COA_R2013-014

RESOLUTION

SUBJECT

Republic of the Philippines COMMISSION ON AUDIT

Commonwealth Avenue, Quezon City, Philippines

No. : 2013-014

Date: JUN 2 8 2013

Adoption of a Quality Assurance (QA) Policy and a QA Review Handbook; and Creation of a Quality Assurance Office

WHEREAS, the Commission on Aud it (COA) is vested by the Constitution the exclusive authority to "define the scope of it s audit and examination, establish the techniques and methods required therefore, promulgate accounting and auditing rules and regulations" (Section 2, Article IX-D, 1987 Constitution);

WHEREAS, the COA continually explores and develops different and dynamic techniques and methodologies, processes to ensure high quality audit in an economical, efficient and effect ive way in order to keep pace with the latest developments in the auditing profession and the best practices of its counterparts worldwide;

WHEREAS, the COA top management continuously steers the process of re-examining .and refining COA's audit methodologies, processes and procedures and all other institutional factors affecting COA's fulfillment of its mission and goals and adherence to its professional standards and core va lues;

WHEREAS, the COA had adopted ISQC 1, International Standards in Auditing 220 and various relevant ISAs that will enable it to ascertain whether its audits and audit reports are aligned with international best practices and meet the needs of COA's stakeholders;

WHEREAS, there is a need to establish a quality assurance process that would evaluate the existing quality control system to ensure that COA and its personnel comply with professional standards and regulatory legal requirements; that COA audit reports issued are appropriate in the circumstances;

NOW, THEREFORE, this Commission Proper resolves, as it does hereby reso lve, to establish a Quality Assurance Office (QAO) under the Professional and Institutional Development Sector (PIDS);

RESOLVED further that Directors IV and III positions shall be created for the QAO;

Annex B

Republic of the Philippines COMMISSION ON AUDIT

Commonwealth Avenue, Quezon City

QUALITY

ASSURANCE

REVIEW

HANDBOOK

1

Quality Assurance Review Handbook QUA ASSURANCE IN FINANCIAL AUDITING

TABLE OF CONTENTS

Page Number Introduction to the Handbook 3 Chapter 1: Basic Concepts and the Quality Assurance Office (QAO) 1. Concepts/Definition of Terms 5

2. Relationships Among Quality Control System (QCS)

Monitoring and Quality Assurance Review (QAR) 5 Figure 1: Relationships Among QCS, Monitoring and QAR 6 3. Creation of QAO 6 4. Frequency of the Review 8 5. Duration of the Review 9 Chapter 2: COA QAR Framework 1. Overview 10

2. The Commission on Audit (COA)-Quality Management

System (QMS) Framework 10

Table 1: Desired Conditions for the Eight Elements of the

COA-QMS 11 Figure 2: The COA-QMS Key Elements Framework 12 3. Elements of COA-QMS 13 3.1 Independence and Legal Framework 13 3.2 Human Resources 14 3.3 Audit Methodology and Standards 15 3.4 Internal Governance 16 3.5 Corporate Support 19 3.6 Continuous Improvement 20 3.7 External Stakeholders Relations 21 3.8 Results 22 Chapter 3: Quality Assurance Process 1. Introduction 23 2. Objectives of the Quality Assurance (QA) Function 23 3. Audit Process Overview 25 4. QAR Process 26 Figure 3: QAR Process 26 4.1 Planning the QAR 26 4.2 Conducting the QAR 27 4.3 Reporting Findings and Recommendations 29 4.4 Follow-up 33 4.5 Annual Accomplishment Report on QA 33

2


Appendices Appendix 1: The COA-External Stakeholders Relationship 36 Appendix 2: Contents of a QAR Plan 37 Appendix 3: Peer Review 39

Appendix 4: Terms of Reference (TOR) for Peer QA of a

Supreme Audit Institution (SAI) 41 Appendix 5: Quality Control System Checklist (QCSC) 44

Appendix 6: Quality Assurance Questionnaire (QAQ) -

Institutional Level 45 Appendix 7: Financial Audit Methodology Checklist 82 Appendix 8: QAQ - Engagement Level 90 Appendix 9: Template for Findings by Elements 109 Appendix 10: QAR Report Outline Recording Form 110

Appendix 11: Template of Draft Report (Institutional Level QAR

Report) 111 Appendix 12: QA Follow-Up Action Plan 112 Appendix 13: List of Acronyms 115

3


INTRODUCTION

BACKGROUND OF THE HANDBOOK

1. The handbook has been prepared in fulfilment of the requirements for the completion of the International Organization of Supreme Audit Institutions (INTOSAI) Development Institute (IDI) sponsored Workshop on Quality Assurance Review (QAR) in Financial Audit, attended by a four-man representatives of the Commission on Audit (COA) in 2008 at Ulaanbaatar, Mongolia capped by a Review meeting at Jakarta, Indonesia on the same year.

2. In 2007, the Commission, as a member of the Asian

Organization of Supreme Audit Institutions (ASOSAI), signed a Cooperation Agreement in Cambodia, together with the other member nations to undertake a project to strengthen the quality control systems (QCS) of Supreme Audit Institutions (SAIs) through the establishment of the QAR process.

3. The representatives were tasked then to customize a

handbook on QAR which was developed by a team of trainers from IDI-ASOSAI. The main purpose of this handbook is to provide guidance in conducting QAR.

4. The Commission in its commitment to pursue the initiatives of

IDI-ASOSAI, customized the draft IDI-ASOSAI QAR handbook to provide guidance in conducting QAR. The handbook contains concepts related to Quality Assurance (QA), the benefits that one would derive from undertaking QARs at regular intervals and provide practical guidance such as templates, checklists, questionnaires and samples.

OBJECTIVES OF THE HANDBOOK

5. The handbook provides guidance to QAR review teams as they conduct their reviews based on the audit quality frameworks and standards provided for both the institutional level as well as the engagement level, against which their performance will be gauged; and ensures continuous compliance with these quality standards.

6. The handbook seeks to promote adherence to the culture of

quality in audit work in all phases of audit among all sectors in the Commission.

4


SCOPE OF THE HANDBOOK

7. The handbook contains the methodology for conducting QARs. It defines audit quality in terms of audit elements and standards and explains how review teams could assess audit quality using these standards both at institutional and engagement levels.

8. The International Federation of Accountants (IFAC)

Standards, International Standards on Quality Control (ISQC) in the Institutional/Firm level (ISQC1) and International Standards in Auditing (ISA 220) on Financial/Engagement level as well as the Audit Quality Management System (AQMS) provide guidance in the conduct of QAR in this handbook.

INTENDED USERS

9. The handbook is directed for the use of the Quality Assurance

Office to be created by the Commission Proper (CP).

AMENDATORY PROVISIONS

10. The vibrant structure of the Commission and the audit landscape, effecting changes in the organizational audit implementation, updating policies and procedures to achieve quality in audit may necessitate revisions and updating of the handbook. The handbook shall be regularly updated with the progress of international standards as adopted by the Commission through the issuance of the Philippine Public Sector Auditing Standards (PPSAS).

5


Chapter 1: BASIC CONCEPTS AND THE QUALITY

ASSURANCE OFFICE (QAO)

1. CONCEPTS/DEFINITION OF TERMS

Quality

Generally, it is the degree to which a set of inherent characteristics of a product or service satisfy stakeholders’ requirements.

In an audit engagement, it is the degree to which an audit is conducted in accordance with professional standards and regulatory and legal requirements, and reports issued by the firm or engagement partners are appropriate in the circumstances.

Quality Control System (QCS)

QCS consists of policies and procedures designed to ensure that the firm and its personnel comply with professional standards and legal and regulatory requirements and that the reports issued by the firm are appropriate in the circumstances.

Monitoring

Monitoring is one of the components of the QCS, the purpose of which is to assess the appropriateness of the design and effectiveness of operation of system of quality controls.

Quality Assurance Review (QAR)

QAR is the process that provides independent assurance to the head of the SAI that the quality control systems, which include monitoring, and practices are designed and working effectively.

2. RELATIONSHIPS AMONG QCS, MONITORING AND QAR

Though at times QCS and QAR are used interchangeably, yet, there is a difference in their scope and meaning.

6


Although monitoring and QAR serves the same purpose, the former is a component of the QCS while QAR is an independent assessment of the QCS including monitoring. This is illustrated in the following graphical presentation.

Figure 1: Relationships Among QCS, Monitoring and QAR

Quality Assurance Review

Monitoring of quality controlSystem

Quality Control System

3. CREATION OF A QAO

An organic office, to be created by the CP, shall be composed of a Head and members who are independent of the operating units. The CP shall determine the size and composition of the QAO.

3.1. Competencies of QAO

The members of the QAO should possess the competencies as required by the COA Qualification Standards (QS).

3.2. Functions of QAO

The QAO will review the adequacy of, and compliance to, quality controls at the institutional and engagement levels. The QA report should identify weaknesses, offer recommendations for consideration and follow up actions taken. It will assess the outcome of the recommendations that were implemented and identify reasons for non-implementation.

3.3. Roles of QAO members

The roles of the different levels of QAO members are briefly explained below:

7


Assistant Commissioner, Professional and Institutional Development Sector (PIDS)

The Assistant Commissioner, PIDS, exercising direct supervision over the QAO, reports to the Chairperson and is responsible for:

Overall direction on how to conduct the QA review and learning results evaluation (LRE);

Formulation of strategies to be undertaken; Approval of the QA review and LRE plan; Oversight in the conduct of the QA review and LRE; and Transmittal of the Overall QA Review Report and LRE

Report to the Chairperson, Commission on Audit.

Director IV

The QA Director (Director IV), as the head of QAO, supported by an Assistant Director (Director III), is charged with:

Management of the overall operation of all the divisions under the QAO;

Determination of the objectives, scope, time, targets and methodology in conducting the QA review and the LRE;

Monitoring and assuring that the QAR processes are in accordance with QA standards, policies and procedures.

Analysis and review of the QA and LRE findings and formulation of conclusions and recommendations;

Formulation of recommendations on the professional development of the staff under the office;

Overall evaluation of the QA review and LRE results; Review and discussion of the QA review/LRE report

findings with the concerned COA officials and follow-up on outstanding/unresolved issues;

Transmittal of the QA Review/LRE Report to the Directors concerned;

Reporting the QA review/LRE results to the Assistant Commissioner, PIDS; and

Ensuring the accuracy of the Annual Performance Summary Report (APSR) of the divisions and its prompt submission.

8


State Auditor V

The State Auditors V, as the Chief of the Institutional Level or Audit Engagement Review Services, shall be assisted by a State Auditor IV, supported by its corresponding service staff, are responsible for the:

Conduct of the QA review based on the plan agreed upon in the planning stage and ensuring that it is in accordance with standards and procedures;

Gathering of evidence to support findings through interviews, documentation reviews, observations, and other review procedures;

Preparation and documentation of the necessary working papers to support the findings; and

Drafting of the QA review report.

Director II

The Director II, as Chief of the Learning Results Evaluation Services (LRES), assisted by a Training Specialist V, supported by the rest of the LRES staff, is responsible for the:

Management of the overall operations of the division; Development of LRE work plan; Development of evaluation or assessment tool kits and

templates; Conduct of the LRE; Analysis of the results of LRE; Preparation of recommendations based on the results

of LRE; Submission of LRE Report; and Preparation of the APSR for the division.

4. FREQUENCY OF THE REVIEW

QAR will be conducted as follows:

Institutional level – once every three years Engagement level – continuous

9


5. DURATION OF THE REVIEW

The period within which the review will be conducted will depend on the type (whether at the institutional or engagement level) and the number of audit reports (engagement level) to be reviewed.

10


Chapter 2: COA QAR FRAMEWORK

1. OVERVIEW

The COA is responsible to perform its mandate to the satisfaction of its stakeholders’ needs. A useful means to evaluate the achievement of this responsibility is through the establishment of a Quality Management System (QMS) designed to provide reasonable assurance that:

(a) the COA and its personnel comply with professional standards and regulatory and legal requirements; and

(b) the COA reports issued are appropriate in the circumstances.

2. THE COA-QMS FRAMEWORK

The COA-QMS Framework consists of structures and processes relating to certain key institutional management functions pertaining to the following elements:

1. Independence and Legal Framework 2. Human Resources 3. Audit Methodology and Standards 4. Internal Governance 5. Corporate Support 6. Continuous Improvement 7. External Stakeholder Relations 8. Results

These elements were taken from the SAI-QMS Framework developed by IDI–ASOSAI. The effectiveness of the COA as an institution and the quality of its services are reasonably ensured if the eight elements are functioning. The COA aims to achieve the desired condition for each element presented in Table 1.

11


Table 1: Desired Conditions for the Eight Elements of the COA-QMS

Element of Framework Desired Condition Independence and Legal Framework

The COA should maintain its independence and perform its mandate as provided for under the 1987 Constitution and Presidential Decree (PD) 1445 consistent with ISSAI 1, INTOSAI’s Lima Declaration on Auditing Precepts, and ISQC1

Human Resources The COA should have adequate number of competent and motivated staff to discharge its functions effectively [International Standards of Supreme Audit Institutions (ISSAI) 200 Paragraphs 1.3 and 1.5].

Audit Methodology and Standards

The COA’s audit processes should be based on international standards promulgated IFAC and INTOSAI as well as other best practices (ISSAI 200 Paragraph 1.13).

Internal Governance The COA’s top management should ensure that the institution’s decision making and control mechanisms function economically, efficiently, and effectively to be a model in promoting good governance (ISSAI 200 Paragraph 1.15).

