Review Quality Assurance PDF

Quality Assurance Review Handbook, 2012 Office of the Auditor General, Nepal
Chapter 1
Introduction to Quality Assurance Review
Purpose and Overview

The purpose of this chapter is to emphasise the objective and importance of quality
assurance (QA) in audit as it relates to the Office of the Auditor General, Nepal. The
main purpose of this handbook is to provide a step-by-step approach for performing
internal Quality Assurance Reviews.
The chapter describes the basic concepts relating to quality, quality control and quality
assurance. Distinctions of these concepts are achieved through the sections that explain
the characteristics of quality and the differences between quality assurance and quality
control. Quality Control (QC) and Quality Assurance (QA) are two different aspects of a
robust quality control mechanism, and both are critical to the effectiveness of an SAI’s
performance. Quality control is a term that encompasses the policies and procedures that
are put in place in an OAGN to ensure that its audit work is of consistently high quality.
Since the quality of OAGN products and services is of utmost importance in creating the
desired impact on the external stakeholders, a Quality Assurance function needs to be
established (or strengthened) in OAGN.
The study of quality assurance is anchored on the related and appropriate quality
standards and guidelines taken from the INTOSAI and ASOSAI which highlight the
requirements for quality services and outputs of an SAI.
This chapter concludes with a brief discussion on the types of QA reviews which can
either be performed internally or by external persons, or may pertain to pre-issuance or
post-audit reviews. Such reviews may also be undertaken on the OAGN as a whole,
and/or for a specific audit.
1. Quality, Quality Control and Quality Assurance
1.1 Quality
Quality has been defined as the totality of the features and characteristics of a product or
service that bears on its ability to satisfy stated or implied needs. In public audit, quality
management involves a system composed of an organisation, the Office of the Auditor
General (OAGN) - its people – the auditors – and the audit process - all working together
to produce the outputs that fulfil the requirements of its stakeholders and the general
public. For the OAGN to be able to do this, it needs to define what these requirements are
and how it will be able to satisfy them. Provision of the highest degree of satisfaction of
its stakeholders’ or clients’ needs requires setting up quality measures which should drive
the OAGN’s processes and outputs.
1
It should seek to carry out its audit work at a consistently high level of quality in order to
increase the OAGN’s productivity and effectiveness.
1.2 Characteristics of Quality
There are certain characteristics or attributes by which the quality of an audit is
measured. The general characteristics of the quality of an audit may include:
Significance How important is the subject matter that was examined in the audit?
This, in turn, can be assessed in several dimensions, such as the
financial size of the audited entity and the effects the audited entity
has on the public at large, or on major national policy issues.
Scope Did the audit task plan properly address all elements needed for a
successful audit? Did the execution of the audit satisfactorily
complete all the needed elements of the task plan?
Reliability Are the audit findings and conclusions an accurate reflection of actual
conditions with respect to the matter being examined? Are all
assertions in the audit report or other product fully supported by the
data gathered in the audit? Is all material evidence that was gathered in
the audit properly reflected in the opinion or findings and conclusions?
Objectivity Was the audit carried out in an objective and fair manner, without
favour or prejudice? The auditors should base their assessment and
opinion purely on the facts and sound analysis of the available
information.
Timeliness Were the audit results delivered at an appropriate time? This may
involve meeting a legal or statutory deadline, or delivering audit
results when they are needed for a policy decision, or when they will
be most useful in correcting management weaknesses
Clarity Was the audit report clear and concise in presenting the results of the
audit? This typically involves being sure that the scope, findings and
any recommendations can be readily understood by busy executives
and parliamentarians who may not be experts in the matters that are
addressed, but may need to act in response to the report.
Efficiency Were the resources assigned to the audit reasonable in light of the
significance and complexity of the audit?
Effectiveness Did the findings, conclusions and recommendations get an appropriate
response from the audited entity, the government and/or parliament?
2
1.3 Quality Control
Quality control within an OAGN consists of policies and procedures that are put in place
to assure that its audit work is of a consistently high quality. An OAGN establishes and
maintains a system of quality control to provide it with reasonable assurance that:
• The OAGN and its personnel comply with professional standards and applicable
legal and regulatory requirements; and
• Audit reports issued by the OAGN are appropriate in the circumstances.
Quality Control is implemented with respect to the OAGN’s activities that support the
audit process and for all aspects of the audit process including:
¾ Selecting matters for audit;
¾ Deciding the timing of the audit;
¾ Planning the audit;
¾ Executing the audit;
¾ Evaluating audit findings;
¾ Reporting audit results, including conclusions and recommendations; and
¾ Following up audit reports to ensure that appropriate action is taken.
1.4 Quality Assurance Review

Quality Assurance is the process that provides independent assurance to the Auditor
General that the quality control systems and practices in the organisation are working
effectively and that the OAGN is issuing appropriate reports. Thus, Quality Assurance is
the process of comparing what is required of a product and what is actually being
provided to the users of that product.
Quality Assurance is the process established by an OAGN to ensure that:
a) The OAGN and its personnel have adhered to professional standards and applicable
legal and statutory requirements;
b) Necessary quality controls are in place;
c) Quality controls are being properly implemented; and
d) Potential ways of strengthening or otherwise improving quality controls are
identified.
3
As such, Quality Assurance is an assessment process focusing on the design, operation,
outputs (reports) and outcomes of the quality control system by persons independent of
the system/audit under review. The purpose of Quality Assurance is not to criticise
specific systems/audits but to help ensure that the audit products and services meet the
required international best practices and the needs of the OAGN’s stakeholders.
1.5 Quality Assurance Review versus Quality Control

Although at times QA and QC are used interchangeably, there is a clear difference in
scope and meaning of the two terms.
As already stated above, QC involves the policies and procedures through which an
OAGN ensures that all phases of an audit process (planning, execution, reporting and
follow-up) are carried out in compliance with OAGN auditing standards, rules,
procedures and practices in line with the best international practices. Basically it is a
responsibility of each line function in an OAGN. QA is also a responsibility of
management.
On the other hand, Quality Assurance is a process through which an OAGN assesses and
monitors the system of quality control, to provide reasonable assurance to its top
management that its process and product meet quality standards. This assessment is
designed to ensure that the OAGN’s system of quality control is working effectively and
that individual audits are carried out in compliance with OAGN standards, rules,
practices and procedures. These should be in line with best international practices as
reflected in INTOSAI Standards of Supreme Audit Institutions (ISSAIs) and ASOSAI
Guidelines or pronouncements on auditing standards and the code of ethics, appropriately
adapted to suit the needs of national regulations and standards.
1.6 Benefits of the QAR

The benefits that can be derived from an effective quality assurance function include the
following:
9 Ensure a high standard of audit work by improving audit performance and results;
9 Ensure that the audit is conducted in the most efficient and cost effective way;
which can lead to savings in audit time and cost;
9 Improve the capability of the OAGN;
9 Maintain a high degree of integrity, accountability and competence;
9 Enhance the credibility and reputation of the OAGN;
9 Improve training and identification of additional training needs;
4
9 Motivate the personnel of the OAGN;
9 Facilitate self-assessment of audit work performed;
9 Provide a management tool for measuring the performance of the OAGN; and
9 Avoid possible litigation by ensuring the OAGN’s work is of high standard and
quality.
1.7 Quality Standards and Guidelines

1.7.1 Quality Standards and Guidelines of OAGN
The following guidelines and directives have been issued in order to maintain
impartiality, making the audit a system-based and to enhance quality of audit function
that ensures compliance with standards and professional conduct pronounced by the
International Organization of Supreme Audit Institutions:
• Government Auditing Policy Standards,
• Operational Guide on Government Audit,
• Procurement Audit Guide,
• Administrative Expenses Audit Guide,
• Revenue Audit Guide,
• Performance Audit Guide,
• Project Accounts Audit Guide,
• DDC Audit Guidelines,
• Directives to the Auditors for the Audit of Public Enterprises,
• General Directives on Government Auditing,
• Directives of Auditor General of Nepal, and
• Other Directives and Circulars Relating to Audit.
In addition to the directives on audit and audit standards, following internal guidelines
have been applied consistently in order to maintain uniformity in audit methodology:
• General Directives on Audit of Revenue and Deposits,
• General Directives on Audit of Foreign Assistance (Grant and Loan),
• Checklist relating to Accounting and Financial Management,
• Directives to Composite Audit Team,
5
• System of Monitoring and Reviewing Audit,
• Guidelines on Irregularities common on nature and Language to be Used,
• Guidelines on Segregating Irregularities to be expressed in terms of Amount and
Thematic Issues.
1.7.2 International Standards of Supreme Audit Institutions (ISSAIs)

INTOSAI has issued a number of standards which are relevant to quality assurance in
OAGN. They have been placed along with other standards in the framework of
International Standards of Supreme Audit Institutions (ISSAIs). These are classified in
the following table:
Table 1: Summary of International Standards of Supreme Audit Institutions
S.N. Level Name of Level Range of Name of Standards
Standards or Guidelines
1. 1 Founding Principles 1-9
2. 2 Prerequisites for the 10-90
Functioning of SAIs
3. 3 Fundamental 100-900
Auditing Principles
4. 4 Implementation 1000-2999 Financial Audit
Guidelines Guidelines
3000-3999 Performance Audit
Guidelines
4000-4999 Compliance Audit
Guidelines
5. 4 Specific Guidelines 5000-5999 Guidelines on Specific
Subjects
5000-5099 Guidelines on Audit of
International
Institutions
5100-5199 Guidelines
on Environmental
Audit
6
5200-5299 Guidelines
on Privatization
5300-5399 Guidelines on IT-audit
Public Debt
Disaster-related Aid
5600-5699 Guidelines on Peer
Reviews
6. INTOSAI GOV 9100-9199 Guidance on Internal
Control Standards
9200-9299 Guidance on
Accounting Standards
1.7.3 ASOSAI Guidelines

ASOSAI has issued a number of guidelines which are relevant to quality assurance in
OAGN. These are classified in the following table:
Table 2: Main guidelines issued by ASOSAI
S.N. Guidelines Issuing Institution
1 Guidelines on Audit Quality Management System ASOSAI
(AQMS)
2 Performance Audit Guidelines ASOSAI
3 Quality Assurance Handbook in Financial Auditing, A IDI-ASOSAI
Handbook, 2009
4 IDI-ASOSAI Handbook on Quality Assurance in IDI-ASOSAI
Performance Auditing
7
1.8 Ethical values
ISSAI-40 Quality Control for the SAIs requires that the OAGN shall establish policies
and procedures designed to provide it with reasonable assurance that the OAGN,
including all personnel and all parties contracted to conduct work for the OAGN,
complies with the relevant ethical requirements. OAGN will consider the following
matters relating to ethical values in staff in QA function:
¾ The relevant ethical requirements will include matters set for the OAGN and its
employees by provisions contained in the legal framework governing the
operations of the OAGN;
¾ OAGN’s ethical standards has incorporated the INTOSAI code of ethics (ISSAI
30) wherever appropriate and relevant to its mandate and circumstances;
¾ OAGN will ensure its policies and procedures are in place to reinforce the
fundamental principles of professional ethics as defined in ISSAI 30 of:
9 Integrity;
9 Independence, objectivity and impartiality;
9 Professional secrecy; and
9 Competence.
1.8.1 Independence, objectivity and impartiality

The reviewer should be independent from the audited entity's and the audit team. This
implies that reviewers should behave in a way that increases, or in no way diminishes,
their independence. The following criteria should be considered in this regard:
¾ The review team member should not be a member of the audit team, and should
not be selected by the audit team;
¾ A QA committee should be responsible for selection and appointment of the
reviewers;
¾ It may be considered to appoint reviewers at the OAGN’s central level;
¾ The reviewer should not otherwise participate in the audit during the period of
review; and
¾ The reviewer should not make decisions for the audit team.
8
1.8.2 Integrity
¾ Integrity is the core value of a Code of Ethics. Reviewers have a duty to adhere to
high standards of behaviour (e.g. honesty and openness) in the course of their
work and in their relationships with the staff of audited entities. In order to sustain
confidence, the conduct of reviewers should be above suspicion and reproach.
Reviewers should not indulge in any corrupt practices.
¾ Reviewers should protect their independence and avoid any possible conflict of
interest by refusing gifts or gratuities which could influence or be perceived as
influencing their independence and integrity.
1.8.3 Conflict of interest
Care should be taken that advice and consultation of the reviewer do not lead to a conflict
of interest.
1.8.4 Professional secrecy
Reviewers should not disclose information obtained in the reviewing process to third
parties, neither verbally nor in writing, except for the purposes of meeting the QAR
objectives.
1.8.5 Competence
Reviewers have a duty to conduct themselves in a professional manner at all times, and to
apply high professional standards in carrying out their work to enable them to perform
their duties competently and with impartiality. Reviewers must not undertake work they
are not competent to perform. Reviewers should know and follow applicable auditing,
accounting and financial management standards, policies, procedures and practices.
Likewise, they must possess a good understanding of the constitutional, legal and
institutional principles and standards governing the operations of the OAGN.
1.9 Types of Quality Assurance Review
There are different types of Quality Assurance Reviews (QARs) which are described
below:
1.9.1 Institutional level QAR
The objective of an institutional level QAR is to assess whether the OAGN has an
adequate quality management system (QMS) in place, and the extent to which it is
functioning effectively. An institutional level QMS is not specifically focused on any
specific type of audit; rather, it affects all types of audits and services that an OAGN is
expected to deliver as per its mandate. As such, an institutional level QAR can provide
useful input for developing, or updating, the OAGN’s strategic plan.
9
1.9.2 Individual audit level QAR
These are QARs done at the level of individual audit engagements. The primary objective
of individual audit level QARs is to assess the extent of compliance by audit teams with
the OAGN’s approved audit methodology for the given type of audit. They may also help
draw conclusions on the extent to which the OAGN’s approved audit methodology is
aligned with international good practice. Individual audit level QARs may be conducted
before issue of the audit report (pre-issuance) or after (post audit).
1.9.3 Internal review
An internal review is a QAR carried out by person/s within the OAGN, with
knowledge of the audit procedures, practices and standards. This could be conducted
through different mechanisms, such as by an established QA unit or through a peer
review mechanism involving different divisions, units, directorates or sections.
1.9.4 External review
In an External Review, a peer SAI or other agencies such as a private auditing firm,
management consulting firm, or academic expert could be asked to undertake a review at
either the institutional level or at the audit level, or both. These reviews should be
performed by qualified persons who are independent of the OAGN and who do not have
any real or apparent conflict of interest.
An external review is performed by an independent entity to evaluate whether OAGN’s

