Dec. 2008, Vol.4, No.12 (Serial No.43) Journal of Modern Accounting and Auditing, ISSN1548-6583, USA1

The evolution of auditing: An analysis of the historical developmentLEE Teck-Heang1, Azham Md. Ali2(1. Faculty of Accountancy and Management, Universiti Tunku Abdul Rahman, Selangon 43000, Malaysia;2. College of Business, Accounting Building, Universiti Utara Malaysia, UUM Sintok Kedah Darul Aman 06010, Malaysia)Abstract: This paper aims to analyze the development of auditing. It is found that auditing has evolvedthrough a number of stages. In the mid 1800s to early 1900s, the audit practice was considered as “traditionalconformance role of auditing”. However, for the past 30 years, the auditor has been playing an “enhancing role”.Today, auditors are expected not only to enhance the credibility of the financial statement, but also to providevalue-added services. Nevertheless, following extensive reform in various countries as a result of the collapse ofbig corporations, it is expected that the role of auditors will converge. It is evident that the paradigm aboutauditing has shifted over the years and it is likely to continue shifting in the future.Key words: history of auditing; historical development; audit objectives; audit expectation gap1. IntroductionThe word “audit” comes from the Latin word audire, meaning “to hear”. According to Flint (1988), audit is asocial phenomenon which serves no purpose or value except of its practical usefulness and its existence is whollyutilitarian. Flint (1988) further explains, the audit function has evolved in response to a perceived need ofindividuals or groups in society who seek information or reassurance about the conduct or performance of othersin which they have an acknowledged and legitimate interest. Flint (1998) argues that audit exists becauseinterested individuals or groups are unable for one or more reasons to obtain for themselves the information orreassurance they require. Hence, an audit function can be observed as a means of social control because it servesas a mechanism to monitor conduct and performance, and to secure or enforce accountability. Mackenzie (as citedin Normanton, 1996, p. vii) in the foreword to The Accountability and Audit of Governments made the followingremark: “Without audit, no control; and if there is no control, where is the seat of power?” All in all, an auditfunction plays a critical role in maintaining the welfare and stability of the society.Many auditors (e.g. Mascarenhas & Turley, 1990; Abdel-Qader, 2002; Porter, et al., 2005) concur with Flint(1988) that the aim of an audit has always been a dynamic rather than a static one. Brown (1962) asserts that theobjective and techniques of auditing have changed during the four hundred years of recognizable existence ofauditing to suit the changing needs and expectations of society. It can be observed that the changes in needs andexpectations of society are highly influenced by the factors contextual to the economic, political and sociologicalenvironment at a particular point of time. Therefore, the review of the historical development of auditing enablesone to understand, analyze and interpret the evolution of auditing due to the change in expectations of the society.LEE Teck-Heang, male, senior lecturer, Faculty of Accountancy and Management, Universiti Tunku Abdul Rahman; researchfields: audit expectation gap, internal audit and history of auditing.Azham Md. Ali, male, associate professor of College of Business, Accounting Building, Universiti Utara Malaysia; research fields:audit profession, accounting history, international accounting and internal audit.

The evolution of auditing: An analysis of the historical development22. Purpose of the paperThis paper aims to analyze the development of auditing over the years, with particular reference to the natureand objectives of auditing, the responsibilities of auditors and the audit techniques used. The reasons for such ananalysis are two-fold. Firstly it enables readers to gain an understanding of the audit development over the years.Secondly, it provides the evidences on auditing as a discipline that modifies its role over the years to meet thechanging needs and expectations of society.3. The evolution of auditing practicesTo facilitate the examination of the historical development of auditing, this review will be divided into thefollowing five chronological periods: (i) Prior to 1840; (ii) 1840s-1920s; (iii) 1920s-1960s; (iv) 1960s-1990s; and(v) 1990s–present.3.1 Prior to 1840Generally, the early historical development of auditing is not well documented (Lee, 1994). Auditing in theform of ancient checking activities was found in the ancient civilizations of China (Lee, 1986), Egypt and Greece(Boyd, 1905). The ancient checking activities found in Greece (around 350 B.C.) appear to be closest to thepresent-day auditing. The existence of such activities can be proven by Aristotle’s quotation (as cited in McMickle,1978, pp. 11-12) as follows:Ten [logistae]….and ten [euthuni]….are chosen by lot. Every single public officer must account to them. They havesole control over those subject to [examination]…. they place their findings before the courts.Anyone against whom they prove embezzlement is convicted and fined by the court ten times the sum discoveredstolen. Anyone whom the court on [their]….evidence convicts of corruption, is also fined ten times the amount of bribe.If he is found guilty of administrative error, they assess the sum involved, and he is fined that amount provided in thiscase that he pays it within nine months; otherwise the fine is doubled.Similar kinds of checking activities were also found in the ancient Exchequer of England. When theExchequer was established in England during the reign of Henry 1(1100-1135), special audit officers wereappointed to make sure that the state revenue and expenditure transactions were properly accounted for (Gul, et al.,1994, p. 1). The person who was responsible for the examinations of accounts was known as the “auditor”. Theaim of such examination was to prevent fraudulent actions (Abdel-Qader, 2002).Likewise, the existence of checking activities was found in the Italian City States. The merchants of Florence,Geneo and Venice used auditors to help them to verify the riches brought by captains of sailing-ships returningfrom the Old World and bound for the European Continent. Again, auditing in this period was concerned aboutdetection of fraud. The audit found in the City of Pisa in 1394 was somehow similar to those found in the ItalianCity State. It was meant to test the accounts of government officials to determine whether or not defalcation hadtaken place (Brown, 1962).According to Porter, et al (2005), auditing had little commercial application prior to the industrial revolution.This is because industries during this period were mainly concerned with cottages and small mills which wereindividually owned and managed. Hence, there was no need for the business managers to report to owners on theirmanagement of resources. As a result, there is little use of auditing.In a nutshell, in the period pre-1840, the auditing at the time was restricted to performing detailed

verification of every transaction. The concept of testing or sampling was not part of the auditing procedure. TheThe evolution of auditing: An analysis of the historical development3existence of internal control is also unknown. Fitzpatrick (1939) commented that the audit objective in the earlyperiod was primarily designed to verify the honesty of persons charged with fiscal responsibilities.3.2 1840s-1920sThe practice of auditing did not become firmly established until the advent of the industrial revolution duringthe period 1840s-1920s in the UK (Gill & Cosserat, 1996, p. 9; Ricchiute, 1989, p. 9). According to Brown (1962),the large-scale operations that resulted from the industrial revolutions drove the corporate form of enterprise to theforeground. Large factories and machine-based production were established (Abdel-Qader, 2002). As a result, avast amount of capital is needed to facilitate this huge amount of capital expenditure.The emergence of a “middle class” during the industrial revolution period provided the funds for theestablishment of large industrial and commercial undertakings. However, the share market during this period wasunregulated and highly speculative. As a consequence, the rate of financial failure was high and liability was notlimited. Innocent investors were liable for the debts of the business. In view of this environment, it was apparentthat the growing number of small investors was in dire need of protection (Porter, et al, 2005). Hence, the timewas ripe for the profession of auditing to emerge (Brown, 1962).In response to the socio-developments in the UK during this period, the Joint Stock Companies Act waspassed in 1844. The Joint Stock Companies Act stipulated that “Directors shall cause the Books of the Companyto be balanced, and a full and fair Balance Sheet to be made up”. In addition, the Act provided the appointment ofauditors to check the accounts of the company. However, the annual presentation of the balance sheet to theshareholders and the requirement of a statutory audit were only made compulsory in 1900 under the CompaniesAct 1862 (UK) (Leung, et al., 2007).According to Porter, et al (2005) the accountant particularly in the early years of this period, was normallythe company manager and his duties were to ensure proper use of the funds entrusted to him. The auditors duringthis period were merely shareholders chosen by their fellow members. Brown (1962) claimed that the auditorsduring this period were required to perform complete checking of transactions and the preparation of correctaccounts and financial statements. Little attention was paid to internal control of the company.Porter, et al (2005) commented that the duties of auditors during this period were influenced by the decisionsof the courts. For example, the verdicts from the case of London and General Bank (1985) and Kingston CottonMill (1896) reinforced that the audit objective was detection of fraud and errors. These cases in turn establishedthe general standard of work expected of auditors. Likewise, as noted in the auditing book of Lawrence R Dicksee(1892 cited in Leung, et al, 2004, p. 7): A Practical Manual for Auditors, the objectives of auditing were: (i) thedetection of fraud; (ii) the detection of technical errors, and (iii) the detection of errors of principles. It can be

concluded that the role of auditors during the period of 1840s-1920s was mainly on fraud detection and the properportrayal of the company’s solvency (or insolvency) in the balance sheet.3.3 1920s-1960sThe growth of the US economy in the 1920s-1960s had caused a shift of auditing development from the UKto the USA. In the years of recovery following the 1929 Wall Street Crash and ensuing depression, investment inbusiness entities grew rapidly. Meanwhile, the advancement of the securities markets and credit-grantinginstitutions had also facilitated the development of the capital market in this period. As companies grew in size,the separation of the ownership and management functions became more evident. Hence to ensure that fundscontinued to flow from investors to companies, and the financial markets function smoothly, there is a need toconvince the participants in the financial markets that the company’s financial statement provided a true and fairThe evolution of auditing: An analysis of the historical development4portrayal of the relevant company’s financial position and performance (Porter, 2005).In view of the economic condition, the audit function was mainly to provide credibility to the financialstatements prepared by company managers for their shareholders. Consensus were generally achieved that theprimary objective of an audit function is adding credibility to the financial statement rather than on the detectionof fraud and errors. Such a change in audit objective is evidenced in successive edition of Montgomery’s Auditingtext issued during this period which stated “An incidental, but nevertheless important, objective of an audit isdetection of fraud.” (1934, p. 26). “Primary responsibility…for the control and discovery of irregularitiesnecessarily lies with management.” (1940, p. 13). Hence, it can be witnessed that the shift of the focus of an auditfunction from preventing and detecting fraud and error towards assessing the truth and fairness of the companies’financial statements began at this period.The concept of materiality (Queenan, 1946) and sampling techniques (Brown, 1962) were used in auditingduring this period. The development of material concept and sampling technique was due to the voluminoustransactions involved in the conduct of business by large corporations operating in widespread locations. It is nolonger practical for auditors to verify all the transactions. Consequently, sampling and the development ofjudgment of materiality were essential. The use of sampling technique during this period can be proven from thefollowing statement of Short (1940, p. 226) “… it is not necessary to make a detailed examination of every entry,footing, and posting during the period in order to get the substance of the value which resulted from an audit”.Corresponding to the use of sampling techniques, auditors need to rely on internal control of the company tofacilitate the use of such research approach. The reliance on internal control during this period can be witnessedfrom the following statement found in page 240 of Accountants Digest in March 1936:The first step to take when planning an audit by test methods consists of a thorough investigation of the system onwhich the books are kept…It is not the auditor’s sole duty to see that the internal check is carried out but to ascertain howmuch it can be relied upon to supplement his investigation.The fundamental principles of auditing during this period were influenced by some major auditing cases such