Corporate Support The COA should ensure timely delivery of support services and infrastructure to its operating sectors, clusters, regions, divisions, sections, and auditing units (ISSAI 20, Principle 8).

Continuous Improvement

The COA should be abreast and ready to address current and emerging issues and take advantage of new opportunities (ISSAI 200 Paragraph 1.25).

External Stakeholder Relations

The COA should establish and sustain effective working relationship and communication with external stakeholders to ensure greater impact of its audit reports and services.

12


Element of Framework Desired Condition Results The COA should deliver timely quality audit

reports and services that will: promote accountability and

transparency in the public sector; result in more efficient management

and utilization of public resources; and

contribute towards good governance. (ISSAI 20, Principles 5 and 6).

The COA-QMS framework with the eight (8) key elements and sub- elements is shown in Figure 2. The sub-elements are described in detail in the subsequent pages. The COA should consider the sub-elements level when making changes for improvements of its performance.

Figure 2: THE COA-QMS KEY-ELEMENTS FRAMEWORK1

1 2 3 4 5 6 7 8Independence and Legal Framework

Human Resource

Audit Methodology and Standards

Internal Governance

CorporateSupport

Continuous Improvement

External Stakeholder Relations

Results

Independence

Mandate

Recruitment

Retention

Career Development

Training

Well Being

Performance Management

Standards

Manuals & Guidance

Tools

Leadership & Direction

Strategic & Operational Planning

Oversight & Accountability

Code of Conduct

Internal Controls

Quality Assurance

Financial Resources

Infrastructure

Technology

Support Services

Professional Staff Development

Research and Development

Organizational Development

Change Management

Audited Entities

Congress

President

Public

Peers

Donors

International Organisations

Media

Professional & Academic Institutions

Output

(Quality, Quantity)

Impact

1 ASOSAI-IDI Framework page 43 of the QAR Handbook

13


3.0 ELEMENTS OF COA-QMS

3.1 Independence and Legal Framework

Desired condition: The COA should maintain its independence and perform its mandate as provided for under the 1987 Constitution and PD 1445 consistent with ISSAI 1, INTOSAI’s Lima Declaration on Auditing Precepts, and ISQC1.

A fundamental principle of auditing is to provide an independent opinion on the performance of the audited entities and its compliance with laws, rules and regulations. Consequently, the INTOSAI’s Lima Declaration on Auditing Precepts underscores that SAIs can accomplish their tasks objectively and effectively only if they are independent of the audited entity and are protected against outside influence. The Lima Declaration highlights the following dimensions of independence of SAIs that need to be in place:

a. Independence of the COA

Parameters:

The independence of the COA should be clearly defined in the Constitution.

The independence of the auditor should be clearly defined in PD 1445.2

The mandate should clearly spell out the powers and responsibilities of the COA regarding access to information, the nature of entities over which it has audit jurisdiction and nature, scope and timing of its audits.3

The COA should have both functional and organizational independence required to accomplish its tasks.4

2 Adopted from the Lima Declaration on Auditing Precepts, paragraph 3 Section 5 3 Adopted from the ASOSAI-IDI QA Handbook, Section 3.1.2 4 Adopted from the Lima Declaration on Auditing Precepts, paragraph 2 Section 5

14


b. Independence of Officials and Staff of the COA

Parameters:

The independence of the Chairperson and the Commissioners should be guaranteed by the Constitution. In particular, the procedures for removal of the Chairperson and the Commissioners from office should be embodied in the Constitution in a manner that may not impair their independence.5

The professional careers of audit staff of the COA must not be influenced by the audited organizations and must not be dependent on such organizations.6

c. Financial independence of the COA

Parameters:

The COA should be provided with the financial resources to enable it to accomplish its tasks.7

The COA should be entitled to request for the necessary financial resources from the government agencies deciding on the national budget.8

The COA should have fiscal autonomy in the utilization and re-allocation of its budget.9

3.2. Human Resources

Desired Condition: The COA should have adequate number of competent and motivated staff to discharge its functions effectively.

5 Adopted from the Lima Declaration. on Auditing Precepts, paragraph 2 Section 6 6 Adopted from the Lima Declaration. on Auditing Precepts, paragraph 3 Section 6 7 Adopted from the Lima Declaration. on Auditing Precepts, paragraph 1 Section 7 8 The Department of Budget and Management (DBM), President of the Philippines

and Congress has specific roles in the national budget process. 9 Adopted from the Lima Declaration on Auditing Precepts, paragraph 3 Section 7

15


As a member of the INTOSAI, it is the responsibility of the COA to adhere to applicable standards of INTOSAI and other international body. Section 2.1.2 of the Restructured General Auditing Standards requires that SAI should adopt policies and procedures on recruitment, development, training and advancement of auditors.

Parameters:

The COA should have established policies and procedures regarding:10

(i) recruitment of personnel with suitable qualifications; and

(ii) professional development, training, and motivation of employees.

The COA should periodically review results of training and professional development programs to evaluate whether such programs are being conducted effectively and are accomplishing objectives.

The COA should establish performance-based promotion and advancement system, and link performance management with personnel welfare and benefits.

The COA should assign the responsibility for the professional development function to a person or office with appropriate authority.

The COA should have programs that promote the well-being of its employees.

3.3. Audit Methodology and Standards

Desired condition: The COA’s audit processes should be based on international standards promulgated by IFAC and INTOSAI and other international best practices. (ISSAI 200 Paragraph 1.13)

10 INTOSAI Restructured Auditing Standards, Chapter II (relating to recruitment)

16


The COA’s top management should regularly assess and refine its audit methodologies, processes and procedures and all other institutional factors affecting its mission, vision, goals and strategies, and core values.

Parameters:

The COA’s auditing standards should be in consonance with international standards;

The COA should ensure that applicable standards are followed on both pre-issuance reviews and post-audits as part of its internal quality assurance mechanism.

The COA’s audit methodology should be supported by manuals, guidance and other job aids.

The COA should regularly update such manuals, guidance and job aids.

3.4. Internal Governance

Desired condition: The COA’s top management should ensure that the institution’s decision making and control mechanisms function economically, efficiently, and effectively to be a model organization in promoting good governance. (ISSAI 200 Paragraph 1.15)

Continuously improving quality through various policy measures remains the most important role for the top management. “SAIs should ensure that their human and financial resources are used in the most efficient way to secure the effective exercise of their mandate. To this end, SAI management will need to develop and institute appropriate policies and measures to help guarantee that the SAI is competently organised to deliver high quality and effective audit work and reports.”11

11 Prague recommendations on Quality Management – Functioning of SAIs in the context of

European integration.

17


The sub-element of internal governance follows:

Leadership and Direction Strategic and Operational planning Oversight and accountability (prepare discussion) Code of conduct Internal controls Quality assurance

Parameters:

Leadership and direction

The COA should formulate its:

Vision Mission Core values

Strategic and operational planning

The Commission Proper should lead the regular holding of strategic planning conference;

The strategic planning conference should be held every three years and participated in by the Directors III and above;

The results of the planning conference should be cascaded to the operational level.

18


Oversight and accountability

The Chairperson should assign the responsibility for the monitoring of the quality control system to a particular Office whose Head and staff have:

sufficient and appropriate experience and ability to identify and understand quality control issues; and develop appropriate policies and procedures

necessary authority to assume responsibility the responsibility to conduct on-going

periodic inspection of completed engagements

Code of conduct

The COA officials and employees should comply with its Code of Ethics for Government Auditors.

Internal control

The COA management should put in place a sound internal control system.

Quality assurance

The COA should establish an independent quality assurance mechanism that would ensure that the quality control system is:

operating effectively; complied with; and done at regular intervals

The COA should conduct institutional level QAR every three years and engagement level QAR continuously.

19


3.5. Corporate Support

Desired condition: The COA should ensure timely delivery of support services and infrastructure to its audit sectors/clusters/regions/divisions/sections/ auditing units. (ISSAI 20 Principle 8)

Effective performance of audit work is dependent on the timely and adequate provision of corporate/ administrative/office support. Following are some of the key areas of such support. The sub-element of corporate support follows:

Financial resources Infrastructure Technology Support Services

Parameters:

Financial resources

The COA should have adequate funds to sustain its operations.

The COA should maximize the use of its available financial resources.

Infrastructure

The COA should provide adequate infrastructure to all offices including those in the regions composed of:

adequate office space basic office furniture, fixture and equipment

Technology

To function efficiently and effectively, the COA should adapt to modern technology such as:

telecommunications information technology (IT) systems internet and intranet

20


general office support hardware with operating software

general office support application software such as:

information and decision-making systems software for planning and conducting audit documentation and reporting

Support services

The COA should provide support services such as

secretarial assistance security transportation event management office and IT supplies

3.6. Continuous Improvement

Desired Condition: The COA should be abreast and ready to address current and emerging issues and take advantage of new opportunities.

The sub-elements of continuous improvement follows:

Professional Staff Development Research and Development Organizational Development Change Management

Parameters:

The Government Auditing Code of the Philippines (PD 1445) should be kept abreast with the international standards.

The Government Accountancy Sector (GAS) should be able to address emerging issues in the rapidly changing accounting environment.

The COA should update its strategic plan at periodic intervals to make sure that its efforts are aligned to the major auditable issues facing the country.

21


The COA should continuously upgrade its organizational capacity and competence of its personnel to remain abreast of developments in the field of accounting and auditing.

Change management actions should be integrated with any action plan for initiating new approaches.

3.7. External Stakeholder Relations

Desired condition: The COA should establish and sustain effective working relationship and communication with external stakeholders to ensure higher impact of its audit reports and services.

The COA’s stakeholders include the audited entities, congress, political executives, public, peers (other SAIs), donors, international organisations, media, professional and academic institutions, private sector auditing firms and others who have an interest or are affected by its products and services.

Parameters:

The COA should sustain effective working relationship and communication with external stakeholders to ensure impact of its audit reports and other products and services.

The COA should conduct stakeholder analysis to identify its significant stakeholders and their interests and influence on the COA’s functioning.

The COA should implement measures to establish and maintain such relations with them that will help to leverage its efforts without compromising its independence and objectivity.

The COA should develop and disseminate a standard document on external stakeholder protocols to sustain effective working relationships with them.

The inter-relationship between the COA and the external stakeholders is presented in Appendix 1.

22


3.8. Results

Desired condition: The COA should deliver timely quality audit reports and services that will promote accountability and transparency in the public sector; result in more efficient management and utilization of public resources and contribute towards good governance.

The Commission shall submit to the President not later than the last day of September of each year an annual report on the financial condition and results of operation of all agencies of the government which shall include recommendations of measures necessary to improve the efficiency and effectiveness of these agencies.12

Parameters:

The COA should implement mechanisms for measuring the quality of its audit reports and services which includes the following factors:

Progress that management has made in reducing the number of unresolved errors and irregularities identified during audits

Percentage of audit recommendations accepted by auditees

Percentage of audit recommendations implemented by auditees

Extent of satisfaction of auditees with the COA’s audit reports and services

12 Section 41, PD 1445

23


Chapter 3: QUALITY ASSURANCE PROCESS

1. INTRODUCTION

The COA has the power, authority, and duty to examine, audit, and settle all accounts pertaining to the revenue and receipts of, and expenditures or uses of funds and property, owned or held in trust by, or pertaining to, the Government, or any of its subdivisions, agencies, or instrumentalities, including government-owned or controlled corporations with original charters, and on a post-audit basis.13 For that reason, it is required that the COA has its QA policies and procedures and a system in place.

2. OBJECTIVES OF THE QA FUNCTION

Consistent with ISQC1 and AQMS of ASOSAI, the main purpose of the quality assurance function is to identify weaknesses and/or breakdowns in quality controls at both the institutional and engagement levels and suggest strategies for addressing those weaknesses and /or breakdowns. To achieve this, some of the main issues for consideration are:

Institutional level

If the COA’s legal framework is sufficient to meet the independence and mandate expectations of the Philippine Constitution, PD 1445 and Lima Declaration;

If the quality of system and practice contribute to the

governance of the COA; If the process and system to recruit, develop and

manage the human resources meet the mandate of the COA to ensure that there are sufficient, competent, motivated staff to discharge its function effectively;

If the audit methodology and practices are based on

international auditing standards and aligned with the international best practices;

13 1987 Philippine Constitution, Article IX-D, Section 2 (1)

24


If there are ways to strengthen internal administration

and support services; If the COA is effectively addressing current and

emerging issues and taking advantage of new opportunities;

If the status of relations with key external stakeholders

and need for improvement, if any; and If the quality of audit reports and services and their

impact on the accountability and transparency in the public sector result in the overall improvement in the financial management practices of the government.

Engagement level

If required quality controls are in place and working effectively;

If the quality of the audit practices and reports identify

potential ways of strengthening or otherwise improving the controls;

If proper documentation for the control procedures exist; If the audit is properly planned and whether risks are

identified and received the appropriate attention; If sufficient work is performed to support the opinion in

the audit reports; If the working papers are in accordance with the COA

policies and procedures; If conclusions are properly explained and supported by

audit working papers; If audit opinions are fully supported and documented in

working papers; and If the financial statements are presented in accordance

with government accounting and other relevant

25


regulations and determine if the audit report issued is appropriate.

3. AUDIT PROCESS OVERVIEW

Under the Integrated Results and Risk Based Audit (IRRBA) methodology being adopted by the COA, the steps in the audit process can be broadly grouped into the following phases:

Phase 1- Strategic Planning and Risk Assessment

This phase covers the first integration point wherein all the COA audit services namely: Financial and Compliance Audit, Agency-based Performance Audit, Government-wide and Sectoral Performance Audit and Fraud Audit, will meet through a common strategic planning and risk identification process. The IRRBA requires the COA to conduct Strategic Planning annually. The elements and processes used under this phase are captured from the Planning, Finance and Management Sector (PFMS) manual to show the linkage of Strategic Planning of the COA as an “agency” to the IRRBA’s Strategic Planning and Risk Identification of the COA as an “auditor.” The IRRBA Manual does not supersede any activity presented in the PFMS Operations Manual.