internal quality control system is suitably designed and is operating effectively. The
external review involves testing of the entire quality control system, and the reviewers
will have to allow the entire system to operate before reaching their conclusion.
The main purpose of an external review is to help the OAGN make sensible decisions
about how to enhance their own operation and mission performance and to align with or
consider other international best practices. The aim is to make or keep them fit for their
purpose of ensuring public sector accountability by providing high quality relevant audit
reports and other output, in order to help ensure better and more cost effective public
service delivery by the OAGNs.
Objectives of an External Review
The objectives sought by carrying out a peer review should be defined and determined
formally in written form before taking the decision to embark on a peer review. The
objectives are of key importance for the contents and the procedures of the peer review.
In addition, in the course and at the end of the review exercise, it should be possible for
Reviewer in a peer review to check if and to what extent the initial objectives set have
been achieved even if new objectives have been added in the meantime.
10
The following objectives may be worthwhile:
• Enhancing or improving specific procedures
• Identifying weaknesses and training needs
• Reducing input (in specific fields)
• Improving audit impact
• Increasing the number of reports issued
• Improving or ensuring quality of work
• Certification of work
• Improving or ensuring the quality of management and organization
• Confirmation if the internal manuals are in line with the INTOSAI standards /
other
relevant standards and international best practices.
Selection of an External Reviewer
Even before contacting the potential external reviewer for the first time, the OAGN
should duly consider if the external reviewer is the adequate partner for the external
review proposed, i.e., if there is reasonable assurance that the potentially external
reviewer can actually accomplish the objectives set.
For this reason it may be useful to examine well in advance if the external reviewer -
• Possesses sufficient quantitative and qualitative resources for conducting the
external review proposed,
• Is successful and enjoys a high reputation,
• Has a similar organisational structure (at the time proposed for the external
review, i.e. auditor general, court or board system),
• Is known for having a vast experience in the fields to be covered by the external
review,
• Acts in a similar environment as the reviewed SAI.
Having a broadly based extrernal review team undertake the review might be of
particular benefit. In this way different experiences and perspectives can all be brought to
bear in undertaking the external review. When OAGN has decided to review OAGN by
another SAI, a sample Terms of Reference (TOR) for external QAR is included in
Appendix 1.
11
Scope of an External Review
The scope of the peer review should cover the following:
• Whether the auditing services performed are in accordance with the OAGN's
auditing standards, departmental manuals, and policy instructions;
• Whether the standards, manuals, instructions and systems enable the OAGN to
fully execute the audit mandate and its duties; and
• Whether the auditing methodologies and practices conform to the best
international practices.
Requirements for External Review
For the peer to be eligible to review, the following requirements need to be met:
• Each member of the peer review team should have good knowledge of auditing
standards, the government environment relative to the work being reviewed, and
the methods and techniques of performing a peer review;
• The review team should be independent of the audit organisation reviewed, its
staff and the audits selected for peer review; and
• Separate terms of reference need to be drawn up for each of the areas to be
reviewed, and the scope of review should be clearly defined.
Conducting External Review
The external review team will develop a plan and programme for conducting the work.
OAGN will provide the review team with all necessary documentation, manuals, policy
instructions, and guidelines. The external review should be based on the OAGN’s audit
documentation and interviews of the OAGN’s staff members. The external reviewers will
not interview staff of the organisations that the OAGN audits, or have access to their
records. In addition, they will not interview or survey readers of the OAGN reports,
including legislators.
The external review team will also rely on internal QAR and internal audit reports to
reduce the scope of its work. The external review team will treat the inspection report and
its findings as part of the evidence for reaching its opinion. The external review team
leader will provide a briefing for OAGN top management before issuing the report. The
briefing will allow for discussion and suggestions to improve the OAGN’s QC system
and procedures.
Suggestions on the potential contents and subject matters of peer reviews which are
suggested on Peer Review Checklist Appendix to ISSAI 5600 is included in Appendix 2.
12
Reporting the results of the External Review
The review team should communicate the results of the peer review in writing. The report
should indicate the scope of the review, including limitations. It should express an
opinion on the OAGN’s system of internal QC. When there are expressions of opinion on
inadequacies of internal control, the review team should report a detailed description of
the findings, recommendations and suggestions to improve the OAGN’s QC system,
either in the peer review report or in a separate letter of comment or management letter,
to enable the reviewed organisation to take an appropriate action. The peer review should
identify areas for improvement in the quality of the audit, including planning, evidence
gathering, documentation, and reporting, as well as overall performance of the OAGN.
The external reviewers will issue their report to the OAGN’s top management. A senior
management functionary of the OAGN should be made the point of contact for the peer
review, and the contact person will be responsible for disseminating the findings of the
peer review within the OAGN for appropriate action by the concerned groups and
monitoring the progress of implementation of its recommendations. A periodic report will
be placed before the top management of the OAGN to this effect.
Feedback from the audited entity and/or other external stakeholders

This provides inputs to identify the strengths and weaknesses of the OAGN’s audit
processes. In the case of pre-issuance reviews, discussion with the audited entities on the
audit observations help in improving the quality of the audit report before it is finally
issued.
1.9.5 Pre-issuance QAR

A pre-issuance review is a review conducted before the audit report has been issued to
ensure that the audit complies with the audit methodology and practices and any other
legal and regulatory requirements, and that the report is appropriate in the circumstances.
A pre-issuance review should not be confused with the supervision and review.
Supervision and review are quality controls in the audit process, and part of the line
function of the audit departments. Pre-issuance QAR on the other hand,, is conducted by
someone not associated with the day-to-day management of the audit.
A pre-issuance review:
¾ Considers the significant risks identified and the responses to those risks;
¾ Considers judgments made with respect to materiality;
13
¾ Examines whether appropriate consultation has taken place on matters involving
differences of opinion;
¾ Ensures that working papers selected for review reflect the work performed in
relation to the significant judgments and supports the conclusions reached; and
¾ Considers the appropriateness of the report to be issued.
The review provides an independent and objective evaluation of significant judgments
made on accounting, auditing and reporting matters, in order to be able to conclude that,
based on all the relevant facts and circumstances known by the pre-issuance reviewer, no
matters have come to his or her attention that would cause the reviewer to believe that the
conclusions reached are not appropriate.
It should be noted that the pre-issuance review:
¾ Does not reduce the review responsibilities of the audit team; and
¾ Does not relieve the manager from the final responsibility for the issuance of the
audit report.
The audit team may consult the pre-issuance reviewer during the audit. Such
consultation should not compromise the pre-issuance reviewer’s eligibility to perform the
role. Where the nature and extent of the consultations becomes significant, however, care
should be taken by both the audit team and the reviewer to maintain the reviewer’s
objectivity. In situations where this is seen not to be possible, another individual should
be appointed to take on the role of the pre-issuance reviewer, or alternatively, another
person should be consulted.
While pre-issuance QARs may be conducted on all audits, it is more common to

undertake such QARs only for high risk and sensitive audits.
1.9.6 Post audit QAR

The post audit review is that the review is conducted after the audit reports have been
issued by the OAGN. A qualified reviewer from the OAGN or outside of the OAGN may
do this kind of review.
The primary distinction between a pre-issuance QA review and a post audit QA review is
that the former is conducted before finalisations of audit reports, while the latter is
conducted after the audit reports have been issued by OAGN. Another distinction that
arises from the difference in timing between the two types of QARs is that post audit
QARs can also review the follow-up phase of an audit, while that is not relevant in the
case of pre-issuance QAR, since the question of follow-up of an audit obviously does not
arise before the audit report has been issued. A further distinction is that pre-issuance
14
QARs are often conducted only for high risk and sensitive audits, while post audit
QARs are usually conducted for a representative set of completed audits.
However, the nature of checks from the planning to reporting phases of an audit is the
same for both pre-issuance and post issuance QARs.
A qualified reviewer from the OAGN or outside of the OAGN may conduct post-audit
QARs, while pre-issuance QARs are generally conducted by staff of the OAGN not
associated with the audit engagement.
1.10 Quality Assurance Review Process
The QAR process ensures that a comprehensive review is carried out in accordance with
international standards. Generally, it involves the standard four phases i.e. planning,
conducting, reporting, and follow-up.
1.10.1 Planning Phase

This is where the review team plans the review before it takes place. At the
OAGN level QAR, the reviewer gathers information to understand the
environment upon which the OAGN operates. On the other hand, at the financial
audit (FA) or performance audit (PA) level, the review is intended to understand
the FA or PA environment.
Planning
Understand Identify key areas Decide

Define QAR
the OAGN for QAR methodology
objective &
or Audit scope Select appropriate
environmen audits for QAR
t
Define roles and Estimate Prepare QAR plan

responsibilities resources
including time
Figure 1: Planning of QAR

This initial step provides the reviewer inputs to be able to define the QAR
objective and scope, identify the key areas for QAR at the OAGN level or select
appropriate audits for QAR at the FA or PA level, decide methodology and define
15
roles and responsibilities of the QAR team, The other inputs include the terms of
reference, budgets and background information. The output of this phase will be a
plan for conducting the review. This can be a long-term plan in the case of an
OAGN level review, and an annual plan in the case of a financial or performance
audit level review. The expected deliverable from this phase is a QAR plan. Once
the plan has been approved, it becomes the input to the second phase.
1.10.2 Conducting Phase

In the second phase, the review team conducts the review using the QAR plan to
guide the gathering of evidence.
CONDUCTING
Record and
Conduct Gather analyse Discuss
entry information information QAR
meeting findings with
audit team
Figure 2: Conducting of QAR
A suggested first step in this phase is to conduct an entry meeting with the OAGN
top management concerned (for OAGN level QARs) and the audit team that
completed the audit (FA or PA level QAR), to explain the objectives and scope of
the QAR to be done. The outputs of this phase are the draft findings and
recommendations. This should be discussed with the senior management in the
case of the OAGN level review, and with the audit teams and management for the
individual audit level reviews to obtain feedback.
16
1.10.3 Reporting Phase
The third phase is where the review team uses the outputs (preliminary findings
and recommendations) of the conducting phase as inputs to prepare a draft QAR
report.
REPORTING
Finalise QAR
Prepare draft QAR Conduct exit Report
Report meeting with
Figure 3: Reporting of QAR

The findings and observations are discussed with audit management in an exit
meeting. After soliciting their comments, the QAR report is finalised.
1.10.4 Follow-up
The final phase is where the review team uses the action plan prepared by the
audit line functions as inputs, and assesses the extent of implementation of the
QAR recommendations and reasons for non-implementation, if any.
FOLLOW-UP
Assess
Management implementation of Prepare follow-up
implements action action plan QAR Report
Figure 4: Follow up of QAR

Appropriate follow-up actions are necessary to ensure that the agreed action plan
is implemented or adequate steps are being taken to implement it. The output of
this stage is a follow-up QAR report.
17
1.11 Methodologies and Techniques for Conducting QA Review
Following methodologies and techniques can be used for conducting Quality Assurance
Review:
1. Interview is seeking appropriate information from the audit team. In the
context, quality assurance team could ask audit team for information, listen
to and consider their responses, ask follow-up questions and corroborate
information, as appropriate. Interview technique can be also used to collect the
information from the audited entity.
2 Observation is looking at a process or procedure being performed by others.
It provides evidence for that point in time and by them, which cannot be used
to draw conclusions about matters that have occurred over a period of time.
3 Documentation review is reading records or documents either visually or

electronically. Examples of records/documentation are correspondences,
memorandum, minutes, reports, etc.
4 Re-performance is walking through or repeating operational steps. For
example, to check the accuracy of efficiency measures, the auditor may
replicate procedures used to measure efficiency. Replication can help the
auditor confirm or deny the system or some part of it works as claimed.
5 Confirmation is a response, ordinarily in writing, to an enquiry, also
ordinarily in writing, to corroborate information. It can be used to verify that an
activity was carried out in the field.
6 Analysis visually or electronically identifies what is the same and what is
different between two or more documents, tangible items or data. Analytical
evidence should be derived by experts/people who are knowledgeable about the
matters analysed and have the ability to make logical inferences and value
judgements from the data collected. Different statistical tools can be used to
analyze data or information.
7 Focus group discussions are a selection of individuals brought together to
discuss specific issues on audit topics. They are primarily used to collect
qualitative data and information. Focus groups techniques are used to obtain
information on the implementation and impact of government programs based
on the prospective of the beneficiaries and other stakeholders.
8 Seminars and hearings can be organized to obtain knowledge of specialist
area, discuss problems, observations and find out possible solutions. The
participants of seminars may be interested parties, stakeholders and experts.
18
9 Survey Questionnaire is used to gather detailed and specific information from
group of people or organizations. This technique is useful when one needs to
quantify information from large number of individuals in audit topics.
Questionnaires are mainly used to collect facts that are not available in any
other way and that are important as a reference to substantiate a viewpoint.
10 Case study is a method for learning about the complex issue, based on a
comprehensive understanding of the particular instance. It involves an extensive
descriptions and analysis of the particular issue.
19
Chapter 2
Quality Assurance Review Policy of OAGN
2.1. Background
The key objective of the quality assurance function is to assist the Office of the Auditor
General to provide reasonable assurance that its policies and procedures relating to the
system of quality control are relevant, adequate, and functioning effectively. As described
in ISSAI 200, paragraph 1.25, OAGN should adopt policies and procedures to review
the efficiency and effectiveness of the OAGN’s internal standards and procedures. Given
the importance of ensuring a high standard of work by the OAGN, it should pay
particular attention to the quality assurance function to improve audit performance and
results, and also to meet professional requirements and standards (ASOSAI
Performance Auditing Guidelines).
The ISSAI-200 INTOSAI Auditing Standards-General Standards, paragraph 1.29 states
that, “It is appropriate for SAIs to institute their own internal audit function with a
wide charter to assist the OAGN in achieving effective management of its own
operations, and sustain the quality of its performance.” Generally, some kind of a
Quality Assurance function already exists in an OAGN. However, OAGN should
continuously strive to raise the level of that existing function and to achieve international
standards, and improving the existing QA function requires a systematic OAGN-wide
approach. For that reason, it is required that the OAGN should have their QA policies,
procedures and a system in place for their effective implementation. The ISSAI-200
INTOSAI Auditing Standards-General Standards Paragraph 1.30 states that, “The
quality of the work of the SAI can be enhanced by strengthening the internal
review, and probably by independent appraisal of its work.” Improving the existing
QA function requires a systematic OAGN-wide approach. For that reason, it is required
that the OAGN should have its QA policies, procedures and a system in place for their
effective implementation.
2.2 Introduction
The OAGN aims to continually improve the quality of its processes, products and
services. Towards this end, the OAGN has decided to issue a quality assurance (QA)
policy in order to comply with the relevant and applicable quality control standards,
thereby improving the quality of engagements performed by the OAGN.
20
2.3. Purpose and Objectives
The purpose of the policy is to ensure that the Quality Assurance Review process is
approved and implemented in line with the OAG/N's strategic imperatives / the
Directives.
The QA function is responsible for coordinating and managing all activities intended to
review and strengthen the quality management system of the OAGN. For this purpose it
will develop and implement strategic and annual quality assurance plans for regular
conduct of quality assurance reviews at both individual audit and OAGN level. It will
submit proposals on the appropriate approach to be adopted for different quality
assurance reviews. It will be responsible for monitoring ongoing quality assurance
reviews, and follow-up of actions taken on quality assurance recommendations. It will
also submit annual reports to the Auditor General on the various quality assurance
reviews undertaken during the year and the significant actions that need to be taken to
address gaps in the OAGN’s quality management system.
2.4. Policies on Quality Assurance Review
OAGN has taken following policies on QAR to strength audit capability of office:
2.4.1 Generating awareness about the Needs for a QA
In order to set up a QA function successfully, OAGN has conducted an assessment of the
needs of the QA function. The purpose of conducting the assessment exercise was to
identify the gaps between the best practice and actual practice of the QA within the
OAGN. The assessment also helped to determine the requirements of the quality
assurance policy, detailed guidelines, tools, staff, budget as well as other infrastructure
relating to the QA function. QUALITY ASSURANCE IN FINANCIAL AUDITING
The assessment exercise was conducted either by the internal staff of the OAGN at
middle and higher management levels and also by another organization such as IDI-
ASOSAI. While conducting an assessment the following aspects were considered:
9 Qualifications of the team members;
9 Positioning of the team members with respect to management’s influence;
9 Consideration of the future involvement of the team members in QA activities;
9 Terms and reference aspects such as duties, responsibilities, time frame, etc.
The assessment tools were QA surveys, questionnaires, interviews, focus group
discussions and reviews of documents, including documents of OAGN. While assessing
the needs of the QA function, the following factors were considered:
21
9 Size of the OAGN;
9 Current QA practices in OAGN with more experience in this subject;
9 INTOSAI and ASOSAI guidelines on audit quality management;
9 Rules and regulation regarding the requirement of a QA function;
9 Nature and average annual number of audits undertaken by the OAGN;
9 Status of quality controls in the OAGN;
9 Number and level of qualifications of OAGN staff; and
9 Media/stakeholder interests.
The OAGN top management should ensure appropriate actions to implement the findings
of the assessment.
2.4.2 Creating Awareness among Staff on QA

