Professional Documents
Culture Documents
Objective
To provide a clear picture of the nature and requirements of work to be done under FAM and
thereby facilitating the Directors General in dealing with multifarious technical and
administrative issues involved in implementing the new methodology.
Context
The Financial Audit Manual (FAM) has been commissioned by the worthy Auditor General of
Pakistan in June, 2006 to be used by field audit offices for the purpose of conducting audits
falling under their respective audit mandates. Audit Competency Center, PIFRA is reaching out
to different field audit offices (FAOs) to provide them on job support so that the process of
change could be facilitated. However, our schedule is governed by the bench marks agreed with
the World Bank. Accordingly, this brief is prepared to introduce the shift in audit paradigm and
related change in audit work processes.
NAuM requires that audit assurance be achieved by covering significant issues which are
susceptible to higher risks of monetary errors and non-compliance. Formations are then
selected on the basis of work required to be done for auditing the selected issues. Audits are
assigned by the name of auditors in audit plan. Suitability of the audit party for a particular
assignment is also recorded.
Detailed Planning
Detailed audit activity is planned at headquarters level and field auditors are required to
execute the given program and collect evidence intelligently. However, field auditors are not
expected to be blind of risk situations extraneous to the given audit program.
Except for performance auditing there has been no concept of documented planning of work to
be done in the field under legacy audit. Normally, audit parties are assigned the formations and
it is for the field auditors to decide what to check and where to check. Extensive supervisory
role, which this situation calls for, is neither possible because of manpower shortage nor
feasible because of high audit cost.
In order to have a well thought out and well directed audit activity NAuM calls for detailed
activity planning to be done at headquarters level. Aspects of ‘what is the risk’, ‘what to check’,
‘where to check’ and ‘how to check’ are planned and approved at headquarters level. Field
auditors are required to execute the given procedures intelligently. At the same time it is
expected of the field auditors to remain vigilant to risk situations other than what has been
planned. In case field auditors identify other significant risk situations during field work their
audit procedures can be altered with the approval of headquarters.
Audit Execution
Field work is to be carried out on predetermined lines. All the field work, related evidence and
any deviation from the set audit program is documented on standard working paper files.
This enhances transparency and trustworthiness of the field work. Also, integrated audit
approach is recommended for efficient use of resources and minimizing the engagement of
the auditee.
Legacy audit methodology does not provide standard structure for documenting field work.
Normally field auditors come up with statements of their observations and an associated set of
photocopies as evidence for the observations. It is not possible to ensure that all the significant
areas have been scrutinized. Secondly, validation of auditors’ interpretation of facts and
adequacy of evidence usually require a lot of effort and time at headquarters level. A very little
proportion of work is able to survive to the audit report stage. Moreover, field activity of one
type of audit (certification, compliance or performance) is planned in isolation from the field
engagements of other audit types. Consequently, respective audit teams may have to visit same
the premises of the auditee organization at different times and requisite the similar record. This
increases the cost of audit and creates inconvenience to the auditee.
FAM provides for documentation of field work in standard working paper files and signatures of
the auditor with respect to completion of each audit step of the assigned audit procedures. This
helps in ensuring that all the planned work has been performed and that the work is being
owned by the auditor. Execution of work according to a well thought out plan, its systematic
documentation together with the ownership of the field auditor enhances the reliability of the
work which significantly reduces the quality assurance effort in the latter stages of audit cycle.
Besides, integrated audit activity is recommended to ensure efficient use of resources and
minimum engagement of the auditee. Under this approach field activities are so planned that
different types of audits are conducted (either by different audit parties or one audit party) at
one formation at the same time using the same record.
Reporting
Reporting objective is value addition to the operations of audit entity. This is achieved by
tracing causes of errors/deviations, identifying and reporting upon the weaknesses in control
systems, assessing their impact or potential impact in overall scenario and making
recommendations not only for taking corrective actions on the individual observations but
also for improving control systems.
NAuM requires that the auditor identifies the causes of errors / irregularities observed and
reports material errors and significant instances of noncompliance in the context of underlying
causes. Conclusions are developed to depict overall scenario of errors, irregularities and
potential risks in the context of adequacy of implemented control systems. Recommendations
are not limited to taking corrective measures for individual observations but are made primarily
to address system weaknesses. In this way audit report contributes towards value addition to
the operations of audit entity.
