Professional Documents
Culture Documents
Implementation of New Audit Methodology for Financial and Compliance Audits using Financial
Audit Manual (FAM).
Situation Analysis
The FAM has been commissioned by the worthy Auditor General of Pakistan in June, 2006 to be
used by field audit offices for the purpose of conducting audits falling in their respective audit
mandates. Following was observed by ACC, Lahore, while visiting different directorates to
assess their level of preparedness.
Challenges
Non–familiarity with FAM: There is dearth of trained officers in all the audit
directorates.
Inertia against change: Owing to highly technical outlook of FAM and extensive
preoccupation with traditional audit work implementation of FAM is not being
considered a priority assignment. Also, sufficient copies of FAM and Working Paper
Kit are not available in field offices.
Skeptical attitude: Devoid of proper understanding and guidance most of the field
audit staff regard FAM as theoretical and divorced from real site conditions.
Limitations imposed by the audit entities: Business processes and control structure
of the entities are not documented. Furthermore, accounting record is in bad shape
to the extent that at times implementation of scientific approach given in FAM for
performing overall analyses and sampling etc. becomes very difficult.
The foregoing boils down to the fact that required commitment level is absent because of low
level of comprehension of FAM, difficult field conditions and preoccupation with the workload
of traditional audit work.
Solutions
FAM introduction sessions with higher tiers of management.
On job training support before each step of audit cycle.
Completion of Permanent Files along with mapping business processes and
associated controls under direct supervision of the respective directors and technical
assistance of Audit Competency Centers. Based on FAM requirements a format for
documenting business processes and associated controls is placed at Annexure A.
Implementation Strategy
Familiarization Sessions with Top Management
The objective is to provide a clear picture the nature and requirements of work in hand and
thereby facilitating the Directors General in dealing with multifarious technical and
administrative issues involved in implementing new methodology. The activity involves;
Concepts and tools remain fresh in the mind of officers involved in implementation
while doing actual work.
The training corresponds more to field specific issues rather than mere transfer of
concepts.
The activity supervisor will define the problem his team has come across and
communicate it to ACC in writing.
After due consultation with Audit Experts and having discussions with the audit team
the reply will be furnished by ACC in writing in shortest possible time.
Sequence of Activities
In order to carry out audit for the accounts of 2006-2007 using integrated audit approach of
NAuM activities are sequenced as follows keeping in view the requirements of audit cycle;
Time scheduling is dependent upon the work load and resource availability of respective
directorates. Therefore, the same will be suggested by the directorate concerned.
Field Work
Field auditors will be apprised of planning decisions so that they understand the relative
importance of their work. Training will be for four days and will encompass following aspects;
Reporting
ACC will arrange a six days training session on following aspects;
First draft of report will be attempted during training sessions since all the field work will be
available by that time.
Annexure - A
Business Processes
Objective: This information set relates to understanding of business operations, risks in
operations and how management has tried to counteract these risks through internal
controls. This forms basis for developing internal control questioners for control testing
and audit procedures for substantive testing of details.
Collection of Direct Taxes: Income Tax, Workers’ Welfare Tax and Capital Value Tax
Objective
To provide a clear picture of the nature and requirements of work to be done under FAM and
thereby facilitating the Directors General in dealing with multifarious technical and
administrative issues involved in implementing the new methodology.
Context
The Financial Audit Manual (FAM) has been commissioned by the worthy Auditor General of
Pakistan in June, 2006 to be used by field audit offices for the purpose of conducting audits
falling under their respective audit mandates. Audit Competency Center, PIFRA is reaching out
to different field audit offices (FAOs) to provide them on job support so that the process of
change could be facilitated. However, our schedule is governed by the bench marks agreed with
the World Bank. Accordingly, this brief is prepared to introduce the shift in audit paradigm and
related change in audit work processes.
NAuM requires that audit assurance be achieved by covering significant issues which are
susceptible to higher risks of monetary errors and non-compliance. Formations are then
selected on the basis of work required to be done for auditing the selected issues. Audits are
assigned by the name of auditors in audit plan. Suitability of the audit party for a particular
assignment is also recorded.
Detailed Planning
Detailed audit activity is planned at headquarters level and field auditors are required to
execute the given program and collect evidence intelligently. However, field auditors are not
expected to be blind of risk situations extraneous to the given audit program.