Quality Assurance is the process established by an OAGN to ensure that:
a) Needed quality controls are in place;
b) Quality controls are being properly implemented; and
c) Potential ways of strengthening or otherwise improving quality controls are
identified.
Quality assurance is, therefore, a constant process to improve the quality control system
and ensure compliance with the quality controls. This, in turn, should increase the quality
of the OAGN’s processes, products and services, with consequent positive impact on the
OAGN’s credibility. Although it may be possible to produce isolated audits of high
quality without a proper system of quality assurance, it is not possible to do it continually
for all the audit products issued by the OAGN unless there is widespread awareness
among and acceptance by, the OAGN staff of the importance of quality. Ultimately, it is
the OAGN’s employees who are the key driver of its performance. Therefore, staff
awareness of quality requirements and the OAGN’s QA policy is of critical importance.
Quality assurance is the responsibility of all the staff at the OAGN, right up to the AG.
Quality assurance also requires a clear understanding of where the responsibility lies for
particular decisions. Thus, the OAGN’s general quality assurance policies and procedures
should be clearly communicated to its personnel in a manner that provides reasonable
assurance that the policies are well understood and implemented. The responsible unit of
the OAGN together with the top management should prioritise the generation of
awareness at all levels of staff on QA matters. Staff awareness can be created through
staff meetings, discussion forums, office circulars, newsletters, essay-poster
22
competitions, etc. Above all, the OAGN top management must, through it actions and
communications, repeatedly spread the message about the importance of quality.
2.4.3 Develop and Adapt the QA Handbook
After adopting a QA policy and creating awareness on it, there will be a need for the
OAGN to compile a more detailed handbook or guidelines that specify how to conduct
QA in practice. The handbook should form the basis of standard operating procedures
(SOP) of the QA function. For the easy implementation of the handbook, it should
incorporate related toolkits as well as required checklists that are developed based on
INTOSAI Auditing Standards, ASOSAI AQMS Guidelines, ASOSAI Performance
Auditing Guidelines and other relevant guidelines.
2.4.4 Establishing a QA Function
The ISSAI -200 INTOSAI Auditing Standards paragraph 1.29 states “It is appropriate
for SAIs to institute their own internal audit function with a wide charter to assist
the SAI in achieving effective management of its own operations, and sustain the
quality of its performance.” OAGN has formed QA Committee and established separate
QA Unit under the QA Committee. OAGN has allocated required staffs to QA unit.
Trained QAR team members are also assigned to QAR duties. OAGN can also arrange
QA reviews by other SAIs, other professional bodies; and can hire external experts to
periodically assess the OAGN’s quality control systems.
OAGN may acquire expertise from qualified specialists, consultants and technical
experts, professional associations and other organisations as needed to conduct QA
reviews. The experts may give technical advice to the OAGN. The OAGN should ensure
that the specialists and experts are qualified and have competence in their areas of
specialisation, and should document such assurance.
2.4.5 Continuous Professional Staff Development
The OAGN must ensure that their entire audit staffs are aware of the function and
importance of QA as soon as the QA policy and QA handbook have been finalised, so
that the concepts and new practices are well understood and accepted. OAGN should
invest considerable resources in providing effective training for the staff. Workshops,
seminars, talk programmes, focus group discussions, and panel discussions, should be
organised regularly to upgrade the competence of QA staff in the following aspects:
¾ Importance of QA;
¾ Quality control system in audit;
¾ QA standards, procedures and best practices;
¾ Roles and responsibilities of QA staff;
23
¾ Roles and responsibilities of auditing and support staff vis-à-vis the QA function;
¾ Ethical requirements; and
¾ Soft skills relating to presentation, negotiation, group leading, etc.
OAGN may also consider secondment of QA staff to, and from other SAIs with proven
strong QA practices and traditions.
While managing the QA function in the OAGN, the management should also consider
availability of appropriate working environment of the QA staff. Following training are
conducted to develop professional skills of staffs:
• In-house training courses based on individual needs, as well as OAGN core
curriculum, including performance audit methodologies.
• In-house seminars and workshops covering a wide variety of topics focusing on
developing a well-rounded workforce.
• On-the-job training by arranging for new entrants to work under the guidance of
experienced staff.
• Improving and standardising courseware to maintain training quality; if necessary,
outsource development of courseware.
• Encouraging audit personnel to become members of various professional bodies
relevant to their work for continuing professional education, and to participate in
the activities of professional bodies through suitable incentives given by the
OAGN.
• Encouraging audit employees to enrol in academic institutions to obtain relevant
professional certifications.
• OAGN may assist in developing a certificate course in public sector auditing in
collaboration with a university or any other reputed academic institution. The
certificate should be designed to provide a structured development programme for
performance and financial auditors.
• Providing audit employees with the opportunity to have work experience in other
public or private agencies, including other SAIs to gain insights into the
operations of other peers.
• In addition to the secondments of OAGN staff to other agencies, OAGN may
accept staff on secondment from other agencies and other SAIs, who can share
their knowledge and experiences with the OAGN staff.
24
• Providing opportunities to participate in training courses, seminars and workshops
held by international or regional institutions, universities and other SAIs, e.g.
training courses provided by ASOSAI and the IDI.
• Equipping personnel to audit effectively in new areas such as privatisation,
revenue audit, sustainable development, environment auditing, forensic auditing,
and IT auditing.
• To assist newly employed staff to assimilate into the new work environment, the
OAGN should develop and implement an induction programme or orientation
programme, giving an overview of OAGN vision, mission, core values, audit
methodologies and techniques, policies, procedures and practices and general
information relating to OAGN operating environment.
• Audit of financial statements requires training in accounting, knowledge of
legislation and executive orders affecting the accountability of audited entity.
Performance audit requires training in public administration, management,
economics and social sciences.
• As a part of knowledge dissemination, audit reports from different SAIs may be
reviewed and discussed in presentation sessions participated by staff at all levels.
• The OAGN personnel should be encouraged to prepare individual development
plans, in consultation with a designated performance manager. The approved plan
should be an action-oriented plan that should focus on a few specific
competencies to address individual development needs.
• Continuing professional education should be established at each level of OAGN,
which should be monitored and appropriate documentation maintained.
Professional development programmes should be reviewed periodically.
2.5 Institutional Arrangements
2.5.1 Formation of Quality Assurance Committee
AG formed Quality Assurance committee comprising following members:
• Deputy Auditor General – Co-ordinator
• Assistant Auditor General, Human Resource Development and International
Division- Member
• One Assistant Auditor General- Member
• One Director- Member
• Director, QA Directorate – Member Secretary
25
The Director of Assurance Directorate also will be the Team Manager of the QA
function of OAGN. QA committee may invite other expert or professional
persons as invitee. This committee will be responsible for carry out overall QA
function of OAGN and responsible to Auditor General. Other Responsibilities of
the Quality Assurance Committees are as follows:
¾ Prepare annual QA Operation plan for Institutional level as well as
Individual Audit Level including follow up review;
¾ Select appropriate audit files using the criteria mentioned in the handbook;
¾ Recommend the name of staff to the Auditor General to constitute the
review teams. Every year Auditor General constitutes necessary numbers
of review teams. The review teams may be constituted deputing the
members of the QA committee and other trained staff from different
Directorates of the Office of the Auditor General. The reviewer should
not be the same person who is involved as audit team member on the same
assignment. Such review team are constituted for the post quality
assurance review;
¾ Approve the customized questionnaire/checklist for the review;
¾ Supervise and monitor the review assignments;
¾ Conduct training to the personnel of the OAGN and create appropriate
awareness program in the Office;
¾ Develop courseware for training;
¾ Determine the policy, procedure and areas for pre- issuance review;
¾ Monitor and provide suggestion for pre- issuance review.
¾ Amend QA policy, whenever necessary, and communicate the same to the
relevant audit division; and
¾ Liaise with the HRD and IR Division.
2.5.2. Quality Assurance Directorate
OAGN will establish a separate Quality Assurance Directorate, which works under QA
committee. QA Directorate will report with QA committee. The size of the Directorate
will depend on the decision of AG and size of audit coverage of OAGN and also the
stage of its technical development. The Director of QA Directorate will be the Team
Manager of QA function of OAGN and necessary team leader, team member and
supporting staffs are provided to assist him or her. OAGN will use only auditors who
have demonstrated a good understanding of the OAGN’s audit procedures. However, the
OAGN should not put too many resources to QA so that it will compromise the timely
26
completion of the actual audits. There could be exceptional cases which might demand
that the OAGN increases its number of reviewers in case of OAGN is in the process of
rolling out new audit procedures and systems, there are new standards to comply with;
and/or there are new audit areas to review.
The increase in the number of QA reviewers should ensure that implementation problems
during the audit process are quickly identified and rectified. The prevalence of
deficiencies does not necessarily signal the need to increase the number of reviewers. It
might mean that the audit manual and other guidance need revision, or that there is need
for staff to be trained on certain areas.
2.6 Roles and Responsibilities
2.6.1 Team Manager
The team manager, as the head of the QA unit, will report to QA committee or AG, and
will be responsible for overall aspects of the QA function. He or she will also formulate
strategies to undertake the QA function and measure outcomes of the QA function.
The team manager will be responsible for the overall performance of the unit. This will
involve setting out the strategic direction and ensuring that it has appropriate capacity to
fulfil the demands set. The performance will also be assessed on a pre-determined basis,
and information systems will be put in place to provide efficient reporting on
performance. Key discussions and negotiations with, in particular, senior personnel to
resolve disputes and disagreements will be required, and ongoing monitoring of staff
performance will be expected. Key responsibilities of team manager will includes:
• Approving and implementing any strategic planning and operational planning
documentation in line with current OAGN management practices.
• Delivering the following reports:
o OAGN level report on an agreed periodic basis;
o Report on progress with institution level recommendations on an annual
basis; and
o Summarizing the key findings on the individual level reviews and
preparing annual report.
• Updating policies and procedures relating to quality assurance as they are
required;
• Preparing and presenting a budget in line with OAGN practices;
• Ensuring adequate management of human resources, including identifying
recruitment needs, training requirements and other areas of development of
staff;
27
• Liaison with senior management as and when required for among others,
dispute resolution;
• Commenting on advice, guidance and documents issued within the OAGN
from a quality assurance perspective;
• Tracking the progress of the review;
• Considering the capabilities and competence of individual members of the
team, whether they have sufficient time to carry out their work, whether they
understand their instructions, and whether the work is being carried out in
accordance with the planned approach to the review;
• Addressing significant matters arising during the review, considering their
significance and modifying the planned approach appropriately; and
• Identifying matters for consultation or consideration by more experienced
staff during the review.
2.6.2 Team Leader
The team leader for the QA review will report to the Team Manager, and should assume
the overall responsibilities of the QA review. Team Leader will establish review
objectives, scope, time and targets and formulate the review methodology. He or she will
delegate the responsibilities to team members, and design the review program. The team
leader will provide advice and necessary guidance to the team members about the plan,
objectives and on actually conducting the review. He or she will also monitor and assure
the QAR process is in accordance with QA standards, policies and procedures. He or she
will analyzes the findings and articulate the conclusions and recommendations and the
write or review the audit working papers and reports and discuss and present the findings
to OAGN management. He or she will also follow up on any outstanding issues.
The team leader is responsible for the day-to-day activities of the QA function involving:
preparing planning, progress or final reports for the Team Manager. The team leader also
should undertake function of Team Leader in his/her absence. The management and the
development of the reviewers is a fundamental part of the leader’s role, and they need to
ensure they support reviewers when dealing with the audit teams during various
interactions. Key responsibilities of team leader may include:
• Preparing strategic planning and operational planning documentation in line
with current OAGN management practices;
• Preparing the following reports:
28
o OAGN level reports on an agreed periodic basis;
o Report on progress with institution level recommendations on an annual
basis; and
o Summarizing the key findings on the individual level reviews.
• Commenting on policies and procedures relating to quality assurance as they
are required;
• Providing inputs into the budget submission;
• Identifying resource requirements and training needs for the review team;
• Maintaining relevant management information to be used for reporting
purposes;
• Coordinating arrangement for the reviewer’s visits and liaising with the audit
teams accordingly;
• Commenting on advice and guidance and documents issued within the OAGN
from a quality assurance perspective;
• Managing the reviewers in terms of planning and controlling;
• Undertaking reviews of the work completed by the reviewers to ensure that:
o Sufficient evidence has been gathered to support the findings;
o work is carried out in line with prescribed methodology of quality
assurance function;
o Findings and recommendations are appropriately based on sound analysis
and evidence;
o Assessment of the significance of the findings is appropriate;
o Judgment are reasonable and appropriately documented;
o Time management of reviewers is in line with budget, or other measures;
and
o Reviewer conduct is professional and all feedback from the audit team is
noted and/or followed up.
• Leading discussions with the audit teams’ management to discuss review
findings and recommendations;
• Monitoring progress from management information on a regular basis and
identifying any corrective steps required to be taken;
29
• The work has been performed in accordance with professional standards and
regulatory and legal requirements;
• Significant matters have been raised for further consideration;
• Appropriate consultations have taken place and the resulting conclusions
have been documented and implemented;
• There is a need to revise the nature, timing and extent of review work
performed;
• The work performed supports the conclusions reached and is appropriately
documented;
• The evidence obtained is sufficient and appropriate to support the reviews
report; and
• The objectives of the review procedures have been achieved.
2.6.3 Team Members

Team members for the QA review will be responsible to the team leader, and will
conduct the review based on the plan agreed upon in the planning stage and according to
standards and procedures. They will gather evidence to support findings through
interviews, documentation reviews, and observations. They will also prepare and
document necessary working papers to support their findings. Finally, they will prepare a
draft report on the findings.
The Team Member will be responsible for assessing whether the overall quality of the
audits is in line with the audit methodology and standards. This will be undertaken
through selected reviews over a number of audits and audit teams. The reviewer will be
responsible for assessing audit files and other documentation. Based on the above, the
reviewer will often be expected to justify findings in discussion with more senior
managerial level personnel. The reviewer will also be required to assist management as
and when they require it. This can include: assistance with information gathering,
maintenance of information systems, and providing assistance with logistical
arrangements such as meetings. Key roles and responsibilities of team members may
include:
• Obtaining information for supporting management in arranging OAGN level
and individual level reviews;
• Making arrangements for ensuring the availability of information and
personnel to ensure that the operational planning requirements are met;
30
• Maintaining any information systems / records required for reporting on the
QA function;
• Undertaking preparation for reviews including keeping up to date with
auditing developments within the profession, as well as practice
developments within the OAGN. Ensuring that other changes within the
OAGN policies and procedures are identified and considered for the SAI
level review / monitoring reports;
• Undertaking reviews in line with prescribed QA function methodology in a
professional manner;
• Documenting findings and providing sufficient and appropriate review
evidence for discussion with the audit team and for the review of the team
leader;
• Contributing to discussions with the audit team on the findings identified;
• Evaluating the findings from the review, including consideration of causes of
findings and relevant recommendations; and
• Attempting to resolve any dispute with the audit team wherever possible,
before involving the team leader.
2.7 Skills and Competencies of QA Staffs

The QA staffs should collectively possess the competencies, Analytical skills, Ability to
synthesis, Interpersonal skills, Communication skills, Facilitation skills, Audit experience
in all areas and Managerial abilities. QA reviewers should be dedicated to the QA
function. The reviewers should be auditors who have demonstrated a good understanding
of the OAGN’s audit procedures. Possession of the above mentioned skills will enable
the team members to use all the review practices effectively. It should also add value if
the team is multidisciplinary, consisting of practitioners who have audit (regularity,
performance, IT, etc.) and management experience. Understandably, it can be a
significant challenge to identify and establish such a team, and in many cases all the
requisite skills and experience may not be available in the QA team. In such cases, the
possibility of using experts for limited purposes should be considered.
2.7.1 Team Manager
a. Soft skill competencies
• Strong facilitation skills to guide the team on issues arising requiring changes
to the QA methodology;
31
• Communication, negotiation and interpersonal skills to motivate staff and
undertake dispute resolution; and
• High level of integrity to not be affected by the influences such as seniority
and personnel relationships.
b. Experience and Qualifications
• Understanding the OAGN (SAI) environment at an operational and
management level, with at least five years working knowledge;
• Management experience in line with any OAGN policies for a similar level
of seniority; and
• At least three years auditing and/or review experience
2.7.2 Team Leader