The scope of the audit reflects the audit entity. For certification audits that are required under
Section 7 of the Auditor-General Ordinance, the entity to be audited will be defined by the
applicable accounting policies of the government. For example, for an audit of the financial
statements of the Federation, the entity to be audited would be all of the ministries,
departments, agencies, etc. that the accounting policies require to be included in the financial
statements of the Federation.
Step 6 – Determine financial audit and compliance with authority objectives, and
error/irregularity conditions
Having divided the audit into components, the auditor needs to define attest and compliance
objectives, as applicable, and define what is considered to be an error or irregularity.
Fieldwork
During the fieldwork phase, the auditors complete the procedures that are contained in the
audit programs. The required evidence is gathered, and the work performed is documented in
the appropriate working paper files.
Evaluation
During the evaluation phase, the results of the audit are summarised and conclusions are
reached.
Reporting
The reporting phase involves performing some final clearance procedures and issuing an audit
certificate (opinion) on the financial statements. In this certificate, the auditor expresses an opinion
as to whether:
The financial statements properly present in all material respects, the government’s financial
position, the results of its operations, its cash flows and its expenditure and receipts by
appropriation; and,
The sums expended have been applied, in all material respects, for the purposes authorized by
Parliament, and have, in all material respects, been booked to the relevant grants and
appropriations.
Often, the reporting phase also involves issuing other reports dealing with internal controls,
compliance with authorities, and performance matters that were identified as part of a financial
audit, or in separate audits. These matters can be reported in a management report or in one of
the Auditor-General’s reports to Parliament and the Public Accounts Committee.
Follow up
The follow-up phase involves returning to the entity at a later date to determine if entity
management has:
Corrected errors identified during the audit; and
Implemented recommendations made by the auditors or by the Public Accounts
Committee.
DAG Deputy
Auditor- Director Audit
(Senior) Director Director or
Step General General Officer
or DAG Asst. Director
General Planning
(1)
Update overall audit A R(1) P
objectives and audit
scope
Deputy
DAG
Auditor- Director Director Audit
(Senior)
Step General General Director or Asst. Officer
or DAG
Director
Detailed Planning
(1)
Update audit A R(1) S P
programs
(1) The review and approval would be done through a review and approval of the
permanent file, planning file, audit planning memorandum, audit programs, etc. produced at
the end of the planning process.
Deputy
DAG
Auditor- Director Director Audit
(Senior)
Step General General Director or Asst. Officer
or DAG
Director
Evaluation
Conclude on results R S P
of work
Reporting
(2) (2)
Audit Opinions A A R P
A(2) A(2) R P
Audit Reports
A P
Management
reports
Follow up
(3) (3) (3) (3) (3) (3)
Follow up matters
in reports
(2) It is expected that the audit opinions and audit reports on the major entities would be approved
by the Auditor-General; the other audit opinions and audit reports would be approved by the
Deputy Auditor General (Senior) or a Deputy Auditor General.
(3) The roles and responsibilities would match those for the equivalent work performed during the
audit itself.
Important Definitions
Audit mandate. The auditing responsibilities, powers, functions, discretions and duties
conferred on the auditor under the constitution or any other law.
Audit opinion. A report issued by the auditor in which he/she concludes as to whether:
The financial statements properly present, in all material respects, the government’s financial
position, the results of its operations, its cash flows and its expenditures and receipts by
appropriation; and
The sums expended have been applied, in all material respects, for the purposes authorized by
Parliament and have, in all material respects, been booked to the relevant grants and
appropriations.
Audit report. A document, other than an audit opinion, that is issued by the auditor to
individuals outside the entity. These individuals could include, for example, members of the
National Assembly, a Provincial Assembly, a District Assembly, a Public Accounts Committee, or
the general public.
AUDIT TYPES
Regularity audit. An examination involving one or more of the following activities:
Financial audit. A type of regularity audit in which the auditor attests to the financial
accountability of an entity by examining and evaluating financial records, leading to the
expression of an opinion on financial statements. A financial audit includes a significant
compliance with authority element.
Compliance with authority audit. An examination to determine the extent to which the entity
has adhered to the laws, rules, regulations, policies, plans, etc. governing it. A portion of this
work is required to be performed as part of a financial audit
Performance audit. An audit of the economy, efficiency and effectiveness with which the
audited entity uses its resources in carrying out its responsibilities.
AUDIT OBJECTIVES
Overall audit objective. The overall purpose or goal to be achieved by performing a particular
audit. The objective will be affected by the type of audit to be performed. For example, the
overall audit objective for a financial audit is to express an opinion on financial statements.