as the case of McKesson and Robbins (1938). The verdict of this case had resulted in the emphasis of physicalobservation of assets such as cash and stock, and the use of external evidence. In addition, the Royal Mail casehighlighted the need of audit for the profit and loss statements. However, the audit of profit and loss account wasonly made mandatory with the enactment of Securities and Exchange Commission Act 1934 in the USA andCompanies Act 1948 in the UK.In short, the social-economic condition in the period had highly influenced the development of auditing. Ashighlighted by Porter, et al (2005) the major characteristics of the audit approach during this period, among others,included: (i) reliance on internal control of the company and sampling techniques were used; (ii) audit evidencewas gathered through both internal and external source; (iii) emphasis on the truth and fairness of financialstatements; (iv) gradually shifted to the audit of Profit and Loss Statement but Balance Sheet remained important;and (v) physical observation of external and other evidence outside the “book of account”.3.4 1960s to 1990sThe world economy continued to grow in the 1960s-1990s. This period marked an important development intechnological advancement and the size and complexity of the companies. Auditors in the 1970s played animportant role in enhancing the credibility of financial information and furthering the operations of an effectivecapital market (Porter, et al., 2005). Similar description on the auditors’ role was found in The New York Times onThe evolution of auditing: An analysis of the historical development56 April 1975 (Leung, et al., 2004, p. 10) that the duties of auditors, among others, were to affirm the truthfulnessof financial statements and to ensure that financial statements were fairly presented. Hence, the role of auditorswith regard to the audit of financial statement generally remained the same as per the pervious period.Despite the overall audit objectives remaining similar, Davies (1996) opines that auditing had undergonesome critical developments in this period. In the earlier part of this period, a change in audit approach can beobserved from “verifying transaction in the books” to “relying on system”. Such a change was due to the increasein the number of transactions which resulted from the continued growth in size and complexity companies whereit is unlike for auditors to play the role of verifying transactions. As a result, auditors in this period had placedmuch higher reliance on companies’ internal control in their audit procedures. Furthermore, auditors were requiredto ascertain and document the accounting system with particular consideration to information flows andidentification of internal controls. When internal control of the company was effective, auditors reduced the levelof detailed substance testing.In the early 1980 there was a readjustment in auditors’ approaches where the assessment of internal controlsystems was found to be an expensive process and so auditors began to cut back their systems work and makegreater use of analytical procedures (Salehi, 2007). An extension of this was the development during themid-1980s of risk-based auditing (Turley & Cooper, 1991). Risk-based auditing is an audit approach where anauditor will focus on those areas which are more likely to contain errors. To adopt the use of risk-based auditing,

auditors are required to gain a thorough understanding of their audit clients in term of the organization, keypersonnel, policies, and their industries (Porter, et al., 2005) Hence, the use of risk-based auditing had placedstrong emphasis on examining audit evidence derived from a wide variety of sources, i.e. both internal andexternal information for the audit client.According to Porter, et al (2005), most of the companies in this period had introduced computer systems toprocess their financial and other data, and to perform, monitor and control many of their operational andadministrative processes. Similarly, auditors placed heavy reliance on the advanced computing auditing tool tofacilitate their audit procedures. In addition to the auditing of financial statement, auditors at the same time wereproviding advisory services to the audit clients. Leung, et al (2004, p. 24) made the following comments inconnection with the role of auditors in providing such services:There was a surge of one-stop shows such as multidisciplinary practices and the development of holistic auditstrategies which provided an extensive range of non-audit services performed for audit client. Accounting and auditingduring this period has became an industry with strong competition among firms, a blurring of relationship with clients, anapparent failure to exercise due diligence by some.Porter, et al (2005) opined that the provision of advisory services emerged as a secondary audit objective inthe period of 1960s-1990s. Since then, the role of auditors has always been highly associated with such advisoryservices.3.5 1990s-presentThe auditing profession witnessed substantial and rapid change since 1990s as a result of the acceleratinggrowth at the world economies. It can be observed that auditing in the present day has expanded beyond the basicfinancial statement attest function. According to Porter et al (2005), present-day auditing has developed into newprocesses that build on a business risk perspective of their clients. The business risk approach rests on the notionthat a broad range of the client’s business risks are relevant to the audit. Advocates of the business risk approachThe evolution of auditing: An analysis of the historical development6opined that many business risks, if not controlled, will eventually affect the financial statement. Furthermore byunderstanding the full range of risks in businesses, the auditor will be in a better position to identify matters ofsignificance and relevance to the audit profession on a timely basis.Since the early 1990s, the audit profession began to take increased responsibility to detect and report fraudand to assess, and report more explicitly, doubts about an auditee’s ability to continue in conformance withsociety’s and regulators’ increasing concern about corporate governance matters. Adoption of the business riskapproach in turn enhances auditor’s ability to fulfill these responsibilities (Porter, et al., 2005).Presently, the ultimate objective of auditing is to lend credibility to financial and non-financial informationprovided by management in annual reports; however, audit firms have been largely providing consultancy servicesto businesses. By 2000, consulting revenues exceeded auditing revenues at all the major audit firms in the USA.Regulators of the auditing profession and the investing public began to doubt whether audit firms could remainindependent on audit issues when the firms were so dependent on consulting revenues. The quality of audits isbeing placed under scrutiny after a series of financial scandals of public companies such as Sunbeam, WasteManagement, Xeror, Adelphia, Enron and WorldCom. The collapses of these giant corporations had brought abouta crisis of confidence in the work of auditors (Boynton & Johnson, 2006).

As a consequence of the high level of litigation and criticism against the auditors, nearly all large accountingfirms split their consulting arms into separate companies and made announcements on their more stringent rulesand measures to ensure better independence and audit quality. In addition, a spate of radical reforms wasundertaken in various countries, by the accounting bodies, governments, stock exchange commissions andacademics to strengthen the audit practice (Leung, et al., 2004). Some of the key reform activities include:(1) The Sarbanes-Oxley Act (The US)In response to the fall of Enron the Sarbanes-Oxley Act was implemented. It outlines the rules on auditorindependence, for example, the control of audit quality, and the rotation of audit partners as well as the prohibitionof conflict-of-interest situation. Furthermore, the act also requires auditors to report to the audit committee onthose significant matters. The Public Company Accounting Oversight Board which oversees audit firms and theirprocedures and the enforcement of accounting standards is also established as a result of this act.The Sarbanes-Oxley extended the duties of auditor to audit the adequacy of internal controls over financialreporting. This is in view of the fact that a number of commissions recognized the importance of internal controlin preventing financial statement misstatement.(2) Ramsay report (Australia)As a result of the collapse of HIH Insurance Ltd, the Australian Government Commission engaged professorIan Ramsay to investigate the issue of auditor independence. It was recommended that auditor independence canbe improved through the following ways:Include a statement in the Corporations Act that auditors are to be independent;Require auditors to declare to the Board of Directors that their independence is maintained;Prohibit special relationships between the auditor and client;Establish an auditor independence supervisory board;Establish an audit committee to oversee the issue of non-audit services, audit fees, scope disagreements andauditor-client relationships.Although the overall audit objectives in the present period remained the same, i.e. lending credibility to thefinancial statement, critical changes have been made to the audit practice as a result of the extensive reform inThe evolution of auditing: An analysis of the historical development7various countries. Leung, et al (2004, p. 24) is of the opinion that such reform has implicated the auditingprofession in the following ways: “(i) The role of auditors is expected to converge: refocusing on the publicinterest, redefining audit relationship, ensuring integrity of financial reports, separation of non-audit function andother advisory services; (ii) The audit methods revert to basics i.e. risk attention, fraud awareness, objectivity andindependence, and (iii) increase attention on the needs of financial statement users”.In summary, the review of the historical development of auditing has evolved the audit function through anumber of stages. Auditing first emerged in the form of ancient checking activities in the ancient civilizations ofChina, Egypt and Greece. However, the practice of modern auditing did not become firmly established until theadvent of the industrial revolution in the mid nineteenth century in the UK. The audit practice in the mid 1800s toearly 1900s can be regarded as “traditional conformance role of auditing” as auditing was mainly concerned withensuring the correctness of accounts and detecting frauds and errors. Over the past 30 years or so, the auditor

played an “enhancing role” by enhancing the integrity and credibility of financial information. Today, auditors areexpected not only to enhance the credibility of the financial statement, but also to provide value-added services,such as reporting on irregularities, identifying business risks and advising management on the internal controlenvironment (Cosserat, 2004). However, extensive reforms were implemented in various countries as a result ofthe collapse of big corporations; it is expected that the role of auditors will converge. Leung, et al (2004, p. 23)claimed that the role of auditors has moved from “mere conformance through an enhancing role to a convergencerole”. It is evident that the paradigm of independent auditing has shifted over the years. It is believed that it maycontinue to shift in the future.4. ConclusionA review of the historical development of auditing has shown that the objective of auditing and the role ofauditors are constantly changing as they are highly influenced by contextual factors such as the critical historicalevents (e.g. the collapsed of big corporations), the verdict of the courts, and technological developments (e.g.advancement of computing systems and CAATs). It can be observed that any major changes in these contextualfactors are likely to cause a change in the audit function and the role of auditors. As a result, auditing is seen to beevolving at all times.Mautz (1975, p. 2) claimed that the audit function in a market economy ultimately evolved by social consentbecause:Society either accepts or rejects the role of a professional group assumes for itself, in time the group either finds arole acceptable to society or the group disappears. As conditions and apparent needs change, society may reject rolesformerly considered accepted so professional groups must continually be alert to the desirability of role modification andrevision.However, it is important to note that the change in society’s expectation and the response of the auditingprofession towards these changes are not always at the same pace. Hence there is a natural time gap between thechanging expectation of the users and the response by the profession and due to this time gap there arises what hasbeen stated as the expectation gap or audit expectation gap (Saha & Baruah, 2008). Even though the existence ofsuch a natural time gap is inevitable, Flint (1998) advises that auditors should be sensitive to the changingexpectation of the relevant groups while at the same time containing these expectations within the constraints ofwhat is possible. He also claims that there are inevitably economic and practical limitations on what an audit canThe evolution of auditing: An analysis of the historical development8do, and this is something which those who wish the benefit must understand.References:[1] Abdel-Qader, W. (2002). An evaluation of the international auditing standards and their application to the audit of listedcorporations in Jordan. (Unpublished Doctoral Thesis, University of Western Sydney, Australia)[2] Boyd, E. (1905). History of auditing. A History of Accounting and Accountants, 74.[3] Boynton, W., Johnson, R. & Kell, W. (2006). Assurance and the integrity of financial reporting (8th ed.). New York: JohnWiley & Son, Inc.[4] Brown, R. (1962). Changing audit objectives and techniques. The Accounting Review, 37(4), 696-703.[5] Cosserat, G. (2004). Modern auditing (2nd ed.). John Wiley & Sons.[6] Davies, M., Paterson, R. & Wilson, A. (1999). UK GAAP. Butterwoth’s Toiley.[7] Fitzpatrick, L. (1939). The story of bookkeeping, accounting, and auditing. Accounting Digest, 217.[8] Flint, D. (1988). Philosophy and principles of auditing. Hampshire: Macmillan Education Ltd.