a. Soft skill competencies
• Strong facilitation skills to guide the team on reporting on common issues
consistently, leading brainstorming and other sessions to assist in enhancing
the QA methodology;
• Articulated Communication, negotiation and interpersonal skills to motivate
staff and undertake dispute resolution; and
• High level of integrity not to be affected by various influences such as
seniority and personnel relationships.
b. Experience and qualifications
• Understanding the OAGN (SAI) environment at an operational and
management level;
• At least three years working knowledge;
• Management experience in line with any OAGN policies for a similar level
of seniority;
• A formal auditing qualification;
• At least three years auditing and/or review experience; and
• Project management experience and training is desirable.
32
2.7.3 Team Member
a. Skill and competencies
• Strong facilitation skills to guide the team on reporting on common issues
consistently; leading brainstorming and other sessions to assist in enhancing
the QA methodology;
• Articulated communication, negotiation and interpersonal skills to motivate
staff and undertake dispute resolution; ability to analyze information and
present the findings in a user friendly manner;
• Strong application of professional skepticism to assess responses provided by
the audit or management to initial findings; and
• High level of integrity to not be affected by the influences such as seniority
and personnel relationships.
b. Experience and qualifications
• Understanding the OAGN (SAI) environment at an operational level;
• At least three years working knowledge;
• A formal accounting / auditing qualification; and
• Project management experience and training is desirable.
2.8 Applicable standards for QAR
Following standards, guidelines, manuals may be used to QAR:
• International Standards on Quality Control (ISQC) and International
Standards on Auditing (ISA) issued by the International Federation of
Accountants (IFAC).
• International Standards of Supreme Audit Institution (ISSAI) issued by
International Organization of Supreme Audit Institution (INTOSAI)
• Handbook on Quality Assurance in Financial Auditing issued by INTOSAI
Development Initiative (IDI) and Asian Organization of Supreme Audit
Institution (ASOSAI).
• Handbook on Quality Assurance in Performance Auditing issued by
INTOSAI Development Initiative (IDI) and Asian Organization of Supreme
Audit Institution (ASOSAI).
• Quality Assurance Hand Book issued by Office of the Auditor General Nepal
33
• Policy Standards, Operational and sector-wise Guidelines, Manuals, and
circulars issued by Office of the Auditor General, Nepal.
2.9 Managing the QAR Function
2.9.1 Planning the QAR
The planning process involves the preparation of an operational plan and selection of the
type of review to be conducted according to the conditions present at the OAGN.
• Annual Operational plan
The OAGN’s QA function should prepare an annual operational plan, which should be
approved by the QA committee. While the Operational Plan may cater for QARs at both
the OAGN and individual audit levels, the review at the OAGN level is comprehensive in
scope, addressing all areas within the OAGN that affect its audit performance, while the
individual audit level reviews will be for selected audits only.
Elements of a Annual operational plan
The Operational Plan for QA may contain, among others, the following components:
a. Types of review to be conducted during the year
The reviews may include both the OAGN Level Review and the Individual Audit Level
Reviews. The plan should also indicate the nature of the reviews – i.e., internal or
external, pre-issuance or post issuance.
b. Scope and approach of the reviews
The scope of the reviews may vary according to the type of review to be conducted (pre-
issuance or post audit, internal or external). In some cases, the QA review may be
restricted to only one stage of the audit (e.g., planning stage), while in others, all stages of
the audit may be included in the scope of the review. In the case of OAGN-level review,
the scope may be restricted to selected domains of the OAGN’s quality management
framework or may include all domains. Ideally, the operational plan should also provide
for follow-up QA reviews to assess the extent to which action was taken on previous
QAR recommendations.
c. Timing of the reviews
Generally, the individual audit level review should be conducted every year depending
upon the availability of resources. However, the OAGN level review needs a longer
timeframe, and ideally, after conducting such a review for the first time, it can be
conducted at the beginning of each strategic planning cycle of the OAGN.
34
d. Budget for the reviews
The QA function needs to have sufficient resources to conduct the reviews; therefore, a
separate budget for the reviews may be included in the operational plan for approval and
subsequent incorporation in the OAGN’s overall budget.
e. Team Composition
Ideally, a team leader should be nominated for each review and the review team should
consist of staff with suitable qualifications and experience to conduct these reviews,
depending on the type of review. If possible, the names of the team members for each
review, or at least that of the team leaders, should be mentioned in the plan.
f. Special considerations, if any
Special considerations if any, such as engagement of external reviewers or experts for
certain reviews, or reasons for significant increase/decrease in the number of reviews as
compared to earlier years, should be separately stated in the plan.
• Scope
The scope of quality assurance reviews (QARs) can extend to all the activities being
carried out by the OAGN.
OAGN level QAR: The QAR at the OAG level is a comprehensive review that deals
with various aspects of the OAGN, such as audit methodology & standards, human
resource development, stakeholder relations, etc. Conducting QAR’s at the OAGN level
is discussed in detail in Chapter 3 of this Handbook.
Financial audit level QAR: Conducting a QAR at the individual audit level is discussed
in detail in chapter 4 of this Handbook.
Performance audit level QAR: The performance audit level review needs to be carried
out on a selection of individual performance audits to ascertain whether the OAGN’s
instructions–as codified in the standards and guidance manuals, policies and procedures
were applied by the audit team/unit while carrying out individual audits. Conducting a
QAR at the performance audit level is discussed in detail in Chapter 5 of this Handbook.
2.9.2 Conducting the QAR
Conducting the QARs should be based on the approved QAR plans. The plans should be
supported by appropriate checklists to ensure comprehensiveness and consistency of
checks. The checklists for the OAGN level and individual audit level QARs and the
methods for gathering and analysing evidence are documented later in this handbook.
However, they may have to be customised to suit the needs of each audit assignments.
The primary purpose of the conducting stage is to collect reliable, relevant and sufficient
evidence to support all QAR observations and recommendations.
35
2.9.3 Reporting the QAR findings
ASOSAI Performance Audit Guidelines, paragraph 8.20 states that "the result of the
independent peer reviews of activities undertaken within the SAI to assess the overall
quality of the work performed should be reported to the SAI management at least
annually". The ultimate purpose of conducting regular quality assurance reviews even at
individual audit levels is to help strengthen the overall quality management system
(QMS) of an OAGN. As such, it is important that the QA unit of the OAGN submits
annual QA reports to the QAC and QAC submits to AG, in addition to the usual reports
based on individual QARs. Unlike individual QAR reports, the annual QA reports should
summarise the variety of QARs completed during the year, as well as the significant
findings from those QARs in a way that will help the OAGN top management to take
appropriate decisions on the actions necessary to further strengthen the overall QMS of
the OAGN. Paragraph 8.23 of the ASOSAI Performance Audit Guidelines provides some
guidance in this regard:
“The report on the quality assurance review program should summarise the results
of all the reviews including the tasks selected (number and type), the findings and
any recommendations. The report should not focus on individual audits but be a
summary of those findings identified during the review programme.”
In view of the above considerations, it could be helpful to the OAGN’s top management
if two types of annual QA reports are submitted to them. One could be a statistical report
stating the various types of audits reviewed and the different types of QARs conducted,
while the other report could be a summary of the significant QAR findings across audits
and their relationship to the overall Quality Management System of the OAGN.
As in the case of audit work, all QA findings and observations must be supported by
sufficient, relevant and reliable evidence. Working papers of the QAR team should be
documented methodically to enable easy referencing. The draft findings and
recommendations should be discussed with management of the OAGN before including
them in the final report. The report should include a summary of observations and
recommendations on how to improve.
The primary objective of the review will be to formulate recommendations that address
the cause of any shortcoming in quality to ensure that appropriate corrective actions are
taken. The objective will be achieved through the process of reporting and following up
QA review findings and recommendations. The findings of the review should be formally
tabulated and communicated by means of a report in a prescribed format. The following
factors should be considered in concluding the review:
At the end of the review, the reviewers should prepare an overall summary
report for the Assistant Auditor General responsible for the audit;
36
The reviewer's report on individual engagements should be discussed with the
relevant AAG and Audit Director prior to finalisation;
Upon completion of the review, every team should submit a report to the QA
unit;
Summarised results and the follow-up recommendations for improvement
should be prepared and presented to the Auditor General:
The report should also contain:
Details of timing of the review and the names of review team members; and
A description of the scope of the review (general approach, extent of coverage
of the general quality control aspects and the description of individual audit
engagement).
The reviewer should highlight other pertinent issues that may be of interest to all other
Audit Divisions.
2.9.4 Follow-up the QAR reporting
The reports of the QARs will not gain impetus if appropriate follow-up actions are not
undertaken. Follow-up reviews may be undertaken either by the Quality Assurance Units
or other QA committees. On the other hand, such a responsibility can also be passed on to
the QA review team. Based on the QAR report, the line functions should prepare and
implement the Action Plans. The Action Plans will facilitate undertaking proper follow-
up of the QAR report.
Requirement of QA follow-up
Audit teams and the departments reviewed should compile action plans on how they are
going to correct the shortcomings stated in the QA review reports.
These action plans should indicate what, who, where, when and how these are going to be
corrected.
The action plans should be prepared in consultation with the QA unit, and approved by
the Auditor General or a management member with the required delegation.
The audit teams and different Directorates should report back on their progress with the
implementation of the corrective actions.
The QA unit should perform tests to confirm the effectiveness of the corrective actions.
The OAG should also use the results of the QA reviews to determine the training needs of
its staff in general, and compile a training programme to address these issues.
37
Some consideration for QA follow-up
Soon after receiving the quality assurance review (QAR) reports, the concerned audit
department/division in the OAGN should prepare Action Plan/s to implement the
recommendations provided in the QAR reports.
• QA Follow-up Action Plan

All deficiencies and recommendations pointed out in the QAR report should be
communicated to the respective officials or units for taking appropriate measures and
remedial actions. Thereafter, the OAGN should organise a brainstorming session
involving people from all levels of the management. The session could focus on, at least,
the following areas:
a) Those needing improvement/recommendations;
b) Areas covered that the OAGN considers to be its priorities;
c) Proposed action/s;
d) Responsible official/unit/division/department required to implement the action;
and/or
e) Deadline for the implementation of the actions and/or recommendations adopted.
Since there could be shortcomings and recommendations related to the policy decisions
or requiring amendment to the existing policies or introduction of new policies, it would
be appropriate for the AG or an appropriate representative of senior management to chair
the session. The final Action Plan should be signed by the AG or the competent delegated
authority. Although Action Plans are normally prepared after receiving the QAR reports,
they can also be prepared during the Exit Meetings of the Quality Assurance Reviews,
and incorporated in the final QAR Reports.
Depending on the level of the QAR, the recommendations or the areas needing
improvements must be prioritised for their effective implementation. Although the QAR
team may rate the risk of each of their findings and observations as High, Medium and
Low, the OAGN management should again go through the same process of prioritising
the same findings and observations. However, besides prioritising as High, Medium and
Low, it must also see whether they are applicable given the circumstances under which
the OAGN is operating. In addition, the criteria for prioritising/rating is also different and
is normally decided during the brainstorming session. The following are some of the
commonly used criteria:
38
a) The expected impact on the OAGN and the individual audit that will include both
the positive impact from implementing the recommendation, and negative impact
from not implementing the recommendation or not taking action/s;
b) Seriousness of the deficiency;
c) The applicability in relation to the OAGN mandate, overall government policy
and the country’s development stage; e.g. one cannot expect the OAGN to use the
latest auditing software when there is hardly any IT development in the country
itself; and
d) Availability of resources, such as time and money.
Based on the above criteria, including other criteria identified during the brainstorming
session, the recommendations or areas needing further improvements can be rated as
High, Medium or Low
• QA Follow-up action
Based on the Action Plan, the follow-up can be undertaken to see whether the actions
have been taken by the concerned person, units, divisions or departments within the given
timeframe. Wherever possible, the follow-up team should also comment on the impact of
the actions on the OAGN or an individual audit. The team should also look for reasons
for not taking the actions, and suggest alternative options wherever possible. It could be
possible that although the OAGN may have the will and desire to implement the actions
but due to certain constraining factors such as time, resource etc. the actions remain
unimplemented.
The follow-up action report should be submitted to the AG for taking further action/s.
The further actions may include, but are not restricted to, the following:
a) Seeking explanation against those who have not taken any action/done anything
to implement the proposed actions;
b) Cautioning those who are lagging behind the scheduled deadlines;
c) Looking into the alternative options and making relevant persons/s or units study
the options for their applicability and practicality; and
d) Re-prioritising and dropping certain proposed plans of action that cannot be
implemented at all.
The follow-up on QARs can also be conducted by the internal Quality Assurance Unit on
a continuous basis by monitoring their implementation against the scheduled deadlines.
Therefore, it is important to involve people from the internal Quality Assurance Unit
during any Quality Assurance Reviews.
39
The results of QA follow-up can be utilised as input for the next QA planning process.
A good action plan has the following elements:
• Description of the specific detailed actions, described in clear concrete terms, that
management intends to take with respect to each QAR recommendation;
• Deadlines for implementation of those actions; and
• Assignment of responsibility for implementation of the action plan.
QA Follow-up actions by QA Directorate
Follow-up can be undertaken by the QA unit to see whether the actions have been
implemented within the given timeframe. The QA unit considers:
• If the proposed actions have been implemented; and
• If the actions taken correct the underlying deficiency that led to the original finding
or observation.
If actions have not been implemented as planned, the QA function looks for reasons
therein and suggests alternative options wherever possible. It maybe possible that
although the OAGN has the will and desire to implement the actions, constraining factors
such as time, resources etc limit the OAGN’s ability to implement the action plan.
The follow-up action report should be submitted to the AG or the relevant delegated
authority for taking further actions. The further actions may include, but not restricted to,
the following:
a) Seeking additional explanations from those responsible for implementing the
actions;
b) Cautioning those who are lagging behind the scheduled deadlines;
c) Looking into the alternative options and making relevant persons or units to study
the options for their applicability and practicality; or
d) Re-prioritising and dropping certain proposed plans of action, which are not be
implementable.
2.9.5 Measuring Outcomes/Impacts of the QAR
Every function within the OAGN is accountable to deliver the desired results in order to
demonstrate its value to the OAGN. This applies equally to the QA function. While the
outputs of a QA function may be several QA reports, the outcomes –
40
1. Provide an assurance to the Auditor General that
• The system of quality control is working effectively; and
• The audit reports issued are appropriate under the circumstances.
2. Indicate the improvements in various OAGN work processes and greater
effectiveness of audit reports and services as a result of implementing
recommendations in QAR reports.
OAGN top management may select capable personnel or an external body such as a
private professional entity to measure and evaluate the effectiveness of the QA function
based on the improvement implemented as a result of the reviewing function. While
evaluating the impact of the QA function on the OAGN as a whole, consideration may
also be given to Public Expenditure and Financial Accountability’s public financial
management performance measurement indicators relating to external audit, particularly
indicators Performance Indicator 26 “Scope, nature and follow-up of external audit”, and
PI-28 “Legislative scrutiny of external audit reports”.
To measure outcomes of the QA function, the following are some of the performance
indicators that an SAI may consider:
¾ The quality controls are designed, implemented and working effectively;
¾ The SAI’s methodology is aligned to the international standards on auditing;
¾ Areas for improvement in technical knowledge and skills are identified;
¾ Improved job performance;
¾ Cost savings in performing audit functions;
¾ The audit reports are submitted on time;
¾ Key stakeholders, including audited entities, are satisfied with the OAGN’s audit
reports, and other products and services;
¾ Increased implementation of audit recommendations by the audited entities
2.9.6 Working Environment
While managing the QA function in the OAGN, management should also consider the
appropriateness of the working environment of the QA staff. Availability of the
infrastructure and resources required for comfortable working and well-being of the QA
staff can contribute to their motivation and, consequently, the quality of their work.
41
2.10 Criteria for selecting audit files for QAR
Office of the Auditor General may consider the following criteria to select audit for
QAR:
¾ The audit has been classified as high risk;
¾ Parliamentary or media interest in audited entities or audit;
¾ The audited entities face problems that may lead to contentions and difficult
circumstances and may benefit from pre-issuance review to reduce the –
Auditor General’s reputation risk;
¾ Significant shortcomings were identified during the audit team’s previous
review;
¾ The audited entities changed its accounting framework;
¾ A new area of auditing; and
¾ Audit was conducted by an audit firm in full or jointly with the OAGN.
The sample of individual engagements selected for review must be representative of all
audits conducted by the OAG and should include those engagements where the budgetary
involvement is significant. But if the QA committee or AG feels it is a matter of public
concern even if the budgetary involvement is not significant, those engagements can also
be selected for review.
All audits determined as high risk from the selection criteria will be reviewed. QA
Review of OAGN will be conducted when Auditor General requires but OAG-level
reviews will be performed at the beginning of the OAG’s strategic planning cycle in
order to provide inputs for developing the strategic plan. QA Team for OAGN-level is
selected internally or externally by AG. In case of individual audit (Financial audit as
well as Performance audit) level at least one audit file of every audit team leader will be
reviewed each year after issuance of audit report. The pre issuance QAR is conducted on
the basis of criteria approved by Quality Assurance Committee. OAGN can take service
of external reviewer, if AG or QA Committee feels so.
2.11 Annual QAR Reporting
The ultimate purpose of conducting regular quality assurance reviews (QARs) even at
individual audit levels is to help strengthen the overall quality management system
(QMS) of an OAGN. As such, it is important that the QA unit of the OAGN submits
annual QA reports to the top management. Unlike individual QAR reports, the annual
QA reports should summarise the variety of QARs completed during the year, as well as
the significant findings from those QARs – in a way that will help the OAGN top
42
management to take appropriate decisions on the actions necessary to further strengthen
the overall QMS of the OAGN.
Paragraph 8.23 of the ASOSAI Performance Audit Guidelines provides some guidance in
this regard:
“The report on the quality assurance review programme should summarise
the results of all the reviews including the tasks selected (number and type),
the findings and any recommendations. The report should not focus on
individual audits, but be a summary of those findings identified during the
review programme.”
In view of the above considerations, it could be helpful to the OAGN’s top management
if two types of annual QA reports are submitted to them. One could be a statistical report
stating the various types of audits reviewed and the different types of QARs conducted,
while the other could be a summary of the significant QAR findings across audits and
their relationship to the overall Quality Management System of the OAGN.
Appendix 3 gives an example of Summary Report of QAR findings with Sample Report
pertaining to the QMS framework.
2.12 Monitoring and Supervision of QAR
A sound system of monitoring and supervision is essential for high quality QARs.
Supervision involves directing QA staff and monitoring their work to ensure that the QA
objectives are met. Supervision involves assigning responsibilities and providing
sufficient guidance to staff members. It also involves staying informed about significant
problems encountered, reviewing the work performed, overseeing individual
development, coaching, and providing periodic feedback and effective on-the-job
training.
QA staff should receive an appropriate level of leadership and direction so that they are
encouraged to perform up to their potential and to ensure that reviews are properly
carried out. All work is reviewed by the team leader before the QA reports are finalised.
This is to bring more than one level of experience and judgment in the review process,
and to ensure that evaluations and conclusions are soundly based and are supported by
competent, relevant and reasonable evidence as a foundation for the final opinion or
report.
The Supervisor of the QA reviews should ensure that the reviewing team adheres and
conforms to the policies and procedures prescribed by the QAR management.
The reviewing team should use the QA plan as a tool to ensure focused fieldwork by the
audit team, and also to facilitate monitoring by the team leader of the progress of QA
reviews.
43
In addition, the QA reviewer may use the following checklist as a guide in the
supervision and monitoring function of QAR.
¾ Execution of QA review is carried out in accordance with policies, standards,
manuals, guidelines and practices of the OAGN.
¾ QA team has a sound understanding of techniques and procedures for gathering
information, such as inspection, observation, and enquiry to collect evidence.
¾ QA steps and procedures have been designed to obtain sufficient, reliable, and
relevant evidence.
¾ All phases of the QA review have been carried out as planned and approved.
¾ Appropriate approval exists for non implementation, or significant deviations that
have taken place from, approved quality control procedures.
¾ Staff resources used for QA are largely in line with those planned in terms of
time, level of staff, and expenses entailed.
¾ Appropriate techniques and procedures are used to fulfil the QA objective in order
to provide for effective evidence.
¾ Ensuring that all envisaged tests for evaluation and reliability of internal controls
are used during audit process.
¾ The team leader should evaluate the effect of deficiencies noted as a result of the
monitoring process, and should determine whether -
• The review complies with QA standards; or
• Systemic, repetitive or other significant deficiencies exist during the
review that requires prompt corrective action.
¾ Ensure that appropriate analytical procedures are used and the reliability,
independence and quality of relevant supporting data are assessed during the audit
process.
¾ Sampling methods are used according to QA guidelines.
¾ All tests of transactions clearly indicate QA objectives, adequately explain nature
and extent of QA work, and provide an overall conclusion as to the results of QA
work.
¾ Full investigation is made of all queries during the QA review.
¾ Existence of adequate working papers for all phases of the QA reviews
44
2.13 Expected Output
Following strategic outputs are expected from implementation of QA policy:
• To improve the quality of audit services and it's impact
• To strengthen independence
• To increase professional capacity for audit
• To enhance organizational efficiency
• To improve audit impact and communication system.
2.14 Review of QA Policy
The OAGN’s QA policy should be reviewed periodically and updated, if necessary.
While reviewing its QA policy, the OAGN should consider lessons learnt with regard
to quality control and assurance, as well as international developments in auditing,
quality control and quality assurance.
2.15 Repeal
The Quality Assurance policy approved in 27 February 2009 is, hereby, repealed.
Approved Date: 31th December 2012