Specific financial audit objective. A specific purpose or goal used to determine whether a
component properly presents. For a financial audit, these purposes or goals are determining if:
1. The component is valid (the asset or liability exists or the revenue or expenditure has
occurred);
2. The asset, liability, revenue or expenditure is complete.
3. The asset is owned by the entity, or the liability is owed by the entity.
4. The asset or liability is properly valued and properly classified, or the revenue or
expenditure is properly measured and properly classified; and
5. The financial statement presentation is proper.
Compliance with authority objective. A specific purpose or goal used to assess whether the
entity’s activities, transactions and events are in conformity and adherence to the laws, rules,
regulations, policies, plans, etc. governing the entity. A portion of these objectives is required to
be performed as part of a financial audit
Related compliance with authority objective. Those compliance with authority objectives that
are applicable to (related to) a financial audit. Normally the following compliance with authority
objectives are considered to be applicable:
Spend –
The services were actually performed or the goods were actually received;
The expenditure is consistent with the nature of the appropriation to which it was
charged;
The expenditure is in accordance with the applicable legislation, and the rules and/or
regulations issued by such legislation; and
The expenditure does not result in the total approved expenditure being exceeded.
Borrow –
The amount and debt terms (period, interest rates, repayment schedule, etc.) were in
accordance with the applicable legislation, and the rules and/or regulations issued by
such legislation.
Raise revenue –
The cash received was for an approved tax or other approved revenue source; and
The cash received is in accordance with the applicable legislation and the rules and/or
regulations issued by such legislation
The auditor then follows up all unacceptable differences and reaches a conclusion as to the
completeness and accuracy of the recorded amount
Compliance test / Test of internal control. A procedure used to gain an understanding of the
entity’s internal control structure. By performing these tests, the auditor can gain assurance
that the internal controls are helping to reduce the chance of material error existing in the
accounting information, or a material compliance with authority violation occurring.
Substantive tests. Procedures used to gain direct assurance as to the completeness and
accuracy of the data produced by the accounting systems. They are often divided between
analytical procedures and substantive tests of details.
Substantive tests of details. Substantive tests such as physically inspecting an asset, checking
transactions recorded in the books and records to supporting documentation, and confirming
amounts with third parties.
TYPES OF RISKS
Audit risk. The chance that the auditor is prepared to take that he/she may issue an unqualified
opinion on financial statements that are materially misstated.
Inherent Risk. The chance of material error occurring, assuming that there are no internal
controls in place
Control risk. The chance that the entity’s internal controls will not prevent or detect material
error.
Detection risk. The chance that the auditor’s substantive procedures will fail to detect material
error.
Substantive test of details risk. The chance that one key substantive test of details will fail to
detect material error.
TYPES OF ERRORS
Error condition. A specific way in which a monetary error can occur in the financial statements
or a monetary amount may not be in compliance with a related compliance with authority
objective. This would include, for example, specific ways in which an asset, liability, revenue or
expenditure item might not be valid, might not be complete, etc.
Known error. An error that the auditor has actually found during an audit.
Material error. A single error which exceeds the materiality amount, or the sum of multiple
smaller errors that exceeds the materiality amount.
Most likely error. The auditor’s best estimate of the error in the population.
Entity. The organization, program, project, activity, theme or function subject to audit. In the
case of a financial audit, the entity is often defined by the applicable accounting policies of the
government. For the financial statement audit of the Federation, for example, the entity to be
audited would be the aggregate of all of the ministries, departments, agencies, etc. that the
accounting policies require to be included in the financial statements of the Federation
Materiality. An error (or the sum of the errors) is material if the error (or the sum of the errors)
is big enough to influence the users of the financial statements.
Audit program. A document that contains the specific audit procedures that the auditor is to
perform during the fieldwork phase.
Component. A distinct unit (or part) of the financial statements being audited.
Internal control. A process, established by management and carried out by management and
other personnel, to provide reasonable assurance regarding the achievement of objectives in
the following categories:
Control systems. The controls established and maintained by management to collect, record
and process data and report the resulting information.
Compliance with authority. Conformity and adherence to the laws, rules, regulations, policies,
plans, etc. governing the entity.
Cause. The underlying factor(s) that explain the findings observed during the audit. Generally
the audit recommendations are directed towards correcting the cause(s) of the weaknesses
identified.
Transaction. A single accounting event, such as the purchase of a good, the receipt of a sales
tax amount, or the making of a disbursement.
Transaction cycle. The flow of transactions through the accounting system. An example is the
purchase/payables/payments cycle whereby a service or good is acquired, recorded and paid
for.