body have bank accounts? If so how many?
2.
Is the Ministry of Finance informed of the bank accounts along with signatories?
3.
What are the job positions of the signatories?
4.
Is there approval limit? Co-signatories? If so how much and how many respectively?
5.
Are bank reconciliations done monthly?
6.
Are they checked and approved?
7.
Are cheques kept in a secure place? Are they signed in advance? (blank cheques)
8.
Is the control surrounding the unused cheque satisfactory?
9.
Are unused official cash receipts safeguarded and adequately controlled?
Yes
No
Not Applicable
Evaluation And Comments
237 Annex XIX
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No.
Questionnaire
10.
What type of items are designated as cash for the public body?
11.
How many cashiers exist: - main cashier? - Assistant cashier? - Collectors? - Petty cashier?
12.
Are cashiers educationally qualified? Have they taken proper training?
13.
Are cashiers insured? Or are they required to obtain guarantee?
14
Are efforts taken to safeguard cash satisfactorily? - safe box? - cashier office? - timely deposited?
15
Are there any cash, suspense account or documents which have money value and belonging to the public body kept outside the safe? If so why?
16.
Is there any cash, suspense account or documents which have money value and which do not belong to the public body kept in the safe?
Yes
No
N/A
Comments
238 Annex XIX
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No.
Questionnaire
17.
Is there an imprest system in use? How many? - What are their purpose? - How much is the float? - What is maximum amount that can be paid? - Is the fund regularly reviewed?
18.
Are cash, suspense account and documents counted as part of an internal check? - If so state the frequency - By whom it is done (position) - If there is cash Vs. record reconciliation
19.
Are collections transferred to main cashier on time and intact?
20.
Are the collections deposited into bank on time and intact?
21.
Are cash collection summaries prepared? If so are they checked as part of an intended check?
22.
Are the deposits checked against receipts? If so by whom (position) ?
Yes
No
N/A
Comments
239
Annex XIX
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No.
23
Questionnaire
Are duties segregated in a manner where those responsible for custody of cash (cashiers) are apart from recording functions?
24
Are there books for recording cash and suspense accounts? If so maintained by whom?
25.
Are all transactions recorded timely, completely and accurately ? If so maintained by whom?
26.
Are suspense payments authorized? If so by whom?
27.
Are there long outstanding suspense account payments?
28.
Is 'PAID' rubber stamp used?
29.
Is there rotation of duties?
Yes
No
N/A
Comments
240
Annex XX
INTERNAL CONTROL QUESTIONNAIRE RECEIPTS AND RECEIVABLES
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Receipts and Receivables Budget Year _________________________________
No.
QUESTION
1.
Is there any source of income other than the budget? If so is it an authorized income?
2.
Are official receipts in use?
3.
Is there a satisfactory control over used and unused receipt vouchers? a. log books b. access restriction c. sequence checking d. original copy of cancelled receipt attached
4.
Are collections summarized in a summary form?
5.
Does another individual as part of his/her duty check the summaries?
YES
NO
N/A
COMMENT
241
Annex XX
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No. 6.
QUESTION Are all collections properly and accurately coded, classified and recorded into books of account?
7.
Are all collections deposited to bank on time and intact – to central treasury account?
8.
Does another person as part of his/her duty review this process?
9.
Is the budget financed by collections? If so is it approved?
10.
Do different individuals carry out the duty of tax/income assessment (determination), collection and recording?
11.
Are taxes and custom duties properly assessed?
12.
Are fees and charges properly determined in accordance with relevant regulations?
13.
Are taxpayer files, identification number, ledger cards maintained?
14.
Are tax assessments checked or reviewed by higher officials?
15.
Are procedural guides, directives, rules and regulations adhered to, when collecting from various sources? • disposal of properties • interest income • etc.
YES
NO
N/A
COMMENT
242
Annex XX Sch. Ref.
Initials
Date
Prepared by Reviewed by No. QUESTION 16. Are the control procedures maintained to assure the completeness of collections? 17.
Is there rotation of duties between staff?
18.
Are control and subsidiary ledgers maintained with respect to receivables? If so, are the total balances in agreement?
19.
Are schedules of receivables prepared taking into account age, nature and amount?
20.
Are directives complied with concerning debtors? • write off • long term staff loan • short term staff loan
21.
Is there proper follow-up of outstanding debts?
22.
Are statements of accounts exchanged with major receivables?
23.
Are debts collected without the knowledge of accounts section?
24.
Is there compliance with agreements of grant/loan (concerning income from grants and loan)?
25.
Are official receipts vouchers and goods receiving vouchers in use to acknowledge receipt of grants/loan?
26
Are valuations properly supported?
YES
NO
N/A
COMMENT
243
Annex XXI
INTERNAL CONTROL QUESTIONNAIRE FOR STOCKS
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Stocks Budget Year _________________________________
No. 1.
2.
3.
4.
QUESTION Are all incoming stocks cleared by a receiving department? Does the receiving department deliver or supervise the delivery of each item to the proper store location? Are materials held in store: 1. inaccessible to anyone other than store personnel? 2. Stored in an orderly fashion? 3. Issued only on properly approved requisitions? Are perpetual stores records maintained for each stock item or for major categories?
YES
NO
N/A
COMMENT
244
Annex XXI
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No .
QUESTION
5.
Does the public body control the records of stocks owned by the public body but which are in the hands of others?
6.
Does the public body control the records of stocks owned by other party but which are in its hands?
7.
Are related functions separated so that employees keeping the stores records have no access to the stock held in stores?
8.
Is a copy of the purchase order given to the storekeeper upon receipt to verify the stock items purchased?
9.
Does the storekeeper raise goods receiving notes for all stocks entered into the store?
10. 11.
Does the storekeeper issue stocks upon receiving store issue voucher which is approved by authorized person? Are perpetual stock records periodically checked by physical count at least once a year?