Except for performance auditing there has been no concept of documented planning of work to
be done in the field under legacy audit. Normally, audit parties are assigned the formations and
it is for the field auditors to decide what to check and where to check. Extensive supervisory
role, which this situation calls for, is neither possible because of manpower shortage nor
feasible because of high audit cost.
In order to have a well thought out and well directed audit activity NAuM calls for detailed
activity planning to be done at headquarters level. Aspects of ‘what is the risk’, ‘what to check’,
‘where to check’ and ‘how to check’ are planned and approved at headquarters level. Field
auditors are required to execute the given procedures intelligently. At the same time it is
expected of the field auditors to remain vigilant to risk situations other than what has been
planned. In case field auditors identify other significant risk situations during field work their
audit procedures can be altered with the approval of headquarters.
Audit Execution
Field work is to be carried out on predetermined lines. All the field work, related evidence and
any deviation from the set audit program is documented on standard working paper files.
This enhances transparency and trustworthiness of the field work. Also, integrated audit
approach is recommended for efficient use of resources and minimizing the engagement of
the auditee.
Legacy audit methodology does not provide standard structure for documenting field work.
Normally field auditors come up with statements of their observations and an associated set of
photocopies as evidence for the observations. It is not possible to ensure that all the significant
areas have been scrutinized. Secondly, validation of auditors’ interpretation of facts and
adequacy of evidence usually require a lot of effort and time at headquarters level. A very little
proportion of work is able to survive to the audit report stage. Moreover, field activity of one
type of audit (certification, compliance or performance) is planned in isolation from the field
engagements of other audit types. Consequently, respective audit teams may have to visit same
the premises of the auditee organization at different times and requisite the similar record. This
increases the cost of audit and creates inconvenience to the auditee.
FAM provides for documentation of field work in standard working paper files and signatures of
the auditor with respect to completion of each audit step of the assigned audit procedures. This
helps in ensuring that all the planned work has been performed and that the work is being
owned by the auditor. Execution of work according to a well thought out plan, its systematic
documentation together with the ownership of the field auditor enhances the reliability of the
work which significantly reduces the quality assurance effort in the latter stages of audit cycle.
Besides, integrated audit activity is recommended to ensure efficient use of resources and
minimum engagement of the auditee. Under this approach field activities are so planned that
different types of audits are conducted (either by different audit parties or one audit party) at
one formation at the same time using the same record.
Reporting
Reporting objective is value addition to the operations of audit entity. This is achieved by
tracing causes of errors/deviations, identifying and reporting upon the weaknesses in control
systems, assessing their impact or potential impact in overall scenario and making
recommendations not only for taking corrective actions on the individual observations but
also for improving control systems.
NAuM requires that the auditor identifies the causes of errors / irregularities observed and
reports material errors and significant instances of noncompliance in the context of underlying
causes. Conclusions are developed to depict overall scenario of errors, irregularities and
potential risks in the context of adequacy of implemented control systems. Recommendations
are not limited to taking corrective measures for individual observations but are made primarily
to address system weaknesses. In this way audit report contributes towards value addition to
the operations of audit entity.
The scope of the audit reflects the audit entity. For certification audits that are required under
Section 7 of the Auditor-General Ordinance, the entity to be audited will be defined by the
applicable accounting policies of the government. For example, for an audit of the financial
statements of the Federation, the entity to be audited would be all of the ministries,
departments, agencies, etc. that the accounting policies require to be included in the financial
statements of the Federation.
Step 6 – Determine financial audit and compliance with authority objectives, and error/irregularity
conditions
Having divided the audit into components, the auditor needs to define attest and compliance
objectives, as applicable, and define what is considered to be an error or irregularity.
Step 8 – Determine mix of tests of internal control, analytical procedures and substantive tests of details
The auditor needs to select a combination of tests of internal control, analytical procedures and
substantive tests of details that, in total, will provide the desired level of assurance.
Fieldwork
During the fieldwork phase, the auditors complete the procedures that are contained in the
audit programs. The required evidence is gathered, and the work performed is documented in
the appropriate working paper files.
Evaluation
During the evaluation phase, the results of the audit are summarised and conclusions are
reached.