Effective Date: 12th February 2013
45
Chapter 3
OAGN Level Quality Assurance Review
Section 1
Introduction
3.1 Purpose and Overview

To develop a sound understanding of, and be able to apply the Quality Management
System (QMS) for OAGN based on international good practices. This section provides
the background and the methodology for the OAGN to perform the quality Assurance
assessment on overall functioning of an OAGN using an SAI-QMS framework. The
chapter further discusses in-depth the seven domains identified in a suggested SAI-QMS
framework that impact the functioning of the OAGN and its ability to effectively deliver
its mandate. The chapter also explains on the planning Quality Assurance at an OAGN
level focusing on the OAGN level questionnaires and other data gathering techniques
generally practiced by review team including: interviews; focus groups; examination of
documented policies; procedures, and physical observations. Gathering audit
evidence, one of the key audit procedures that enables the auditors to draw conclusions
on audit findings and observations and come up with effective audit recommendations is
also explained in this chapter. This chapter further goes on to discussing the reporting on
the Quality Assurance Review (QAR) stressing on how to prepare review report outline
and report on review.
3.2 Objectives of QAR of OAGN
The objective of QAR of OAGN is to assess whether the OAGN has an adequate quality
management framework in place to assure the quality of all it products and services, and
the extent to which the system is functioning effectively. As such, while reviewing at the
QAR of OAGN, the QA function may consider the following issues:
9 Determine if the OAGN’s legal framework is sufficient to meet the independence
and mandate expectations of the Lima and Mexico declaration;
9 Assess the process and systems in place to recruit, develop and manage the human
resources of the OAGN, to ensure that there are sufficient competent and
motivated staff to discharge its function effectively;
46
9 Confirm that the audit methodology and practices are aligned with International
Standards of Supreme Audit Institutions (ISSAIs), and other international good
practices;
9 Assess the extent to which the quality of systems and practices contribute to the
effective leadership and internal governance of an OAGN;
9 Identify ways to strengthen internal administration and support services;
9 Assess the status of relations with key external stakeholders and need for
improvement if any; and
9 Determine the quality of audit reports and services and their impact on the
accountability and transparency in the public sector, and the overall improvement
in the financial management practices of the government.
3.3 Quality Control of OAGN
3.3.1 Framework for OAGN Quality Control system
Extracts of framework and guidelines of ISSAIs are given under for the
better understanding of OAGN's framework of quality control system.
• Quality Controls for SAIs (ISSAI 40)
Quality Controls for SAIs (ISSAI 40)

(a) Elements 1: Leadership responsibilities for quality within the SAI
Key principle adapted for SAIs
An SAI should establish policies and procedures designed to promote an

internal culture recognizing that quality is essential in performing all of its
work. Such policies and procedures should be set by the Head of the SAI, who
retains overall responsibility for the system of quality control.
Application guidance for SAIs
• The Head of the SAI may be an individual or group depending on the
mandate and circumstances of the SAI.
• The Head of the SAI should take overall responsibility for the quality of all
work performed by the SAI.
• The Head of the SAI may delegate authority for managing the SAI's system
of quality control to a person or persons with sufficient and appropriate
experience to assume that role.
47
• SAIs should strive to achieve a culture that recognizes and rewards high
quality work throughout the SAI. To achieve that culture the Head of the
SAI should set the right “tone at the top” which emphasis the importance of
quality in all of the work of the SAI, including work which is contracted out.
Such a culture also depends on clear, consistent and frequent actions from
all levels of the SAI's management that emphasis the importance of quality.
• The strategy of each SAI should recognize an overriding requirement for the
SAI to achieve quality in all of its work so that political, economic or other
considerations do not compromise the quality of work performed.
• SAIs should ensure that quality control policies and procedures are clearly
communicated to SAI personnel and to any parties contracted to carry out
work for the SAI.
• SAI should ensure that sufficient resources are available to maintain the
system of quality control within the SAI.
(b) Elements 2: Relevant ethical requirements

An SAI should establish policies and procedures to provide it with reasonable
assurance that the SAI, including all personnel and any parties contracted to
carry out work for the SAI, comply with relevant ethical requirements.
Application guidance for SAIs:

• SAIs should emphasis the importance of meeting relevant ethical
requirements in carrying out their work.
• All SAI personnel and any parties contracted to carry out work for the SAI
should demonstrate appropriate ethical behavior.
• The Head of the SAI and senior personnel within the SAI should serve as an
example of appropriate ethical behavior.
• The relevant ethical requirements should include any requirements set out in
the legal and regulatory framework governing the operations of the SAI.
• Ethical requirements for SAIs may include or draw on the INTOSAI code of
ethics (ISSAI 30) and the IFAC ethical requirements, as appropriate to its
mandate and circumstances and to the circumstances of their professional
staff.
48
• SAIs should ensure policies and procedures are in place that reinforce the
fundamental principles of professional ethics as defined in ISSAI 30, i.e.:
o Integrity;
o Independence, objectivity and impartiality;
o Professional secrecy; and
o Competence.
• SAIs should ensure that any parties contracted to carry out work for the SAI
are subject to appropriate confidentiality agreements.
• SAIs should consider the use of written declarations from personnel to
conform compliance with the SAI's ethical requirements.
• SAIs should ensure policies and procedures are in place to notify the Head
of the SAI in a timely manner of breaches of ethical requirements and the
Head of the SAI to take appropriate action to resolve such matters.
• SAIs should ensure appropriate policies and procedures are in place to
maintain independence of the Head of the SAI, all personnel and any
parties contracted to carry out work for the SAI.
• SAIs should ensure policies and procedures are in place that reinforce the
importance of rotating key personnel, where relevant, to reduce the risk of
familiarity with the organization being audited. SAI may also consider
other measure to reduce the familiarity risk.
(c) Element 3: Acceptance and continuance
An SAI should establish policies and procedures designed to provide the SAI
with reasonable assurance that it will only carry out audits and other work
where the SAI:
a) Is competent to perform the work and has the capabilities, including
time and resources, to do so;
b) Can comply with relevant ethical requirements; and
c) Has considered the integrity of the organization being audited and has
considered how to treat the risk to quality that arises.
The policies and procedures should reflect the range of work carried out by
each SAI. In many cases SAIs have little discretion about the work they carry
out. SAIs carry out work in three broad categories:
49
• Work that is required of them by their mandate and statute and which
they have no option but to carry out;
• Work that is required by their mandate, but where they have discretion
as to the timing, scope and/or nature of work;
• Work that they can choose to carry out.
• For all audits and other work carried out, SAIs should establish systems to
consider the risks to quality which arise from carrying out the work. These
will vary, depending on the type of work being considered.
• SAIs normally operates with limited resources. SAIs should consider their
work program and whether they have the resources to deliver the range of
works to the desired level of quality. To achieve this, SAIs should have a
system to prioritize their work in a way that takes into account the need to
maintain quality. If resources are not sufficient and pose a risk to quality, the
SAI should have procedures to ensure that the lack of resource is brought to
the attention of the Head of the SAI and, where appropriate, the legislature
or budgetary authority.
• SAIs should assess if a material risk to their independence exists in
accordance with ISSAI 10. Where such a risk is indentified, the SAI should
determine and document how it plans to address this risk and ensure an
approval process is in place and is adequately documented.
• Where the integrity of the audited organization is in doubt, the SAI should
consider and address the risks arising from the capability of staff, the level
of resources, and any ethical issues which might arise in the audited
organization.
• SAIs should consider procedures for acceptance and continuance of
discretionary work, including work which is contracted. If the SAI decides
to carry out the work, the SAI should ensure the decision is approved at the
appropriate level within the SAI, and that the risks involved are assessed and
managed.
• SAIs should ensure that risk management procedures are adequate to
mitigate the risks of carrying out the work. The response to the risks may
include:
o Carefully scoping the work to be performed;
o Assigning more senior/experienced staff than would ordinarily be the
50
case; and
o Doing a more in dept engagement quality control review of the work
before a report is issued.
• SAIs should consider disclosing in their reports any specific matters that
would ordinarily have led the SAI to not accept the audit or other work.
(d) Element 4: Human resources

An SAI should establish policies and procedures designed to provide it with
reasonable assurance that it has sufficient resources (personnel and, where
relevant, any parties contracted to carry out work for the SAI) with the
competence, capabilities and commitment to ethical principles necessary to:
(a) Carry out its work in accordance with relevant standards and
applicable legal and regulatory requirements; and
(b) Enable the SAI to issue reports that are appropriate in the
circumstances.
• SAIs may draw on a number of different sources to ensure they have the
necessary skills and expertise to carry out the range of their works, whether
carried out by SAI personnel or contracted out.
• SAIs should ensure that responsibility is clearly assigned for all work
carried out by the SAI.
• SAIs should ensure that personnel, and parties contracted to carry out work
for the SAI (e.g. from chartered accountancy or consulting firms), have the
collective competencies required to carry out the work.
• SAIs should recognize that certain circumstances personnel and, where
relevant, any parties contracted to carry out work for the SAI, may have
personal obligations to comply with the requirements of professional bodies
in addition to the SAI's requirements.
• SAIs should ensure that Human Resources policies and procedures give
appropriate emphasis to quality and commitment to the SAI's ethical
principles. Such policies and procedures related to human resources include:
o Recruitment (and the qualification of recruited staff);
o Performance evaluation;
51
o Professional development;
o Capabilities (including sufficient time to perform assignments to the
required quality standard);
o Competence (including both ethical and technical competence);
o Career development;
o Promotion;
o Compensation; and
o The estimation of personnel needs.
• SAIs should promote learning and training for all staff to encourage their
professional development and to help ensure that personnel are trained in
current development in the profession.
• SAIs should ensure that personnel and any parties contracted to carry out
work for the SAI have an appropriate understanding of the public sector
environment in which the SAI operates, and a good understanding of the
work they are required to carry out.
• SAIs should ensure that quality and the SAI's ethical principles are key
drivers of performance assessment of personnel and any parties contracted
to carry out work for the SAI.
(e) Element 5: Performance of audits and other work
An SAI should establish policies and procedures designed to provide it with
reasonable assurance that its audits and other work are carried out in
accordance with relevant standards and applicable legal and regulatory
requirements, and that the SAI issues reports that are appropriate in the
circumstances. Such policies and procedures should include:
a) Matters relevant to promoting consistency in the quality of work
performed;
b) Supervision responsibilities; and
c) Review responsibilities.
Application guidance for SAIs:
• SAIs should ensure appropriate policies, procedures and tools, such as audit
methodologies are in place for carrying out the range of work that is the
responsibility of the SAI, including work that is contracted out.
52
• SAIs should establish policies and procedures that encourage high quality
and discourage or prevent low quality. This includes creating an
environment that is stimulating, encourages proper use of professional
judgment and promotes quality improvements. All work carried out should
be subject to review as a means of contributing to quality and promoting
learning and personnel development.
• Where difficult or contentious matters arise, SAIs should ensure that
appropriate resources (such as technical experts) are used to deal with such
matters.
• SAIs should ensure that applicable standards are followed in all work
carried out, and if any requirement in standard is not followed, SAIs should
ensure the reasons are appropriately documented and approved.
• SAIs should ensure that any differences of opinion within the SAI are
clearly documented and resolved before a report is issued by the SAI.
• SAIs should ensure appropriate quality control policies and procedures are
in place (such as supervision and review responsibilities and engagement
quality control reviews) for all work carried out (including financial audits,
performance audits, compliance audits). SAIs should recognize the
importance of engagement quality control reviews for their work and, where
an engagement quality control review is carried out. matters raised should
be satisfactorily resolved before a report is issued by the SAI.
• SAIs should ensure that procedures are in place for authorizing reports to be
issued. Some work of SAIs may have a high level of complexity and
importance that requires intensive quality control before a report is issued.
• If SAIs are subject to specific procedures relating to rules of evidence (such
as SAIs with a judicial role), they should ensure that those procedures are
consistently followed.
• SAIs should aim for timely completion of audits and all other work,
recognizing that the value from the work of SAIs diminishes if the work is
not timely.
• SAIs should ensure timely documentation (such as audit working papers) of
all works performed.
• SAIs should ensure that all documentation (such as audit work papers) is the
property of the SAI, regardless of whether the work has been carried out by
SAI personnel or contracted out.
• SAIs should ensure appropriate procedures are followed for verifying
53
findings to ensure those parties directly affected by the SAI's work have an
opportunity to provide comments prior to the work being finalized,
regardless of whether or not a report is made publicly available by the SAI.
• SAIs should ensure that they retain all documentation for the periods
specified in laws, regulation, professional standards and guidelines.
• SAIs should balance the confidentiality of audit documentation with the
need for transparency and accountability. SAIs should establish transparent
procedures or dealing with information requests that are consistent with
legislation in their jurisdiction.
(f) Element 6: Monitoring
An SAI should establish a monitoring process designed to provide it with
reasonable assurance that the policies and procedures relating to the system of
quality control are relevant, adequate and operating effectively. The
monitoring process should:
a) Include an ongoing consideration and evaluation of the SAI's system of
quality control, including a review of a sample of completed work across
the range of work carried out by the SAI;
b) Require responsibility for the monitoring process to be assigned to an
individual or individuals with sufficient and appropriate experience and
authority in the SAI to assume that responsibility;
c) Require that those carrying out the review are independent (i.e. they have
not taken part in the work or any quality control review of the work.)
• SAIs should ensure that their quality control system includes independent
monitoring of the range of controls within the SAI (using personnel not
involved in carrying out the work).
• If work is contracted out, SAI should seek confirmation that the contracted
firms have effective system of quality control in place.
• SAIs should ensure the results of monitoring of the system of quality control
are reported to the Head of the SAI in a timely manner, to enable the Head
of the SAI to take appropriate action.
• Where appropriate, SAIs should consider engaging another SAI, or other
suitable body, to carry out an independent review of the overall system of
54
quality control (such as a peer review).
• Where appropriate, SAIs may consider other means of monitoring the
quality of their work, which may include, but not be limited to:
o Independent academic review;
o Stakeholder surveys;
o Follow-up reviews of recommendations; or
o Feedback from audited organizations (e.g. client surveys).
• SAIs should have procedures for dealing with complaints or allegations
about the quality of work performed by the SAI.
• SAIs should consider whether there are any legislative or other requirements
to make monitoring reports public or to public complaints or allegations
related to the work carried out by the SAI.
• Peer Review Guideline (ISSAI 5600)
Peer Review Guideline (ISSAI 5600)