YES
NO
N/A
COMMENT
245
Annex XXI
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No. 12.
QUESTION In reference to the physical count: 1. Are employees taking the physical count properly: a. instructed? b. Supervised? 2. Are prenumbered count sheets used? 3. Are all count sheets accounted for? 4. Are receiving and issuing documents cut-off taken? 5. Do the employees taking the physical counts have regular duties other than those of keeping stores or stores records? 6. Are counts and descriptions as indicated by the count sheets checked? 7. Are appropriate procedures instituted to ensure that all stock items were counted? 8. Are obsolete scrap, third party stocks separately indicated? 9. Are stock valuation sheets checked to original physical count sheets? 10. Are prices, extensions and footings of the valuation sheets checked?
YES
NO
N/A
COMMENT
246
Annex XXI
Sch. Ref.
Initials
Date
Prepared by Reviewed by
No. QUESTION 13. Are discrepancies (if any) between stock records and physical counts promptly investigated, particularly differences of a material nature? 14. Do routine procedures provide for a frequent check of stocks for overstocked and slowmoving items?
YES
NO
N/A
COMMENT
247
Annex XXII
INTERNAL CONTROL QUESTIONNAIRE FOR FIXED ASSETS
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area
Fixed Assets
Budget year___________________ No. 1
Question Are different staff members engaged in the purchase of fixed assets, keeping custody of fixed assets before being issued for use, and recording their movements?
2
Is there any assigned section or body to follow-up foreign purchase?
3
Is there a mechanism to prevent the purchase of more quantity of fixed assets than required?
4
Are goods receiving notes issued upon receipt of all acquisitions of fixed assets?
5
Is the store-keeper forced to raise goods receiving notes without getting a chance to see the fixed asset physically? Are fixed assets issued without the authorization of a designated official?
6
Yes
No
N/A
Comments
248
Annex XXII Sch. Ref.
Initials
Date
Prepared by Reviewed by
No.
Question
7
Does each fixed asset have its own identification number?
8
Is there fixed assets register for proper recording and controlling of the movement of fixed assets?
9
Is there a strong control mechanism to ensure that fixed assets are not exposed to theft or damage?
10
Is there annual physical count of fixed assets and the count compared against the balance in the fixed assets register?
11
Is physical count of fixed assets undertaken in the presence of the storekeeper and by staffs assigned from other section?
12
Is the result of fixed assets physical count reported to the Head of public body?
13
Is there any mechanism to ensure the level of fuel consumption being in line with the length of distance that the vehicle has covered? For example, maintaining log book.
14
Is there any controlling mechanism over the proper utilization of the services of vehicles
15
Are there any fixed assets which are out of service?
16
Does Management take appropriate measures consistent with the existing directives when there are fixed assets, which are out of Service?
17
Is there a mechanism to verify the condition of those fixed assets, which are aged and malfunctioning, before disposing them off?
Yes
No
N/A
Comments
249
Annex XXIII
INTERNAL AUDIT QUESTIONAIRE FOR PAYROLL Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area
Payroll
Budgeted Year _________________________________ Yes 1.
Are personnel records (files) maintained for all employees?
2.
Is personnel section responsible for the proper custody of personnel records?
3.
Do personnel files provide up-to-date information of each and every employee's salaries and related benefits?
4.
Is there separate control system for recording annual leave entitlement accrual and payment?
5.
Is budget constraint considered before new employment, additional benefit and salary increment is proposed, etc?
6.
Is payroll section notified in writing for every change that should be reflected in payroll?
No
N/A
Comments
250
Annex XXIII
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes 7.
Are payroll sheets prepared, checked and approved by different responsible persons before payment is made?
8.
Do all employees who receive their salaries always sign on the proper space of payroll sheets?
9.
Are delegations for salary payments supported with official authorization?
10.
Are salary advances and loans paid and repaid according to existing laws and regulations?
11.
Are payroll expenditure and deduction posted to proper accounts?
12.
Is one month expenditure compared against another to identify causes of differences and take the necessary steps accordingly?
13.
Are salaries and allowances paid out of capital budget fully capitalized in respective capital expenditure account?
14.
Is payroll generally subject to civil service regulations?
No
N/A
Comments
251
Annex XXIV
INTERNAL AUDIT QUESTIONNAIRE FOR EXPENDITURES AND PROCUREMENT Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Expenditure and Procurement Budget Year __________________________ S. No.
Question
1.
Does a designated official authorize payments?
2.
Are there circumstances where a designated official authorizes payment beyond the limit of his signatory power?
3.
When cheques are cancelled, do they remain undetached on the pad?
4.
Is verification of payment documents made before payment effected?
5.
Are unused cheque pads kept with those who are authorized to sign cheques?
6.
Are cheques or payment vouchers prepared in the names of the legal beneficiaries?
7.
Are crossed cheques prepared for effecting payments?
Yes
No
N/A
Comments
252
Annex XXIV Sch. Ref.
Initials
Date
Prepared by Reviewed by
S. No. Question 8. Do the same amount of money and reason for payment, which appear on the cheque, also appear on the chequestub? 9.
Are those individuals who are involved in the signing of cheques prevented from being involved in such activities as preparing, recording and effecting payments?
10. Do officials, who sign a cheque, consistently sign on the cheque-stub? 11. Is there mechanism to prevent signatories from signing on blank cheques? 12. Are payment vouchers and supporting documents attached with the cheque when cheques are presented for signature? 13. Is the word "Paid" stamped on official receipts and payment documents to prevent them from being presented again? 14. Are all payment vouchers properly coded and recorded in the books of accounts?
Yes
No
N/A
Comments
253
Annex XXIV Sch. Ref.