[9] Gill, G. & Cosserat, G. (1996). Modern auditing in Australia (4th ed.). John Wiley & Sons. Australia.[10] Gul, F., Teoh. H., Andrew, B. & Schelluch, P. (1994). Theory and practice of Australian auditing (3rd ed.). Nelson, AnInternational Thomson Publishing Company. Australia.[11] Lee, J. (1986). Government auditing in China. The Journal of Accountancy, 62, 190.[12] Lee, T. (1994). Corporate audit theory. Chapman & Hall. London.[13] Leung, P., Coram, P. & Cooper, B. (2007). Modern auditing & assurance service (3rd ed.). John Wiley & Sons. Australia.[14] Leung, P., Coram, P., Cooper, B., Cosserat. G. & Gill. G. (2004). Modern auditing & assurance service (2nd ed.). JohnWiley & Sons. Australia.[15] Ascarenhas, A & Turley, S. (1990). Practical auditing (18th ed.). Butterworths. London. Edinburgh.[16] Mautz, R. K. (1975). The role of the independent auditor in a market economy. Unpublished background paper for AICPACommission on Auditor’s Responsibilities.[17] McMickle, P. (1978). The nature and objectives of auditing: A unified rationale of public, governmental, and internalauditing. (Unpublished Doctoral dissertation, University of Alabama, US)[18] Montgomery R. (1934). Auditing theory and practice (5th ed.). New York: Ronald Press.[19] Montgomery R. (1940). Auditing theory and practice (6th ed.). New York: Ronald Press.[20] Normanton, E. L. (1966). The accountability and audit of governments. Manchester University Press.[21] Porter, B., Simon, J. & Hatherly, D. (2005). Principles of external auditing. John Wiley & Sons, Ltd.[22] Queenan, J. (1946). The public accountant of today and tomorrow. The Accounting Review, 21(3), 254-260.[23] Ricchiute, D. (1989). Auditing: Concepts and standards (Rev. 2nd. ed.). South-Western Publishing Co. US.[24] Saha, A. Baruah S. (2008). Audit expectation in India. The ICFAI Journal of Audit Practice, 5(2), 67-83.[25] Salehi, M. (2007). An empirical study of corporate audit expectation gap in Iran. (Unpublished Doctoral dissertation,University of Mysore, India)[26] Short, F. (1940). Internal control from the viewpoint of the auditor. Journal of Accountancy.[27] Turley, S. & Cooper, M. (2005). Auditing in the United Kingdom. Prentice-Hall International/ICAEW. Englewood Cliffs.NJ.(Edited by Yolanda and Cathy)

Seminar on Improving the Effectiveness of Internal Audit in

Government of India May 3-4, 2006

New Delhi

Preface An international Seminar on ‘Improving the Effectiveness of Internal Audit in the Government’ was organized by the Controller General of Accounts (CGA) on May 3-4 2006, at Hotel Le Meridian, New Delhi. The seminar was organised under the aegis of the IDF Grant provided by the World Bank to develop an effective internal audit system in the Government of India. 2. The seminar had several eminent panel speakers and participants from the World Bank, Office of the Comptroller and Auditor General of India, the office of the Controller General of Accounts, Indian Defence Accounts Department, Indian Railways, Institute of Chartered Accountants and various line ministries in the Government of India. The seminar culminated on an extremely positive note with a speech by the Finance Secretary who extended his full support and cooperation to the Controller General of Accounts in establishing a state of the art and vibrant internal audit system. 3. What emerged from the seminar was a synergy of views of the area specialists, the practioners, and the “clients” of internal audit. The deliberations threw up a number of extremely thought provoking and valuable insights into not only the current status of internal audit in government and its inherent limitations but also a suggested road map for future reforms in internal audit. 1

Executive Summary Internal audit in Union Ministries and Departments is a nebulous area, which in today’s economic scenario requires immediate attention for greater functional clarity. Increasing awareness by an empowered public along with legislative focus on outputs and outcomes has precipitated the need for a paradigm shift in the functioning of internal audit in the government. Internal audit needs a convergence of financial propriety, accounting techniques, administrative mandate, and refinement of personal skills to make it an effective tool in the hands of the executive that will encompass the entire domain of governance to achieve the stated outcomes. The Seminar dealt with some immediate concerns facing internal audit in the Government today. The lessons and findings that emerged from the Seminar are presented in this compilation.

Important Lessons and Findings 1. Ms. Carman Young, Chief Auditor of the World Bank introduced in the first session the

Capability Maturity Model (appendix 1) which is used by the World Bank as a diagnostic tool to assess the status of internal audit in different countries. The model talks about five levels of maturity of the internal auditing function in government ranging from entry on the left hand column over to mature or world class government internal auditing. At present we are somewhere between levels I and II and the consensus which emerged during the course of the Seminar was to seek to position India between level III and IV within a reasonable timeframe. The various attributes highlighted in the capability maturity model make it an extremely useful tool to set benchmarks for the evolution of internal audit in government.

2. Internal audit is currently involved in basically ‘compliance’ or ‘procedural’ audit with emphasis on compliance of rules, regulations and procedures, making its ambit extremely narrow. There is need to broaden the sphere of Internal audit to include the entire domain of governance by going into areas such as value for money audit, audit of efficiency, economy, and

2

effectiveness, performance audit, management audit, risk audit and systems audit. 3. Internal audit is presently viewed as a largely negative and fault finding activity

which seeks to curtail and crosscheck rather than to offer positive recommendations. It has to transcend this identity and establish itself as an aid to governance. The aim of internal audit is to add value to management and to help the executive or the ‘client’ in achieving the stated goals of the organization.

4. In the context of the paradigm shift from inputs to outputs and outcomes and in the context of recent initiatives like outcome budgeting internal audit has emerged as a crucial tool which can play an important role towards ensuring the achievement of the outcomes. Internal audit can provide valuable mid course corrections as it is ideally placed to provide a concurrent evaluation of schemes and projects at different stages of implementation.

5. Internal audit has also emerged as an extremely valuable tool for the government in view of the increasing stress on accountability and transparency in the sphere of public governance the world over. This trend is typified in India in the form of the Fiscal Responsibility and Budget Management Act and the Right to Information Act.

6. Audit should not be merely ensuring adherence to standards but should be proactively advocating the formulation and refining of standards on a continuous basis.

7. The internal audit reporting should be accurate, timely, and reliable and should have integrity so that it can support decision making.

8. Rather than any perceived conflict between internal audit and external audit, internal audit has to position itself as a complementary to statutory audit.

9. The issues of ownership and empowerment of internal audit are important issues that need to be addressed in order to make the internal audit system strong and independent. There is need for a fresh mandate

3

for internal audit which is formalized and legalized at the level of the top executive. In this context the Finance Secretary in his speech in the concluding session assured the CGA of a most favorable and sympathetic consideration at the highest level. He made it his responsibility to see that before the fiscal is out CGA will have a formal mandate in the charter of responsibility which could then be further evolved.

10. Capacity building and skill upgradation are of vital importance to internal audit today especially in view of the vast changes that have happened in the sphere of technology and financial management. Internal audit has to keep pace with these changes if it is to establish itself as a positive force in government. In this context the Finance Secretary in his speech at the seminar very generously promised the CGA a sum of rupees 10 crore for this purpose. He also indicated that CGA’s office could send several groups of officers to various countries to study international best practices that could be replicated in the Indian context. The Finance Secretary concluded with three resolutions:

i. One: today we will disperse with a determination to make internal audit more efficient, value adding, and formally mandated in the governance of this country.

ii. Two: that we will build our capacity to do things better with skills which may not exist with us today; for this we will tap both national and international resources

iii. Three: the negative perception, which sometimes get attached to finance people would soon be turned into a matter of the past and people shall look at us as a resource, as a human capital, that is adding value not only to the concept or design of schemes but also in their implementation in order that we hand over to the next generation a better government, and a better India.