Phase 2- Agency Audit Planning and Risk Assessment

Agency Audit Planning and Risk Assessment, is designed to promote the consistent implementation of the IRRBA methodology and standard disciplined team-based approach to audit planning, emphasizing the early development of risk assessments and the audit strategy.

Phase 3- Delivery

Delivery phase is divided into two parts: (1) Execution and (2) Conclusion and Reporting. This phase covers procedures in designing and executing audit tests, evaluation of results and communicating the same to the agency management.

26


Phase 4 – Monitoring (Quality Control System)

The Monitoring phase of the IRRBA approach is a roadmap for the COA to maintain the delivery of quality audit service to the public. The COA should establish a QCS that will promote an internal culture recognizing that quality is essential in performing all audit works.

4. QAR PROCESS

The QAR process generally involves the standard four phases of a project cycle as shown in the diagram below.

Figure 3: QAR Process

4.1. Planning the QAR

The planning process involves preparation of an operational plan and selection of the type of review to be conducted according to the conditions present at the SAI.

QAR

PROCESS

PLANNING

CONDUCTING QA REVIEW

FOLLOW-UP ACTIONS

REPORTING

• QAR Plan

• QAR Report

• Action Plan

• Implementation report

• Follow-up report

• Record of findings

• Observations

• Monitoring observations

27


Operational Plan

The SAI’s QA function should prepare an annual operational plan which should be approved by the COA Chairperson. The contents of an operational plan are shown in Appendix 2.

Types of QARs

The two types of QAR are internal and external reviews, which are described below:

Internal review

This is a periodic review performed by persons within the organization, with knowledge of the audit procedures, practices and standards. This could be conducted by an established QAO or through a peer review mechanism involving different divisions / units / sections.

External reviews

In external review, a peer SAI, private auditing firm or management consulting firm or academic expert could be asked to undertake a QAR.

These reviews should be performed by qualified persons who are independent of the organization and who do not have any real or an apparent conflict of interest.

A discussion of a Peer QAR is shown in Appendix 3. A sample Terms of Reference (TOR) for a Peer QAR of a SAI is shown in Appendix 4.

4.2. Conducting the QAR

In conducting the QAR, the following steps are to be undertaken:

1. Compile the existing COA policies and procedures on quality control.

28


2. Determine if the existing COA policies and procedures on quality control meet the requirements of ISQC1 by accomplishing the Quality Control System Checklist (QCSC-Appendix 5).

3. Update the Quality Assurance Review Questionnaire (QARQ) - Institutional Level (Appendix 6) by considering the requirements under existing policies and procedures on quality control.

4. Determine if the existing COA policies and procedures on quality control are complied with by accomplishing the updated QARQ.

5. Determine if the existing COA audit methodology meet the requirements of international standards by accomplishing the Financial Audit Methodology Checklist (FAMC-Appendix 7).

6. Determine if the existing COA audit methodology is complied with by accomplishing the QARQ –Engagement Level (Appendix 8).

7. Validate deficiencies noted under the “no” columns in the QARQ, both at the firm and financial audit level, and identify root cause/s by employing other data gathering techniques such as:

Document review Physical Observation Focus group discussion Interview Getting information from the COA’s external

stakeholders Content analysis of qualitative data

QA findings and observations must be supported by sufficient, relevant and reliable evidence. Working papers of the QAR team should be documented methodically for easy referencing.

29


4.3. Reporting Findings and Recommendations

Based on the observations and findings, the quality assurance review team should prepare the QAR Report. The draft findings and recommendations should be discussed with senior management of the COA before inclusion in the final report. The report should include a summary of observations and recommendations.

To facilitate the preparation of the QAR report, the following steps are suggested:

1. Prepare a draft report outline 2. Prepare the draft QAR report 3. Discuss the summary of findings with the

Chairperson 4. Finalize the QAR Report

Preparing a draft report outline

1. Accomplish the Templates For Findings by Elements -Institutional Level and/or Template for Individual Finding by Audit Phase – Engagement Level (Appendix 9) by providing the following information:

Negative observations: All material negative observations should be recorded precisely by stating the nature and extent of the findings.

Cause: The reason for identified findings and problems which form the basis for making appropriate recommendations.

Impact: This attribute identifies the real or potential effect of the findings. The review team should consider how existence of problems or findings may influence the COA’s policy, independence and audit processes in the future.

Comment made by the Director IV: The reviewer should obtain and record remarks/views from the concerned Service Chiefs on the observations made.

Recommendation: The recommendation states what needs to be changed or rectified.

30


Name of reviewer: The name of the reviewer who conducted the review and made the recommendation must be stated and signed and dated.

The Assistant Commissioner, PIDS must ensure that all observations are completed, correctly stated, signed off and dated on the Form(s).

2. Consolidate the individual findings for institutional level assurance review in the Template for QAR Report Outline – Institutional Level and the individual findings for engagement level in the Template for QAR Report Outline – Engagement Level (Appendix 10) by providing the following information:

Template for QAR Report Outline – Institutional Level. This form records each material finding, the corresponding risk assessment, likely impact, probable causes, SA’s comments and the QA team’s recommendations. The reviewer should evaluate the error/risk using the following categories:

a. High risk – signifying fundamental failures where for example, the audit opinion or key conclusions are incorrect;

b. Medium risk – identifies where information provided to the reader of the audit report is omitted or information that is not important is included;

c. Low risk – other matters such as poor referencing or evidence of review.

Template for QAR Report Outline – Engagement Level. This form summarises all findings (including positive findings). The form should be accomplished by providing the following:

a) Quality Assurance Questionnaire (QAQ) reference: QAQ reference has a combined reference consisting of:

31


i) the reference number allocated to the completed QAQ; and

ii) the different items checked on the QAQ. For example, if the reference allocated to the completed questionnaire is (V) and the absence of the letter of engagement (item No. A.1 in the QAQ) on file was observed during the review, the reference which should be recorded on the Quality Assurance Review Recording Form (QARRF)is (V) A.1.

b) Positive observation: This pertains to the good practices of the audit team.

c) Negative observations: Include all material negative observations including the nature and extent of the finding.

d) Impact e) Recommendations

3. Discuss the findings with Cluster/Regional Director and obtain feedback documenting the same in the working papers.

Preparing the draft QAR report

With the aid of the Templates for QAR Report Outline for both Institutional and Engagement Level, the team prepares the draft QAR report (template for draft report-institutional level is attached as Appendix 11) with the following contents:

Table of contents

Executive summary – covers only the highlights of the report and contains only the following:

Brief background; Significant observations, and Key recommendations

The Executive Summary should not be a simple repetition of sections from the main body of the report.

32


Introduction - contains the background, objectives and purpose of the review work.

Approach and methodology used - This would include the actual work done and the procedures followed by the quality assurance review team. It would cover items such as:

The frameworks used Main data gathering techniques used Limitations, if any, of the approach

Findings and Recommendations (main body of report) - this includes the following items under each element of the frameworks used:

Desired condition – The team may consider the desired condition for each ISQC1 and ISA 220;

Current situation – This should be a brief description of the existing policies and processes relating to the ISQC1 and ISA 220 elements;

Weaknesses – These are the gaps between desired condition and current situation;

Factors contributing to the weaknesses – these are the factors identified that would form the basis for recommendations; and

Recommendations - Suggestions for improvements in future Assurance Quality policy of the COA. The recommendations should be clear, meaningful and practical.

Overall conclusion – The review team’s opinion after considering all the information about observation.

Management response – Management’s comments to the overall conclusion and recommendations

Annexes – These are generally supporting information about the report.

33


Discuss the summary of findings with the COA Chairperson

The QAR team leader should discuss with the Chairperson the summary of findings and recommendations.

Finalizing the report

The Assistant Commissioner of PIDS and the QAO Directors and Service Chiefs/Staff, as members of the team, should meet to discuss the comments obtained during the discussion with the COA Chairperson and consider in the preparation of the final report all the points taken-up during discussions/meetings. The report should be signed by the Service Chief, as prepared by; reviewed by the Director and approved by the Assistant Commissioner, PIDS.

4.4. Follow-up

Appropriate follow-up actions of the QAR report should be undertaken either by the QA Office or other internal Committees especially formed for the purpose. Such responsibility can also be passed on to the same external QA review team by incorporating an appropriate clause in the TOR.

Based on the QAR report, the concerned offices subjected to QAR should prepare and implement the Action Plans to implement the recommendations of the QAR team. The Action Plans will facilitate undertaking proper follow up of the QAR report. A sample Quality Assurance Follow-up Action Plan (QAFAP) is attached in Appendix 12.

4.5. Annual Accomplishment Report on QA

The QA office or the staff member responsible for QA should produce an annual accomplishment report to be submitted to the COA Chairperson. The report should contain the following information:

34


Introduction

- Objectives, scope and approach of the reviews - Periods covered - Statistical information on the number of

reviews conducted and reports submitted compared to previous years to show trends;

A summary of the findings (observations)

- common issues - effects - causes - recommendations and action plans to

address the shortcomings

Conclusion

As a good practice, a periodic progress report shall be submitted to the COA Chairperson to bring to his attention important matters such as break down in QC.

35


Appendices

36


Appendix 1

THE COA-EXTERNAL STAKEHOLDERS RELATIONSHIP

The following table briefly lays out the COA-External Stakeholders Relationship by giving the requirements of the external stakeholders and key mechanisms to maintain it:

Stakeholder Requirement of the stakeholders

Key mechanism

Audited entities To provide value added information to enhance the performance of the entity

Audit Reports Management letters Independent Auditor’s

Report Congress For effective oversight on

the executive Audit reports and

briefing sessions Public Provide assurance for

the performance of the executive

Web sites, media reports and direct correspondence

Peers (other SAIs )

For knowledge sharing & organizational development

Training assistance Peer review

Donors Internal governance Assurance on the

utilization of specific donor funding

Access to the COA practices

Audit reports & certificates

International Organisations

To fulfil the commitments with regard to organizational development

International & regional workshops, seminars, board meetings etc.

Media Reliable knowledge source

Press notes, releases, interviews

Professional & Academic Institutions

To maintain the certain standards for training and continuous development of the staff

Contracts and other agreements

Private sector auditing firms

Effective planning for allocated audit & to provide guidance for all public sector / government audit

Training interventions & contracts

37


Appendix 2

CONTENTS OF A QAR PLAN

Scope and approach of the review

The scope of the review should include the TOR for the review. The TOR for conducting the review will be different depending on the type of the review to be conducted (pre-issuance or post audit, internal or external). Furthermore, the nature of the review whether it is at the institutional or engagement level should be specified.

The SAIs can also consider reviewing the audits if significant shortcomings were identified during the previous year to ensure that all the shortcomings identified have been addressed by the audit team.

Types of the review to be conducted during the year

The reviews will include both the Institutional Level Review (ILR) and the Engagement Level Review (ELR).

Timings of the review

Generally, the individual audit level reviews can be conducted every year depending upon the availability of the resources. However, institutional level review needs longer time and ideally, after conducting such review for the first time, it can be conducted at least once every three years, preferably as part of the next strategic planning cycle of the SAI.

Budget for the review

The QA function needs to have sufficient resources to conduct the reviews and so a separate budget for the reviews should be approved by the head of the SAI annually.

Team leader for each review and selection of team

Ideally, a service chief/team leader should be nominated for each review and the review team (as explained in Chapter 2), should consist of staff with suitable qualifications and experience to conduct these reviews depending on the type of review.

38


Special consideration if any

The period to be covered and methodologies and checklists to be used would be different depending on the level (institutional level or engagement level) at which the review would be conducted. It would also depend upon the particular area of the level which will be covered under the QAR.

39


Appendix 3

PEER REVIEW

A peer review is performed by an independent normally external entity to evaluate whether an organization’s internal quality control system is suitably designed and is operating effectively. The peer review involves testing the entire quality control system and the peer reviewers will have to allow the entire system to operate before reaching their conclusion. The peer review is designed to provide reasonable assurance that SAI’s quality management policies and procedures are suitably designed and operating effectively.

Scope of peer review

The scope of the peer review should cover the determination of whether:

the auditing services performed are in accordance with the SAI's auditing standards, departmental manuals and policy instructions;

the standard, manuals, instructions and systems enable the SAI to fully execute the audit mandate and its duties; and

the auditing methodologies and practices conform to the best international practices.

Requirements for peer review

To be eligible to review, the peer should meet the following requirements:

Each member of the review team should have good knowledge of auditing standards, the government environment relative to the work being reviewed and the methods and techniques of performing a peer review;

The review team should be independent of the audit organization reviewed, its staff and the audits selected for peer review; and

Separate TOR need to be drawn up for each of the areas to be reviewed and the scope of review should be clearly defined.

Conducting peer review

The peer review team will develop a plan and programme for conducting the work. The SAI will provide the review team with all necessary documentation, manuals, policy instructions and guidelines

40


etc. The peer review should be based on SAI’s audit documentation and interviews of the SAI’s staff members. The peer reviewers will not interview staff of the organizations, which the SAI audits or have access to their records. In addition, they will not interview or survey readers of the SAI reports, including legislators.