Initials
Date
Prepared by Reviewed by
S. No. Question 15. Is transfer of money from one bank to another recorded in the books of accounts immediately? 16. Is there any payment out of collection with out being authorized? 17. Is there possibility of payment to be made over and above the budget? 18. Is there any budget transfer which is not permitted by the budget proclamation? 19. Is there a budget control ledger for monitoring the proper utilization of allocated budget? 20. Are cheque pads recorded on a cheque pad register upon receipt and issuance? 21. Are substantial amounts of payments split and effected with a batch of cheques rather than a single cheque to prevent higher official from getting awareness of such payment? 22. Are all receipts presented for clearing suspense account signed at their back by the individual who presents them for verification of payment?
Yes
No
N/A
Comments
254
Annex XXIV Sch. Ref.
Initials
Date
Prepared by Reviewed by
S. No. Question 23. Is the plan for the contract approved by Ministry of Works and Urban Development and the budget of the project authorized by Ministry of Economic Development and Cooperation? 24. Are bid documents prepared according to the plan of the project? 25. Are payments for the project effected according to approved payment certificates? 26. Is the evaluation of bidders made according to the financial administration regulations and directives? 27. Are goods receiving notes issued for collecting items bought specifically for the project? 28. Is there a strong control mechanism to ensure that the performance of the project is according to the plan? 29. Are items for the project bought according to the financial administration regulations and directives? 30. Are payments for acquired goods and services made according to the relevant regulations and directives?
Yes
No
N/A
Comments
255
Annex XXV
FRAUD INVESTIGATION STANDARDS Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Fraud Investigation Budget Year ________________________ Review Objective : To determine the extent to which the public body has developed appropriate, effective and efficient mechanisms and policies for the handling of suspected fraud situations from first alert to final conclusion of a matter. Question 1 Determine by research and discussion the extent to which actual practice may vary from formal policy with respect to preliminary assessments, full investigation, police notification, depending perhaps on factors such as : •
The specific nature of the allegation or offence (i.e. various types or categories of fraud).
•
The type or level of the individual or persons involved.
• •
The number of persons involved.
The monetary amount or financial impact involved. 2. Are designated or specialist officers responsible for conducting any internal investigations completely clear as to when and how to proceed in any given fraud situation?
Yes/No
Conclusion
256
Annex XXV Sch. Ref.
Initials
Date
Prepared by Reviewed by
Question 3. Are operational and the management officers in the public body completely clear as to when and how to proceed in any given fraud situation? 4 Are preliminary investigation and handling arrangements suitable so as not to prejudice or hinder any further or formal investigation, whether internal or external? Particular attention should be given to procedures and expertise utilized at the preliminary phases to ensure that any form of evidence will not be lost or contaminated. 5. Have staff received appropriate training to be able to effectively perform their designated roles and functions in fraud handling? This will depend on the form of fraud handling and investigation policy determined by the agency and subsequently the roles and responsibilities of the various officers involved. In addition to specialist investigation, audit or review staff, consideration may need to be given to the role and training needs of operational staff and line managers in this context. 6. Are adequate reporting systems in operation to keep executive management, relevant line managers and any other relevant parties (internal or external) informed of the ongoing status of fraud investigations? 7. Has responsibility been clearly assigned, and relevant systems developed, to ensure that full and complete records are maintained of all fraud reports and situations? Who ensures that records are complete in all respects? How is this achieved in practice? 8. Are records of all reports of fraud and all fraud investigations securely maintained? Is the possibility of tampering with or unauthorized removal of material from official records, now or in the future, reasonably prevented? How would it be detected if it occurred?
Yes/No
Conclusion
257
Annex XXVI
INTERNAL AUDIT QUESTIONNAIRE FOR VALUE FOR MONEY
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Value for Money Budgeted Year ______________________ S.No.
Question
1.
Do staffs obtain proper external training or on job training?
2.
Is there a mechanism to ensure that staff are aware of what, how and why they do their work?
3.
Is there timely information, which enables the relevant official to be aware of the conditions and level of performance and the positions that staff are assigned to work?
4.
Is there co-ordination of action plan, objectives and system of one department/service of the public body with the others?
Yes
No.
N/A
Comments
258
Annex XXVI Sch. Ref.
Initials
Date
Prepared by Reviewed by
S.No.
Question
5.
Are action plans time framed and do they have allocated budgets?
6.
Is priority line established by the public body, to perform its different activities?
7.
Are the different activities of the public body performed as per the established priority lines?
8.
Are staff responsible for the works that they have performed?
9.
Is there feed back information for the performance of work to ensure that the performance is in line with the set up action plan?
10.
Is there a plan, which has not taken into account all departments and services of the public boy?
11.
Are the relevant subordinate staff, not aware of the action plan of the public body?
12.
Are the goals and standard of works set by the public body?
13.
Is the plan of the public body in compliance with its objective?
Yes
No.
N/A
Comments
259
Annex XXVI Sch. Ref.
Initials
Date
Prepared by Reviewed by
S. No. 14.
Question Yes Is there any problem in obtaining relevant and timely information for the preparation of action plan?
15.
Is the performance of the public body properly reviewed?
16.
Is there proper span of control?
17.
Does the level of authority coincide with the assigned responsibility?
18.
Is there a clear line of communication between superior and subordinate staff?
19.
Are performances lagging behind due to the delegation of improper authority to lower level of management?
20.
Is there a proper unity of command?
21.
Are performances compared against work plan, variances investigated and the causes of the variances reported to the head of the public body for prompt action to be taken?
22.
Is there a mechanism
review
and
follow-up
No.
N/A
Comments
260 Annex XXVII INTERNAL CONTROL QUESTIONNAIRE IN A COMPUTERIZED SYSTEM
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year ____________________ Yes I. Systems Development Controls Standard procedures and documentation
1. Does the documentation produced for an application include the following : a. Narrative description of the system? b. Flowcharts and block diagrams? c. Input and output data descriptions? d. File record layouts? e. Control procedures? f. Program listing? g. Test data and results of testing? h. Output distribution instructions? i. Operating instructions? j. Procedure manuals? 2. How does the system ensure that the documentation in question 1 is: a. Properly prepared? b. Properly altered for system and program changes?
