Project

Guideline for

Auditing Internal Control Systems

Claudia Kroneder-PartischAustrian Court of Audit

2

Objectives of the guideline

Development process

Structure and key elements of the guideline

Lessons learned in the pilot phase

ICS Guideline Project

ICS Guideline Project Kroneder-Partisch

3

Starting point

Audit focus at the ACA in 2014:“Internal Control Systems”

Audit focus - Objectives:

• Auditing efficiency and effectiveness of ICS

• General statements and recommendations on ICS

ICS Guideline Project

ICS Guideline Project Kroneder-Partisch

4

Purpose of the guideline

Guideline for performance audits

Support tool for the audit team

Practical relevance

Focus on the key elements of ICS audits – no comprehensive checklist

ICS Guideline Project

ICS Guideline Project Kroneder-Partisch

ICS Guideline Project

Project team

Sponsor: President Josef Moser

Project Managers:

Head of Department responsible for ICSHead of Department responsible for knowledge management

Team members:

8 team members with long-standing experience

• ICS

• Audit of enterprises

• Audit of municipalities

• Procurement audit

• Audit of subsidies

• Audit of financial management

• Prevention of corruptionICS Guideline Project Kroneder-Partisch 5

ICS Guideline Project

Process and timeline

Kick-off at meeting of directors of the ACA: August 2013

4 meetings of the working group - planning structure and content, finding joint approach- assignment of tasks- harmonization, finalization

Bilateral exchange

Presentation of draft at ACA training conference: December 2013

First application of the guideline in a pilot/feedback phase: January 2014

ICS Guideline Project Kroneder-Partisch 6

ICS Guideline Project

Structure of the Guideline

Modular structure

General part

ICS: Definition and objectives ICS-Standards: COSO / INTOSAI Main audit questions / evaluation criteria Reference to key statements concerning ICS in

former audit reports

ICS Guideline Project Kroneder-Partisch 7

ICS Guideline Project

Structure of the Guideline

Specific parts

i.e. guidelines for auditing ICS for 5 typical ICS-relevant audit topics

- Small organisations / companies - Procurement- Subsidies- Financial management - Municipalities

Main audit questions and risks to be identified Reference to key statements in former audit

reportsICS Guideline Project Kroneder-Partisch 8

ICS Guideline Project

Pilot/Feedback phase

Application by audit teams – since January 2014

Feedback

• Positive reception – with regard to the general concept as a support tool

ICS Guideline Project Kroneder-Partisch 9

ICS Guideline Project

Pilot/Feedback phase

Approval of

• Definition of key audit issues and risks – formulating concrete audit questions

• Reference to key positions in former audit reports

• Bibliographical references

• Modular structure

ICS Guideline Project Kroneder-Partisch 10

ICS Guideline Project

Trial/Feedback phase

Need for further discussion and guidance

• Segregation of duties

What duties should be separated (without creating red tape)

• Size of organization and ICS

- Very small organizations- Auditing ICS in large organizations –

specifying the audited fields

ICS Guideline Project Kroneder-Partisch 11

ICS Guideline Project

Trial/Feedback phase

Need for further discussion and guidance

• ICS and awareness about ICS-Standards

Does developed bureaucracy ensure certain level of ICS?

• Risk of management override

• Audit sampling

Sampling for examining effectiveness and functioning of a system

ICS Guideline Project Kroneder-Partisch 12

Thank your for your attention!

13

ICS Guideline Project

ICS Guideline Project Kroneder-Partisch

Backup

14ICS Guideline Project Kroneder-Partisch

ICS Guideline Project

ICS - audit focus

Areas with relevant risks • Potential loss / extent of financial damage• Risk of mismanagement, risk of misallocation • Risk of corruption• Risk of deterioration in reliability of state

systems / deficiencies in performing state tasks

Evaluation / audit statementEffectiveness / reliability of ICS

15ICS Guideline Project Kroneder-Partisch

ICS Guideline Project

ICS - audit focus

Cost-benefit approachcontrols must be adequate to the risk to be avoided (extent of damage and probability of occurrence)

ICS as on-going process regular and systematic review of the ICS

16ICS Guideline Project Kroneder-Partisch

17

Audit questions and Risks to be identified (1)

ICS Guideline Project

Has the audited entity identified and assessed its main risks?

No risk awareness of the management/organisation

Is there a clear definition of procedures and responsibilities?

No standards, no reliability, no transparency

Are these standards appropriate to limit risk and to ensure the achievement of goals?

No risk-adequate (control) processes, no effectiveness

ICS Guideline Project Kroneder-Partisch

18

Audit questions and Risks to be identified (2)

ICS Guideline Project

Are the provisions relevant for ICS met? No effectiveness

Are errors and undesirable developments identified?

No accuracy

Based on the detected deficiencies: are adequate conclusions drawn; is the ICS adapted in a adequate manner?

No adaptability of the system

ICS Guideline Project Kroneder-Partisch