The peer review team will also rely on internal QAR and internal audit reports to reduce the scope of its work. The peer review team will treat the inspection report and its findings as part of the evidence for reaching its opinion. The peer review team leader will provide a briefing for SAI top management before issuing the report. The briefing will allow for discussion and suggestions to improve SAI’s quality control system and procedures.

Reporting the results of the Peer Review

The review team should communicate the results of the peer review in writing. The report should indicate the scope of the review, including the limitations. It should express an opinion on the organization’s system of internal quality control. When there are expressions of opinion on inadequacies of internal control, the review team should report a detailed description of the findings, recommendations and suggestions to improve the SAI’s quality control system, either in the peer review report or in a separate letter of comment or management letter, to enable the reviewed organization to take appropriate action. The peer review should identify areas for improvement in the quality of audit, including planning, evidence gathering, documentation, reporting, etc. as well as overall performance of the SAI. The peer reviewers will issue their report to the SAIs top management. A senior management functionary of the SAI should be made the point of contact for the peer review and the contact person will be responsible for disseminating the findings of the peer review within the SAI for appropriate action by the concerned groups and monitoring the progress of implementation of its recommendations. A periodic report will be placed before the top management of the SAI to this effect.

41


Appendix 4

TOR FOR PEER QA OF A SAI

1. INTRODUCTION

The INTOSAI is increasingly emphasizing the importance of QA activities of SAIs. Standards and more importantly the extent to which the SAIs comply with standards, are continuously reviewed and regarded as an important component of good corporate governance practices. The ASOSAI has incorporated several QA activities in its work plans and is eager to support SAIs in establishing/enhancing QA systems, procedures and working methods. The SAI of ______ requested to make use of QA visits and the arrangements for the visit were thereafter initiated.

2. MAIN OBJECTIVE

The main objective of the visit is to assist the COA to determine whether its audits comply with international standards and make recommendations on how the quality of audits could be improved. In addition, the resource team will assess the QA system implemented at the COA and will make recommendations.

3. SPECIFIC OBJECTIVES OF THE QUALITY ASSURANCE VISIT

The following aspects will be addressed during the support visit:

• Quality control reviews on specific audits;

• Collect findings and report back to the COA Chairperson;

• Assess the quality assurance system at the COA and make recommendations to the COA Chairperson on functionality and appropriateness;

• Train quality control reviewers;

• On-the-job training exposure to reviewers on how to go about a review.

42


4. DATE OF THE REVIEW VISIT

The review visit will take place from _______to _______. The review team will be on site at the Office of the head of SAI of _______ during this period and, in collaboration with staff identified for this purpose, will execute the activities agreed to in items 2 and 3 of the TOR.

5. REVIEW TEAM

The review team will consist of the following members:

Team member 1 - SAI of _______




Team member 1 will act as the project leader and, in consultation with team members, will focus the activities towards achieving the objectives of the review visit. The COA will identify counterparts within its organization to work alongside the resource team with the view to transferring skills. The COA will also be responsible for providing the necessary logistical and administrative support to the resource team in order to fulfil their responsibility for achieving the required objectives of the visit.

6. METHODS OF WORK

The resource team will conduct the quality assurance review by using the following tools, techniques or procedures:

The COA QMS; Give feedback to Assistant Commissioner or

Cluster/Regional/Office Directors and audit teams; Assess the QA of the COA; Conduct interviews with staff and officials of the COA (if

needed); Deliver a presentation to the COA Chairperson and senior

officials on findings and recommendations; and Draft a report on the review visit and the course of action

agreed upon with the Chairperson.

43


7. EXPECTED OUTPUTS

Upon completion of the review visit, it is expected that the resource team would have reviewed a considerable number of audit files and given feedback to the responsible director and the audit team. From the review the team will:

Collect findings and present them to the COA Chairperson and management team with analysis and possible recommendations.

Assess the QA system of the COA with recommendations made to the COA Chairperson and top management.

Ensure that quality reviewers identified by the SAI are trained in theory and in practice; and

Draft an action plan which is agreed upon with the Auditors General.

8. REPORTING

The review team will give a verbal debriefing to the COA Chairperson and the management at the end of the assignment. A written report will be presented to the COA Chairperson not later than two weeks after completion of the assignment. Team Member 1 will be responsible for compiling the report.

__________________________________

Head of SAI

44


Appendix 5

QUALITY CONTROL SYSTEM CHECKLIST (QCSQ)

1. Execution of QA review is carried out in accordance with policies, standards, manuals, guidelines and practices of SAI;

2. QA team have a sound understanding of techniques and procedures for gathering information such as inspection, observation, enquiry, etc. to collect evidence;

3. All phases of QA review have been carried out as planned and approved;

4. Valid explanations are available for non-implementation of any phases of quality controls procedures;

5. Appropriate approval exists for significant deviations that have taken place from approved quality control procedures;

6. Staff resources used for QA are largely in line with those planned in terms of time, grade of staff and expenses entailed;

7. Appropriate techniques and procedures are used to fulfil QA objective in order to provide for effective evidence;

8. Ensuring that all envisaged tests for evaluation and reliability of internal controls are used during audit process;

9. The team leader should evaluate the effect of deficiencies noted as a result of the monitoring process and should determine whether:

The review complies with QA standards; or Systemic, repetitive or other significant deficiencies

during the review that require prompt corrective action;

10. Ensure that appropriate analytical procedures are used and the reliability, independence and quality of relevant supporting data is assessed during audit process;

11. Sampling methods are used according to QA standards and manuals;

12. All tests of transactions clearly indicate QA objectives, adequately explain the nature and extent of QA work and provide an overall conclusion as to results of QA work;

13. QA steps and procedures have been designed to obtain sufficient, reliable, and relevant evidence;

14. Full investigation is made of all queries during QA; 15. Existence of adequate working papers in respect of:

Evaluation of internal controls systems; QA tests of routine procedures; and Tests of controls.

Q

45

Quality Assurance in Financial AuditingQUA LITY ASSURANCE IN FINANCIAL

Appendix 6

QUALITY ASSURANCE QUESTIONNAIRE (QAQ) INSTITUTIONAL LEVEL

OFFICE/CLUSTER DIRECTOR DATE OF REVIEW FINDINGS DISCUSSED ON DIRECTOR/ ASST. COMM. DATE REVIEWER DATE

If the finding to a particular question is positive, a tick mark should be inserted in the “YES” column.

If the finding is negative, a tick mark should be inserted in the “NO’ column, followed by an appropriate reason/explanation in the remarks column. In such an instance, reference should be made to either the minutes of the discussion of the findings with management. Instances may be found where the answer to a question is “NO”, but that the situation was still within the scope of INTOSAI Auditing Standards (e.g. non-compliance with the COA methodology, although still within scope of INTOSAI Auditing Standards). This should clearly be spelt out and reported accordingly.

If a question is not applicable, a tick mark should be inserted in the “not applicable” column, together with an adequate explanation.

I. INDEPENDENCE AND LEGAL

FRAMEWORK (Inclusive of Ethical requirements)

The COA should maintain its independence and perform its mandate as provided for under the 1987 Constitution and PD 1445 consistent with ISSAI 1, INTOSAI’s Lima Declaration on Auditing Precepts, and ISQC1

YES NO N/A COMMENT W/P Ref.

46



REF: LIMA and Mexico DECLARATION Sections 4, 5, 10, 17 19, 23, & 24 ISQC 1 Par 25

Independence 1. Is there a fixed term of office for the

Chairperson and two Commissioners?

If Yes, please specify term.

____________________________

2. Do the Chairperson and two Commissioners have legal immunity in the normal discharge of the duties?

If No, please specify.

____________________________

3. Does the COA submit its budget directly to Congress without going through the Department of Budget which is its auditee?

4. Is the COA entitled to use and re-allocate the funds allotted to them under a separate budget heading in ways that they consider to be appropriate?

5. Is the COA's budget reviewed and approved by Congress?

If No, please specify

___________________________

6. Is the COA free to determine the nature of its organizational structure and functional process without outside interference?

7. Is the independence of the COA Chairperson laid out in the constitution or PD 1445?

If not, please provide explanations

regarding the basis for the

independence of the Chairperson.

47



8. Is the Chairperson protected by Law for his/her audit report?

Please provide the relevant clause of the

law.

9. Is the procedure for removal of the COA Chairperson embodied in the constitution or law?

10. Are the Audit staffs of the COA independent from the Audited entities i.e. are they working for the audited entity?

Mandate ( Legal Framework) 11. Is there a constitutional provision

regarding the appointment of the Chairperson?

12. What is the legal basis of the COA’s mandate? a. Constitution b. Special law other than the

Constitution c. Others (Please specify.)

13. Does the COA submit its Annual report to Congress?

If no, please specify

____________________

14. Which body is responsible for assessing whether the COA is achieving its mandate a. Congress b. President c. Department of Finance d. Others (specify)

15. Does the COA have audit jurisdiction to

audit the following bodies? (Tick as many boxes as appropriate.) a. National government agencies

(Departments and Bureaus) b. Congress c. Judiciary d. Intelligence agencies

48



e. Armed forces f. Police department g. Local government units (cities,

provinces, municipalities) h. Government-owned or controlled

corporations / companies i. Bodies / autonomous bodies not

owned but substantially funded by the government or from the State Budget

j. Foreign agencies and enterprises with whom the State has joint venture agreements

k. Agencies to whom performance and delivery of public services is contracted out

l. Others (Please specify.)

16. Does the COA have an unrestricted access to the information?

17. Is there a constitutional provision regarding the appointment of the Chairperson?

18. Does the COA have the legislative mandate to carry out the following types of audit? (Please mark at relevant rows.) a. Financial audits b. Audit of compliance with laws

and regulations c. Value-for-Money audits d. Concurrent audits (for example,

audit during implementation of a project)

e. IT Audit f. Environment Audits g. Privatization Audits h. Others (Please Specify)

19. Are the above audits specifically mentioned in the COA’s mandate? If No, Please specify. _________________________

20. Are there any government entity/(ies) not audited by the COA?

49



If yes, please specify. ________________________

21. Do the COA personnel have unrestricted access to information?

If No, please specify. _________________________

50


II. HUMAN RESOURCES

COA should have adequate number of competent and motivated staff to discharge its functions effectively (ISSAI 200 Paragraph 1.3 and 1.5).

YES NO N/A COMMENTW/P Ref.

REF: Human Resources ISQC1 par 36

– 41

1. Does the COA establish policies and procedures to provide it with reasonable assurance that it has sufficient personnel with the capabilities, competence and commitment to ethical principles necessary to perform its audits in accordance with professional standards and applicable regulatory and legal requirements, and to enable the issuance of reports that are appropriate in the circumstances?

2. Does the COA have an office, section or person in charge of the human resource management?

3. Does the COA have Human Resource Management policies in the following areas? (Please tick as many as appropriate boxes) a. Recruitment b. Retention c. Performance Appraisal d. Career Development and Training e. Well Being f. Performance management

4. Does the COA have an approved job description for each position of the organizational structure?

5. Is the job description kept up-to-date? Recruitment 6. In recruiting personnel, does the COA

specify minimum qualifications as per job description?

7. Are position profiles being tailored to take cognizance of the individual requirements of all positions?

51



8. Has the COA adopted qualification requirements for different level of staff and management?

9. Are there adequate competencies and skills available to meet the requirement for executing the COA's mandate?

10. Is recruitment taking place in a manner that allows management to adequately address the audit needs in that environment? Consider matters such as vacancies, overall skills levels, staff turnover, etc.

Retention In cases where the COA requires expert staff who cannot be recruited on the basis of conditions of the civil service, special arrangements should be concluded with them, placing them outside the regular wage scales.

11. Is retaining qualified staff a problem?

12. Does the COA have a reward mechanism in place that provides incentives to staff members?

13. Which of the following incentives is provided by the COA? a. Naming and honoring the

Auditor(s) of the Year. b. Certificate of Excellence for

outstanding performance c. Financial remuneration / benefits d. Staff remunerations and

promotions to be based on considered assessments of competencies, performance and experience,

e. Other incentives. Please specify

52



Career Development 14. Are the following methods used by the

COA for the development of capabilities and competence: a. Professional education b. Continuing professional education c. Work experience d. Coaching

15. Does the COA have a mechanism in place that takes care of career planning and career development opportunities for staff members?

16. Which of the following career planning and development opportunities does the COA provide for its staff members? (Tick as many boxes as appropriate.) a. Relevant workshops or

seminars b. Professional university courses c. Feedback on job performance d. Merit-based promotions e. Time-based promotions f. Specialization g. Performance feedback and

coaching h. Planned job rotation i. Continuing professional

education j. Phased retirement k. Career counseling about

challenging assignments and possibilities for more exposure and demonstration of skills

l. Assessment techniques and programs to help staff members assess their interests, aptitudes and capabilities and linking the information derived to possible careers and jobs

m. Self-directed and self-development materials

n. Pre-retirement and post-retirement counseling

53



17. Does the COA have a mechanism for identifying technical and management skill gaps?

18. If yes to the above question, does the COA take measure to address the identified gaps?

19. Does the COA have criteria set for promotion and upgrading its employees?

Well Being

20. What type of program is/are in place for staff well being? a. Health care program b. Social activities c. Recreational & sporting facilities d. Fitness programs e. Housing f. Conducive environment g. Counseling services h. Other. Please specify

Performance Management 21. Are performance appraisals being

performed on a regular basis?

22. Is remuneration linked to performance? 23. Does the COA have a mechanism for

communicating job functions or areas of responsibility to its staff?

54


III. AUDIT METHODOLOGY AND

STANDARDS

The COA’s audit processes should be based on international standards promulgated by IFAC and INTOSAI as well as other best practices (ISSAI 200 Paragraph 1.13).