No
N/A
Comments
261 Annex XXVII Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes Systems and program testing
3. Are programs adequately tested by means of : (a) Desk checking? (b) Processing with test data? (c) Use of operating instructions without programmers being present? (d) Any other method? (Describe) 4. Are systems adequately tested by means of (a) Processing test data? (b) Pilot running? (c) Parallel running? (d) Involving the clerical and control procedures in all user departments concerned with the system? (e) Any other method? (Describe) 5. Who evaluates the results of testing and what report is prepared? File conversion 6. Are the contents of master files checked before a system becomes operational? Acceptance and authorization procedures 7. Is completed work reviewed and approved and further progress authorized by responsible officials in both user and computer departments at the following stages in development :
No
N/A
Comments
262 Annex XXVII Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes (a) (b) (c) (d)
Completion of outline systems specification? Completion of systems specification? Completion of program and systems testing? Accepting new systems into operational use?
Systems and program amendments 8. Do all changes to operational systems and programs require to be authorized? 9. Are all changes : a. Documented; b. Tested; in the same manner as new systems and programs? 10. How does the system ensure that all changes are notified to all concerned, including user departments? (Describe) II. Administrative Control Division of responsibilities 11. Is the head of the computer department responsible to an appropriate senior official in the public body? 12. Is the following work carried out by separate sections or departments: (a) Development? (b) Data preparation? (c) Computer operating? (d) File library? (e) Control?
No
N/A
Comments
263
Annex XXVII Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes 13. Have organization charts and job descriptions been prepared? 14. Do the following basic restrictions apply: a. Access to documents containing original data is limited to the control section and data preparation staff? b. Computer department staff do not have access to any of the public body's clerically maintained financial records? c. Access to the computer during production runs is limited to computer operators? d. Access to files and current programs is limited to computer operators and file librarian? e. Computer operators and programmers do not amend input data? f. Control section staff and the librarian do not have other duties within the computer department? g. Computer department staff do not initiate transactions and changes to master files? h. Unauthorized access to the computer room is forbidden? (State how this is achieved.) 15. Do the restrictions in question 14 apply at all times? Control Over Computer Operators 16. Is the work of computer operators controlled by the use of : (a) Administrative procedure manuals? (b) Work schedules? (c) Operating instructions for each program? (d) Computer usage reports (e.g. operating logs and console printouts)
No
N/A
Comments
264 Annex XXVII Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes (e) (f)
Rotation of duties? Any other method? (Describe)
17. Is all operator intervention recorded on the console printout? 18. Are computer usage reports, including console printouts, reviewed by a responsible official? File Control 19. Is a permanent record of files maintained? (Describe) 20. Are movements of files recorded? (Describe) 21. On what authority are files issued? 22. Are master copies of important files (e.g. programs and documentation) kept at outside locations? File Identification procedures 23. Are there adequate file identification procedures by use of : a. Visible reference numbers? b. Protection rings? c. Header label checks on set up? d. Any other method? (Describe) File reconstruction procedures 24. Are there adequate reconstruction procedures by use of : (a) The establishment of retention periods for files, input media and documents? (b) File generation systems?
No
N/A
Comments
265
Annex XXVII
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes (c) (d)
Copying of disk files at appropriate intervals? Any other method? (Describe)
Fire precautions and standby arrangements 25.
III.
(a) Are there adequate fire precautions? (Describe) (b) Are there adequate standby arrangements for processing in case of equipment failure? (Describe) (c) If so, have these arrangements been tested? Application controls A. Input controls Establishment of control
26. Is control for complete and accurate processing first established: (a) Before the documents are batched by use of : i. Controls from prior procedures? (Describe) ii. Clerical sequence checks? iii. Retention of copies? Any other method? (Describe) (b) Clerically after batching by use of: i. Control totals? (Describe) ii. Any other method? (Describe) (c) By computer by use of : i. Control totals? (Describe) ii. Sequence checks? iii Any other method? (Describe) 27. What controls are established over data fields that contain significant reference data (e.g. check digit verification and matching with master file records)? (Describe)
No
N/A
Comments
266 Annex XXVII Sch. Ref.
Initials
Date
Prepared by Reviewed by Yes Verification of conversion 28.
(a)
Is conversion of data independently verified? (b) How does the system ensure that all errors are corrected? (Describe) Authorization of input
29.
Are all input data adequately authorized?
30.
If the documents are authorized before control is established, is the authorization checked after control is established (e.g. to guard against the introduction of unauthorized documents)?
31.
Is the computer programmed to carry out significant authorizing functions (e.g. limit and reasonableness checks)? B. Processing controls Rejections
32.
Is there a list of the reasons for which data can be rejected?
33.
What are the procedures for investigating, correcting and resubmitting the rejected data and recording the action taken? (Describe)
34.
How does the system ensure that all rejections are promptly reprocessed (e.g. maintaining suspense control records, independent scrutiny of rejection listings)? (Describe)
No
N/A
Comments
267 Annex XXVII
Sch. Ref.
Initials
Date
Prepared by Reviewed by Yes Intermediate printouts of control data during processing 35.
(a) If control is established prior to processing is this control used to verify all (or some) accounting data on final output? (Describe) (b) If not, is it used to verify processing to certain stage by checking intermediate output (e.g. input totals printed and checked on edit list)? (Describe)
36.
If the control used to verify final output is established by the computer either on input or during processing: (a) Is it first printed out on intermediate output for subsequent clerical verification with final output (e.g. computer totals printed on edit list)? (Describe) (b) If so, are there adequate program controls to ensure the completeness and accuracy of the data at each stage of processing until printed out? (Describe) C. Output controls General
37.