4

Session I Global Perspectives on Evolution of Internal Audit in the Public Sector

The first session in the Seminar on ‘Improving the effectiveness of Internal Audit in Government of India’ was on Global Perspectives on Evolution of Internal Audit in the Public Sector . The session was chaired by Shri S W Oak, Controller General of Accounts. The speakers were Ms. Carman Young, Auditor General, The World Bank, and Mr. Thomas Warga, then Chairperson, the Institute of Internal Auditors, USA, and Senior Vice President & General Auditor of the New York Life Insurance Company. The session began with the CGA addressing the status of internal audit in the Government as it exists today, and the challenges that it faces. He spoke about the lack of ownership and empowerment of internal audit. Placing the role of internal audit in the context of the shift from the preoccupation with inputs to outputs, he said that until now, all we have been doing is to check whether the procedures and systems are as laid down by us are being followed, but now the time has come to move ourselves beyond compliance and procedural audit. Commencing the technical session, Mr. Thomas Warga began with an overview of the evolution of internal auditing in public sector. He spoke about the experiences in the Office of the Controller General in Canada in improving internal audit in the Federal Government of Canada. He commented on the current global theme for change and modernization of government and increased accountability. This theme has two specific contexts. An organizational structure for accountability i.e. clear delineation of responsibilities and adapting to a modern internal control framework. Greater delegation of responsibilities and decreasing centralization has also necessitated a renewed internal control system. This was reflected in Europe in the 90s when the OECD and the European Commission established modernizing norms for the governments of Eastern and Central Europe under the aegis of the Central Harmonisation Unit which was aimed at getting their legal and institutional frameworks instep with the rest of Europe before entering into the European Commission. This resulted into their having a very strong internal audit within the public sector. South Africa too has gone through tremendous change in this respect. Citing the case of Taiwan, he commented that Taiwan has a strong history of the Controller General’s Office and a strong representation of internal audit. An important aspect that he mentioned was that of a public sector governance model within the government structure with stress on the policies and procedures to direct activities and to provide reasonable assurance that their objectives were being met. This would ensure the quality and equity of services for the 1

stakeholders, the citizens. It would also reduce the risk of public corruption through accountability. Important principles for public sector governance are openness, and clear communication of information. The other guiding principles for the new governance model in the modernization of governments are integrity, and objectivity for services and stewardship of public funds. How money is spent requires an effective internal control framework because there is a shift from the old traditional control or the central control, all expenses pre-approved to a delegation, to a more distributive control where management is responsible after checking and monitoring. Further, he spoke about principle of accountability. Internal audit can play a clear role in all of these. This could be a public sector governance model, which is quite similar to the models in the private sector. This model is responsible for supporting management and executive side but it is not dependent on them to do their job. It is independent but also provides services to management. It could therefore be called an equal relationship. It supports the oversight group, which could be an audit committee, or supreme audit institute or a supervising body, or it could be a legislative body for the central government and it helps them perform their duties of oversight. It helps the management to do their job and gives them feedback and ideas for improvement in running the business or the department, on a day-to-day basis. The bond that holds all this together is an internal control framework that is easily understood. The control framework for public sector focuses on financial and performance side, and there is a shift from the preventive to the effective side. This could also be seen as a shift from pre-authorizing payments and very tightly controlled budgets on the input side to the output side and monitoring through data, through trend setting and through the audit process. It clearly defines responsibility of management and shifts more responsibility to it. But in order for it to work the key ingredient is reporting and monitoring and having clear standards so that it can be benchmarked and measured. The modern control framework deals with performance in government and the quality improvement process of the 1980s is a key factor here on measuring performance. It was about responsiveness to the stakeholders, the user of government services and accountability to them and it also involves performance audits by internal auditors in the government sector. So not only do they do financial audits but they also do operational audits in addition to compliance audits. He then spoke about the New York State experience, where they started in 1987 with the Internal Control Act which warranted over 250 government agencies to apply and establish effective internal control system. He also briefly mentioned the IIA code of ethics, which has four core principles of integrity, objectivity, confidentiality and competence. 2

Mr. Warga also introduced the Certification in Control Self-Assessment, and the Certified Financial Service Auditors which are very popular because of the internal control assessments that are required in certifications. They are popular in areas where strong financial service auditors are needed. The Certified Government Auditing Professional Exam is designed for the public sector internal audit practitioner. It tests knowledge of public sector auditing for fund accounting, grants, legislative oversight, privacy, or confidentiality rights, performance measures. It emphasizes the accountability to the public and improving government services. He then briefly spoke about the Institute of Internal Auditors, and the work they do for internal auditing. He mentioned how the New York Stock Exchange recognizes the profession of Internal Auditors, as an example. They require all listed companies to have an internal audit function. South Africa recognizes the Institute of Internal Auditors standards and required that the government auditors follow the Institute of Internal Auditors standards. The IIA also has a memorandum of understanding with IFAC on how they are going to evolve and get our standards endorsed by IFAC and they have members of IFAC on their technical committees and having members from the Institute of Internal Auditors join theirs. He then came to the issue of what is important to the public sector. He admitted that standards may need to be adjusted for the public sector .Finally, he came to the issue of Capacity planning, which basically provides the resources to help and develop internal infrastructure in developing areas around the world such as Africa, a sphere in which IIA was doing some path breaking work. He took the example of China who have come online and are very interested in improving the quality of internal auditing in the private and the public sector and the number of people sitting for the exam has skyrocketed. Ms. Carman Young initiated her talk with some observations on the collaborative efforts between the World Bank and the government of India in advancing the role of internal audit in government. The technical aspect of her talk centered on the government capability maturity model for internal audit that has been developed by the Government Relations Committee in the Institute of Internal Auditors and it’s applicability to India. Ms. Young spoke of the role of the World Bank in the broader context of her perception of the changes in India in the recent years. While she was deeply appreciative of the progress in terms of socio-economic indicators, she also cautioned of the grave problems that India still faces in the areas of economic disparity, poverty, healthcare, education .Ms Young spoke of the action plan of the World Bank being closely aligned with the stated goals of Government of India to try and address some of these critical issues over the next few years. 3

With specific reference to the IDF grant in this broad context, Ms. Young emphasized the criticality of the financial management reforms that have been initiated under this grant in the areas of Classification reforms, accrual accounting and Internal Controls and Internal Audit. Echoing the views of the CGA, Ms. Young agreed that these reforms are interconnected and finally dependent for their success on ownership from the executive. Tracing the evolution of the role of internal audit in government briefly, starting from a limited compliance audit role in the 1980.s to the present, when the Internal auditing function has in her opinion become a major value addition to an organization and the executives. Not only have internal auditors grown in competence, but the senior executives have also become deeply engaged with the role of internal audit. Talking at length about the capability maturity model, Ms. Young explained that it is an analytical tool that basically talks about five levels of maturity of the internal auditing function in government ranging from entry on the left hand column over to mature or world class government internal auditing organization in five basic areas including governance, standards, structure, people management aspects, and the service focus of internal auditing. At level one or the entry level, governance is ad- hoc and reporting is at management discretion. Internal does not have a formal mandate. In terms of standards, there are very few standards being used. Further there are no policies, procedures or manuals of internal audit. The structure of the internal audit organization is ad-hoc and temporary. Skills and tools are very basic. Audit is largely transaction or compliance based. Level two is relatively a more advanced model with most of the characteristics of level one. Moving to Level, Ms. Young described it as a more mature internal audit model where the internal audit functions is seen as mandatory. Internal audit reports to a Department head and there is also an audit committee comprising senior management. There are clear cut standards, procedures and manuals. Auditors are professionally qualified and sophisticated tools and audit software are being used. At this stage internal audit has a high much higher level of quality assurance and contributes in a significant way to the value addition of an organization. In terms of services focus internal audit moves from merely compliance to performance audit and also is in a position to perform risk assessment in terms of internal controls and to provide positive assurances in terms of the business processes. Moving up on the maturity model, Ms. Young took the discussion to the mature, world class level, which is in all respects the acme of the internal audit function. By this time internal audit has force of legislation. It is managed by an independent audit committee made up of specialists in the field who are responsible for appointing the head of internal audit. Internal audit is also self sufficient financially with a separate budget. There 4

is legislated compliance of standards and most significantly audit moves away from merely reporting inputs to outcomes. Viewed in terms of skills, not only do the internal auditors possess specialized skills but are also in apposition to outsource special skill requirements that they may not possess. Further audit is not only providing risk assessment, assurance on processes and systems, consulting and strategic planning but are involved in governance aspects of ethics and accountability frameworks in the organization. They have full access to all records and staff of the organization.. This a big step in ensuring accountability of the organization Ms. Young concluded the session by describing the pilot on internal audit that was carried out in Kenya as part of the Global capacity Development Task Force that the IIA was involved in. Ms. Young has also been closely involved in this on behalf oft the World Bank. She termed it a great success, owing to the enthusiasm shown by the Kenyan government. The IIA and World Bank were able to provide training to internal auditors, help them develop risk based audit plans etc Ms. Young concluded by drawing an analogy with the Government of India and their plans to modernize and strengthen internal audit. Extending the cooperation of the World Bank and the IIA in this endeavor she said that she was hopeful that .the proceedings of the seminar would reveal the concrete plans of the CGA and other participants in this direction. Important recommendations:

• There is lack of ownership and empowerment of internal audit • There is a shift in emphasis from inputs to outputs, correspondingly internal

audit has tom also shift from compliance and procedural audit. • There is a global thrust for change and modernization of governments.

Three important components are clear delineation of responsibilities, greater accountability and a modern internal control framework.

• New public sector governance model is needed with stress on integrity and objectivity. Important principles for public sector governance are openness and clear communication.

• Internal audit can play a role in all of these areas because monitoring and reporting are vitally important to the success of this model and internal audit can very ably perform that role.

5

• The internal control framework for public sector focuses on the financial and performance side with a shift from the preventive to the effective side.

• Internal audit standards need to be adjusted for the public sector. • Financial management reforms that have been initiated in India are of an

extremely critical nature and require executive support to succeed. • The capability maturity model is an analytical tool that talks about five levels

of maturity of the internal auditing function in government ranging from entry on the left hand column over to mature or world class government internal auditing.

.

6

Annexure I

Assurance & Advice that Bring Our Dream Closer 8IA Capability Maturity Model+ Governance, ethics, accountability;Full access;Adding valueRisk mgmt, consulting,& assurance;

Strategic PlanAssurance on Processes, systems; risk assessed planAdd Fin Controls, some performanceTransactions, forensic, & complianceService FocusSpecialized skills, plus OS, CIA requiredDiverse skills, CAE is CIA, PD providedPD supported,

provide tools & softwareSome PD & core audit competencyBasic Skills & Tools, no PD requiredPeople

MgmtAC involved in hiring/assessingCentral + IntegDeputy LevelCentral Core + DecentralizedSrMgrDecentralizedSome

Core Middle Mgr UnitsDecentralizedAd HocTemporaryDiscretionaryStructureLegislated Compliance,

rep outcomesFull Stds, Int& Ext QA, track outcomeManuals, Stds, QA, E/E MeasuresSome Stds, Review,BasicMeasuresNo

Stds, Policies,MeasuresStandardsLegislatedIndeptA/CCentral BudgetCabinet OrderA/C Chair DHA/C BudgetMandatoryRep

Dept HdSrMgmt A/CMgmt support annual budgetMgmt A/CAd Hoc reporting at mgmt discr.Governance5. Mature World Class4. Meets All Stds3. Meets Some