Standards Has the COA formally adopted international accounting and auditing standards?

1. Who determines audit standards? a. The Chairperson of the COA b. Accounting and Auditing

Standards Board c. Professional Body in the Country d. Department of Finance e. Others , please specify

Are these standards aligned to international standards such as (IFAC, INTOSAI, Country specific or Regional standards)?

Manuals and Guidelines 2. Does the COA have audit manuals to

guide staff in the different audit areas like a. Regularity audit, b. Performance audit and c. IT Audit ?

Are the manuals aligned to accepted standards? Please check sample manuals and compare with International Standards.

Are the manuals actually used in the audit process? Please tests check a few samples.

3. Do these manuals and guidelines address the following matters? How engagement teams are briefed

on the engagement to obtain an understanding of the objectives of the audit;

Processes for complying with applicable engagement standards,

Processes of engagement supervision, staff training and coaching;

Method of reviewing the work

55



performed, the significant judgements made, and the form of report being issued;

Appropriate documentation of the work performed and of the timing and extent of the review; and

Processes to keep all policies and procedures current.

Does all staff have access to the manuals? Please verify among several staffs.

Is the manual updated at regular intervals? Please note the last date of amendments.

Does the COA’s manual contain policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrieval of audit documents?

Does the COA have policies and procedures on the retention of audit documentation to meet the needs of the COA and requirements of laws or regulations?

Audit Tools Do staff use audit tools (e.g. Checklists, Computer-Assisted Techniques (CAATS) and Others)?

4. Does the COA use audit automation Software (e.g. Audit Command Language (ACL), Teammate, Case ware & others)? Please specify.

Audit Performance 5. Assignment of Audit Teams

Does the COA assign an audit team director/leader (ATL) to each engagement to take responsibility for that audit on its behalf?

Does the COA establish policies and procedures requiring that: a. The identity and role of the

ATL are communicated to key members of auditee management and those responsible for governance;

b. The ATL has both the necessary capabilities, competence, authority and

56



sufficient time to perform the role; and

c. The responsibilities of the ATL are clearly defined and communicated to that team leader or director?

Does the COA also assign appropriate staff with the necessary capabilities, competence and time to perform audits in accordance with professional standards and applicable regulatory and legal requirements, and to enable the issuance of reports that are appropriate in the circumstances?

Are staff assigned to the team: a. Conversant with all new and

revised audit standards? b. Conversant/up to date with

the latest audit methodology?

c. Conversant with all the COA guidelines?

d. Given access to the up to date audit standards documentation, the COA approach and guidelines on documentation and other relevant documentation?

e. Complying with the requirements of Continued Training (CT)?

f. Knowledgeable of the relevant sectors in which the clients operate?

g. Knowledgeable of the COA’s control policies and procedures?

6. Consultation Does the COA establish policies and

procedures to provide it with reasonable assurance that: a. Appropriate consultation takes

57



place on difficult or contentious items within the COA, with external experts, and with the auditee;

b. Sufficient resources are available to enable appropriate consultation to take place;

c. The nature and scope of such consultations are documented; and

d. Conclusions from consultations are documented and implemented?

7. Differences of Opinion Does the COA establish policies

and procedures for dealing with and resolving differences of opinion within the audit team, with those consulted and, where applicable, between the ATL and the audit quality control reviewer?

Are all conclusions reached being documented and implemented?

Are reports not issued until differences of opinion are resolved?

8. Audit Quality Control Review (AQCR) Does the COA establish policies

and procedures requiring, for appropriate audits, an AQCR that provides an objective evaluation of the significant judgments made by the audit team and the conclusions reached in formulating the report? Do these policies and procedures : o Set out criteria against which

all audits and reviews of historical financial information, and other assurance and related services audits should be evaluated for the purpose of determining whether an AQCR should be performed in each instance; and

o Require the performance of an AQCR for all audits

58



meeting the criteria established with (a) above?

Do the COA’s policies and procedures require the completion of the AQCR before the report is issued?

Does the COA establish policies and procedures setting out: a. The nature, timing and extent

of an AQCR?; b. Criteria for the eligibility of

audit quality control reviewer?; and

c. Documentation requirements for an AQCR?

9. Nature, Timing and Extent of the ACQR Does the AQCR include an

objective evaluation of: o The significant judgments

made by the audit team relating to materiality and significant risks;

o Whether working papers selected for review reflect the work performed in relation to the significant judgments and support the conclusion reached in formulating the report;

o The appropriateness of the report to be issued;

o Other significant matters that have come to the attention of the audit quality control reviewer;

o Significant risks identified during the audit and responses to those risks;

o Whether the appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters;

o The significance and

59



disposition of corrected and uncorrected misstatements identified during the audit; and

o The matters to be communicated to management and those charged with governance and other applicable parties.

10. Criteria for the Eligibility of Audit Quality Control Reviewers Do the COA’s policies and

procedures on the eligibility of audit quality control reviewers address: a. technical qualifications

required to perform the role, including the necessary experience and authority; and

b. The degree to which the audit quality control reviewer can be consulted on the audit without compromising his/her objectivity.

11. Documentation of the AQCR Do the policies and procedures on

documentation of the AQCR include evidencing: a. The procedures required by

the COA’s policies on AQCR had been performed;

b. The completion of the AQCR before the issuance of the report; and

c. That there are no unresolved matters that have come to the attention of the audit quality control reviewer that would cause the audit quality control reviewer to believe that the audit was not performed in accordance with professional standards and applicable regulatory and legal requirements?

60



12. MONITORING a. Does the COA have policies and

procedures requiring an ongoing consideration and evaluation of its system of quality control, including a periodic inspection of a selection of completed engagements?

b. Where the results of the monitoring procedures indicate that a report may be inappropriate or that procedures were omitted during the performance of the audit, does the COA have policies requiring that actions be taken to comply with relevant professional standards and regulatory and legal requirements?

c. At least annually, does the COA communicate the results of the monitoring of its QCS to audit directors/team leaders and other appropriate individuals within the COA including the Chairperson?

IV. INTERNAL GOVERNANCE

The COA’s top management should ensure that the institution’s decision making and control mechanisms function economically, efficiently, and effectively to be a model organization in promoting good governance. (ISSAI 200 Paragraph 1.15)


Leadership and direction 1. Does the COA top management set the

appropriate tone and direction for the organization, with regard to: Accountability, Integrity and Reliability?

2. Does the COA have stated vision and mission?

61



3. Does the COA have short-term and long-term goals?

Please state them here.

4. Does the COA emphasize and promote continuous improvements? Please verify through minutes of meetings.

5. Does the COA have a Standard on Quality and Continuous Improvements?

6. Does the COA establish policies and procedures designed to promote an internal culture based on the recognition that quality is essential in performing engagements?

7. Do these policies and procedures require the Chairperson or, any key official/office, to assume ultimate responsibility for the COA’s system of quality control?

8. Does the COA continuously inspire the staff to comply with the approved standards and procedures and make their best efforts to deliver quality services and products?

Strategic and Operational Planning 9. Does the COA have a strategic plan?

10. Does the COA have an operational plan?

11. Are the plans meeting their objectives? Please compare a sample plan’s objectives with achievement.

12. Is there a mechanism to measure the achievement?

13. Are the staffs at the various levels aware of the plans?

Please test check with sample staffs from various levels.

62



14. Do the CP and Assistant Commissioners have a constructive quality assurance dialogue with the heads of audit functions about audit work being done in the units/sections?

Please ask for relevant minutes of meetings.

15. Do the CP and Assistant Commissioners decide what audits should be commenced? Please verify with relevant minutes of meetings.

16. Do the responsible officials set important quality requirements for the audit? Example of some important quality control requirements includes timeliness and compliance to audit methodology and standards. A checklist of the requirements should indicate what are the quality expectations from the audit engagement.

17. Do the heads of the units/sections maintain and improve the quality for work through a quality improvement plan? Consider quality factors such as: a. Ongoing training program b. Implementation of new

knowledge c. Management of post audit

projects for follow-up purposes d. Recruitment of new people e. Use of highly skilled section

managers f. Improvement of the quality in

audit recommendations

g. Individual auditor training plan in place

h. Competence plan for the audit function

i. System for organizational learning in place?

63



18. Does the COA encourage a culture of quality through such means as: a. Formal or informal dialogue b. Mission statements c. Newsletters d. Briefing memoranda?

19. Do the heads of the units/sections have a constructive quality assurance dialogue with appropriate official about audit work being done?

Consider matters such as:

a. Ongoing discussions during the audit work;

b. Discussion of audit findings; and/or

c. Audit team included in the discussions

20. Are the COA’s policies and procedures addressing performance evaluation, compensation, and promotion designed to demonstrate it’s overriding commitment to quality?

Oversight and Accountability 21. Are mechanisms in place to assess if

the COA has achieved its mandatory obligations? Such mechanism may include: a. Survey b. Study c. Peer reviews d. Feedback from Congress e. Research

64



Acceptance and Continuance of Auditees’ Relationships and Specific Audits

22. Does the COA establish policies and procedures for acceptance and continuance of non statutory auditee relationships and specific audits, designed to provide it with reasonable assurance that it undertakes or continues only those relationships and audits where it: a. Has considered the integrity of

the auditee and does not believe that the auditee lacks integrity;

b. Is competent to perform the audit and has the resources to do so; and

c. Can comply with ethical requirements including those relating to independence where applicable?

23. Does the COA obtain such information as it considers necessary in the circumstances before accepting a non-mandatory audit, and when deciding whether to continue an existing audit, and when considering acceptance of a new audit with an existing auditee. Where issues have been identified, and the COA decides to accept or continue the auditee relationship or a specific audit, does it document how the issues were resolved?

65



24. Where COA obtains information that would have caused it to decline a non-mandatory audit if that information had been available earlier, do policies and procedures on the continuance of the audit and the auditee relationship include considerations of: a. The professional and legal

responsibilities that apply to the circumstances, including whether there is a requirement for the COA to report to the person or persons who made the appointment or, in some cases, to regulatory responsibilities; and

b. The possibility of withdrawing from the audit or from both the audit and the auditee relationship.

25. Does the COA report on its performance?

26. Does COA publish its annual report? 27. Does COA make its annual report

public?

28. If yes, does it use any of the means below? a. Through its website b. Newspapers

c. Circulation of copies to stakeholders

29. Is the performance report of the COA audited?

30. Are the COA’s accounts externally audited?

31. Does the COA voluntarily participate in peer/external review?

Code of Conduct 32. Is there a documented Code of Ethics,

adapted to the COA’s environment, in place covering the issues in INTOSAI Code of Ethics?

33. Is the above code adhered to? 34. Are there procedures to ensure that the

66



Code of Ethics is adhered to? 35. Does the COA ensure that all auditors

comply with its requirements which relate to integrity, objectivity, professional competence and due care?

Ethical Requirements 36. Does the COA establish policies and

procedures designed to provide it with reasonable assurance that the COA and its personnel comply with relevant ethical requirements such as the following: a. Integrity; b. Objectivity; c. Professional competence and

due care; d. Confidentiality; and e. Professional behaviour?

37. Does the COA establish policies and procedures designed to provide it with reasonable assurance that the COA, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the COA and other personnel), maintain independence where required by the Code and national ethical requirements? Do these policies and procedures enable the COA to: a. Communicate its independence

requirements to its personnel and, where applicable, others subject to them; and

b. Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement?

67



38. Do the policies and procedures require: a. Private auditors engaged by the

COA to provide relevant information about client engagements, including the scope of services, to enable the COA to evaluate the overall impact, if any, on independence requirements;

b. Personnel to promptly notify the COA of circumstances and relationships that create a threat to independence so that appropriate action can be taken; and

c. The accumulation and communication of relevant information to appropriate personnel so that:

i. The COA and its

personnel can readily determine whether they satisfy independence requirements;

ii. The COA can maintain and update its records relating to independence; and

iii. The COA can take appropriate action regarding identified threats to independence on specific changes?

39. Does the COA have policies and procedures to provide it with reasonable assurance that it is notified of breaches of independence requirements and appropriate actions are taken to resolve such situations?

40. Does the COA obtain, at least annually written confirmation of compliances with its policies and procedures on independence from all personnel

68



required to be independent? 41. Does the COA have criteria for

determining the need for safeguards to reduce the threat of familiarity with auditee to an acceptable level when using the same senior personnel on an audit engagement over a long period of time?

Complaints and Allegations 42. Does the COA have procedures to

handle complaints & allegations concerning failures to comply with professional standards and regulatory requirements or non-compliance with the COA’s system of quality control ?

43. Does COA do follow-up and investigate all complaints and allegations?

Quality Assurance 44. Does the COA evaluate the effect of

deficiencies noted as a result of the monitoring process and determine whether these are either: a. Instances that do not

necessarily indicate that the COA's system of quality control is insufficient to provide it with reasonable assurance that it complies with professional standards and regulatory and legal requirements, and that the reports issued by the COA are appropriate in the circumstances; or

b. Systemic, repetitive or other significant deficiencies that require prompt corrective action?

45. Does the COA communicate to relevant ATLs and other appropriate personnel deficiencies noted as a result of the monitoring process and recommendations for appropriate remedial action?

69



46. Does the COA’s evaluation of each type of deficiency result in recommendations for one or more of the following: a. Taking appropriate remedial

action in relation to an individual audit or auditor;

b. The communication of the findings to those responsible for training and professional development;

c. Changes to the quality control policies and procedures; and

d. Disciplinary action against those who repeatedly fail to comply with the policies and procedures of the SAI?