What is the printout used for (e.g. to originate or support entries in the books for control purposes)? (Describe)
No
N/A
Comments
268
Annex XXVII
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes 38.
Does the printout contain sufficient information to : (a) Trace source documents to it? (b) Verify computer generated calculations and totals? Output directly related to input
39.
(a) Are the totals and details checked clerically with controls established prior to processing? - or obtained from intermediate printout? (b) If not, are there adequate program controls to ensure the completeness and accuracy of the data printed out? (Describe) Output indirectly related to input
40.
(a) Are the totals and details checked clerically to external information? (Describe) (b) If not, are there adequate program controls to ensure the completeness and accuracy of the data printed out? (Describe) Exception reports
41.
Is the completeness of the report verified clerically? If so, give details.
No
N/A
Comments
269 Annex XXVII
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes 42.
Are there adequate program controls to ensure the completeness (if applicable) and accuracy of the data printed out? (Describe)
43.
What are the procedures for investigating and taking action on exception reports and recoding the action taken? (Describe) Distribution of output
44.
If receipt of output is not controlled by the user department how does the system ensure it receives all printouts intact? Amendments to standing data
45.
(a) How are amendments authorized? (Describe) (b) Is this authorization adequate?
46.
Are processed amendments checked in detail? (Describe)
47.
How does the system ensure that all amendments are controlled: (a) By controls total? (Describe) (b) By retention of copies? (c) By any other method? (Describe)
No
N/A
Comments
270 Annex XXVII
Sch. Ref.
Initials
Date
Prepared by Reviewed by
Yes Maintenance of standing data 48.
How, and how often, are standing data verified: (a) By printouts of individual items for checking with external information? (b) By printouts of totals for reconciliation with an independently or computer established record of totals? (c) By establishment and reconciliation of totals by the computer? (d) By any other method? (Describe) Maintenance of transaction data
49.
How, and how often, are transaction data on the file verified on a total basis: (a) By printouts of totals for reconciliation with a record of independently or computer established totals? (b) By establishment and reconciliation of totals by the computer? (c) By any other method? (Describe)
50.
Are individual balances printed out and externally verified? (Describe)
No
N/A
Comments
271 Annex XXVIII
INTERNAL CONTROL EVALUATION QUESTIONNAIRE FOR PAYROLL Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area Payroll Budget Year _________________________ Question A Is there reasonable assurance that employees are paid only for work done? consider; Criteria 1. Are responsibilities for supervision and time-keeping functions adequately segregated from personnel, payroll processing, disbursement, and general ledger functions? 2. Whether there is a clearly defined procedure for ; • Review and approval, by the employee's supervisor, of hours worked, overtime hours, and other special benefits? • Procedures for time keeping and attendance records? • Review for completeness and for the employee's supervisor's approval of time cards or other time reports? • For authorizing, approving, and recording vacations, holidays, and sick leave? B Is there reasonable assurance that employees are paid the correct amount? consider;
Yes
No
Not Applicable
Evaluation & Comments
272 Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________ Question Criteria 1 Are responsibilities for supervision and time-keeping functions adequately segregated from personnel, payroll processing, disbursement, and general ledger functions? 2 Is one month expenditure compared against another to identify causes of differences and take the necessary steps accordingly? 3 Is budget constraint considered before new employment, additional benefit and salary increment is proposed, etc? 4 Is payroll section notified in writing for every change that should be reflected in payroll? 5 Is payroll generally subject to civil service regulations?
Yes
No
Not Applicable
Evaluation & Comments
273
Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________
6
7 8 9
Question Are payroll sheets prepared, checked and approved by different responsible persons before payment is made? Are personnel records (files) maintained for all employees? Is personnel section responsible for the proper custody of personnel records? Whether there is adequate clearly defined procedure for ; • Properly authorizing, approving, and documenting all changes in employment (additions and terminations), salary and wage rates, and payroll deductions;
Yes
No
Not Applicable
Evaluation & Comments
274 Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________ Question • Are personnel records (files) maintained for all employees? • Promptly reporting notices of additions, separations, and changes in salaries, wages, and deductions to the payroll processing function; • Maintaining appropriate payroll records for accumulated employee benefits (vacation, pension data, sick leave, etc.); • Interviewing, by the personnel department, of terminating employees, as a check on departure and as a final review of any termination settlement.
Yes
No
Not Applicable
Evaluation & Comments
275 Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________
Question C Is there reasonable assurance that the right employees actually receive the right amount? Consider; Criteria 1 Are responsibilities for supervision and time-keeping functions adequately segregated from personnel, payroll processing, disbursement, and general ledger functions? 2 Are payroll sheets prepared, checked and approved by different responsible persons before payment is made? 3 Do all employees who receive their salaries always sign on the proper space of payroll sheets? 4 Are delegations for salary payments supported with official authorization?
Yes
No
Not Applicable
Evaluation & Comments
276 Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________ Question 5 Is one month expenditure compared against another to identify causes of differences and take the necessary steps accordingly? 6 Is there adequate procedure for •
Returning unclaimed wages to a custodian independent of the payroll department?
•
Having employees who distribute checks or pay envelopes make a report of unclaimed wages directly to the accounting department?
•
Making payments of unclaimed wages at a later date, only upon presentation of appropriate evidence of employment and with approval by an officer or employee who is not responsible for payroll preparation or time reporting?
Yes
No
Not Applicable
Evaluation & Comments
277 Annex XXVIII
Sch. Ref. Initials
Date
Prepared by Reviewed by
Name of Public Body __________________ Audit Area __________________________ Budget Year _________________________ Question D Is there reasonable assurance that accounting for payroll costs and deduction is accurate? consider; Criteria 1 Are responsibilities for the payroll processing function adequately segregated from the general ledger function? 2 Are payroll expenditure and deduction posted to proper accounts? 3 Adequate account coding procedures for classification of employee compensation and benefit costs, so such costs are recorded in the proper general ledger account? 4 Is there adequate procedure for proper recording or disclosure of accrued liabilities for unpaid employee compensation and benefit costs?