Peer Review
Peer review refers to a review of an SAI by one or several partner SAIs. They
volunteer to conduct or undergo such a review exercise. This means that neither the
two SAIs nor other external parties have obliged the SAIs to do so. SAIs does not
have any power of enforcing the results of the peer review. The participating SAIs
are free to decide on the contents and exercise of the peer review as well as on the
use of the findings generated. Peer reviews may cover the audit work and/or
organisational functions of the SAI in general. They may also be limited to one
activity of the SAI. As regards the audit area, peer reviews may be restricted to one
type of audit area such as financial audit, regularity/compliance audit, performance
audit, etc. As regards the organisational area of the SAI, peer reviews may for
example be restricted to individual functions such as financial management, the
strategic plan, internal control, information system, human resource management,
training etc. Combining individual review topics from both audit areas and
organisational areas is also possible. When making recommendations, the reviewing
SAI(s) should pay due regard to the respective national context of the reviewed
SAI. Any recommendations made need to be feasible and flexible.
55
Purpose of a peer review
The key purpose of a peer review is to help SAIs ensure that they comply with
applicable professional standards and national regulations and rules governing audit
work. A peer review may also pursue other objectives, such as
To help an SAI to identify the areas and functions in which they need to
enhance their
capacities;
To help an SAI make informed decisions about how to improve their own
operation and mission performance and to align with or consider other
international best practices;
To provide SAIs with an independent opinion on the design and operation of
the SAI s quality management framework;
To provide assurance as to the appropriateness of SAI practices, reports and
staff compliance.
The aim is to make or keep them fit for their purpose of ensuring public sector
accountability by providing high quality relevant audit reports and other outputs, in
order to help ensure better and more cost effective public service delivery.
There is likely to be a difference in peer review contents and procedures due to
the stage of development of the individual reviewed SAI:
On the one hand, a peer review that is undertaken to assess mature, well
developed quality control policies and procedures and
On the other hand, a peer review that is essentially an assessment of where
an SAI currently stands, e.g. by performing a “gap analysis”, and which can
be, in effect, the first step in putting together a strategic development plan
for the SAI and its audit practice.
The objectives sought by carrying out a peer review should be clearly documented
and formally agreed in writing by the participating SAIs before the decision to
embark on a peer review is taken.
The objectives are of key importance for the contents and the procedures of the peer
review. In addition, in the course and at the end of the review exercise, partner SAIs
should be able to check if and to what extent the initial objectives set have been
achieved even if new objectives have emerged in the meantime.
Once the scope of the peer review is determined and before proceeding with more
formal agreement, the reviewing SAIs need to ensure that they will be given
56
reasonable access to the documents, files, staff, stakeholders and all relevant
divisions of the reviewed SAI. The participating SAIs need to be confident that the
access granted is sufficient to meet the objectives of the peer review.
Apart from that, SAIs may decide on a timetable, period or date by which the
objective sought should have been accomplished.
Impacts and benefits of a peer review may be:
9 Reasonable assurance of mission performance;
9 Strengthening the different audit approaches;
9 Enhancing or improving specific procedures;
9 Identifying good practices used by the reviewing and the reviewed SAIs that
could be more widely distributed;
9 Improving or ensuring quality of work;
9 Applying effective audit tools;
9 Improving or ensuring the quality of management and organisation;
9 Identifying weaknesses and training needs;
9 Confirming if the internal manuals, policies and procedures are in line with
the International
9 Standards of Supreme Audit Institutions (ISSAI)2 and international best
practices;
9 Saving resources in the operation of the SAI;
9 Improving audit effectiveness;
9 Increasing the number of reports issued;
9 Enhancing the credibility of the SAI vis-à-vis stakeholders.
Selection of partner SAIs

As a rule, an SAI wishing to have their organisational structure or procedures
reviewed as part of a peer review contact other SAIs and invite them to be the
reviewing SAI in any peer review proposed. The initial contact should be rather
informal in order not to be detrimental to the reputation of either SAI in case the
request is not successful. In order to provide the SAIs, who are invited to be the
reviewing SAIs, with an appropriate information basis for their decision if to accept
or not accept the invitation, the initial contact may be accompanied by basic
information about the potentially reviewed SAI, such as legal bases, audit
57
standards, etc. Even before contacting the potential reviewing SAI for the first time,
the potentially reviewed SAI should duly consider if the reviewing SAI is the
adequate partner for the peer review proposed i.e. if there is reasonable assurance
that the potentially reviewing SAI can actually accomplish the objectives set. For
this reason it may be useful to consider well in advance if the reviewing SAI:
Possesses sufficient quantitative and qualitative resources for conducting the
peer review proposed;
Has the flexibility to understand and contribute to reviews of SAIs with a
dissimilar organisational structure;
Has the flexibility to understand the legal, political, economic, budgetary
and social environment of the reviewed SAI;
Is known for having relevant expertise and experience in the fields to be
covered by the peer review; and
Has experience in the field of quality control reviews.
It should be taken into account that reciprocal peer reviews, i.e. two SAIs reviewing
each other's practices on an alternate basis, may influence the objectivity and
independence of the peer review team.
If there is more than one reviewing SAI, a team leader should be chosen. Usually,
the reviewed SAI chooses the team leader, but it can also leave the decision to the
team.
Having a broadly based team undertake the review might be of particular benefit. In
this way different experiences and perspectives can all be brought to bear in
undertaking the review.
A sound and broad composition of the peer review team can lead to a diversity of
views and perspectives and allow for relevant recommendations. Nevertheless,
there is a risk that traditional models and theories do not consider customer needs
and expectations. An innovative approach, however, might cause reservations by
the reviewed SAI who may not accept it. Therefore, the peer review team should act
with integrity and have a constructive approach aimed at considering customer
needs and expectations and at identifying better solutions. Their conclusions should
be supported by sufficient and accurate evidence.
Peer review agreement (MoU)

Once the reviewed and the reviewing SAIs have reached a basic agreement on
58
conducting a peer review, the scope, objective, timing and criteria of the peer
review proposed as well as the conditions to be met in order to help make the
review a success can be incorporated into a written agreement, e.g. in the form of a
Memorandum of Understanding (MoU). This exercise is meant to ensure mutual
consent on the fundamental aspects of the review and to avoid any potential
misunderstanding. The SAIs involved should decide and agree on the matters to be
covered in the MoU and this should be before initiating the project. When preparing
the MoU, they should take care not to limit the review team s scope to conduct the
work necessary to accomplish the objectives of the review. The MoU is usually
signed by the Heads or authorised representatives of the reviewing and the reviewed
SAIs.
The following matters are typically included:
Definitions
The MoU should include the definitions of the main terminology used in the review
in order to ensure that partner SAIs have the same understanding of the main
aspects of the peer review. These include clear terms of reference for the peer
review including the format of the review, its objectives, reporting arrangements
and the principles or national and international professional and ethical standards to
which those undertaking the review agree to adhere (e.g. impartiality, objectivity,
confidentiality, frankness and transparency). The MoU may stipulate the application
of ISSAIs, e.g. with regard to the ethical standards, the application of INTOSAI's
Code of Ethics (ISSAI 30) may be agreed.
Objective
The MoU may state the reasons why the reviewed SAI has decided to undergo a
peer review, e.g. as part of a regular review process, as part of putting in place a
new system, or as part of an overall strategy review and development procedure.
The purpose of the peer review should be stated in order to better explain the scope
of the objectives pursued.
Timetable
The start and the end of the peer review as well as the main milestones of the
project may be determined so as to help the reviewing SAI make informed
decisions on the use of staff and the reviewed SAI to be informed on the
development of the work and to forecast when the report on the findings will be
available. Due care should be given to the fact that interpretation, translation and
submission of documents, minutes and findings may significantly extend the overall
timeframe. Furthermore both partners may reasonably forecast and agree on the
59
input of resources needed. The schedule should allow sufficient time to deal with
any unforeseen aspect. Both the reviewing and reviewed SAIs need to ensure
having sufficient free capacity. An appropriate lead time may be agreed, in order to
enable the SAIs to include the peer review in their work plan.
Language
The reviewed and reviewing SAIs should agree on a working language.
Staffing
The number, functions and profile of the staffing needed by the partner SAIs should
also be roughly determined, thus helping reach a better decision on what staff to
assign to the exercise and better estimate the costs likely to arise. On the one hand,
arrangements may be made on keeping staff originally assigned to the job to the
extent possible so as to help implement the peer review speedily. On the other hand,
SAIs may wish to make specific arrangements on any reasons for substituting staff
assigned at the request of the reviewed SAI. It is of particular importance, that the
staff maintains their independence, unbiased attitude, accuracy and objectivity, and
treats the entire review process confidentially.
When selecting their team participants the reviewing SAIs need to assess and
evaluate the particular skills required for the peer review focus. The team leader
will need to confirm necessary skills, such as specific language and IT audit skills,
prior to finalising the staffing structure proposed.
Where the team leader identifies gaps in the expertise of the staff proposed, it may
be appropriate for the team leader and the reviewed SAI to consider relying on
external experts at appropriate stages during the peer review.
Scope and contents of the peer review

The peer review may cover the audit area of the SAI and/or organisational functions
of the SAI in general, or may be limited to specific matters (see chapter 2
Definition). In this case the matters exempt from review work should be explicitly
stated to ensure that the review staff keep well within these borders. Matters to be
exempt may be politically sensitive or classified procedures or topics/areas that are
susceptible to lead to any unknown or undesired consequences once they are
submitted to an external study.
SAIs may also place focus on any matters where expertise is sought or which
should for other reasons be examined thoroughly. The peer review may be extended
to additional focus areas if requested by the reviewed SAI.
A peer review may encompass the following topics:
60
Legal, actual and financial independence of the SAI;
Staffing (number, recruitment, initial training and continued training, staff
assignment and motivation);
Structural and procedural organisation;
Planning and conducting audit missions, audit findings, reporting, follow-
up;
Quality control of audit work;
Public relations, audit impact and reputation enjoyed by the SAI; and
Review of compliance with professional, internal and/or ethical standards.
Files and other documents

The partner SAIs should expressly determine how and to what extent the reviewing
SAI's staffs are granted access to the records held by the reviewed SAI.
The reviewers shall respect the confidentiality of information that comes to their
attention during the review. As a rule, the reviewed SAI wishes that the contents of
files and other records as well as of interviews conducted as part of the peer review
are treated confidentially. SAIs may also determine – by taking into account any
applicable standards or country-specific laws – whether the final report should be
published fully or in part on the INTOSAI website or elsewhere. The reviewed SAI
may also decide that the final report will not be published at all, and that it will be
designed for internal use of the reviewed SAI only.
Procedural matters
To ensure the smooth conduct of the peer review all procedural matters may be
determined beforehand in the MoU. Such matters may include the following:
A peer review may require the reviewing SAIs to understand legal,
accounting or regulatory requirements which are peculiar to the jurisdiction
of the reviewed SAI.
It is beneficial if, as part of the consultation process, the reviewed SAI
nominates specific groups or individuals for different types of issues.
The decision whether the delegates of the reviewing SAI may conduct
interviews and if so with what officials and whether they may disclose the
purpose of the peer review should be documented in the MoU. Free and
61
open access to the reviewed SAI's staff and other relevant aspects of the
organisation are essential to the open and transparent conduct of the peer
review.
The participants may consider confirming the procedures for consulting with
external local experts. Matters to be considered will include who the
nominated experts will be, issues of confidentiality, cost and whether the
consultation will be direct between the reviewing SAIs and the experts or
via the reviewed SAI.
It should be defined which documents may be transferred to the reviewer's
home office, e.g. originals, copies, confidential documents. Arrangements to
ensure the security of communication between the participating SAIs should
be agreed in advance, particularly in respect of confidential documents
which may need to be sent via the internet when completing work in the
SAIs' home countries.
The MoU should include a process to clear the facts.
Timing of communication and discussions

The partner SAIs may wish to discuss how to proceed with the peer review, initial
results achieved and preliminary findings. Relevant dates, intervals, issues due to be
discussed and reasons for such discussions may be stipulated in the MoU.
Documentation
Partner SAIs should determine how to record the peer review findings.
Documentation requirements may include the overall strategy and review plan, the
completeness of records and review evidence, the timing for communicating them
to the reviewed SAI and their final destination. The MoU may specify if and what
data should be retained by the peer reviewers, and for what periods. It may also
stipulate, what data should not be kept by the peer reviewers once the review is
completed. Partner SAIs might wish to avoid placing too high requirements on
documentation, because this may render the whole procedure rather cumbersome.
The reliability of findings should be the first priority.
Given the fact that the documents required by the peers are written in the reviewed
SAI's language, translation requirements may be integrated in the MoU. Partner
SAIs should agree on which documents need to be translated, who will be in charge
of the translation, and how it will be funded.
62
Final report
The SAIs involved in the peer review may consider and agree beforehand on the
nature and length of the final report, e.g. a short report setting out key findings, a
detailed report of all findings or alternatively two reports – an abridged version for
public use and a long form report for internal use.
The SAIs involved may also wish to determine what procedure to use for drafting
the final report. For this purpose, they may arrange for preparatory liaison, e.g.
establish an editorial team.
The decision on the timing of the implementation of recommendations will lie with
the reviewed SAI. The reviewed and reviewing SAIs may agree to divide the
recommendations into short-term (up to one year) and long-term (up to three years
for implementation). Suggestions may be helpful if implementing one specific
recommendation is a pre-condition for recommendations to follow.
The report will remain the property of the reviewed SAI. In case the reviewed SAI
intends to involve further addressees, this might influence the drafting of the report
especially so if audit concepts and terms need to be explained in the report. So it
might be advisable to deal with the following topics within the MoU: To whom
shall the report be addressed? Is it the reviewed SAI (most usually) only? Who will
issue the report? Is it the team leading SAI or all SAIs involved? In addition, the
parties may wish to clarify who in addition to the reviewed SAI shall receive the
report and in what form: the internal INTOSAI website, the International Journal of
Government Auditing, the Parliament of the reviewed SAI, the general public? This
decision is normally made by the reviewed SAI and should be made at the MoU
stage. The INTOSAI community is keen on receiving peer review reports in
accordance with their principle of “Experientia mutua omnibus prodest”.
Cost
The SAIs involved should agree on who is to bear the cost which may be
considerable for conducting the peer review (including report drafting and
translation). Alternatively, each of the SAIs involved may bear its own cost or one
partner receives a lump sum for its review services. The peer review programme
might also be supported and funded by community donors in accordance with the
INTOSAI principles of independence.
The SAIs may wish to agree on procedural and administrative matters on
subsistence and travelling costs. In view of cost efficiency, the delegation should
preferably be composed of staff directly connected with the review and should be
limited to the minimum number of staff needed to perform it.
63
Support of the peer review

