Standard Setting by Compliance Audit Subcommittee of International Organisation of Supreme Audit InstitutionsBy Mr. V. Kurian, Additional Deputy Comptroller & Auditor General (Western Region), O/o the CAG of India, New Delhi

1. About Compliance Audit Subcommittee

Compliance Audit Subcommittee (CAS) is one of the subcommittees under the Professional Standards Committee (PSC) of the International Organisation of Supreme Audit Institutions (INTOSAI). The mandate of CAS includes developing guidelines for compliance audit and giving practical guidance on how compliance audit should be planned, executed and reported. CAS has 19 members with India as the chair. The other members are Azerbaijan, Brazil, China, European Court of Auditors, France, Georgia, Hungary, Lithuania, Mexico, Namibia, Norway, Portugal, Romania, Russia, Saudi Arabia, Slovakia, South Africa, Tunisia and African Organisation of Supreme Audit Institutions with observer status.

2. Standard Setting Activities of Compliance Audit Subcommittee

Standard setting is one of the main goals of INTOSAI. INTOSAI has approved the International Standards of Supreme Audit Institutions (ISSAI) framework listing out the different standards governing audit by Supreme Audit Institutions. After adoption of the first INTOSAI Strategic Plan for the period 2005-2010, a dedicated Committee namely, Professional Standards Committee was formed by INTOSAI to develop and consolidate professional standards in the INTOSAI community. CAS as a Subcommittee of the Professional Standards Committee, guides the standard setting, implementation and monitoring of standards relating to compliance audit in the INTOSAI community. CAS is guided in this process, by the Strategic Plan of INTOSAI (2017-2022), the Strategic Development Plan (2017-2019) providing general strategy and work plan for standard setting in INTOSAI and the policies laid down by governance bodies of INTOSAI dealing with professional standards in INTOSAI especially the Professional Standards Committee and the Forum for INTOSAI Professional Pronouncements (FIPP). In setting standards, CAS follows the due process approved by INTOSAI for setting of standards and the drafting conventions developed by FIPP.

3. Current ISSAI based Projects of Compliance Audit Subcommittee

International Organisation of Supreme Audit Institutions (INTOSAI) in its XXII Congress held in United Arab Emirates in December 2016 approved its Strategic Development Plan (SDP) for the period 2017-2022 and adopted a new ‘INTOSAI Framework for Professional Pronouncements (IFPP). The Congress also approved the new version of ISSAI 4000 on Compliance Audit.

The Strategic Development Plan (SDP) for the INTOSAI Framework of Professional Pronouncements (IFPP) consists of the following three priorities for relating to professional standards;

Priority 1 – Implementing the revised INTOSAI Professional Pronouncements as soon as possible after approval of the framework by INCOSAI.

Priority 2 – Providing improved INTOSAI Guidance by 2019 that can better support audits in accordance with the ISSAIs;

Priority 3 – Preparing for further development of INTOSAI’s Professional Pronouncements in key areas beyond 2019;

The projects under Priority 1 are primarily aimed at renumbering and relabeling of existing ISSAIs in the context of revised ISSAI framework and are undertaken by PSC. The projects under Priority 3 are yet to be determined since they are scheduled beyond 2019. CAS has been considered the natural entity for the following projects listed under Priority 2 of SDP;

1. Project 2.2 of Strategic Development Plan (SDP) of INTOSAI Framework of Professional Pronouncements (IFPP) on ‘Provide guidance on compliance audit’
2. Project 2.3 of Strategic Development Plan (SDP) of INTOSAI Framework of Professional Pronouncements (IFPP) on ‘Using ISSAIs in accordance with SAI’s mandate and carrying out combined audits’.

The above projects details of which are given below are at early stages of implementation.

a. Project on ‘Provide guidance on compliance audit’

The rationale for undertaking Project 2.2 on providing guidance on compliance audit was the fact that only limited practical guidance was available for carrying out compliance audit as per ISSAI 4000. After the earlier ISSAI-4100 on carrying out compliance audits separately from audit of financial statements and ISSAI-4200 on compliance audits carried out along with audit of financial statements were withdrawn, upon approval of the new ISSAI 4000, some of the Supreme Audit Institutions (SAIs) expressed a need for more practical guidance on the “authorities” to be considered while examining regularity and propriety aspects in compliance audit. The project while ensuring consistency with ISSAI 100-Fundamental Principles of Public Sector Auditing, ISSAI 400-Fundamental Principles of Compliance Auditing and ISSAI 4000-Compliance Audit Standards, will provide more detailed guidance on the criteria to be adopted for measuring compliance with regularity and propriety aspects, after studying practices prevalent in different SAIs. The project will also consider ISSAI 1250 - Consideration of laws and regulations in audit of financial statements, since verification of compliance with laws and regulations is a core objective of compliance audit. The Project Leader of this project is SAI Norway and other members of the project team include SAI France, SAI Brazil, European Court Auditors, SAI India and SAI South Africa. Presently, work on the exposure draft of the project is under progress. The exposure draft of the guidance is expected to be ready by July 2018.

b. Project on using ISSAIs in accordance with SAI’s mandate and carrying out combined audits’

ISSAI 100 states that in general, public-sector audits can be categorized into one or more of three main types: audits of financial statements, audits of compliance with authorities and performance audits. The objectives of any given audit will determine which standards apply. Combined audits refer to one type of audit carried out simultaneously with another type of audit. This may include compliance audit being carried out simultaneously with financial attest audit or performance audit. At the moment, there is no practical guidance in INTOSAI for such combined audits. The project taken up by CAS as the chair in coordination with the Financial Audit and Accounting Subcommittee and the Performance Audit Subcommittee of PSC aims to provide detailed guidance on conducting such combined audits.

SAI-Romania is the leader of the Project. SAIs of Brazil, China, European Court of Auditors, Hungary and Tunisia are the other members of CAS for the project. The project is expected to be completed by the end of 2020.

4. Due Process for developing guidelines

The Forum for INTOSAI Professional Pronouncements (FIPP) is the designated standard setting body of INTOSAI responsible for implementing a uniform approval process for the IFPP pronouncements following the INTOSAI Due Process. The Due Process establishes the formal process for developing, revising and withdrawing ISSAIs and other pronouncements. There are four main stages in developing and issuing a pronouncement as given below:

Stage 1: Project proposal
Stage 2: Exposure draft
Stage 3: Endorsement version
Stage 4: Final Pronouncement

The due process provides the quality assurance required for any standard setting activity and ensures that a consultative approach is adopted in developing the standards.

5. Challenges in standard setting

Standard setting activities in INTOSAI community has its own challenges primarily arising from the variations in the mandate and structure of the member supreme audit institutions. The legal mandates of individual SAIs have primacy over the standards and hence standard setting has to keep in mind this reality. The organisational structures of SAIs also vary with primarily two types of entities namely those which are based on Westminster model and those functioning as courts of audits. The auditing mandates also vary accordingly. In a project dealing with authorities for assessment of propriety in transactions the cultural differences between SAIs have to be recognised and given due consideration. The standard setting in INTOSAI being a voluntary activity today, the need for establishing a permanent mechanism for providing technical support is also felt necessary. CAS overcomes these challenges through a consultative process within the INTOSAI community and through the cooperation of all the members of INTOSAI particularly the member SAIs of Compliance Audit Subcommittee.