Yes
No
Not Applicable
Evaluation & Comments
278 Annex XXIX RULES AND PRINCIPLES WHEN PLANNING A PEFORMANCE AUDIT •
Consider the significance and the needs of potential users of the audit report as well as other interested parties.
•
Obtain an understanding of the government undertaking to be audited and of the problems to be scrutinized, including an understanding of the context of the activities in question.
•
Consider political objectives and the legal and regulatory environments.
•
Define the problems to be studied, the entity to be audited and the audit objectives, i.e. the expected effect of the audit.
•
Identify the questions to be answered or the hypothesis to be tested.
•
Define the criteria needed to verify the hypothesis or to answer the questions.
•
Identify significant findings from previous audits and other investigations and reports that could affect the audit objectives.
•
Determine the audit evidence that will answer the audit question - the relevance, reliability and sufficiency of any data available within the audited entities should be evaluated. The possibility of collecting the required evidence (data_ should also be tested.
•
Identify potential sources of information that should be used in the audit in order to verify hypotheses, gain better knowledge about the audit object, or to obtain answers to audit questions, i.e information that might be used as audit evidence.
•
Establish the audit assessment criteria. The audit assessment criteria represent the normative standards against which the audit evidence is judged. The assessment criteria will vary according to the specific audit subject and objectives, the legislation governing the undertaking or the audited entity, the stated objectives and the specific conditions that the SAI deems relevant and important for the case.
•
Consider the need of help from experts (consultants, other auditors) and how to secure quality in the audit. It is important to evaluate the professional knowledge and skills required by the audit team to carry out the audit.
279
Annex XXIX
•
Provide sufficient staff and other resources to do the audit and prepare a written plan. A budget for the resources needed to carry out the examination and the timetable is needed.
•
Consider the possible conclusions and impacts of the examination. The proposed outcome of the performance audit should be judged in terms of "usefulness" and "feasibility". The auditor should also consider the views and interests of the stakeholders.
280 Annex XXX RULES AND PRINCIPLES WHEN CONDUCTING PERFORMANCE AUDIT •
Execute the work-plan with integrity and care in a timely manner in accordance with international and national standards for performance auditing. Planning should continue throughout the audit. Activities should be reviewed and modified as the audit process evolves.
•
Maintain an active, open and constructive dialog with auditee and other interested parties during the audit. The auditee (or the main executive bodies involved in the undertaking to be scrutinized) should be informed about the objectives, scope and time schedule of the audit.
•
Choose appropriate auditing techniques. Some of the methods available are interviews, surveys, file examinations, sampling and case studies, secondary analysis and literature search, direct observation, seminars and hearings. Quality in data-collection, analysis and documentation is vital, since performance auditing is open to judgment.
•
Gathers best possible information (within reason) from different sources and seek requisite knowledge and expertise. See that the work is characterized by objectivity, impartiality and sensitivity. Value information obtained and arguments put forward in a critical way. All relevant argument must be collected and tested (to see whether they are viable).
•
Undertake a qualified analysis. The analysis may for instance be in the form of cause-and-effect studies, before-and-after studies, studies of processes or comparative studies.
•
Protect the integrity of persons providing information and ensure that working papers are not disseminated incorrectly and, in all other ways, to observe high ethical standards.
•
The results of the field work/analysis need to be documented, filed and cross-reference. Evidence should be sufficient, competent and relevant.
•
Make analysis and assessments of observations on the basis of political intentions, rational considerations and criteria specific to the audit. The case of the findings may form the basis for recommendation.
•
Ensure that the factual basis of descriptions, analyses and recommendations are accurate and that they are fair and well founded, balanced and correctly communicated to the auditee. The auditor should check that the recommendations, if provided, address the objectives of the audit.
281 Annex XXXI
NINE GLOBAL ACCORDS This section contains a short description of a selection of important international environmental accords. These accords were chosen for inclusion in this manual because of their global importance and weight in relation to the main world wide environmental protection issues. All the following accords were ratified by the Government of Ethiopia. THE NINE GLOBAL ACCORDS ARE 1.
Convention On Control Of Trans boundary Movements Of Hazardous Wastes And Their Disposal (Basel Convention 1989)
Objectives: To control and reduce trans boundary movements of wastes subject to the Convention to a minimum consistent with there environmentally sound management. To minimize the hazardous wastes generated, ensuring their environmentally sound management, including disposal and recovery operations, as close as possible to the source of generation. To assist developing countries and countries with economies in transition in environmentally sound management of the hazardous and other wastes they generate.
2.
Convention on the Prevention of Marine Pollution by Dumping Wastes and other Matter (London Convention 1972) Objectives: To prevent indiscriminate disposal at sea of wastes liable to create hazards to human health, to harm living resources and marine life, to damage amenities, or to interfere with other legitimate uses of the sea. The fundamental principle of the Convention is the prohibition of damping of certain wastes (black list), the requirement of a specific permit prior to dumping of others (grey list), and the demand for a general permit for the rest.
282 Annex XXXI
3.
International Convention for the Prevention of Pollution from Ships, 1973, as modified by the Protocol of 1978 (MARPOL 73/78)
Objectives:
4.
-
To eliminate pollution of the sea by oil, chemicals, and other harmful substances which might be discharged in the course of operations. To minimize the amount of oil which could be realized accidentally in collisions or stranding by ships, including also fixed or floating platforms.
-
To improve further the prevention and control of marine pollution from ships, particularly oil tankers.
Convention on Wetlands of International Importance especially as Waterfowl Habitat (Ramsar Convention, 1971)
Objectives: The conservation and wise use of wetlands by national action and international cooperation as a means to achieving sustainable development throughout the world.