Reporting
The reporting phase involves performing some final clearance procedures and issuing an audit
certificate (opinion) on the financial statements. In this certificate, the auditor expresses an
opinion as to whether:
The financial statements properly present in all material respects, the government’s financial
position, the results of its operations, its cash flows and its expenditure and receipts by
appropriation; and,
The sums expended have been applied, in all material respects, for the purposes authorized by
Parliament, and have, in all material respects, been booked to the relevant grants and
appropriations.
Often, the reporting phase also involves issuing other reports dealing with internal controls,
compliance with authorities, and performance matters that were identified as part of a financial
audit, or in separate audits. These matters can be reported in a management report or in one of
the Auditor-General’s reports to Parliament and the Public Accounts Committee.
Follow up
The follow-up phase involves returning to the entity at a later date to determine if entity
management has:
DAG Deputy
Auditor- Director Audit
(Senior) Director Director or
Step General General Officer
or DAG Asst. Director
General Planning
Update overall audit A(1) R(1) P
objectives and audit
scope
(1) The review and approval would be done through a review and approval of the
permanent file, planning file, audit planning memorandum, audit programs, etc.
produced at the end of the planning process.
Audit
DAG Deputy
or- Director Audit
(Senior) Director or
Step Gener General Director Officer
or DAG Asst. Director
al
Detailed Planning
Update audit A(1) R(1) S P
programs
Fieldwork
Complete audit
R S P
programs
Deputy
DAG
Auditor- Director Director Audit
(Senior)
Step General General Director or Asst. Officer
or DAG
Director
Evaluation
Conclude on results R S P
of work
Reporting
Audit Opinions A(2) A(2) R P
A(2) A(2) R P
Audit Reports
A P
Management
reports
Follow up
(3) (3) (3) (3) (3) (3)
Follow up matters
in reports
A = Approve R = Review S = Supervise P = Responsible for performance of.
(2) It is expected that the audit opinions and audit reports on the major entities would be approved
by the Auditor-General; the other audit opinions and audit reports would be approved by the
Deputy Auditor General (Senior) or a Deputy Auditor General.
(3) The roles and responsibilities would match those for the equivalent work performed during the
audit itself.
Important Definitions
Audit mandate. The auditing responsibilities, powers, functions, discretions and duties
conferred on the auditor under the constitution or any other law.
Audit opinion. A report issued by the auditor in which he/she concludes as to whether:
The financial statements properly present, in all material respects, the government’s
financial position, the results of its operations, its cash flows and its expenditures and
receipts by appropriation; and
The sums expended have been applied, in all material respects, for the purposes authorized by
Parliament and have, in all material respects, been booked to the relevant grants and
appropriations.
Audit report. A document, other than an audit opinion, that is issued by the auditor to
individuals outside the entity. These individuals could include, for example, members of the
National Assembly, a Provincial Assembly, a District Assembly, a Public Accounts Committee, or
the general public.
AUDIT TYPES
Regularity audit. An examination involving one or more of the following activities:
Financial audit. A type of regularity audit in which the auditor attests to the financial
accountability of an entity by examining and evaluating financial records, leading to the
expression of an opinion on financial statements. A financial audit includes a significant
compliance with authority element.
Compliance with authority audit. An examination to determine the extent to which the entity
has adhered to the laws, rules, regulations, policies, plans, etc. governing it. A portion of this
work is required to be performed as part of a financial audit
Performance audit. An audit of the economy, efficiency and effectiveness with which the
audited entity uses its resources in carrying out its responsibilities.
AUDIT OBJECTIVES
Overall audit objective. The overall purpose or goal to be achieved by performing a particular
audit. The objective will be affected by the type of audit to be performed. For example, the
overall audit objective for a financial audit is to express an opinion on financial statements.
Specific financial audit objective. A specific purpose or goal used to determine whether a
component properly presents. For a financial audit, these purposes or goals are determining if:
1. The component is valid (the asset or liability exists or the revenue or expenditure has
occurred);
2. The asset, liability, revenue or expenditure is complete.
3. The asset is owned by the entity, or the liability is owed by the entity.
4. The asset or liability is properly valued and properly classified, or the revenue or
expenditure is properly measured and properly classified; and
5. The financial statement presentation is proper.
Compliance with authority objective. A specific purpose or goal used to assess whether the
entity’s activities, transactions and events are in conformity and adherence to the laws, rules,
regulations, policies, plans, etc. governing the entity. A portion of these objectives is required to
be performed as part of a financial audit
Related compliance with authority objective. Those compliance with authority objectives that
are applicable to (related to) a financial audit. Normally the following compliance with authority
objectives are considered to be applicable:
1. Spend –
The services were actually performed or the goods were actually received;
The expenditure is consistent with the nature of the appropriation to which it was
charged;
The expenditure is in accordance with the applicable legislation, and the rules and/or
regulations issued by such legislation; and
The expenditure does not result in the total approved expenditure being exceeded.