Stds2.ManagedFunction1. EntryCore Elements 7

Session II Current Status of Internal Audit and Organizational Constraints

In the Government of India For the second session of the Seminar, the panel speakers were Shri Jnan Prakash , Controller General of Defence Accounts, Shri C R Sundaramurti, Addl Controller General of Accounts, and Shri Shivaji Rakshit, Executive Director, Accounts, Ministry of Railways. The session commenced with a presentation by Shri Jnan Prakash. He started by briefly introducing the Indian Defence Accounts Service (IDAS), which traces its ancestry, from the East India Company. Moving on to the history of audit in the IDAS, he explained that the mandate for audit in the IDAS is derived from the military finance department in India, which was working under the crown. Later when the Comptroller and Auditor General was appointed the supreme audit authority in India, it was decided that the Controller General of Defence Accounts would function as sub audit officer to the Comptroller and Auditor General. The Controller General of Defence Accounts renders an annual audit certificate along with the appropriation accounts for the Ministry of Defence, which are countersigned by the Comptroller and Auditor General and placed in Parliament. The accounts include the details of serious observations made by the CGDA and are part on the annual audit certificate. It also contains various reviews of accounts The offices of the CGDA which carry out these functions are generally co-located with the Defence formations of the Army, Navy, Air Force, and also with the subsidiary formations like coast guards, and the canteen stores department. While describing the audit procedures, he said that the sanctions for expenditure are audited first in the Ministry of Defence. Concurrence by the internal financial advisor does not ensure that the sanction will not be subject to further audit. For the sanctioned expenditure and the delegated power, there exists post audit. There is an audit of consumption also. Audit of consumption is provided in the Defence services, as various scales of consumptions have been prescribed for everything. There is also a cash audit both for receipt and expenditure. Such reviews are carried out to assess proper utilization of funds. Sh. Jnan Prakash also described at length the process of audit reporting. At the first stage, the audits of all transactions are reported to the formation headquarters. The formation headquarters are responsible for ensuring that the lacunae pointed out in the audit are examined and care is taken to improve their system. They in turn render a report in this regard to their higher formations. The settlements of these audit observations are of two types. First, where the audit 1

authorities satisfy themselves with the action taken by the formations that adequate measures have been taken to ensure that mistakes committed are not repeated. The second type of regularization involves obtaining the necessary sanctions by the lower formations from the competent authorities for regularizing certain transactions. The second type of reporting is for major financial and accounting irregularities. Out of the observations that are raised, a quarterly report is compiled which includes major financial and accounting irregularities. These are sent to the command headquarters in the forces, and are taken seriously. And the action points are followed up rigorously. Another half-yearly report is generated, which is called an internal audit report, and is presented to the Ministry of Defence. The internal audit report takes into account not only the items which have been included in the major financial and accounting irregularity reports but also other procedural lapses, which have been noticed during the audit of the formations. The Ministry of Finance are also provided a copy of this report and appraised of the action taken on such issues. The CGDA have undertaken performance audit of certain activities in consultation with the executive for which the audit reports were separately submitted. Since this performance report does not fall within the ambit of the regulatory audit, which is required by the C&AG, it becomes a management information activity provided by the CGDA to the executive. Sh. Prakash raised the extremely pertinent point that their aim was to reduce the risks involved in decisions taken by the executive. The audit provides data regarding cost of activities and the implications of the decisions taken by them. The CGDA are also planning to move towards management audits. He briefly also mentioned that the largest component of CGDA audit comprises cost audit. The Ordnance factory board consisting of 39 ordinance factories with a turn over of about Rs.8000 crores provides a vast opportunity and challenge for conducting cost audit. The session was then addressed by Shri.Shivaji Rakshit, who spoke largely about the prevalent operations of the Indian Railways with special reference to audit of revenue generation. This, according to him was very different from the audit of the expenditure that we see so commonly. He then provided a detailed picture of the revenue generation in the Ministry of Railways, and how audit is involved in tediously tracking the money, so that there is no mismatch in the figures. The final speaker for the session was, Shri C R Sundaramurti who began with an overview of the formation and the functions of the Indian Civil Accounts Service, and the Organisation of the Controller General of Accounts. At the time of Departmentalisation, the responsibility for the preparation and consolidation of 2

the Union Government accounts were entrusted to the Controller General of Accounts, along with the responsibility for establishing and maintaining a technically sound accounting system in the departmentalized accounts offices. The CGA was also empowered to inspect the departmentalized accounts officers, and thus the powers of the CGA to inspect the departmentalized accounts offices extends beyond the Ministry of Finance and to the different organizations. When the accounts were internalized with the Ministries, the Secretaries of the Ministries were made the Chief Accounting Authority. This, according to him was good corporate practice, as the buck has to stop at the top. The system envisaged in 1976 with the approval of the cabinet, (which had come much earlier in 1973-74), required that each Ministry arranged for a system of internal audit of its offices. In accordance to these instructions, each Ministry has set up its own internal audit organization within the offices of the Chief Controller of Accounts although the textbooks in financial management had prescribed a strong system of internal audit in each organization for many years. He added that the government is perhaps more progressive than the corporate world in institutionalizing this as a part of the financial management system of the Ministries. The scope and functions of the internal audit wings were to depend on the nature of work, the quantum of the subordinate officers, number of subordinate offices, the string to the establishment, the quantum of expenditure and so on. Each Ministry was asked to draw up a specific manual of internal audit specifying the duties and functions of the organization with reference to the particular peculiarities of those Ministries and the various schemes of the Ministries and the Departments. The idea of all this was to identify the specific risks in each scheme or program and to build this into the audit manuals. At that time this technology of risk-based audit was not in vogue. Most of the Ministries have formulated some sort of an internal audit manual, and some are yet to do so. The scope of internal audit has been specified in the Civil Accounts Manual. The inspection code issued by the CGA in 1988 also lays down extensively scope and extent of internal audits, the nature of checks to be exercised, the nature of detailed audit of initial and subsidiary account records. The code also lays down the full scope of audit of trained accounts officers when CGA inspects the trained accounts officer, what needs to be done. He mentioned the internal audit wings had full powers to examine the financial records of all drawing and disbursing officers as well as other officers. In fact this power has been extended to cover some of the autonomous organizations and the non-government organizations. 3

Moving on, he said that internal audit has been perceived largely as a policing activity whose main function is to find fault and to curtail and crosscheck rather than to find solutions by way of recommendations. Consequently, the reports produced are dull and not user friendly. The inspection code issued by the CGA requires the internal audit wings to go into the extent, frequency and controls/checks exercised by the administrative officers with a view to locate any lacunae in procedures leading to fraud. They were also to check the procedures for sanctioning expenditure for purchases, disposal of assets, and office management procedures having financial and accounting implications. The purpose of these exercises as specified in the code was to suggest tips to tighten up the administrative and financial control systems within the organizations. He then came to the current thinking globally, which is to enhance performance of government organization with regard to delivery of programs and citizen services. The perception has been that the financial control systems and procedures have been confined to issues of complaints with rules and procedures rather than delivery of program content, outputs and outcomes. These have led to the modern concepts of value for money audit or efficiency audit. According to Shri Sundaramurti, some of the Ministries have made a positive contribution in this area. For the future, they should seek more work in these areas without any dilution of the basic bread and butter aspect of internal audit. On the areas which have not yet received adequate information, like audit of computerized accounting systems, we need to get going. In particular he mentioned the context that the CGA has embarked on an ambitious project covering all account offices. Training of the staff is essential in audit of computerized systems. It requires training on basic computerization aspects, accounting and on computer audit aspects. Lastly, he lamented the fact that somehow the internal audit wings have become punishment posting in the accounts offices. In fact, some offices indeed use it to that effect. People are unwilling to be posted in the internal audit wings, as they have to travel frequently and be out and lead a fairly unsettled life. They have to go all over the country. The staffs are also quite unmotivated, as they see the whole thing as a futile exercise. He concluded the session by saying that the whole perception about the wing including the performance expected of them would need to change. The Secretaries in the Ministries would need to provide a direction particularly in the context of the current emphasis of government on outcome budgeting, then again the initiative for change to come from within the organizations of the chief controllers or accounts. They will have to take the lead and kind of indicate the direction in which we could move from here. 4

Important recommendations: • The emphasis of internal audit in the Defence Accounts Department is currently on

regularity and transaction audit. • There is now a move being made towards management audit and risk audit. • The ambit is also being broadened to include activity costing to facilitate

management to understand the cost of their decisions from the data that is generated

• Internal audit is currently confined to largely transaction, procedural or compliance audit.

• Internal audit has failed to suggest steps to tighten the administrative and financial control systems.

• Modern concepts of “value for money’, monitoring and evaluation, efficiency etc. are unaddressed.

• Internal audit is constrained by lack of adequate manpower, financial resources, motivation and training.

• The initiative to strengthen Internal Audit has to come from the top administrative level.

5

Session III Client Expectations from Internal Audit in the Government of India

The third session of the Seminar was addressed by Shri C Balakrishna, Additional Secretary and Financial Advisor Ministry of Shipping, Road Transport and Highways, and by Shri Kanwal Nath, Deputy C&AG and Chairperson, Government Accounting Standards Advisory Board (GASAB) Shri C Balakrishna opened the session, by saying that internal audit should help and assist management in maximizing opportunities, minimizing threats, and ensuring optimum utilization of all resources, that is financial, human, and material resources. He also added that it should contribute to the continuous improvement of strategies of internal controls, management processes, risk management and internal systems reviews and also include elements of performance reporting in order to increase overall effectiveness. Internal audit should concentrate on ensuring that every transaction meets the triple touchstone of procedural purity, financial propriety, and proper accounting and utilization of the resources for the purpose it is intended. Narrating his own experience with internal audit at the Ministry of Surface Transport and Highways, he stated that internal audit has so far only been involved in carrying out routine checks of financial and operational management activities. With the increased complexities of technology and financial complexities, the changes in internal audit have unfortunately not kept pace. He added that the road sector has evolved considerably in terms of engineering technology and financial complexities. Internal auditors therefore are required to comprehend these changes and form their opinions about many of these important areas including cost benefit, process flows, value additions, and appreciation of internationally comparable processes and how, if at all these may be adopted in the Indian scenario. He pointed out that the internal audit of the ministry had so far not made any serious comments on the relationship between the cost of construction and the changing use of the road construction material. This is due to the fact that not many of us are trained to appreciate the technical and financial aspects of the ministry in which we are functioning, but it is incumbent upon us to try and make the best effort that we can to understand the complexities and to use the specialized bodies for assistance wherever such internal audit exercises are to be carried out. For a healthy feedback, therefore, it is essential that internal auditors are properly trained and that we develop a pool of technically qualified people to provide us with inputs in the various areas including management, due diligence of systems and procedures, compliance of laws and regulations, and the investing cases of serious financial irregularities . 1