5.
Convention to Combat Desertification (CCD, 1994)
Objectives: To combat desertification and mitigate the effects of drought in countries experiencing serious drought and/or desertification, particularly in Africa, through effective actions at all levels, supported by international co-operation and partnership arrangements, in the framework of an integrated approach which is consistent with Agenda 21, with a view to contributing to the achievements of sustainable development in affected areas.
283 Annex XXXI
6.
Convention on Biological Diversity (CBD, 1992)
Objectives: To ensure the conservation of biological diversity and the sustainable use of its components; and to promote a fair and equitable sharing of the benefits arising out of the utilization of genetic resources, including by appropriate access to genetic resources and by appropriate transfer of relevant technologies (taking into account all rights over those resources and to technologies)
7.
United Nations Framework Convention on Climate Change (UNFCCC)
Objectives:
8.
-
To stabilize greenhouse-gas concentration in the atmosphere at a level that would prevent dangerous anthropogenic interference with the climate system, within a timeframe sufficient to allow ecosystems to adapt naturally to climate change.
-
To ensure that food production is not threatened.
-
And to enable economic development to proceed in a sustainable manner.
Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES, 1973)
Objectives: -
To ensure, through international co-operation, that the international trade in species of wild fauna and flora does not threaten survival in the wild of the species concerned.
-
To protect certain endangered species from over-exploitation by means of a system of import-export permits issued by a management authority under the control of a scientific authority.
284
Annex XXXI
9.
Vienna Convention for Protection of the Ozone Layer (1985), including the Montreal Protocol on Substances that Deplete the Ozone Layer (1987)
Objectives of the Vienna Convention: -
To protect human health and the environment against adverse effects resulting or likely to result from human activities which modify or are likely to modify the ozone layer.
-
To adopt agreed measures to control human activities found to have adverse effects on the ozone layer.
-
To co-operate in scientific research and systematic observation.
-
To exchange information in the legal, scientific, and technical field.
Objectives of the Montreal Protocol: To protect the ozone layer by taking measures leading to total elimination of global emissions of ozone-depleting substances (ODS) on the basis of developments in scientific knowledge, taking into account technical and economic considerations and the needs of developing countries.
285
GLOSSARY OF TERMS ADD VALUE
Organizations exist to create value or benefit to their owners, other stakeholders, customers, and clients. This concept provides purpose for their existence. Value is provided through their development of products and services and their use of resources to promote those products and services. In the process of gathering data to understand and assess risk, internal auditors develop significant insight into operations and opportunities for improvement that can be extremely beneficial to their organization. This valuable information can be in the form of consultation advice, written communications, or through other means all of which should be properly communicated to the appropriate management or operating personnel.
ASSURANCE SERVICES
An objective examination of evidence for the purpose of providing an independent assessment on risk management, control or governance processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.
AUDIT
An examination by an auditor which compares an auditee’s actions, processes, systems etc. with relevant norms in order to express a professional opinion on their adequacy.
AUDITEE
The entity, which is subject to audit, including its managers and staff.
AUDIT EVIDENCE
Sufficient information obtained by an auditor to support audit findings.
AUDIT FINDINGS
The written conclusions of the auditor based on a comparison between what is and what ought to be.
AUDIT OBJECTIVES
Statements developed by internal auditors that define intended audit accomplishments.
AUDIT PROCEDURES
Tasks the internal auditor undertakes for collecting analyzing, interpreting and documenting information during an audit. They are means to attain audit objectives.
AUDIT PROGRAM
Document which lists audit objectives and procedures to be followed during an audit.
CODE OF ETHICS
Standards of conduct required of internal auditors in discharging their responsibilities. In addition, they are guideline on personal behavior designed to alert the reader to types of behavior which are incompatible with official duties.
COMPLIANCE AUDIT
An audit whose objective is to evaluate the extent of conformity with laws, regulations and instructions.
CONFLICT OF INTEREST
Any relationship that is not, or does not appear to be, in the best interest of the organization. A conflict of interest would prejudice an individual’s ability to carry out this duties and responsibilities objectively.
CONSULTING SERVICES
The range of services, beyond internal audit’s assurance services, provided to assist management in meeting its objectives. The nature and scope of work are specified by an agreement between the internal auditor and the management. Examples may include facilitation, process design, training, and advisory services.
286
GLOSSARY CONTROL
Any action taken by management to enhance the likehood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Thus, control is the result of proper planning, organizing, and directing by management.
CONTROL ENVIRONMENT
The attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: integrity and ethical values, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility, human resource policies and practice, and competence of personnel.
CONTROL PROCESS
The policies, procedures and activities, that are part of a control framework, designed to ensure that risks are contained within the risk tolerance established by the risk management process.
DETERRENT EFFECT
The reduced preparedness of staff members and others to contemplate and be involved in illegal behaviour such as fraud and corruption because of the impact of internal control system, possibility of detection and likelihood of penalty.
DUE PROFESSIONAL CARE
The standard of skill, competence and diligence expected of a reasonably prudent internal auditor
ECONOMY
Acquiring inputs at the most favourable cost in relation to quality and usefulness.
EFFECTIVENESS
The extent to which objectives are achieved and the relationship between intended and actual impact (related to the concept of “outcome”)
EFFICIENCY
The relationship between outputs (in terms of goods, services or other results) and (inputs) the resources used to produce them.
EXTERNAL AUDIT
An audit conducted by auditors who are independent of the audited entity and who report to third parties.
FINANCIAL AUDIT
FOLLOW - UP
An audit of the type carried out by external auditors where the objective is to evaluate the reliability of financial statements (and the accounting records on which they are based) and their conformity with relevant norms. The objective of a financial audit is attestation: giving of an auditor’s opinion on the adequacy and reliability of the financial statements. A process to determine the adequacy, effectiveness, and timeliness of actions taken by management on reported findings and recommendations by internal and external auditors, including relevant findings made by external auditors and others.