47. To what extent does the COA implement effective QA processes for its work?

48. Is there a QA system in place?

49. Is there a dedicated unit responsible for QA?

50. Is the QA system addressing all dimensions of the COA?

51. Are QA results used to improve performance of the COA?

52. Does the COA have a QA manual? 53. Does a quality control review plan

(QCRP) get submitted on time?

54. Does the QCRP comply with the strategy on the selection of files (with special cognisance of audit risk profiles)?

55. Does the QCRP comply with the strategy on the identification and selection of reviewers?

56. Have all reviewers been adequately trained?

57. Can all reviewers prove that they regularly undergo CT to ensure that they are technically up to date?

58. Does the selection include an adequate mix of files?

70



59. Was adequate care taken to keep the selection of files confidential to prevent “window-dressing”?

60. Are the reviews carried out in accordance with the QCRP?

61. Are the reviews carried out using the approved questionnaires?

(This step may require the selective re-performance of reviews)

62. Are the results of each of the reviews discussed with : a. Audit management b. The audit team

63. And were all differences resolved? 64. Are the outcomes of the reviews

adequately addressed in action plans, which in turn feed back into the Unit’s strategic plans?

65. Is there proof of follow-up of the action plans of the previous year?

66. Is an annual report prepared detailing the following: a. A description of the monitoring

procedures performed b. Conclusions drawn c. Description of repetitive or other

significant deficiencies d. Action taken to resolve or

amend those deficiencies.

67. Does an independent body carry out an annual evaluation of the COA’s Quality Review program?

71


V. Corporate Support

The COA should ensure timely delivery of support services and infrastructure to its operating sectors, clusters, regions, divisions, sections, and auditing units (ISSAI 11 principle 8).

YES NO N/A COMMENT W/P

Ref. Financial resources 1. Does the COA have a short-term

financial resource planning?

2. Is the budgeting process integrated into the COA’s annual plan?

3. Does the COA have regular review of its budget?

4. Does the COA’s financial practice lead to relatively accurate financial projections?

5. Does the COA have sufficient number of qualified staff for financial management?

If not completely, then how many qualified staff for financial management does COA need?

6. Does the COA keep adequate financial records and accounts?

7. Is the COA’s financial report used for planning and review purposes?

Infrastructure 8. Does the COA own office premises? 9. Does the COA have sufficient office

space?

10. Is the lighting condition appropriate in the COA’s office?

11. Does the COA have well-equipped meeting rooms? a. Multimedia - PA system, Projector b. Computer c. Telephone d. Chairs and tables e. White board f. Flip Charts

12. Does the COA have well-equipped training rooms?

13. Are the COA Departments/Sectors/ Divisions/Sections located together?

72



Technology 14. Is the COA computerized?

15. Which of the following functions are computerized in the COA? a. Payroll b. Finance c. Audit Planning d. Asset Management e. Archiving system f. None of the above

16. Are the Desktop Computers and Laptops used for daily work by all users?

17. What type of Internet access does the COA have? a. Broadband b. Dial-up c. Not at all

18. Who has access to the Internet? a. Senior management only b. Senior and middle management c. All staff and management

19. Does the COA have internal IT support staff?

20. Are the IT personnel professionally qualified? Please check a sample of the IT personnel background qualification.

21. Does the COA offer internal IT training and development programs?

22. Does the COA have Local Area Network?

23. Does the COA have photocopying materials and facilities?

24. Does the COA have Wide Area Network?

25. Does the COA’s technology meet the auditors’ needs? Please conduct a focus group for discussion on this topic before concluding.

73



Support Services 26. Which of the following support services

does the COA have? a. Security b. Maintenance c. Transportation d. Secretarial e. Others: ______________

27. Are these Support Services provided in timely manner?

28. Does the COA have an adequate security measures to safeguard its facility?

74


VI. CONTINUOUS IMPROVEMENT

The COA should be abreast and ready to address current and emerging issues and take advantage of new opportunities (ISSAI 200 Paragraph 1.25).

YES NO N/A COMMENT W/P

Ref.

Professional Staff Development 1. Is there proof of detailed training needs

identification taking place on a regular basis?

2. Are the training needs that are identified during the quality control reviews: a. Communicated to the relevant

training staff? b. Contained in the training business

plan for the next year?

3. Is there proof of success measurement against the training business plans?

4. Is there proof of proper manpower planning?

5. Is there proof of proper career planning? 6. Is there proof of development (including

the scheduling of staff for audits) taking place in line with this planning?

7. Does the COA ensure that auditors attending training programmes or courses have applied the knowledge gained?

8. Does the COA ensure that the auditor’s knowledge gained via different training programmes (education programmes) is being successfully used in the audit?

9. Does the auditor receive guidance during the audit (including guidance from Head of a Unit, mentor, team members, etc.)?

10. Does the COA evaluate current level of knowledge on a regular basis to determine current and future personal and organizational needs?

11. Does the COA communicate the knowledge needs that are considered in the training plan for the next year?

75



12. Does the COA ensure that knowledge needs are considered in the training plan for the next year?

13. Is the effectiveness of the training plans evaluated?

14. Is there an annual training service agreement on individual auditor basis in place?

15. Are there procedures for on-the-job training?

16. Is on-the-job training provided for each auditor?

17. Is the provided on-the-job training documented?

18. Do the audit managers design the composition of teams and needs of the staff?

Research and Development

19. Does the COA have a Research and Development (R&D) division?

20. Has the COA formulated short/long term R&D plan?

21. Have any research studies being done to enhance effectiveness of the COA?

22. Does the COA have sufficient funding for research?

Organizational Development 23. Does the COA review and redefine

organizational structure in accordance with strategy and environment?

24. Does the COA’s organizational structure clearly define lines of authority and responsibility?

25. Does the COA encourage staff to participate in improving the organization?

Change Management 26. Does the COA have a change

management unit or section?

27. Does the COA have a change management plan?

76



28. Does senior management provide sufficient support in implementing change management plan?

29. Does the COA have sufficient resources to carry out change management process?

30. Does the COA effectively involve Human Resource (HR) in change management?

31. Does the COA reinforce change with job descriptions?

32. Does the COA have a plan to address change management resistance?

VII. EXTERNAL STAKEHOLDER RELATIONS

COA should establish and sustain effective working relationship and communication with external stakeholders to ensure higher impact of its audit reports and services.


1. Does the COA have strategy for establishing and maintaining effective working relations with external stakeholders?

2. Does the COA have a formalized mechanism to follow up on feedback on its performance received informally or formally from external stakeholder?

Congress/Office of the President (OP) 3. Please circle the entity (Congress/OP)

that the COA primarily report to/affiliate with. Is the relation with the entity indicated set down in law or some other regulation?

4. Does the COA work directly with the entity indicated?

5. Does the COA hold meetings or hearings with them?

6. Are those meetings or hearings in public?

77



7. Following those meetings or hearings, is a report with recommendations produced?

8. Does the COA seek regular feedback from the entity indicated on its performance?

9. To what extent do the Executives implement Public Accounts Committee's or its equivalent's recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all

Audited Entities 10. Is the role of COA appreciated by the

audited entities? This can be established through customer satisfaction survey by the COA. a. Completely b. To a large extent c. To a little extent d. Not at all

11. Does the COA have a policy for communicating with audited entities?

12. What is the extent of response of audited entities to the COA? a. Completely b. To a large extent c. To a little extent d. Not at all

13. What is the extent of the acceptance of the audit recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all

14. What is the extent of the implementation of the audit recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all

78



15. Is the audited entity given a reasonable opportunity to respond to the draft audit reports?

16. Are the audited entity responses fairly considered before finalizing the audit report?

17. Does the COA make sound recommendations for further improvements in audited entity performance?

18. Does the COA seek feedback from audited bodies on the quality of its work, staff and systems?

19. Are the COA staff trained in communicating effectively with audited entity?

Internal Audit 20. Does the COA have internal audit

department or equivalent?

21. Does the internal audit department report directly to the Chairperson?

22. Does the internal audit department have a charter?

23. Does it have qualified personnel? The media and the public 24. Are audit products made public? 25. Does the COA have the right to go to

the media with its audit findings?

26. Does the COA have a clear policy framework for dealing with the media?

27. Does the COA deal professionally with the media by providing high quality press releases and press conferences?

28. Does the COA have a policy to ensure that its publications are widely accessible to audiences?

29. Does it use such correspondence to inform future audit activity?

30. Are professionally qualified members of the COA encouraged to play active roles in their professional associations?

79



Professional associations and private sector auditors

31. Does the COA have professional relations with other professional institutions and private sector auditors?

32. Are there formal liaison meetings between a senior member of the COA and the relevant professional associations on a regular basis?

33. Are there arrangements for secondments between staff in the COA and in private sector auditing firms?

34. Does the COA contract out a proportion of its audits to private sector auditors to enable it to benchmark its costs and processes?

Consultation 35. Has the COA designed policies and

procedures to ensure that appropriate consultation takes place on difficult and contentious issues?

36. Do the audit team and management have access to experts either within the COA or outside, pertaining to areas such as IT, taxation, technical, etc?

37. Is there proof of consultation with other management members in instances of high risk / uncertainty (peer reviews)?

38. Is there a technical department responsible for research into complex technical or public sector specific matters?

39. Are internal technical publications being prepared on a regular basis?

40. Are all technical publications adequately circulated?

Peers (SAIs and regions) 41. Does the COA have cooperation

arrangements with other SAIs?

Aid Donors 42. Does the COA deal with any donor

agencies?

43. Does the COA meet regularly with donor

80



agencies to identify what external audits need to be done and when?

44. Are there mechanisms which the COA can undertake such that it can become the auditor of first choice by donor agencies?

VIII. RESULTS

The COA should deliver timely quality audit reports and services that will: promote accountability and

transparency in the public sector; result in more efficient

management and utilization of public resources; and

contribute towards good governance. (ISSAI 11 principle 5 and 6)


1. Does the COA have a system to objectively measure its results?

2. Is there a system to assure that performance measures are of acceptable quality?

3. Is performance measurement conducted by staff independent of those responsible for delivering the audit reports (and other products, if any)?

4. Does the COA follow up on its performance measurement results?

Outputs 5. Are products delivered by the COA in

accordance with its audit mandate?

6. Does the COA have targets with regard to number of products of each type?

7. Does the COA measure performance against the targets?

8. Does the COA have performance measures to assess the quality of the products?

81



9. Does the COA assess product quality against the performance measures?

10. Does the COA set deadlines for submission of it products?

11. Does the COA meet its deadlines for delivering its products?

12. To what extent is COA able to meet its targeted outputs?

Impact 13. Does the COA have performance

measure to assess the impact of its products?

14. Does the COA regularly assess impact against these measures?

82


Appendix 7

FINANCIAL AUDIT METHODOLOGY CHECKLIST

YES NO COMMENTSW/P Ref.

I. Financial/Regularity Audit Performed:

1. Attestation of financial accountability of accountable entities, involving examination and evaluation of financial records and expression of opinions on financial statements

2. Attestation of financial accountability of the government administration as a whole

3. Audit of financial systems and transactions, including an evaluation of compliance statutes and regulations

4. Audit of internal control and internal audit functions

5. Audit of the probity and propriety of administrative decisions taken within the audited entity

6. Reporting of any other matters arising from or relating to the audit that the SAI considers should be disclosed

II. Standards for Audit

1. International Standards on Auditing (ISA)

2. INTOSAI Auditing Standards 3. SAI Standards, Policies

III. Quality Control Procedures (ISSAI 1220)

1. Responsibility for quality assigned to ATL

2. ATL has considered ethical requirements.

83



3. ATL has ensured independence of the audit team.

4. ATL has assessed capabilities, competencies and time available to perform audits.

5. Risks of acceptance have been considered.

6. ATL has taken responsibility for direction, supervision and performance of the audit team.

7. ATL has reviewed working papers.

8. Appropriate consultation/resolution of contentious or difficult matters.

9. Differences of opinion are appropriately resolved.

10. AQCR has been appropriately engaged.

11. Results of AQCR have been considered.

IV. Pre-Engagement Phase 1. Code of Ethics

a. Integrity (adherence to high standards of behaviour)

b. Independence (independent from audited entity and other outside interest groups)

c. Conflicts of interest (care should be taken that services do not lead to conflict of interest)

d. Confidentiality (information obtained in the auditing process not disclosed to third parties)

e. Professional competence and due care

2. Assessment of Capacity(skills and resources)

3. Engagement letter with audited entity

84



V. Planning Phase

1.1 Understanding the entity and its environment consisting of the following aspects:

a. Industry, regulatory, and other external factors including the applicable financial reporting framework

b. Nature of the entity, including the entity’s selection and application of accounting policies

c. Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements

d. Measurement and review of the entity’s financial performance

1.2 Understanding the entity’s internal control consisting of the following components:

a. Control Environment includes the governance and management functions and attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal controls and its importance in the entity.

b. The entity’s risk assessment process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof.

85



c. The information system, including the related business processes, relevant to financial reporting, and communication.

d. Control activities to assess the risks of material misstatement at the assertion level and to design further audit procedures responsive to assessed risks.

e. Monitoring of controls or activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates corrective actions to its controls.

2. Establishing Audit Objective and Scope

a. Expressing an opinion whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework

b. Determining the audit procedures to be performed in conducting an audit in accordance with ISA or other professional, legal or regulatory requirements in addition to ISAs.