He was critical of the internal audit experience at NHAI, which he found to be far below expectations. Their reports have been confined to routine aspects, because of which perhaps the management of NHAI has not giving due importance to internal audit. The internal audit exercises that have been carried on both in the ministry and the NHAI had repeatedly thrown up the same kind of answers viz. of deficient planning, inefficient contract management, and imprecise terms of contract with the design consultants etc. He suggested that we need to move to managing our system so that the internal audit function gives us proper input which we can then feed not only into our planning process but also implementation, monitoring and concurrent evaluation making these systems more scientific as well as expediting the fixing of responsibility. The second speaker for the session, Shri Kanwal Nath began with the INTOSAI definition of control, which refers to the control exercised by the senior management in ensuring the effectiveness and efficiency of its operations whereas internal audit is the control of all controls. . The definition of internal control should also be extended by including the executing of orderly ethical, economical, efficient and effective operations in place of only economy and efficiency of operations including achievement of performance scores. In this, Ethics should be made an important control objective because ethical behavior by a public servant is considered the key stone of good governance. He said that even though we have procedures for everything, we lack a formal mechanism in the shape of an act or a policy document for internal control which is closely related to the issue of accountability which COSO also mentions. Presently in India, though there are internationally applicable standards and best practices, internal audit continues to focus and report on relatively minor aberrations. Internal audit seek to check accuracy of accounts, prevent and detect frauds, point out irregularities, check initial accounts maintained in the executive offices and ascertains the extent to which rules, regulations, systems and procedures in accounting and financial matters are being followed. He also raised some issues such as budgetary assumptions and processes, manpower analysis, a review of programmes and schemes which have traditionally been in the sphere of external audit, but should be at the internal audit level itself. He made an important point that the Comptroller and Auditor General of India was extremely keen that the internal audit of all the departments become as strong as possible. The audit of autonomous bodies or the public sector undertakings which are under the ministry often gets neglected, and this can be addressed by internal audit. While external audit refrains from directly 2

commenting on policies of the government, internal audit has the inherent advantage that it can help the management shape the policies. Manpower is, however, a serious constraint and this has to be immediately addressed. The skills definitely need to be upgraded through training and the skills of the service officers and of the accounts officers and staff become very crucial as they are on the cutting edge. The need for conducting periodic evaluation of the adequacy of internal control mechanisms is also something which we ought to do because that would keep us up-to-date with where we should be. He mentioned that the C&AG had introduced a chapter on internal control in the audit reports of the state governments. For the central ministries too, the CAG were proposing to examine the efficacy of internal control, as they felt that any good system of internal control should comprise a proper allocation of the functional responsibilities within the organization. He said that proper operating and accounting procedures should be in place so that accuracy and reliability of accounting data, efficiency in operation and safeguarding of assets is ensured. Quality of personnel should be commensurate with their responsibilities and duties. Another step could be review of the work of one individual by another whereby possibility of fraud or error due to collusion is minimized. Finally, he said that internal audit should extend its ambit to cost benefit analyses, utilization and deployment of resources, matters of propriety and most importantly the effectiveness of the management since internal audit is meant to be essentially an aid to management. Important recommendations:

• Internal audit should assist management in maximizing opportunities, minimizing the threats, and ensuring optimum utilization of resources.

• Internal auditors have to keep pace with the changes and complexity in terms of technological and financial complexity by ensuring proper training.

• There has to be stress on concurrent evaluation so that internal audit feeds into the processes of planning, implementation, and monitoring.

• The definition of internal controls needs to be broadened to include orderly, ethical economical, efficient and effective operations including achievement of performance scores.

• Internal audit is negative in its orientation and focuses on relatively minor aberrations that are largely regulatory and compliance in nature.

3

• Issues which have traditionally been the focus of external audit need to be taken up by internal audit such as budgetary processes, manpower analysis, reviews of manpower programmes and schemes and audit of autonomous bodies etc.

• Skill up gradation and training of both the officers and the staff, who are at the cutting edge, is of critical importance.

• Internal audit must conduct periodic evaluation of the adequacy of internal control mechanisms.

• Internal audit should extend to cost benefit analysis, resource utilization and deployment, propriety and effectiveness of management.

4

Session IV Standards setting on Internal Audit: Applicability to Core Government

The panel speaker for the fourth session was Shri Ashok Haldia, Secretary of the Institute of the Chartered Accountants of India (ICAI). He began with defining the scope of internal audit, which consists of ensuring the adequate effectiv3Xess of internal control systems, assessment of the effectiveness and integrity of management information systems, safeguarding of assets, economical and efficient use of resources. He said that conventionally, internal audit has been confined to the functioning of the management and regulatory and compliance audit. However, of late it has changed to include various types of audits, official audit, value for money audit, performance audit, Programme audit, etc. He pointed out that the present applicability of internal audit in core government in India was limited to finding errors and irregularities, which is more of a negative aspect. Internal audit should be adding value to the management, and to management functions. He then came to the aspect of independence of the internal auditor. Internal audit must have a mandate for its role and position in the Organizational hierarchy, which should define its role, powers and reporting structure. The transfer and promotions of internal auditors are controlled by the executive, which severely compromises their independence. To carry out internal audit effectively we need to ensure the independence of the internal auditors. As internal audit leads to accountability, the management would have vested interest to see that the internal auditor is not in the right place. He then suggested that we must look into providing remedial measures in the standards themselves, so that the system is insulated from the vagaries of individuals. Coming to the issue of the bench marks to be set for performance of internal audit functions, he commented that the conduct of internal audit with reference to a certain set of qualitative standards should be mandated. Internal audit has to prove itself to be of value to management. This can only be achieved, when those who perform the internal audit function do it diligently. Shri. Ashok Haldia concluded by briefly addressing the crucial issue of capacity building for the purpose of standard setting, for providing implementation guidance and for implementation of the standards. 1

Important Recommendations: • Internal audit in government has a negative orientation in terms finding errors and

irregularities. It needs to add value to government • Independence of the internal auditor from the executive is of critical importance to

the success of internal audit. • Capacity building is the need of the hour for an effective and strong internal audit.

2

Session V Client Expectations from Internal Audit in the Government of India

The panel speakers for the fifth session were Mrs. Veena Upadhyaya, Joint Secretary, Ministry of Environment and Forest and Shri S P Pal, Advisor, Program Evaluation, Planning Commission. Commencing the session, Mrs. Upadhayaya described the evolution of the word audit, which according to the Oxford Learners is defined “as official examination of accounts”. A subsequent edition of the dictionary defined the word as “official examination of financial records”. Again, another meaning of ‘audit’ was “official examination of quality or standards of something”. Finally, the 2002 edition had evolved the word as “systematic review or assessment of something”. Keeping the evolution of the word in mind, she then began with the client expectations from internal audit in the government, and she addressed the significant developments on the macro level financial scenario had very distinctly stressed on outputs and outcomes. She said that the Fiscal Responsibility and Budget Management Act of 2003 underlines the need for effectiveness of financial governance through decentralization, and the enactment of Right to Information Act has only taken it forward. With stress on outputs and outcomes, on decentralization for more effective financial governance, and emphasis on accountability and transparency within the framework of Right to Information Act, the whole financial ambience governing the country has changed. There is a distinct stress on good governance on forums like the Inter-State Council, the National Development Council, etc. There is a clear emphasis on good governance, on ethics, on equity, on efficiency and in order to achieve it, on electronic governance for improved efficiency. She then described her experience in the Ministry of Environment & Forests, where the management has opted for e-governance in the Ministry. She said that an extremely comprehensive, deep, wide, and 360-degree purview had gone into the e-governance project. There is a clear emphasis on outputs and outcomes. Therefore, she asked that in this scenario, what do we expect from internal audit? As a client organization, she had the expectations that audit would transcend beyond financial and accounts and would encompass the entire domain of governance. Coming to the financial and physical performance levels, Mrs Upadhyaya mentioned that the distinction between financial and physical is rather modernist. One should really look at performance and that should be inclusive of financial and physical. It is the performance audit, which should really be in the driving seat. The auditors should not just be examining the standards and qualities, but audit should lay down standards and norms, to play a more proactive role. It should not just ensure a meaning to standards, but take a proactive advocacy of 1

those norms. The audit should be formulating and refining these standards and norms on a rolling basis and not as a one time exercise. Auditors should be expected to be a partners, collaborators, guides and mentors in formulation of standards and ensuring good governance. This, she said, would require a major paradigm shift from the existing perception of its role, and the paradigm shift will involve a major restructuring and upgradation of the skills. Audit has to acquire a tremendous reach and depth, incisiveness and assertiveness. She then shared her experience at the MoEF, which has a major scheme like National Afforestation Program. It was restructured by resorting to decentralization by giving powers to the people, entities in the villages called Joint Forest Management Committees. The money goes directly to the Forest Development Agencies, which operate at the DFO (Divisional Forest Officer) level. The funds do not route through the state exchequer, which is a major change in any government. However, a closer look at the decentralization process revealed that the decentralization was not complete. There continues to be extreme centralization in so far as routing of things to the principle chief conservator forest is concerned. For each little release or advancement in the implementation of the scheme the DFO has to route all his papers through the PCCF. It was for the auditor in the ministry to point this out, to take up the examination of this much wanted decentralization; point out the areas where decentralization was weak, however, audit did not do the required job. In a related area, the functioning of the DFO officers could be scrutinized. For the record she mentioned that the DFO office had no finance and accounts officer. Lot of money flows through that office, but the DFO is the DDO himself. She added that audit should insist that there should be a finance and accounts officer handling the funds. She also mentioned that the cost incurred on having that institution will be just a fraction of the benefit that will accrue in ensuring better utilization of funds. Addressing this issue to the CGA, she said that we need to link releases with outputs, and with productivity levels achieved. The sanction letters should be redrafted, and it should indicate all the physical outputs and outcomes to be achiever, and also give the milestones of productivity with which the next installment is to be linked. She again added that these initiatives should ideally be coming from audit. Taking another example, she said that MOU’s signed with NGOs and autonomous institutions at times are exceedingly amorphous and general. They do not spell out the obligations of the players involved. The audit should also be associated with the business process reengineering of MOUs and contracts. 2