287 GLOSSARY
FRAUD
Intentional, deceptive action(s) of a dishonest nature designed to enrich the perpetrator by giving illegal access to assets, influence or privilege.
GOVERANCE PROCESSES
Deal with the procedures utilized by the representatives of the organization’s stakeholders to provide insight of risk and control processes administered by management.
IFAC
International Federation of accountants (its Public Section Committee issues International Public Sector Accounting Standards).
INDEPENDENCE
As applied to internal auditors, the ability to carry out their work freely and objectively, and not being involved in the activities which they audit.
INSTITUTE OF INTERNAL AUDITORS
Body established for instance in USA, UK which provides authoritative standards and guidance on internal auditing.
INTERNAL AUDITING ACTIVITY
A department, division, or other group of internal audit practitioners who perform the internal audit function for an organization.
IRREGULARITY
The intentional misstatement or omission of significant information from the accounting records, financial statements, other reports, documents, or records. Irregularities include fraudulent financial reporting, which renders financial statements misleading and misappropriation of assets. Irregularities involve falsification or alternation of accounting or other records and supporting documents; intentional misapplication of accounting principles; or misrepresentation or intentional omission of events, transactions, or other significant information.
INTERNAL CONTROL
The plan of the organization and all the coordinated methods and measures adopted by management to safeguard assets, ensure the timeliness, accuracy and reliability of accounting data, promote operational efficiency and maintain adherence to regulations and directives.
INTOSAI
The International Organization of Supreme Audit Institutions (the umbrella body for external auditors of government which publishes Government Auditing Standards)
OBJECTIVES
The broadest statements of what the organization chooses to accomplish.
OBJECTIVITY
An independent mental attitude that requires internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others.
OPINION
An expression of the internal auditor’s assessment or judgment about the overall internal controls related to an assurance engagement.
OUTCOME
The impact achieved by a government activity or program e.g. an increase in farm production (see “Effectiveness”).
288
GLOSSARY
OUTPUT
The immediate services produced by a government activity or program (see “Efficiency”).
PREVENTIVE CONTROLS
Actions taken by management to deter the occurrence of expected adverse events such as error, fraud, irregularity, inefficiency.
PUBLIC BODY
Any organ of the Federal Government of Ethiopia which is wholly or partly funded by the government budget (typically refers to administrative bodies not to public enterprises).
RISK
The probability of an event or action which will adversely affect the entity.
RISK ASSESSMENT
A systematic process for evaluating risk which takes into account both probability of occurrence and the relative significance of risky events (i.e. it considers whether risky events are likely to occur and concentrates on those likely to do most damage)
RISK MANAGEMENT PROCESSES
Put in place by management to identify, evaluate, and respond to potential risks that may impact the achievement of the organization’s objectives.
SCOPE OF THE AUDIT
Refers to the activities covered by an internal audit.
SCOPE LIMITATION
‘THE THREE Es”
A limitation placed on internal audit (often by management) preventing it from accomplishing objectives and plans Sometimes termed materiality, refers to the relative importance of items, transactions, findings, etc. Items of larger monetary amount tend to be more significant than smaller ones. Lists established by Ministry of Finance and Economic Development and other authorized public bodies which set out the names and addresses of suppliers from whom public bodies may solicit bids. Defined by the Institute of Internal Auditors as an arrangement, set or collection of concepts, parts, activities, and/or people that are connected or inter-related to achieve objectives or goals. The arrangement of procedures, instructions, activities and people chosen by management to comply with government laws etc. and to achieve its own internal control objectives. For a definition of internal control see above. Economy, Efficiency and Effectiveness.
VALUE FOR MONEY AUDIT
An audit concerned with economy, efficiency and effectiveness, sometimes known as a performance audit.
WALK-THROUGH TEST
Test based on preliminary understanding of a system to confirm that the system works as expected. Documents prepared by auditors to record the information obtained, analyses made and conclusions reached during an audit (on which audit findings and recommendations are based)
SIGNIFICANCE SUPPLIERS’ LISTS
SYSTEM
SYSTEM OF INTERNAL CONTROL
WORKING PAPERS
ANNEXES
ANNEX I II III IV V VI VII VIII IX X XI - 1 XI - 2 XII XIII XIV XV XVI XVII - 1 XVII - 2 XVIII XIX XX XXI XXII XXIII XXIV XXV XXVI XXVII XXVIII XXIX XXX XXXI
Example of Calculation of Risk Index Risk Index Internal Audit Planning Checklist Internal Audit Monitoring Checklist Internal Audit Planning Review Sheet Internal Audit Completion Checklist Interim Audit Review Sheet Internal Audit Completion Review Sheet Internal Audit Report Organization of Working Papers Schedule of Summary of Findings Audit Findings Relationship of Working Papers to Financial Statements Working Paper – Typical Schedule Audit Programme Audit Programme – Cash and Bank Balances Annual Plan Cash Count Form Suspense Account – Count Sheet Bank Reconciliation Internal Control Questioner – Cash and Bank Balances Internal Control Questioner – Receipts and Receivables Internal Control Questioner – Stocks Internal Control Questioner – Fixed Assets Internal Control Questioner – Payroll Internal Control Questioner – Expenditures and procurement Fraud Investigation Standards Internal Audit Questioner – Value for Money Internal Control Questioner in A Computerized System Internal Control Evaluation Questionnaire Rules and Principles When Planning Performance Audit Rules and Principles When Conducting Performance Audit Nine Global Accords
PAGE 192 193 194 196 198 199 200 201 202 203 209 210 211 212 213 214 223 226 227 228 229 233 236 240 242 244 248 250 253 264 271 273 275
View more...
Comments