Upload
holly-garrison
View
220
Download
1
Tags:
Embed Size (px)
Citation preview
Project
Guideline for
Auditing Internal Control Systems
Claudia Kroneder-PartischAustrian Court of Audit
2
Objectives of the guideline
Development process
Structure and key elements of the guideline
Lessons learned in the pilot phase
ICS Guideline Project
ICS Guideline Project Kroneder-Partisch
3
Starting point
Audit focus at the ACA in 2014:“Internal Control Systems”
Audit focus - Objectives:
• Auditing efficiency and effectiveness of ICS
• General statements and recommendations on ICS
ICS Guideline Project
ICS Guideline Project Kroneder-Partisch
4
Purpose of the guideline
Guideline for performance audits
Support tool for the audit team
Practical relevance
Focus on the key elements of ICS audits – no comprehensive checklist
ICS Guideline Project
ICS Guideline Project Kroneder-Partisch
ICS Guideline Project
Project team
Sponsor: President Josef Moser
Project Managers:
Head of Department responsible for ICSHead of Department responsible for knowledge management
Team members:
8 team members with long-standing experience
• ICS
• Audit of enterprises
• Audit of municipalities
• Procurement audit
• Audit of subsidies
• Audit of financial management
• Prevention of corruptionICS Guideline Project Kroneder-Partisch 5
ICS Guideline Project
Process and timeline
Kick-off at meeting of directors of the ACA: August 2013
4 meetings of the working group - planning structure and content, finding joint approach- assignment of tasks- harmonization, finalization
Bilateral exchange
Presentation of draft at ACA training conference: December 2013
First application of the guideline in a pilot/feedback phase: January 2014
ICS Guideline Project Kroneder-Partisch 6
ICS Guideline Project
Structure of the Guideline
Modular structure
General part
ICS: Definition and objectives ICS-Standards: COSO / INTOSAI Main audit questions / evaluation criteria Reference to key statements concerning ICS in
former audit reports
ICS Guideline Project Kroneder-Partisch 7
ICS Guideline Project
Structure of the Guideline
Specific parts
i.e. guidelines for auditing ICS for 5 typical ICS-relevant audit topics
- Small organisations / companies - Procurement- Subsidies- Financial management - Municipalities
Main audit questions and risks to be identified Reference to key statements in former audit
reportsICS Guideline Project Kroneder-Partisch 8
ICS Guideline Project
Pilot/Feedback phase
Application by audit teams – since January 2014
Feedback
• Positive reception – with regard to the general concept as a support tool
ICS Guideline Project Kroneder-Partisch 9
ICS Guideline Project
Pilot/Feedback phase
Approval of
• Definition of key audit issues and risks – formulating concrete audit questions
• Reference to key positions in former audit reports
• Bibliographical references
• Modular structure
ICS Guideline Project Kroneder-Partisch 10
ICS Guideline Project
Trial/Feedback phase
Need for further discussion and guidance
• Segregation of duties
What duties should be separated (without creating red tape)
• Size of organization and ICS
- Very small organizations- Auditing ICS in large organizations –
specifying the audited fields
ICS Guideline Project Kroneder-Partisch 11
ICS Guideline Project
Trial/Feedback phase
Need for further discussion and guidance
• ICS and awareness about ICS-Standards
Does developed bureaucracy ensure certain level of ICS?
• Risk of management override
• Audit sampling
Sampling for examining effectiveness and functioning of a system
ICS Guideline Project Kroneder-Partisch 12
Thank your for your attention!
13
ICS Guideline Project
ICS Guideline Project Kroneder-Partisch
Backup
14ICS Guideline Project Kroneder-Partisch
ICS Guideline Project
ICS - audit focus
Areas with relevant risks • Potential loss / extent of financial damage• Risk of mismanagement, risk of misallocation • Risk of corruption• Risk of deterioration in reliability of state
systems / deficiencies in performing state tasks
Evaluation / audit statementEffectiveness / reliability of ICS
15ICS Guideline Project Kroneder-Partisch
ICS Guideline Project
ICS - audit focus
Cost-benefit approachcontrols must be adequate to the risk to be avoided (extent of damage and probability of occurrence)
ICS as on-going process regular and systematic review of the ICS
16ICS Guideline Project Kroneder-Partisch
17
Audit questions and Risks to be identified (1)
ICS Guideline Project
Has the audited entity identified and assessed its main risks?
No risk awareness of the management/organisation
Is there a clear definition of procedures and responsibilities?
No standards, no reliability, no transparency
Are these standards appropriate to limit risk and to ensure the achievement of goals?
No risk-adequate (control) processes, no effectiveness
ICS Guideline Project Kroneder-Partisch
18
Audit questions and Risks to be identified (2)
ICS Guideline Project
Are the provisions relevant for ICS met? No effectiveness
Are errors and undesirable developments identified?
No accuracy
Based on the detected deficiencies: are adequate conclusions drawn; is the ICS adapted in a adequate manner?
No adaptability of the system
ICS Guideline Project Kroneder-Partisch