Further mentioning the areas where audit can play an exceedingly efficient role in ensuring that delivery is effective are the Evaluation norms, consisting of concurrent evaluation, terminal evaluation, monitoring, etc. She made an important point that we should try to reach a stage where statuary audit becomes gradually dispensable. Pushing ahead, she then insisted that a new mantle needs to be donned; the new auditor in the current scenario needs to be more of a manager, standard setter, needs to be IT savvy to keep pace with the developments in e-governance to be able to advise what systems are to be adopted. We need to upgrade the skills and most of all we need to have more effective interface at the highest levels. Lastly, she lamented the existing perception of audit where is the exercise of audit starts with the LDC and ends with the SO. Hoping for an early change in the situation, she concluded by suggesting that the levels of communication should be upgraded. There should be effective interface at the senior most levels, so that we together jointly can deliver good governance to the people at large. Carrying the session forward, Shri S P Pal began with slightly changing his topic to expectation from internal audit rather than client’s expectation, because according to him, the relationship is not between client and provider or, master and subordinate or customer and seller, but we are all partners in the development process. He then defined the premise of his talk, which was related to development planning and implementation, with particular reference to development fund authorization, allocation and spending, thus establishing causal linkages between inputs, output, activities and outcome. Setting the premise, he came to the point that the people who are involved in the fund flow authorization are basically the parliament and the legislature, or in other words, the policy makers. They expect that the development interventions bring intended impact and outcome. They want to achieve this through the interventions, program goals and intended development changes. At the second level, those who allocate fund, for example, Planning Commission and the Finance Ministry expect that the effectiveness in program design and implementation should come from experience, because they are planning and implementing development programs in uncertainty. Finally, those who release fund, the line ministries and the departments want to get adequate resources in time so as to initiate planned activities and attain targets. So when we make development interventions we follow a systematic way, which says that to achieve certain goal we need certain inputs, activities and certain outputs. Inputs here mean all kinds of inputs, financial inputs, human and material resources, as well as infrastructure. Activities meant tasks undertaken by the staff who transforms inputs into outputs. And we all are supposed to 3

produce certain product and services and help the planners and implementers to achieve the development goals of the country. In this broader context we need to examine the expectations from the auditor. To elaborate his point, he took up the example of the Planning Commission, where a PEO (Programme Evaluating Officer) is supposed to help the government and planners, or the policy makers, to improve policy and program formulation process through feedback from evaluation. The government had established PEO primarily to understand ways to improve policy and program design. The outcome from PEO’s activities would be post correction, and the output of PEO would be quality an evaluation report, which will offer transferable and implementable lessons. However, this office is grossly underutilized, which causes a colossal waste of precious public money, apart from compromising the quality and performance of the parent organisation. Contrary to the present views, and in his experience, all monitoring and evaluation activities cannot be outsourced; and monitoring and evaluation is often input to the planning and implementing process. Further substantiating his point, he added that many outside organizations do not have access to the process data. Internal government organizations, which can facilitate and use process data in monitoring and evaluation, should be used to improving the methods of doing governments business under changing circumstances, changing conditions. We should move away from managing inputs to managing outcomes under changing scenario. He then introduced another concept to move away from the standard performance measurement of economy efficiency and effectiveness (3E’s) to something like diagnosis, design and develop (3D’s)By diagnosis he meant that the problems are diagnosed confronting the particular ministry or particular division or particular unit that is implementing a government program. Design referred to designing a strategy to address those problems which have been understood. And in the process of getting involved along with the agency, whatever the agency is doing, the auditor should get involved in the process and then develop capacity of their own as well as of the implementing agency to solve problems and be flexible. In summary and conclusion, he said that accountability under the new circumstances must undergo major changes. The role of the Finance Ministry or Internal Audit is reactive currently; it should be now proactive to re-award adaptive behavior and guidance. The spending agencies and the auditors should work together to optimize within the overall budgetary constraints. At the macro level the Finance Minister is saying that the budget deficit will be no more than 4% of GDP. The constraints are given, so there neither the auditor nor the implementing agencies can stretch themselves, and they have to accept that as a given parameter. However, within that parameter it is possible to device new strategies to optimize. Both auditors and the implementing agencies should work 4

for attaining the organizational goal, both should measure and monitor performance like output, outcome and impact. The auditor should not be concerned only with rules and regulations, but should rise above that. For attaining the organizational goal, outcomes and overall development should be as much as auditor’s responsibility as that of the implementing agency’s. Both should work for strengthening the link between performance monitoring, budgeting and evaluation. Both should work for trust through cooperative bargaining in the budget process rather than just imposing one’s wish on the other. Important Recommendations:

• The dictionary definition of ‘audit’ has evolved to mean ”systematic review or assessment of something”

• Audit should transcend beyond financial and accounts and should encompass the entire domain of governance.

• Audit should be formulating and refining standards and norms on a rolling basis and not as a one time exercise.

• The new auditor needs to be more of a manager, standard setter, and be IT savvy. • All monitoring and evaluation activities cannot be outsourced; they have to be

carried out in-house. • To achieve the organizational goal, outcomes and overall development should be

as much as auditor’s responsibility as that of the implementing agency’s.

5

Session VI Bridging the Gap: Issues and Challenges

Addressing the Seminar for the second time in the sixth session, Ms. Carman Young began with briefly summarizing the composition and the structure of the World Bank, which has five organizations. These are the IBRD, which started in 1944, the International Development Association, which is the grant-providing organization, the International Finance Corporation, which manages the private sector initiatives, the MIGA, which is Multilateral Investment Guarantee Agency and another very small agency whose role is to settle investment disputes and promote international development. Speaking about her organisation, she mentioned she heads the Internal Audit Organization for all five of those organizations. The Bank has 184 member countries, and there are offices in more than 100 countries. The total lending of IBRD and IDA for fiscal year ’05 was US$22 billion. This was to give a rough idea about the scale of operations her establishment has to oversee. She made a point that internal audit for any organisation should make information available, with five specific objectives for financial and operational ease, and that information should be accurate, timely, and reliable and should have integrity so that it can support decision making. Also, it should make sure that resources are acquired economically and used efficiently to safeguard the assets and it includes human, physical, and financial and information assets, to make sure that the actions are in compliance with not only laws and regulations, but also policies, procedures and contracts. Therefore, everything that internal audit does should be driven by business objectives of the unit or the program or the process internal audit examines. The fundamental idea is for the internal audit to get involved as those systems are being implemented to recommend changes in internal control that can be developed into systems, and not just be an add-on at the end. Speaking about her organizational role, she said that they report directly to the President and that gave them independence that they needed, hence making the point that the highest authority should directly be involved in audit reporting. However, she added that their they made sure that it was the management’s prerogative to accept risk, and it was left to the internal audit to make sure that they communicate the level of risk the management is taking, while also making sure that they understand what they are accepting in terms of risk. Deliberating further on her organisation, she said that she had four groups that are responsible for audits. Corporate service is a group that looks after all of the audits in the finance complex, treasury operations, human resources, and other service parts of the organization. Another group was development operations, which looks at the major development programs. The third was the country operations group which was a unit that looks after audits in the country offices. 1

She said that although they have significantly reduced the numbers of total audits undertaken, they now focus on more risky parts of the business. Finally, the fourth is a small IT group that looks after audits of infrastructure and platforms and contingency planning. She mentioned quality control is a must for audit, and that they had an external quality assessment of the internal audit function. The IIA standards now require this assessment at least one in every five years. Her group has used the quality assessment as a supportive measure to pursue change in the mandate of audit function. Coming to the aspect of ownership, she revealed that the US holds greater percentage of the share than any other shareholder, which is about 13% of ownership in the World Bank. Hence, the US legislature has considerable influence, and certain bills have been passed that links US appropriations to some conditions and one bill requires comprehensive assessment of internal controls of the Bank. She then narrated the experience in the Canadian government, where in 1984 a legislation was passed for semi-autonomous crown corporations to have a comprehensive assessment of internal controls by the external auditor, once every five years. The internal audit was required to develop its processes so well that the external auditor could rely on its work The internal audit group at the Bank wanted to emulate the Canadian model, and this was met with a lot of resistance by the US Treasury, the Legislature, but slowly internal audit won its ground. In a bid to upgrade the skills and the infrastructure, the Bank had introduced SAP as the ERP system for keeping track of the books in the finance operations, and they were able to identify about 100 business processes that needed immediate attention. The next step the audit undertook was to identify all of the business processes with high-risk ratings and they all were included in the audit plan. They also had to introduce some methodology changes to ensure that all of the auditors were using a consistent method in the audit. The internal audit used the COSO enterprises management framework as the evaluation matrix for making sure that they cover the same aspect of every operation, and the conclusion of every aspect of COSO-ERM for each audit. They used traditional risk and control matrices to review control activities, which were also normal internal controls or control activities that were intended to manage risks. Finally, they coordinated the process and unit audits to make sure that they were sequenced. As a secondary step, they also strengthened our internal reviews. For every audit, after conducting the preliminary planning phase the auditors had to meet the audit management team. Then the audit team went through the audit approach and the sampling plan, the risk evaluation matrices, and the risks that were being looked at, and hence the management team knew what was happening in every audit. 2

In a reciprocating measure, at the end of the audit, the audit team came back to the management team and discussed the results of all of the audit work and everyone had to come to a consensus as a management team on how significant were the deficiencies, how strong were the controls so that all members of the audit department understood how audit was undertaken and results actually achieved. This created a healthy atmosphere of learning, where the members were learning more about the entire organization with every project that the audit undertook, and this strengthened the internal quality assurance processes and we trained every one of the staff members on quality assessment. Importantly, the whole internal audit staff took the IIA training to become an internal assessor and validator for quality in an audit function, and this had ensured the standards of audit were duly maintained in the World Bank. Next in the session, Mr. Thomas Warga, began with introducing an internal audit study for identifying top ten challenges facing the public sector, which were found to be consistent around the world. These were adequate staffing, compensation of the staff, ability to measure performance, adequate technology resources, ability to report results timely, the ability to benchmark the work, promoting effective internal governance within the organization, establishing a risk-based plan for the audit, ability to bring in expertise to supplement the audit staff, and adequate resources for continuing education. Highlighting this, he went on to possible solutions. As far as adequate internal audit staff is concerned, we have to look at sharing resources between other agencies. Co-sourcing, going outside the organization, and leveraging of technology are possible solutions to this conundrum. In the long term, the idea could be to increase the supply of people into the profession. For this to take effect, the IIA is partnering with universities around the world in providing them with internal audit curriculum and materials. Coming to the perpetual question of motivation, he said that there are alternative strategies like money, however not everybody is motivated by money. It’s not just salary that motivates people; there are other things as well. For measuring performance, it’s always better to start with the customer to determine their expectations in order to measure the outputs. Benchmarking inside the organizations is helpful to determine measures of performance, and it should always be result based. He also made an important point that Co-sourcing or outsourcing only works if the task is very specific. Coming to the issue of reporting, he said that the results should be reported timely; however, report writing usually is the stumbling block, and report writing skill training is very crucial. 3

Talking about the important issue of benchmarking, he said that audit departments should make sure that every aspect should be benchmarked against what is the current practice in other organizations, including promoting effective corporate governance or effective governance within the organizations He then said that risk-based audit plan is an excellent approach. The risk should be measured at two levels; in the overall audit plan, and while the actual engagement is undertaken Finally, concluding the session, he came to the issue of training, which was always found to be very important for the internal audit profession, to keep people current in their profession, in the content of auditing. The training in basic report writing, audit skills, content skills should be formalized. Important Recommendations:

• The audit information should be accurate, timely, and reliable and should have integrity so that it can support decision making.