3. Determining Materiality a. Establishing an

acceptable materiality level considering both the amount (quantity) and nature (quality) of

86



misstatements b. Considering audit risk in

assessing the level of materiality

4. Assessing the risk of material misstatement

a. Determining overall responses to assessed risks at the financial statement level

b. Designing further audit procedures to respond to assessed risks at the assertion level

5. Considering Going Concern Assumption

a. Assessing the entity’s ability to continue as a going concern

6. Considering Fraud in Financial Audit

a. Considering risk of material misstatement arising from fraud of error

b. Maintaining an attitude of professional scepticism throughout the audit, recognizing the possibility that a misstatement due to fraud could exist

7. Preparing detailed audit plan a. Establishing an overall audit

strategy which sets the scope, objective, timing, appropriate materiality level, high risk areas and evaluation of internal control. Including documentation of the key systems.

b. Developing a detailed audit plan which includes the nature, timing and extent of audit procedures to be performed to obtain sufficient appropriate audit evidence to reduce audit

87



risk to an acceptably low level. VI. Execution Phase

1. Using Sampling and Other Means of Testing

a. Using audit sampling in selecting items for testing (Statistical sampling)

b. Using other means (Non-statistical sampling)

2. Performing Tests of Controls a. Performing tests of controls to

obtain sufficient appropriate audit evidence that the controls are operating effectively at relevant times during the period under audit.

3. Performing Analytical Procedures a. Evaluating financial

information made by a study of plausible relationships among financial and non-financial data.

b. Investigating identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.

4. Performing Substantive Procedures

a. Performing tests of details of classes of transactions, account balances, and disclosures and substantive analytical procedures to detect material misstatements at the assertion level.

5. Evaluating the sufficiency and appropriateness of audit evidence

a. Recording in the working papers information on planning the audit, the nature, timing and extent of audit procedures performed, and the results

88



thereof, and the conclusions drawn from the evidence obtained.

b. Evaluating the sufficiency and appropriateness of audit evidence to determine whether the audit was performed in accordance with ISAs and applicable legal and regulatory requirements.

c. Identifying the preparer and reviewer of working papers

VII. Reporting Phase 1. Communicating Audit

Findings

a. Communicating audit matters arising from the audit of financial statements.

b. Preparing management letter on a timely basis.

c. Follow-up of action taken on findings communicated thru management letter.

2. Evaluating Audit Conclusions a. Reviewing and assessing the

conclusions drawn from the audit evidence obtained as the basis for the expression of an audit opinion

b. Determining significance of audit finding

3. Preparing the Audit Report a. Preparing the audit report

considering the following basic elements:

- Title; - Addressee; - Opening or introductory

paragraph: Identification of the

financial statements audited;

A statement of the responsibility of

89



the entity’s management and the responsibility of the auditor;

- Scope paragraph (describing the nature of the audit) A reference to the ISAs

or relevant national standards or practices;

A description of the work the auditor performed

- Opinion paragraph containing:

A reference to the financial reporting framework used to prepare the financial statements (including identifying the country of origin of the financial reporting framework when the framework used is not International Accounting Standards); and

An expression of opinion on the financial statements

- Date of the report; - Auditor’s address; and - Auditor’s signature

b. Preparing narrative report


90

Appendix 8

QAQ- ENGAGEMENT LEVEL

AUDIT TEAM LEADER

AUDITED ENTITY

FINANCIAL YEAR-END OF AUDITEE

STAGE OF COMPLETION

REVIEW COMMENCED ON

REVIEW COMPLETED ON

FINDINGS DISCUSSED ON

NAME OF REVIEWER

We, the undersigned, confirm that the findings of this review have been:

Discussed with management (Assistant Commissioner, Cluster/Office/Regional Directors, Supervising Auditor, Audit Team Leader, Audit Team Member);

Communicated to the whole audit team; Included as part of an action plan that will be included in the

strategic plan, where appropriate; and Included as part of the training plan.

ASST. COMM.

REVIEWER

CLUSTER DIRECTOR

TRAINING OFFICER

DATE


91

INTRODUCTION: The INTOSAI Audit Standards requires that an auditor should conduct an audit in accordance with the necessary standards. This implies that a certain standard of work should be evident in all audit files. In ensuring a consistent level of quality of audit work throughout an audit entity, it is necessary to ensure that:

All personnel adhere to the principles of independence, integrity, objectivity, confidentiality and professional behaviour (professional requirements);

The audit entity is staffed by personnel that have attained (and maintain) the technical standard and professional competence required to enable them to fulfil their responsibilities;

Audit work is assigned to personnel that have the degree of technical training and proficiency required in the circumstances;

There is sufficient direction, supervision and review of work at all levels to provide reasonable assurance that the work performed meets appropriate standards of quality;

Whenever necessary, consultation within or outside the firm is to occur with those that have appropriate expertise;

The continued adequacy and operational effectiveness of quality control policies and procedures is monitored.

This review document focuses on the evaluation of quality at the engagement level. The document takes cognisance of the requirements of IRRBA Manual. Wherever possible references have been made to the source of the requirements tested. The review document is to be used for all types of audit.

If the finding to a particular question is positive, a tick should be inserted in the “YES” column. If the finding is negative, a tick should be inserted in the “NO” column, followed by an appropriate reason/explanation in the remarks column. In such an instance, reference should be made to either the minutes of the discussion of the findings with management and/or the final QAR-report.

Instances may be found where the answer to a question is “NO”, but that the situation was still within the scope of ISA/INTOSAI (e.g. non-compliance with Office methodology, although still within scope


92

of ISA/INTOSAI). This should be clearly spelt out and reported accordingly.

If a question is not applicable, a tick should be inserted in the N/A column, together with an adequate explanation.

All questions should, as far as possible, be referenced to the relevant working papers in the audit file.

Integrated Results and Risk-based Audit Methodology (IRRBA)

ISA Ref.

COA Manual

and Guidelines

YES NO N/A REMARKSWP Ref.

I. Strategic Planning and Risk Identification

1. Was there an assessment and identification of government risks using Medium-Term Philippine Development Plan (MTPDP), State of the Nation Address (SONA) of the President, Medium-Term Public Investment Program (MTPIP), Government Risks Model (GRM) Previous Annual Audit Reports (AARs), media releases and media reports, fraud and geographic risks, government-wide and sectoral programs and activities, etc.?

IRRBA Manual

2. Was it conducted annually, supervised by the Assistant Commissioners and attended by directors from the following sectors/offices: National Government Sector Corporate Government Sector Local Government Sector Regional Offices Special Audit Office Information Technology Office Technical Services Office Fraud Audit Office

1.

Government Risk Model Was the GRM developed/updated?

Form 01-01


93


ISA Ref.

COA Manual

and Guidelines


1.

Government Risk Identification Template Was the Government Risk Identification Template prepared?

Form 01-02

2. Was the COA Strategic Planning conducted?

3. Were the elements of PFMS Operations Manual observed in the COA Strategic Planning?

COA Memo 79-205 dated July 6, 1979

II. Agency Audit Planning and Risk Assessment

ISSAI 1230

1.

Agency Audit Workstep (AAW) Was the AAW prepared?

Form 02-01

2. Is the AAW approved by the Supervising Auditor and submitted to the Cluster Director/Regional Cluster/Office Director responsible for the audit?

3. Was the approval of the AAW timely?

4. Were all significant changes to the AAW approved?

Form 02-01


94


ISA Ref.

COA Manual

and Guidelines


5. Understanding the Agency Template (UTA) Was understanding of the agency documented which includes the following: Agency Profile

a. Mandate b. Operations c. Structure d. Objectives and Strategies e. Key Stakeholders f. Key Environmental

Factors OPIF/Program Accountability

Model (PAM) MFO’s/Key Performance

Indicators Accounting Policies Previous Audit Findings Recent Developments Analytical Reviews UTA Summary

6. Did the audit team perform an analysis of the following key elements affecting the auditee’s success or failure and the dynamic interrelationships between them:

- Environment? - Information? - Users? - Suppliers? - Public? - Value? - Management? - Processes?

7. Was there a logical relationship among the observations, analysis and key success factors and changes presented in the template for each of the elements of the UTA?


95


ISA Ref.

COA Manual

and Guidelines


8. Were the significant points of the UTA discussed with senior agency management to confirm understanding of critical success factors, points of strategic focus, significant events and plans and potential risks?

9. Were analytical procedures performed during the planning phase of the audit in order to identify risks?

10. Are there audit working papers that correspond to the income statement/ appropriation account?

11. Are there evidences that accounts with significant changes from: ● Prior year’s results ● Variations from budget

1.

Agency Risk Model (ARM) Was the ARM prepared/updated?

Form-02-03

Agency Risk Identification Matrix

Form-02-04

1.

Did the audit team use the UTA Summary in the agency risk identification?

2. Did the audit team use a common risk language?

3. Were the significance and likelihood of identified risks evaluated and justifications given?

4. Were risks locations identified per Office?

5. Were there initial audit responses for each identified risk?


96


ISA Ref.

COA Manual

and Guidelines


Agency–Level Controls Checklist (ALCC)

Form-02-05

1. Did the audit team use Probing Questions to assess Control Environment, Risk Assessment Information and Communication, Monitoring and Control Activities in understanding the agency-level controls?

2. Were observations documented using the ALCC Summary?

3. Did the audit team issue an Audit Observation Memorandum for deficiencies noted on the design of agency-level controls or red flags to call the attention of Management?

Process-Risk-Control (PRC) Matrix

Form-02-06

4. Was there understanding of the agency processes?

5. Were process-level risks and controls affected by agency-levels risks identified?

6. Were observations documented using the PRC Summary?

7. Did the audit team issue an Audit Observation Memorandum for deficiencies noted on the process-level risks or red flags identified to call the attention of Management?

Audit Risk Assessment and Planning Tool (ARAPT)

Form-02-07

1.

A. Financial and Compliance Audit:

Were significant and material financial statement accounts identified?

2. Was there an assessment of inherent risk? Control Assessment?


97


ISA Ref.

COA Manual

and Guidelines


3. Was an acceptable materiality level used to detect quantitative material misstatements as indicated in Materiality Template?

4. Were qualitative factors considered for materiality?

5. Is the planning materiality figure still appropriate for the evaluation of the results of audit procedures and were the reasons for changes properly documented?

6. Was materiality considered during the evaluation of the results of procedures performed and were proper conclusions reached in this regard?

7. Where indications of fraud were discovered during the audit, was it adequately followed up?

8. Was audit strategy determined and indicated in the ARAPT? (Test of controls will be the audit strategy for accounts assessed as ‘Minimal’ or ‘Low’ (we are intending to rely on the controls), whereas, substantive procedures will be the audit strategy for accounts assessed as ‘Moderate’ or ‘High’.)

9. Were the prioritized risks discussed with management for confirmation?

10. Was the timing of the audit indicated in the ARAPT?

B. Performance Audit 1. Were the agency’s significant

Programs, Activities and Projects (PAPs) identified?

2. Was the basis for assessment and selection factors of PAPs indicated in the ARAPT?


98


ISA Ref.

COA Manual

and Guidelines


3. Were significant PAPs subject to performance audit listed in the ARAPT?

C. Specialized Skills Needed 1. Do specialized skills needed in the

audit identified?

D. Other Material Accounts 1. Were other material accounts

(LORMA) identified in the ARAPT?

III. Delivery – A. Execution

Design Audit Tests: Audit Test Summary

ISSAI 1230

Form-03-01

1. Are the audit programmes sufficiently comprehensive to result in satisfactory assurance in all areas of significant audit risk?

2. Is each step of the audit programme initialled with evidence to indicate that the work was completed?

3. Are there evidences (signature of the reviewer) that procedures were correctly executed?

Design Audit Tests: Performance

1. Were audit objectives articulate with what the audit is to accomplish?

2. Were audit criteria develop for each audit objective?

3. Is there evidence of audit objectives having been met in each procedure?



99


ISA Ref.

COA Manual

and Guidelines


Execute Audit Test Part I: Test of Controls (TOC)

ISSAI 1330

1. Was audit evidence obtained through tests of control to support any assessment of control risk which is minimal or low? (TOC is performed only for accounts assessed as “Minimal” or “Low” (wherein we rated control risk as Low –which means we are intending to rely on controls).

2. Does it appear that the tests of controls over the internal controls are appropriate in the circumstances?

3. Does it appear that the tests of control over results are properly assessed and evaluated?

4. In cases where the assessed level of control risk was revised, were the nature, timing and extent of planned substantive procedures modified?

Part II: Substantive Tests

ISSAI 1330, 1450, 1500, 1540

1. Were substantive analytical reviews designed to obtain assurance regarding the reasonableness of account balances or series of transactions and were all criteria met in this regard?

ISSAI 1520

2. Where any analytical reviews were performed to restrict the nature, timing and/or extent of substantive procedures, are the results from such an analysis appropriately measured against materiality? Was corroboration obtained for explanations received?


100


ISA Ref.

COA Manual

and Guidelines


3. Were appropriate substantive procedures designed and performed for each transaction, account balance and disclosure per ARAPT?

4. Are there evidences that results of confirmations received back were compared to the client’s records and differences investigated?

ISSAI 1505

5. Regarding the timing of the substantive procedures, Was the most efficient manner of conducting the substantive procedures taken into account?

ISSAI 1520

6. Were the samples selected for testing reasonable and representative of the population? Test Audit Scheme (TAS) and the Simplified Sampling Scheme (SSS)

ISSAI 1530

COA Res. 95-

505, July 4, 1995

Evaluate Audit Results 1. Are there appropriate evidence

(signature of reviewer) to ensure that conclusions are correct?

ISSAI 1230

2. Are there evidence that errors found using samples were appropriately considered?

COA Res. 95-

505 dtd July 4, 1995

3. Are there evidence that summaries of audit differences were prepared and the aggregated effect of the differences evaluated?