2. Borrow –
The amount and debt terms (period, interest rates, repayment schedule, etc.) were in
accordance with the applicable legislation, and the rules and/or regulations issued by
such legislation.
3. Raise revenue –
The cash received was for an approved tax or other approved revenue source; and
The cash received is in accordance with the applicable legislation and the rules and/or
regulations issued by such legislation
The auditor then follows up all unacceptable differences and reaches a conclusion as to the
completeness and accuracy of the recorded amount
Compliance test / Test of internal control. A procedure used to gain an understanding of the
entity’s internal control structure. By performing these tests, the auditor can gain assurance
that the internal controls are helping to reduce the chance of material error existing in the
accounting information, or a material compliance with authority violation occurring.
Substantive tests. Procedures used to gain direct assurance as to the completeness and
accuracy of the data produced by the accounting systems. They are often divided between
analytical procedures and substantive tests of details.
Substantive tests of details. Substantive tests such as physically inspecting an asset, checking
transactions recorded in the books and records to supporting documentation, and confirming
amounts with third parties.
TYPES OF RISKS
Audit risk. The chance that the auditor is prepared to take that he/she may issue an unqualified
opinion on financial statements that are materially misstated.
Inherent Risk. The chance of material error occurring, assuming that there are no internal
controls in place
Control risk. The chance that the entity’s internal controls will not prevent or detect material
error.
Detection risk. The chance that the auditor’s substantive procedures will fail to detect material
error.
Substantive test of details risk. The chance that one key substantive test of details will fail to
detect material error.
TYPES OF ERRORS
Error condition. A specific way in which a monetary error can occur in the financial statements
or a monetary amount may not be in compliance with a related compliance with authority
objective. This would include, for example, specific ways in which an asset, liability, revenue or
expenditure item might not be valid, might not be complete, etc.
Known error. An error that the auditor has actually found during an audit.
Material error. A single error which exceeds the materiality amount, or the sum of multiple
smaller errors that exceeds the materiality amount.
Most likely error. The auditor’s best estimate of the error in the population.
Entity. The organization, program, project, activity, theme or function subject to audit. In the
case of a financial audit, the entity is often defined by the applicable accounting policies of the
government. For the financial statement audit of the Federation, for example, the entity to be
audited would be the aggregate of all of the ministries, departments, agencies, etc. that the
accounting policies require to be included in the financial statements of the Federation
Materiality. An error (or the sum of the errors) is material if the error (or the sum of the errors)
is big enough to influence the users of the financial statements.
i) collecting, ii) analyzing, iii) interpreting, and iv) documenting information that allows the
auditor to conclude against the specific audit objectives, related compliance with authority
objectives and error conditions.
Audit program. A document that contains the specific audit procedures that the auditor is to
perform during the fieldwork phase.
Component. A distinct unit (or part) of the financial statements being audited.
Internal control. A process, established by management and carried out by management and
other personnel, to provide reasonable assurance regarding the achievement of objectives in
the following categories:
Control systems. The controls established and maintained by management to collect, record
and process data and report the resulting information.
Compliance with authority. Conformity and adherence to the laws, rules, regulations, policies,
plans, etc. governing the entity.
Cause. The underlying factor(s) that explain the findings observed during the audit. Generally
the audit recommendations are directed towards correcting the cause(s) of the weaknesses
identified.
Transaction. A single accounting event, such as the purchase of a good, the receipt of a sales
tax amount, or the making of a disbursement.
Transaction cycle. The flow of transactions through the accounting system. An example is the
purchase/payables/payments cycle whereby a service or good is acquired, recorded and paid
for.
Attestation Audit of Financial Statements of Government of Pakistan (Revenue /Receipts Component)
AGPR AP1 5 30 1 1
Lahore
AGPR AP2 5 50 1 1
KARACHI
AGPR AP1 4 68 1 1
Quetta
AGPR AP1 4 4 1 1
Peshawa
r
LTU AP1 4 56 1 1
Lahore