The reviewed SAI may provide support to the peer review exercise in manifold
ways, for example by sending documents on the legal principles and the audit
environment to the reviewing SAI's staff, making introductory presentations to help
them familiarise themselves with these relevant situations before arriving in
country, providing the review staff with office accommodation equipped with
telephone and IT connections as well as security features necessary to protect the
received information, designating contacts at the reviewed SAI, and providing
hospitality to the review staff. These inputs may be documented in the MoU
Preparation and conduct
Initial Planning
When embarking on the peer review, the staff assigned to the job by the reviewing
SAI should be carefully selected and adequately prepared for the tasks awaiting
them. The review staff should be communicated pertinent information to familiarise
with the applicable legal authority, organisation charts, the environment and the
major procedures used at the reviewed SAI. To the extent needed they should be
taught the essentials about the working language used by the reviewed SAI.
Generally, a glossary of the key terms used may be of help.
Before embarking on field work, a discussion should take place or other
communication should be exchanged between the reviewed SAI's management and
key contacts and the reviewing SAI's management and the review staff. The
reviewed SAI may also inform all its employees about the project. This helps
ensure a better reception for the review team and may even lead to beneficial
„spontaneous inputs from staff that are not on the interview list. In addition, the
reviewed SAI should contact its stakeholders to ensure they are available in case the
reviewing SAI needs to interview them.
The reviewed SAI may wish to clearly outline and communicate the scope and
process of the peer review internally prior to commencement of field work. This
approach should assist in ensuring a smooth and efficient process.
The reviewing SAIs need to agree the timing and completion of field work. The
process by which findings will be incorporated into the final report should be
discussed and agreed at the planning stage, with the roles and responsibilities of the
participants being clearly defined and delimited. Matters which may be discussed
include responsibilities for the review of field work, process for ensuring
consistency of conclusions and reaching consensus.
When planning the peer review, the reviewing SAIs may wish to build into their
64
timetable an opportunity to meet post field work, to discuss their findings and
conclusions and consider the structure and subject matter of the peer review report.
Planning should be based on the MoU. It might be done beforehand on the
reviewing SAI's premises, thus leaving more time for the implementation and
reporting stages and thereby reducing costs.
Field work
When starting field work, an introductory discussion should be held on the basis of
the arrangements made beforehand with the responsible officials of the reviewed
SAI and the review team. The targets, limits and timetable for the peer review
exercise should be explained and discussed as needed. Experience has shown that
the following issues should be given particular regard:
Costs incurred not only by translation but also by travel;
Logistical assistance for the reviewing SAI's team; and
Addressees of the final report.
In addition, the mandate of the review staff, the terms of reference and the
procedures for solving misunderstandings or unpredictable challenges are
highlighted. Finally at least those items of the MoU should be discussed that the
review staff have to observe.
The Quality Assurance Questionnaire QAR SAI Level which is an appendix to this
Guide furnishes detailed questions for selected review areas. Where appropriate, the
answers to these questions may be based on a sample of audits.
For a peer review that is a prelude to putting together a strategic development plan,
it will be important to be clear what the baseline or starting point is; what
assessment criteria is being used; and, to be consistent with the approach that is
increasingly common among donors, it should be stakeholder driven. For this
reason, it would be useful to emphasise that not all the items set out for example in
the checklist have to be covered in an initial review.
Building on this point, it would be useful to also take into account “INTOSAI
Building capacity in Supreme Audit Institutions: A Guide” as a basis for the peer
review process. This may help emphasise the common ground that the guide shares
with the draft peer review documents.
Follow-up and Evaluation
It goes without saying that it is at the reviewed SAI s discretion to decide whether
it will implement a recommendation or not. It may be agreed, that the reviewed SAI
will provide a written response to the observations and recommendations set out in
65
the peer review report. An action plan may be included in this response. Apart from
that, the reviewed SAI might request the peer review team to verify the extent to
which recommendations have been followed after an agreed time (e.g.: one year,
depending on the recommendations' priorities), to check whether and how their
suggestions have been followed. After the verification, the team may prepare
another report on the recommendations implementation. If any problem with the
implementation occurs, the team may reword or modify recommendations.
Follow-up discussions between the reviewed and reviewing SAIs may be of great
significance to both sides, as the SAI reviewed may receive feedback that the
recommendations have been implemented properly or additional suggestions on
how to do it. The reviewer may obtain feedback that good use has been made of the
efforts put into the peer review work. All procedural matters such as the scope of
the follow-up review, logistics, costs, schedule, etc. should be agreed in advance.
According to the INTOSAI Strategic Plan 2005-2010 existing peer review
arrangements should be assessed and documented. Evaluation of such a project is
thus not only in the individual interest of the participants but – in case the peers
decide to share their lessons learnt from the peer review with others – in the general
interest of all SAIs considering a peer review. SAIs is therefore encouraged to
evaluate peer reviews in order to help INTOSAI establish best practices. Since the
decision to conduct a peer review is by definition of a voluntary nature,
retrospective evaluation is a voluntary exercise as well.
Adequate timing for an evaluation depends on the scope of the peer review, any
long-term recommendations and other circumstances. In isolated cases, the
evaluation may be carried out in several steps.
The post-review evaluation analyses and records the pre-set objectives and their
target achievement degree. Furthermore, other peer review impacts that may not
have been sought in the first place should be scrutinised and recorded.
Also, any findings on the peer review exercise conducted may be documented. This
is especially of interest for those SAIs that wish to draw on the benefits of earlier
peer reviews for their own peer review project. In accordance with the relevant
MoU, the key findings produced in the evaluation should be incorporated in the
internal section of the INTOSAI website to be available to the other INTOSAI
members.
3.3.2 SAI-QMS Framework suggested by IDI

3.3.2.1 Overview
Every Supreme Audit Institution (SAI) is responsible for delivering its own mandate to
the satisfaction of its stakeholders’ needs. A useful tool for ensuring the achievement of
66
the goal is through the SAI establishing a Quality Management System (QMS) designed
to provide it with reasonable assurance that:
(a) The SAI and its personnel comply with professional standards, regulatory and
legal requirements; and
(b) The reports issued by the SAI are appropriate in the circumstances.
The QMS is a broad concept that comprises the organisational structures, resources,
processes and products needed to implement a quality management framework. It
involves all processes in the operational life cycle of an SAI’s operations that affect
quality – from initial identification of stakeholders’ needs to final satisfaction of
requirements. It is designed to give confidence to clients and stakeholders that quality
requirements will be achieved in delivered products and services.
The SAI-QMS Framework consists of structures and processes relating to certain key
management functions of any SAI. The SAI-QMS proposed in this chapter is based on a
comparative study of various frameworks including ISSAI 40, AFROSAI-E Institutional
Strengthening Framework for SAIs, ASOSAI AQMS Guidelines, INTOSAI Guidance on
Building Capacity in SAIs, SAI UK’s SAI Maturity Model and SAI USA’s AQMS
framework.
67
Figure 5: IDI’s suggested SAI-QMS Framework
WIDER SAI ENVIRONMENT

VALUE
GENERATED BY SAI
(Results: Outputs &

Impacts)
LEADERSHIP & INTERNAL GOVERNANCE

SAI INDEPENDENCE & LEGAL FRAMEWORK
SAI INDEPENDENCE & LEGAL FRAMEWORK

EXTERNAL STAKEHOLDER RELATIONS
PROCESS
(Audit Standards,
Methodology and
Performance)
INPUTS
Human resources
Admin. support
SAI INDEPENDENCE & LEGAL

FRAMEWORK
WIDER SAI ENVIRONMENT
68
The above figure shows the SAI-QMS framework that identifies the following seven
domains impacting the functioning of an SAI and its ability to effectively deliver its
mandate:
1. Independence and legal framework.
2. Human Resources.
3. Audit Standards, Methodology, and Performance.
4. Leadership and Internal Governance.
5. Administrative Support.
6. External Stakeholder Relations.
7. Results.
If each of the above seven domains are functioning effectively and delivering the desired
results, it can be reasonably assumed that the SAI as a whole will deliver products and
services of high quality. While the above seven domains can be separated from each
other and treated as standalone components, at the same time they interact and influence
each other. As such, all the above seven domains with their inter-relationships constitute
the quality management framework of a SAI.
Each of the overall domains has a pre-defined desired condition, which is the overall
position the SAI should aim for with regard to the particular domain. The seven desired
conditions and good international practices are summarised in table 3 below:
Table 3: Desired Conditions and good international practices for the Seven Domain
of the SAI-QMS
Domain of Desired Condition Good International Practices

QMS
Framework
Independence The independence and The existence of the SAI and the
and legal mandate of the SAI should be appointment of the SAI Head should
framework as comprehensive as laid down be provided for in the Constitution.
in the ISSAI 1 ‘INTOSAI’s All public bodies and related
Lima Declaration on Auditing institutions shall be audited by the
Precepts’, ISSAI 10 ‘Mexico SAI. The SAI should have access to
Declaration on SAI records and documents relating to
Independence’ and ISSAI 11 financial management and be able to
‘INTOSAI Guidance and perform different types of audits.
Good Practices Related to SAI
69
QMS
Framework
Independence’.
Human The SAI should have an The SAI should establish policies
Resources adequate number of competent and procedures designed to provide
and motivated staff to it with reasonable assurance that it
discharge its functions has sufficient personnel with the
effectively (ISSAI 200 capabilities, competence and
Paragraphs 1.2(a) & (b) to commitment to ethical principles
1.12). necessary to perform its work
Audit Standards, The SAI’s audit processes The SAI should establish procedures
Methodology should be based on the designed to provide it with
and INTOSAI Auditing Standards reasonable assurance that audits are
Performance and other international good performed in accordance with
practices to the extent professional standards and
applicable to the national rules regulatory and legal requirements,
and regulations.(ISSAI 100 and that the SAI issues reports that
Paragraph 6(a), ISSAI 200 are appropriate in the circumstances
Paragraphs 1.2 (c), 1.13 and
1.35)
Leadership and The top management of the The Head of the SAI and audit top
Internal SAI should ensure that the managers should establish policies
Governance SAI’s decision making and and procedures designed to promote
control mechanism functions an internal culture based on the
economically, efficiently, and recognition that quality is essential
effectively, and thereby serve in performing audits. The leadership
as a model organisation in of the SAI should assume ultimate
promoting good governance. responsibility for the system of
(ISSAI 100 paragraph 6c). quality control.
Administrative The SAI should optimally The SAI should optimally manage
Support manage to ensure timely its finances to ensure timely delivery
delivery of support services of support services and infrastructure
and infrastructure to its to its departments/divisions/sections.
departments/divisions/sections.
70
QMS
Framework
External The SAI should establish and Sustain effective working

Stakeholder sustain effective working relationships and communication
Relations relationships and with external stakeholders to ensure
communication with external a higher impact of SAI’s audit
stakeholders to ensure higher reports and services
impact of the SAI’s audit
reports and services.
Results The SAI should deliver quality SAIs should deliver quality audit
audit reports and services that reports and services that promote
promote accountability and accountability and transparency in
transparency in the public the public sector, more efficient
sector, more efficient management and utilisation of public
management and utilisation of resources, and contribute towards
public resources, and good governance.
contribute towards good
governance.
Each of the seven domains, in turn, consists of various components or, what we call,
elements. The IDI’s suggested SAI-QMS framework with the domains and elements
within each is shown in Diagram 2 below. The SAI should consider actions at the
elements level when considering changes for improvements to the performance of the
SAI.
71
Diagram 1: SAI-QMS framework with its elements

1 2 3 4 5 6 7
Independence Human Resource Audit Standards, Leadership and Internal Administrative External Results
and Legal Methodology and Governance Stakeholder
Support
Framework Performance Relations
Independence Recruitment Standards Strategic & Operational Financial Parliament/ Head Output
Planning Resources of State/
(Quality, Quantity)
Executive
Mandate Retention Manuals &
Audited Entities
Other Guidance Internal Communication Infrastructure
Public Impact
Professional Staff
Development Accountability Technology
Peers
Quality
Assurance
Welfare Code of Ethics and Conduct Support
Services Donors
Audit
Staff Performance Internal Controls
Performance International
Management
Organisations
Continuous Improvement
Media
Professional &
Academic
Institutions
72
3.3.2.2 Independence and Legal Framework
A fundamental principle of auditing is to provide an independent opinion on the
performance of the audited entities and its compliance to laws, rules and regulations. The
elements of the domain are shown in the following flow diagram:
Figure 6: Independence and legal framework domain with its key elements
The above structure is explained below:

Independence
The auditing is to provide an independent opinion on the performance of the audited
entities and its compliance to laws, rules and regulations. Consequently, the ‘Lima
Declaration on Auditing Precepts’ underscores that Supreme Audit Institutions (SAIs)
can accomplish their tasks objectively and effectively provided they are independent of
the audited entity, and are protected against outside influence. This was further elaborated
in ISSAI 10 ‘Mexico Declaration on SAI Independence’ and ISSAI 11 ‘Guidance on
Good Practices related to SAI Independence’. These standards highlight the following
dimensions of independence and mandate of SAIs that need to be in place:
a) Independence of Supreme Audit Institutions
Although state SAIs cannot be absolutely independent because they are part of the state
as a whole, SAIs should have both the functional and organisational independence
required to accomplish their tasks. The SAI should be free to determine the nature of its
organisational structure and functional processes without outside interference.
Ideally, the establishment of SAIs and the necessary degree of their independence should
be laid down in the relevant Constitution. The details, however, may be set out in
legislation such as in a separate Audit Law. The Lima Declaration recommends that
adequate legal protection by a supreme court against any interference with an SAI’s
independence and audit mandate should be guaranteed.
b) Independence of the Head of the SAI and officials of Supreme Audit Institutions
The independence of Supreme Audit Institutions is inseparably linked to the
independence of its head and the staff working within it. The Lima Declaration
recommends that the independence of the head should be guaranteed by the Constitution.
In particular, the procedures for removal of head of SAI from office should be embodied
in the Constitution in a manner that may not impair the independence of the head of the
SAI.
In their professional careers, audit staff of Supreme Audit Institutions must not be
influenced by the audited organisations, and must not be dependent on such
organisations.
c) Financial independence of Supreme Audit Institutions
SAIs should be provided with the financial means to enable them to accomplish their
tasks effectively. If required, SAIs should be entitled to apply directly for the necessary
financial means to the public body deciding on the national budget, for example, the
Parliament, instead of depending on the ministry of finance that is one of the audited
entities of an SAI. In addition, SAIs should be entitled to use and re-allocate the funds
allotted to them under a separate budget heading in ways that they consider to be
appropriate.
Mandate
The mandate of the SAI shall be clearly defined in the country’s constitution and/or in
separate audit legislation. It should clearly spell out the powers and responsibilities of the
SAI regarding access to information, the nature of entities over which it has audit
jurisdiction and nature, scope and timing of audits. The Mexico Declaration on SAI
Independence recommends the following on a SAI’s mandate:
9 A sufficiently broad mandate;
9 Unrestricted access to information;
9 Right and obligation to report on their work;
9 The freedom to decide on the content and timing of audit report, and the freedom
to disseminate such reports; and
9 Existence of effective mechanism for the follow-up on SAI recommendations.
3.3.2.3 Human Resources
People are the most valuable assets of an audit institution. Sound human resources
management should provide employees a rewarding and professional environment, as
well as maintaining and enhancing the capabilities of the people. As a result, a motivated
and professionally competent workforce plays a significant role in achieving the required
high quality of audit processes and outputs.
It is a common practice to set up a human resources management function within an SAI
as a part of the SAIs’ management system. The following aspects need to be emphasised
in regard to human resources management:
• Establish a policy and procedures regarding recruiting, training, motivation and
professional development;
• Implement each set of procedures, such as organise and adapt training activities;
74
• Periodically review results of training and professional development programmes
to evaluate whether they are being presented effectively and are accomplishing
objectives;
• Establish performance-based promotion and advancement system, link
performance management with personnel welfare and benefits; and
• Assign the responsibility for the professional development function to a person or
group with appropriate authority.
The human resources domain along with its key elements is shown in the following flow
diagram:
Figure 7: Human Resource domain with its key elements