4. Are there evidence that the SA reviewed the summary of audit differences?

COA Memo 2002-048

dated 8/13/02


101


ISA Ref.

COA Manual

and Guidelines


IV. Communicate Audit Results 1. Were all audit observations

discussed with appropriate level of agency management to confirm the audit team understands of the nature and cause of the audit observations?

2. Where in the opinion of the audit team the evidence provided by the agency do not support the agency’s position, was the Supervising Auditor (SA)/Cluster Director (CD) consulted to determine final audit action?

3. Were all audit findings communicated to Management through the issuance of any of the following? ● Audit Observation

Memorandum (AOM) ● Notice of Suspension (NS) ● Notice of Disallowance (ND) ● Notice of Charge (NC)

COA Cir No.

2009-006

4. Are AOMs and Audit Queries (AQs) issued for resolution of queries and exception arising from audit tests?

Delivery – B. Conclusion and Reporting

ISSAI 400

1. Summary of Audit Results and Recommendations

Form 03B-01

1. Were all accumulated results of financial, compliance, and performance audits summarized at the end of the audit?

2. Were all significant findings, issues and observations, including misstatements, summarized and discussed with management?


102


ISA Ref.

COA Manual

and Guidelines


3. Were all findings, observations, and issues that have significant impact on the financial statements considered before finalizing the conclusion of the audit?

4. Did the Minutes of discussions with the counterpart audit team (e.g., Fraud Audit Office (FAO) and/or Special Audit Office (SAO) form part of the audit working papers?

5. Did the following evaluation factors considered : ● Materiality factors? ● Indications of significant

weakness in internal control?

● Indications of possible fraud or illegal acts?

2. Prepare Audit Report ISSAI 400

COA Memo

No. 2002-047

dated August

13, 2002

COA Memo

No. 2010-015


103


ISA Ref.

COA Manual

and Guidelines


1. Are the guidelines on the preparation, submission and transmittal of the AAR observed?

ISSAI 1700

COA Memo 2002-047

COA

Memo 2009-028

COA

Memo 2010-015

COA

Memo 2010-020

2. Does the AAR contain gist of the observations and recommendations for performance audit undertaken which is still on-going?

ISSAI 3100

3. Does the AAR contain gist of the observations and recommendations for fraud audit which is still on-going?

4. Does the AAR contain the following: ● Executive Summary ● Audit Certificate ● Financial Statements ● Observations and

Recommendations ● Status of Implementation of

Prior Year’s audit Recommendations


104


ISA Ref.

COA Manual

and Guidelines


3. Perform Overall Audit Review Quality Inspection Tool (QIT)

ISSAI 1220

Form 3B-02

1. Did the Supervising Auditor conduct overall review and approval of the engagement to document and confirm that: ● Engagement has been

completed in accordance with IRRBAM?

● Sufficient appropriate audit evidence has been obtained?

● Audit documentation provides a basis for audit opinion?

2. Was the QIT used by the team in performing overall review and approval of the audit engagement prior to the release of the audit report?

3. Was the QIT signed and dated by appropriate members of the audit team?

4. Were adequate procedures designed in respect of auditing the budgetary process of the auditees?

ISSAI 1250

5. Are events subsequent to the balance sheet date adequately documented and are significant events considered for disclosure/adjustment to the financial statements?

ISSAI 1560

6. If audit reports are delayed beyond a reasonable period is the subsequent events review extended?

ISSAI 1560

7. Are all commitments and contingent liabilities properly considered?

8. Is the ability of the auditee to continue as a going concern for the foreseeable future properly and adequately considered?

ISSAI 1570


105


ISA Ref.

COA Manual

and Guidelines


9. Are management representation letters obtained, signed by the appropriate members of management, or other forms of representation obtained?

ISSAI 1580

10. Were attorney’s letters requested and obtained where an indication was found that the auditees are involved in any legal matter/ litigation?

11. Were adequate procedures designed and executed to be able to ensure compliance with laws and regulations?

COA Memo 2002-060

12. Are the financial statements properly presented and intelligible and do they meet the applicable standards?

13. Are the notes to the financial statements in accordance with professional standards and sufficient and appropriate in the circumstances?

14. Are the accounting policies and the nature and effect of any changes therein clearly disclosed in the financial statements?

15. Are the audit reports in accordance with the applicable standards?

COA Res

2007-001

dated 3/20/07

16. Were procedures performed to ensure the completeness of financial statements?

17. Were the work performed by other auditors, properly evaluated and taken into consideration during the current audit? (Computer audit, Performance audit and Forensic audit)


106


ISA Ref.

COA Manual

and Guidelines


4. Wrap-up and archive the engagement

1 Were all the account area lead schedules (for each account/component) correctly completed and cross-referenced to the financial statements of the Auditee?

ISSAI 1230

2. Are well supported conclusions stated for each component audited?


4. Are financial statement amounts readily traceable to a working trial balance and lead schedules?

5. Are adjusting entries adequately supported by the working papers and cross-referenced to appropriate schedules?

6. Is there adequate support in the working papers for all the information contained in the notes to the financial statements?

7. Generally, do the working papers: ● Include indexing/signatures

and dating by preparer and reviewer?

● Indicate the meanings of audit tick marks?

● Indicate source of information?

● Indicate the purpose of photocopied documents?

● Containing memoranda or other evidence covering significant and unusual accounting and reporting matters?

Indicate that all schedules, prepared by the auditees, have been cast and cross cast?


107


ISA Ref.

COA Manual

and Guidelines


8. Where appropriate, do the audit working papers have evidence of consultation procedures with those who have appropriate expertise?

9. Do the audit working papers demonstrate adequate CD/ SA involvement in planning/ supervision/review process of the audit?

5. Follow-up Agency Action Plan Action Plan Monitoring Tool

Form 3B-03 Form 3B-04

1. Did the Agency Action Plan contain the following information? ● Reference ● Audit Observation and

Recommendation ● Agency Action Plan ● Persons/Department

Responsible ● Target Implementation Date

2. Did the Action Plan Monitoring Tool include the following information? ● Date of follow-up ● Implementation status ● Actual Implementation Date ● Reason for Delay/Non-

implementation ● Comments/Action Taken


108


ISA Ref.

COA Manual

and Guidelines


V. MONITORING (Quality Control System)

ISSAI 40

1. Does the COA has a system of quality control system to provide reasonable assurance that: ● The organization and its

personnel comply with professional standards and applicable legal and regulatory requirements in the delivery of its audit services?

● The reports issued by the COA are appropriate in the circumstance?

ISSAI 1220


109

Appendix 9

TEMPLATE FOR FINDINGS BY ELEMENTS

Negative observations:

{Insert the description of the finding}

Impact:

{What can be the effect of the risk occurring}

Cause:

{Reason of finding or problem}

Director IV feedback:

{Insert the Director IV response}

Element No

Element name

Name of reviewer

Name of Asst. Comm/Cluster Director

Date Date

W/P Ref: FindingNo


110

Appendix 10

QAR REPORT OUTLINE RECORDING FORM

Element No

Element Name

Finding No

Negative Observation

Risk Level

Impact Cause Ascom/CD Feedback

Recom-mendation


111

Appendix 11

TEMPLATE OF DRAFT REPORT (INSTITUTIONAL LEVEL QAR REPORT)

TABLE OF CONTENTS

TABLE OF CONTENTS

EXECUTIVE SUMMARY

INTRODUCTION

SAI BACKGROUND AND PARTICIPANTS

APPROACH AND METHODOLOGY

FINDINGS AND RECOMMENDATIONS

Element 1: Independence and Legal Framework

Element 2: Human Resource

Element 3: Audit Methodology and Standards

Element 4: Internal Governance

Element 5: Corporate Support

Element 6: Continuous Improvement

Element 7: External Stakeholder Relations

Element 8: Results

ANNEXES


112

Appendix 12

QA Follow-up Action Plan

All deficiencies and recommendations pointed out in the QAR report should be communicated to the respective officials or units for taking appropriate measures and remedial actions. Thereafter, the SAI should organize a brainstorming session involving people from all levels of the management, on the deficiencies and recommendations provided by the Review Team. The session could dwell on, at least, the following areas;

a) Area needing improvement/recommendations; b) Priorities; c) Proposed Action; d) Responsible official/unit/division/department to implement

the action; and/or e) Deadline.

Since there could be shortcomings and recommendations related to the policy decisions or requiring amendment to the existing policies or introduction of new policies, it would be appropriate for the head of SAI to chair the session. The final Action Plan should, however, be signed by the head of the SAI. Although Action Plans are normally prepared after receiving the QAR Report, it can also be prepared during the Exit Meeting of the QAR and incorporated in the final QAR Report.

Depending on the level of the QAR, the recommendations or the areas needing improvements must be prioritized for their effective implementation. Although the QAR team may rate the risk of each of their findings and observations as High, Medium and Low, the SAI management should again go through the same process of prioritizing the same findings and observations. However, besides prioritizing as High, Medium and Low, it must also see whether they are applicable given the circumstances under which the SAI is operating. Further the criterion for prioritizing/rating is also different and is normally decided during the brainstorming session. The following are some of the commonly used criteria:

a) The expected impact on the SAI and the individual audit which will include both the positive impact from


113

High - Very important and Action to be taken immediately;

Medium- Important but Action can be taken within a year or two.

Low - Not so important but good to have it, so can be included in the SAI’s future strategies.

N/A - Not Applicable, so no need to take any action

implementing the recommendation and negative impact from not implementing the recommendation or not taking actions;

b) Seriousness of the deficiency; c) The applicability in relation to the SAI mandate,

overall government policy and the country’s development stage; e.g. one cannot expect the SAI to use latest auditing software when there is hardly any IT development in the country itself; and

d) Availability of resources such as time and money.

Based on the above criteria including other criteria identified during the brainstorming session, the recommendations or area needing further improvements can be rated as High, Medium, Low and Not Applicable (N/A).

Follow-up actions

Based on the Action Plan, the follow-up can be undertaken to see whether the actions have been taken by the concerned person, units, divisions or departments within the given time frame. Wherever possible, the follow-up team should also comment on the impact of the actions on the SAI or an individual audit. The team should also look for reasons for not taking the actions and suggest alternative options wherever possible. It could be possible that although the SAI may have the will and desire to implement the actions but due to certain constraining factors like time, resource, etc. the actions remain unimplemented.

The follow-up action report should be submitted to the head of the SAI for taking further actions. The further actions may include, but not restricted to, the following:

a) Seeking explanation against those who have not taken any action/done anything to implement the proposed actions;

b) Cautioning those who are lagging behind the scheduled deadlines;


114

c) Looking into the alternative options and making relevant persons/s or units to study the options for their applicability and practicality;

d) Re-prioritizing and dropping certain proposed plan of actions which cannot be implemented at all.

The follow-up on QARs can also be done by the internal QAO on a continuous basis by monitoring their implementation against the scheduled deadlines. Therefore, it is important to involve people from the internal QAO during any QARs.

The results of the follow-up can be utilized as input for the next planning process


115

Appendix 13

List of ACRONYMS

ACRONYM FULL NAME AAR Annual Audit Report AAW Agency Audit Workstep ACL Audit Command Language ALCC Agency Level Control Checklist AOM Audit Observation Memorandum APSR Annual Performance Summary Report AQ Audit Query AQCR Audit Quality Control Review AQMS Audit Quality Management System ARAPT Audit Risk Assessment and Planning Tool ASOSAI Asian Organization of Supreme Audit Institutions ATL Audit Team Leader CAATS Computer-Assisted Audit Techniques CD Cluster Director COA Commission on Audit CP Commission Proper CT Continued Training ELR Engagement Level Review FAMC Financial Audit Methodology Checklist FAO Fraud Audit Office GAS Government Accountancy Sector GRM Government Risks Model HR Human Resource IDI INTOSAI Development Institute IFAC International Federation of Accountants ILR Institutional Level Review INTOSAI International Organization of Supreme Audit

Institutions IRRBA Integrated Results and Risk Based Audit IRRBAM Integrated Results and Risk Based Audit Manual ISA International Standards in Auditing ISQC Standards, International Standards on Quality Control ISSAI International Standards of Supreme Audit Institutions IT Information Technology


116

ACRONYM FULL NAME LRE Learning Results Evaluation LRES Learning Results Evaluation Services LORMA Low Risk Material Accounts MFO Major Final Outputs MTPDP Medium-Term Philippine Development Program MTPIP Medium-Term Public Investment Program NC Notice of Charge ND Notice of Disallowance NS Notice of Suspension OP Office of the President OPIF Organizational Performance Indicator Framework PAM Program Accountability Model PAP Programs, Activities and Projects PD Presidential Decree PFMS Planning, Finance and Management Sector PIDS Professional and Institutional Development Sector PPSAS Philippine Public Sector Auditing Standards PRC Process Risk Control QA Quality Assurance QAFAP Quality Assurance Follow-up Action Plan QAO Quality Assurance Office QAQ Quality Assurance Questionnaire QAR Quality Assurance Review QARQ Quality Assurance Review Questionnaire QARRF Quality Assurance Review Recording Form QCRP Quality Control Review Plan QCS Quality Control System QCSC Quality Control System Checklist QIT Quality Inspection Tool QMS Quality Management System QS Qualification Standards R&D Research and Development RD Regional Director SA Supervising Auditor SAI Supreme Audit Institutions SAO Special Audit Office SONA State of the Nation Address SSS Simplified Sampling Scheme TAS Test Audit Scheme TOC Test of Controls


117

ACRONYM FULL NAME TOR Terms of Reference UTA Understanding the Agency Template

Documents

COA_R2013-014