• The Management should have an external quality assessment of the internal audit function.

• According to a study, top ten crucial issues facing the internal audit in public sector could be listed as:

i. adequate staffing, ii. compensation of the staff, iii. ability to measure performance, iv. adequate technology resources, v. ability to report results timely, vi. ability to benchmark the work, vii. promoting effective internal governance within the organization, viii. establishing a risk-based plan for the audit, ix. ability to bring in expertise to supplement the audit staff, x. Adequate resources for continuing education.

• Co-sourcing or outsourcing of internal audit only succeeds if the task is very specific.

• Internal audit results should be reported timely; and report writing is very crucial for internal audit.

• Benchmarking of standards within the organizations is helpful to determine measures of performance.

• The most important aspect for internal auditor is continuing training, to keep people current in their profession, in the content of auditing. Training in basic report writing, audit skills, and content skills should be formalized.

4

Session VII Review and General Discussion

The last session was an overall review of the proceedings of the Seminar, and a general discussion on the more pertinent issues. Shri G P Gupta, CCA, M/o Finance gave a presentation summarizing the proceedings of the Seminar, and gave an introduction to the pilot project on internal audit in the M/o Environment and Forests. The distinguished speakers on the dais were Dr. Adarsh Kishore, Finance Secretary to Government of India, Shri S W Oak, Controller General of Accounts, and Ms. Carman L Young, Auditor General, The World Bank,

Shri G P Gupta began the session by addressing the current status of internal audit in the various ministries and departments. He commented that we have primarily confined ourselves to compliance audit or to regulatory audit. Elaborating upon the compliance audit, which is akin to transaction audit rather than systems audit he regretted the fact that internal audit is not considered important.

He then described the pilot project in the Ministry of Environment and Forest, and the reasons for selecting this particular Ministry for Pilot Project. The first important reason was that the top management was willing to be a party to the project, thus addressing the basic issue of ownership. Also, the Ministry had the combination of dealing with the state governments, the autonomous bodies, public sector undertakings, and also with the non-governmental organizations, or NGOs. In sum, the Ministry would cater all the dimensions of the governance and one could try out different schemes which would work in different entities of semi-government, the government and the non-governmental organizations. Another reason was that the Ministry of Environment and Forest had been working on an e-governance project. Further discussions with the consultants revealed that it would fit into the overall e-governance Project to define the controls, scope and revised mandate of internal audit in this Ministry.

He then began to sum up the lessons learnt in the two days of the Seminar, and particularly highlighting client expectations from internal Audit as brought out by Mrs. Veena Upadhyaya, Joint Secretary, Ministry of 1

Environment and Forests. She had drawn attention to the interesting evolution of the word audit where the first definition of audit was ‘official examination of accounts’ which moved on to ‘official examination of financial records’, and then further to ‘official examination of quality or standards of something’. This, she said, meant for a requirement to set the standards and one needed to examine the results with reference to the preset standards or the benchmark and then finally have a systematic review or assessment of programmes and activities completed. The scope of audit in her assessment was something, which is quite different than what we are doing today; the audit to transcend the domain of finance and accounts to embrace and encompass the entire domain of governance. Moreover, she stated that audit is not merely ensuring adherence to standards but taking a proactive advocacy, formulation of standards, and refinement on a continuous basis.

Shri Gupta then went on to address the recently introduced outcome budget, and its format containing the risk parameters, risk assessment, risk identification, where each parameter needs to be independently assessed and reported in a timely manner, leaving enough time for mid course corrections. The risk analysis flows from the outcome budget, which demands a move from transaction or compliance audit to program or scheme audit.

He then summarized the session by Shri. S.P. Pal, Advisor, Planning Commission who had earlier introduced the 3Ds of diagnosis, design, and development, and how they aptly apply to internal audit in the Government. Today in the Government, there is a severe resource crunch, both in terms of the quality and the quantity, which has to be addressed with requisite skills. Internal audit needs to be assertive and incisive, and it cannot be seen as a conflicting entity with external audit. There is no conflict between these two sets, which generally seems to be the perception at times. Internal audit needs to be a participative process and not a fault finding exercise. The operational policy has to be drawn in consultation with the executive. Shri. Gupta finally referred to the Capability-Maturity Matrix which Ms Carman Young had earlier explained in the first session of the Seminar. He then requested Ms. Young to once again elaborate the concept of the matrix, for the benefit of the Finance Secretary. 2

Following the presentation by Ms. Young, Shri S W Oak, CGA addressed the gathering, and brought out the need to make a 360-degree turn in the role of internal audit. He said that it had been supply driven because so far it had just been checking the compliance of procedures and records set earlier. It should ideally be demand driven.

He also mentioned the outcome budget; where the last column mentions risk factors. Here, internal audit could be given the role of monitoring these risk factors on an ongoing basis. There was yet another important phase of implementation, which questions whether the monitoring and evaluation systems, which have been laid down are adequate and serve the purpose.

CGA then highlighted the important issues of empowerment and ownership, which for him were the core of the matter. He also brought out the important point of lack of legislative framework and indicated that internal audit is not even mentioned in the Allocation of business rules. He expressed his concerns on the quality aspects which need to be addressed through skill up-gradation, training etc.

CGA finally referred to the dichotomy between internal and external audit, and said that he was pleasantly surprised to find that the deputy CAG was willing to give performance audit role to internal audit. The C&AG had also expressed his concern on strengthening of internal audit.

Dr. Adarsh Kishore, Finance Secretary also addressed the gathering in the concluding session. He commenced his address by mentioning that the international best practices and existing standards should be examined in terms of their possibility of being replicated with improvements and adaptation in India. He said that a simple expenditure audit, which is constitutionally mandated essentially for the post expenditure audit is not adequate. There is a very, very healthy realization today in the entire country and indeed particularly so in the finance and accounts community of our country that it is not enough to have handsome provisions only; what is important is satisfactory outcomes.

He strongly felt that the time had come when we move away from the perfunctory, more formal than substantial compliance of the discipline “of our expenditure norms.” It is not merely the sheer volume of expenditure that has grown but the entire processes of the government have changed fundamentally and that brings in the element of complexity in the kind of audit we have at 3

present. Therefore there is no debate on the need to revisit the entire concept and its relevance with changed requirement, identification of the change, and the pace of change in the entire concept structure, procedures, and the mandate.

That, he said, brings us to the question of ownership. The role of internal audit to be redefined must be owned with a fresh mandate by the government. The second aspect of the ownership is that the internal auditors own what they are contributing in terms of their advice and actions vis a vis the executive. Redefining internal audit will have to be a process which has a collaborative and cooperative understanding in the whole matter. At every stage the ownership will entail and will demand that one adds value to the process of implementation in terms of its probity, in terms of its transparency, and in terms of its quality and that cumulative effect is transformed as it were, into a better design.

He further said that if there is a thesis and an anti-thesis they must converge, by conflict, into a synthesis, which itself at the higher stage of evolution becomes a thesis giving a confrontational position with another anti-thesis and giving rise to yet another superior synthesis and so on. The whole process is evolutionary. The dialectics of our internal audit ought to be that while one appears to be presenting an adversarial view, a view which does not strengthen the other’s sense of comfort with what they have done. In fact it introduces a minor agitation in the other’s mind, which is healthy, which is positive, which is encouraging and the two sit down and give rise to something, which contains the seeds of both and emerge as a superior product then the one, which was subjected to audit.

That, he said, takes one to the third issue of mandate. The efficacious functioning and advice of internal audit will be only as good as it is formally mandated. As a part of the system whether it is an executive fiat or it is a legislative mandate, it can still be a part of the process. The mandate has to come from the highest level of government, either suo-moto or as legislated by the parliament. That’s a matter of detail but the mandate remains important and he announced that he would undertake to set in motion a process, which would result in a formal mandate for internal audit as an integral part of the management of the finances of this country. 4

He then very generously asked the CGA to draw upon the talent, expertise and the experience that might be available overseas and internally in the country, in the academia, in the private sector, and the public sector to draw upon a revised mandate. For this he put forth a sum of Rupees 100 million during this fiscal to kick start the process.

He then expressed his gratefulness to the World Bank for having given the intellectual and financial support and also mentioned that while the path has been shown, the need has been highlighted; we can now take over the baton from them. For this, he reiterated that there is no constraint of resources. He suggested that CGA may send four or five small groups for interacting with the corresponding functionaries abroad and see what the best practices that are being talked about. For this he gave his assurance for a most favorable and sympathetic consideration at the highest level, and he made it his responsibility to see that before the fiscal is out, CGA will have a formal mandate in the charter of responsibility to begin with.

That, he said brings us to yet another question of evolution of this concept, as very succinctly recapitulated earlier. He referred to the earlier used expression of ‘transcendence of accounts and finance’. He said that the transcendence should not ultimately result in levitation that one just rises above the whole thing; we must be firmly grounded into what the accounts and finances are, because it is ultimately the line ministries’ responsibility to ensure that not only is the money utilized but it also gives best value for money.

He then briefly commented upon the evolution and growth in the concept of budget in India, which has changed from the constitutionally mandated annual financial statement to the performance budget and now the recently introduced outcome budget. There is an organic and harmonious relationship between these different kinds of budget.

The outcome budget is mandated to capture the deliverables flowing from the provisions presented in the annual financial statement. We must be prepared and eternally vigilant to see that the deliverables are delivered. He added that this country is running and doing well because of the unsung, and silent, dedicated workers who are doing their job well, in a sincere clean fashion. 5

We must expand and formalize our systemic arrangements by addressing the issues such as the relationship with the financial advisor, the program evaluation organization of Planning Commission, external audit and finally with the executive. He concluded with three pertinent sentences, which are reproduced verbatim:

i. One: today we will disperse with a determination to make internal audit more efficient, value adding, and formally mandated in the governance of this country.

ii. Two: that we will build our capacity to do things better with skills which may not exist with us today; for this we will tap both national and international resources

iii. Third: the negative perception, which sometimes get attached to finance people would soon be turned into a matter of the past and people shall look at us as a resource, as a human capital, that is adding value not only to the concept or design of schemes but also in their implementation in order that we hand over to the next generation a better government, and a better India.

6