a. Recruitment
ISSAI 200 (paragraphs 1.3 and 1.4) states, “The SAIs should adopt policies and
procedures to recruit personnel with suitable qualifications”, and “SAI personnel should
possess relevant academic qualifications and be equipped with appropriate training and
experience. The SAI should establish, and regularly review, minimum educational
requirements for the appointment of auditors”.
The following factors should be considered by the SAI to determine standards of
qualification and competence of the staff members:
• Develop competency requirements for different functional and levels;
• Recruit multi-disciplinary personnel with suitable qualifications and experience;
• Supplement internal human resource and skills by seeking outside expertise from
qualified specialists, consultants and technical experts, professional associations
and other organisations as needed;
• SAI should ensure that the specialists and experts are qualified and have
competence in their areas of specialisation and should document such assurance;
and
75
• Outsourcing: Audits may also be contracted out to private firms, to undertake
audits on behalf of the SAI or to participate in joint audits with the SAI’s staff.
However, the SAI remains responsible for the quality of the products and should,
therefore, ensure strict quality control over the outputs delivered by such external
parties.
b. Retention
Salaries and allowances, personnel welfare and benefits for SAI employees are usually
covered under the public service regulations in most countries, and so it may not always
be possible for SAIs to provide attractive salaries to retain qualified staff. Therefore, it
becomes even more important that SAI management ensures that the working conditions
are sufficiently attractive to retain the services of experienced personnel. At the same
time, to the extent possible, SAIs may work towards a separate salary structure for its
personnel. In cases where the SAI requires expert staff who cannot be recruited on the
basis of conditions of the civil service, special arrangements should be concluded with
them, placing them outside the regular wage scales.
c. Professional Staff Development
ISSAI 200 paragraph 1.5 explains, “SAIs should adopt policies and procedures to
develop and train SAI employees to enable them to perform their task effectively, and to
define the basis for the advancement of auditors and other staff.” Training plays a critical
role to enhance knowledge and skills of the staff to enable the SAI to deliver with quality
audit products and services to its stakeholders. Training is one of the key components of
the professional staff development activities such as upgrading professional related
academic qualification, attachment with similar organisations, study tours, seminars and
Workshops etc.
However, the Professional Staff development is a concept that goes beyond just training
of individuals. The term staff includes people at all levels within SAI right from the SAI
top management to those at the lower levels of the organisation hierarchy. Staff
development is the process of managing the professional life, learning and work over the
lifespan of an individual. It integrates, providing for career development priorities of the
employees. It also needs to identify staff learning needs and provide for appropriate
learning opportunities through which employees acquire knowledge and skills needed to
accomplish their assigned tasks. To ensure proper career development the SAIs should
specifically:
• Manage the careers of their staff within and between SAIs;
• Structure the career progress of their staff; and
• Manage succession planning, particularly with higher decision-making positions.
The SAI should take adequate steps to provide for continuing professional development
of its staff, including, as appropriate, provision of in-house training and encouragement
of attendance at external courses. The SAI should maintain an inventory of skills of
76
personnel to assist in the planning of audits as well as to identify professional
development needs. The SAI should establish and regularly review criteria, including
educational requirements, for the advancement of auditors and other staff of the SAI. The
SAI should also establish and maintain policies and procedures for the professional
development of audit staff regarding the audit techniques and methodologies applicable
to the range of audits it undertakes (ISSAI 200 Paragraphs 1.5 to 1.9).
d. Welfare
The SAI should take effective steps to create a motivating working environment that
takes care of the psychological and physical well-being of its staff. Measures should
include health care programmes, social, recreational and sporting facilities, fitness
programmes, housing and counselling services. Some welfare measures could be gender-
specific, such as flexible work timing for female staff who are nursing mothers, or who
have children to look after.
e. Staff performance management
A performance management system should be developed to provide timely and
constructive feedback to employees on their performance. The objective of performance
management is to maximise the individual potential of the staff for further improvement.
Two key aspects of the competency-based performance system are performance feedback
and appraisal. While appraisals also include performance feedback, it is generally a more
formal process conducted once or twice a year. Performance feedback on the other hand
is a more informal, day-to-day process of the supervisor or manager offering relevant
feedback to the staff members on their day-to-day performance.
The appraisal is an assessment of individual staff performance. The SAI should establish
and publish performance standards for each core competency. Periodically, supervisors
and managers should prepare and deliver performance appraisals honestly, accurately and
consistently applying the competency-based standards.
The senior management of SAI should set the overall policy on performance management
and monitor its implementation vis a vis the appraisal standards and policies.
The system should provide the SAI management with the information to recognise and
reward high performers, as well as information needed to deal with inadequate
performance. SAIs should have a suitable reward system to reward employees who meet
or exceed clearly defined and transparent standards of high performance. In this
connection, SAIs may consider the following kinds of incentives:
• Naming and honouring the Auditor(s) of the Year;
• Certificate of Excellence for outstanding performance;
• Additional financial remuneration/benefits to staff performing high quality work;
and
• Performance-based promotions.
77
The performance management system should also enable SAI employees to discuss
performance requirements with their supervisors, to become familiar with the critical
elements and performance standards that apply to them, prepare self-assessments and
seek feedback from the supervisors, when appropriate.
3.3.2.4 Audit Standards, Methodology and Performance
SAI top management need to steer the process of re-examining and refining the SAI’s
audit methodologies, processes and procedures and all other SAI factors affecting SAI’s
fulfilment of its mission and goals, and adherence to its professional standards and core
values.
The quality management system designed by the SAI should provide reasonable
assurance that appropriate standards, manuals, methodology, tools and techniques are in
place, useful and applied consistently. The domain Audit Standards, Methodology and
Audit Performance have five elements as shown below:
Figure 8: Domain of Audit Standards, Methodology and Audit Performance

a. Standards
Auditing standards constitute the criteria or yardstick against which the qualities of audit
results are to be evaluated. The auditing standards governing the conduct of an audit
determine what the auditor should do. The fact that an audit has been conducted in
accordance with certain standards gives necessary reassurance to people making use of
the accounts. The objectives of the particular type of work or the particular assignment
should dictate the specific standards that are followed. Each SAI should develop or adopt
appropriate standards which are preferably in compliance with national and INTOSAI
standards. The SAI’s policy should require all staff to comply with those standards
relevant to the specific nature of their responsibilities.
ISSAI 100 (paragraph 6a) describes, “The SAI should consider compliance with the
INTOSAI auditing standards in all matters that are deemed material. Certain standards
may not be applicable to some of the work done by SAIs, including those organised as
courts of Account, or nor to the non-audit work conducted by the SAI. The SAI should
determine the applicable standards for such work to ensure that it is of consistently high
quality”. INTOSAI Auditing Standards (ISSAI 200 Paragraph 1.35) states that: “The SAI
78
should ensure that applicable standards are followed on both pre-audits and post-audits
and that deviation from the standards which are determined to be appropriate are
documented.”
In addition to auditing standards, SAIs are also expected to comply with standards of
ethics that determine the conduct of its staff. This is discussed separately later in this
chapter, under the section ‘Internal governance’.
b. Manuals and other Guidance
The INTOSAI standard ISSAI 200, paragraph 1.2 (c) explains that the SAIs should
“prepare manuals and other written guidance and instructions concerning the conduct of
audits”. The audit methodology should be supported by manuals, guidance and other job
aids. In addition to assisting the staff to effectively perform their duties, such guidance
would constitute the quality control documents that would form the basis for planning
and conducting quality assurance reviews. These manuals and guidance should, of
course, be aligned to the auditing standards adopted by the SAI. SAIs should have in
place detailed manuals and guidelines for three clear streams of audit, Performance
Audit, Financial Audit and Compliance Audit regularity audit (financial and compliance)
to help guide the audit teams in carrying out audits.
c. Quality Assurance
The purpose of the system of quality assurance is to have independence assurance that the
SAI’s quality controls in placed are complied with. As explained in paragraph 8.17 of the
ASOSAI Performance Auditing Guidelines, a system of quality assurance should
provide:
¾ Indicators for recruitment and promotion;
¾ Guidelines for assignment of administrative and technical aspects of quality
control to appropriate staff;
¾ A basis for communication of quality control policies, procedures and outcomes
to all relevant staff; and
¾ Adequate monitoring and review of the quality assurance systems.
It is the responsibility of the quality assurance function to provide an independent,
objective report to SAI top management on the adequacy of quality controls in different
functions of the organisation, the extent of compliance to the controls, and
recommendations for improvements. This should be done at regular intervals as spelled
out in the QA policy of the SAI. It can also be useful to conduct SAI level quality
assurance reviews at the beginning of each strategic planning cycle of the SAI. That
could provide information on gaps in the SAI’s performance which, in turn, could be
useful input to the development of the SAI’s next strategic plan.
79
d. Audit Performance
Audit Performance refers to the process, procedures and approach followed to conduct
audit that the managers and the auditors should bear in mind to undertake any types of
audit as per the ASOSAI AQMS guidelines. The following are the key components of the
audit performance:
Figure 9: Audit Performance and its Key components

a) Audit Planning
In planning the audit, the most important process is to identify the audit scope, and
determine audit objectives and methodology to enable auditors to focus on areas that
needs review. The appropriate design of audit methodology will ensure sufficient,
competent and relevant evidence to achieve the objective of the audit. (ASOSAI AQMS
guidelines paragraphs, 4.8 to 4.17 may be considered while planning performance audit).
ISSAI 300 (paragraph 0.3a) states that the auditor should plan the audit in a manner that
ensures that an audit of high quality is carried out in an economic, efficient and effective
way and in a timely manner.
80
b) Staffing for the audit
The auditing should be taken up by the competent- Knowledge, abilities and skills, and
dedicated staff for quality audit products. The SAI may consider ASOSAI AQMS
guidelines Paragraphs 4.22 to 4.31 while staffing for the audit.
c) IT Tools
Paragraph 4.41 and 4.42 of ASOSAI AQMS guidelines suggest that SAIs may consider
using IT-based tools for different states of the audit process, as well as for support
activities e.g. Computer Assisted Audit Techniques to enhance their productivity and
audit functions particularly in gathering audit evidence.
d) Other tools and Guidance
For other tools and guidance, refer ASOSAI AQMS guidelines paragraphs 4.43 and 4.44.
e) Conducting the Audit
Developing audit questions, audit programme, audit approaches, audit test programmes at
the planning stage, developing findings and conclusions, and recommendations are the
crucial process involved in implementing the performance audit. (ASOSAI AQMS
Guidelines Paragraphs, 4.54 to 4.64).
f) Consultation and Advice
Paragraphs 4.66 to 4.72 of the ASOSAI AQMS guidelines provide recommendations on
this issue. The SAI may consider consultation with external specialists and experts if
available in-house staff lack required competencies in chosen audit areas.
g) Evidence and documentation
ISSAI-300 (paragraphs 0.3e and 5.1) states ‘Competent, relevant and reasonable evidence
should be obtained to support the auditor’s judgement and conclusions regarding the
organisation, programme, activity or function under audit’. Competent refers to the valid
and reliable audit evidence, while relevant refers to logical, sensible and important
relationship to the issue being addressed. Reasonable refers to what could reasonably be
expected to be gathered and what conclusions could reasonably be expected to be drawn
in the given situation. In addition, paragraphs 5.6 and 5.7 of the ASOSAI Performance
Auditing guidelines stress the need for sufficient evidence. Sufficiency refers to the
measure of quantity of audit evidence, while competence, relevance and reasonableness
are measures of quality of audit evidence. The types of audit evidence are: Physical
evidence; Testimonial evidence; Documentary evidence; Analytical evidence and
Compliance and Substantive evidence. (ASOSAI AQMS Guidelines Paragraphs, 4.88 to
4.92).
ISSAI-300 paragraph 5.5 states, ‘Auditors should adequately document the audit
evidence in working papers, including the basis and extent of the planning, work
performed and the findings of the audit’. Also, ISSAI 300 paragraph 5.6 provides the
following reasons for proper documentation:
81
¾ Confirm and support the auditor’s opinions and reports;
¾ Increase the efficiency and effectiveness of the audit;
¾ Serve as a source of information for preparing reports or answering any enquiries
from the audited entity or from any other party;
¾ Serve as evidence of the auditor’s compliance with Auditing Standards;
¾ Facilitate planning and supervision;
¾ Help the auditor’s professional development;
¾ Help to ensure that delegated work has been satisfactorily performed; and
¾ Provide evidence of work done for future reference.
h) Supervision and Review
ISSAI-300 paragraphs 0.3(b) and 2.1 states, ‘The work of the audit staff at each level
and audit phase should be properly supervised during the audit, and documented
work should be reviewed by a senior member of the audit staff’. As per ASOSAI 300
paragraph 2.3, it is important that the supervision should be directed both to the substance
and to the method of auditing. All audit work should be reviewed by a senior member of
the audit staff before the audit opinions or reports are finalised, and it should be carried
out as each part of the audit progresses. (ISSAI 300 paragraph 2.4).
i) Reporting and Follow-Up
The audit report is the reflection of the quality of all audit processes of an SAI, and thus,
the SAI is ultimately judged by the quality or the kind of its audit report. The audit report
has to be written to:
¾ Communicate the results consistently;
¾ Make the results less susceptible to misunderstanding;
¾ Make the results available for public inspection; and
¾ Facilitate follow-up to determine appropriate corrective actions have
been taken by the concern entities or not.
The SAI has to develop a strategy and process for consistent and systematic follow-up
process to enable it to contribute significantly to the effectiveness of audit in bringing
systematic improvement in the functioning of the entity. The SAI may consider adopting
the recommendation on reporting and follow-up as stated in paragraphs 4.123 to 4.160 of
the ASOSAI AQMS guidelines.
3.3.2.5 Leadership and Internal Governance
The head of the SAI and the SAI top management need to set the appropriate tone and
direction for the organisation. This is to ensure that the performance of the SAI is
consistent with the highest professional standards or, at least, moving towards that goal in
82
the longer term. SAI top management, through its actions, will have to make clear that
mechanisms are in place to ensure quality and high performance and to promote
continuous improvement. They must continuously send appropriate signals that inspire
the staff to comply with the approved standards and procedures, and make their best
efforts to deliver quality services and products. The elements of the domain Leadership
and Internal Governance are shown in following the flow diagram:
Figure 10: Leadership and Internal Governance domain

a. Strategic and Operational Planning
Organisations that consistently perform at high levels are generally those that are
results-oriented and demonstrate a clear idea of their long-term intent. This is where
strategic planning can play a pivotal role in ensuring consistent high quality
performance by SAIs.
1. Strategic Planning
Strategic Planning in the context of SAIs is the process of identifying the long-term
goals of the audit organisation and the best possible approach to be adopted for
attaining these goals. The plan should outline the goals and objectives that need to be
pursued to realise the SAI’s vision and mission, identify strategies to attain them and
83
develop performance measures to assess achievement of the intended goals and
objectives. The plan should also identify the supervisors and managers for each goal
to ensure accountability.
Three key components of strategic plans – Vision, Mission, and Core Values – are
discussed in the following paragraphs.
9 Vision statement
Very early in the strategic planning process, the SAI’s top management needs to
pose a set of questions: “What is our vision for the SAI? Where should the SAI be
heading and what should its future technology-resource product-client focus be?
What kind of an organisation do we want to become?” Drawing a carefully
reasoned conclusion about its long-term direction should push top management to
take a long hard look at the SAI’s external and internal environment, and form a
clearer sense of whether and how its present operational needs will change over
the years. The strategic vision can be an immensely valuable direction-setting and
strategy-making tool. The vision statement should clearly state where the SAI
wants to be positioned in the longer term. At the same time, it should be inspiring
and galvanise organisation-wide commitment and action.
Ownership of the strategic vision by all levels of SAI staff is almost as important
as setting the organisation’s long-term direction. People need to believe in the
destiny of their organisation, and that their efforts can make a difference in
shaping that destiny.
9 Mission Statement
A strategically revealing mission statement should incorporate stakeholder
groups, their needs that the SAI needs to satisfy, and the SAI plans to meet those
needs. A mission statement highlighting the boundaries of the SAI’s current scope
of activities is a logical vantage point from which to look down the road, decide
what the organisation’s make-up and stakeholder’s focus needs to be, and chart a
strategic path for the SAI to take. It conveys the essence of ‘who we are, what we
do, who we serve and how we serve’’.
9 Core Values
The SAI needs to identify the core values which constitute the defining principles
of the organisation and individuals that work within it. These values should reflect
the fundamental characteristics and criteria on which delivery of the vision and
mission is based. In discharging their responsibilities, the government auditors
need to observe the principles of serving the public interest and maintaining the
highest degree of integrity, objectivity, professionalism and independence. These
principles should be the cornerstone of the responsibilities and conduct of the
auditors.
84
The mission, vision and core values need to be developed to ensure that they truly
reflect the goals and aspirations of the SAI in relation to its mandate and those
who work in it.
2. Operational planning
A strategic plan is only as good as its implementation. To facilitate
implementation, the functional wings/units in the SAIs should draw up annual
operational plans to reflect the requirements of the strategic plan. Resource
commitments and specific activities will have to be incorporated in these plans.
9 Organisational commitment and staff involvement
Once the overall direction and targets have been set, the SAI’s commitment to
them should be complete. Every target should be assigned to an organisational
unit with specific individual responsibility for achieving the target in question.
The responsible officials should have sufficient authority to be able to overcome
any difficulties that may arise. The SAI should have proper dissemination of the
organisational strategy and the progress reports so that the staffs are genuinely
involved in its delivery, and they contribute to the planning efforts. To facilitate
this, there should be a wide dissemination of ideas, information and good
practices within the organisation.
9 Performance Measurement
SAIs should develop a rigorous performance monitoring and review system to
measure progress in delivering targets in line with expectations. Senior
management should receive regular, timely and useful information and feedback
for effective remedial action to be taken. The strategic plan should be reviewed
annually for it to remain valid, relevant and useful. To facilitate performance
monitoring, measurement and reporting, the SAI may consider setting up a unit or
committee assigned with this responsibility.
b. Internal Communication
Internal Communication is crucial to share knowledge, disseminate information,
strengthen understanding between management and staff, facilitate decision-
making and support the changes and achievement of the SAI’s strategic vision
and mission. The commitment from the top management is important for effective
internal communications. The SAI leadership should, therefore, put in place
structures and processes for internal communications and periodically monitor
whether their key internal messages are being received as intended and that they
are inspiring the staff to take the desired actions. At the same time, effective
communications is two-way; therefore, the SAI’s leadership has to provide for
mechanisms that allow them to receive critical feedback from the staff and follow
up on them.
85
c. Accountability
While promoting accountability in the public sector, the SAI must remain
accountable for its performance. In some countries, the legal framework requires
the SAI performance to be independently evaluated by an external agency. Even
where this is not a legal requirement, SAIs may consider periodic evaluation of its
performance by external agencies, including peer SAIs. In addition, the quality
assurance function of the SAI should periodically conduct institutional-level
quality assurance reviews and report to the top management on the SAI’s
performance, along with recommendations for improvements. Accountability will
also be promoted if the SAI implements a system of performance measurement
and reporting discussed above under strategic planning.
d. Code of ethics or conduct
The SAI should establish policies and procedures designed to provide it with
reasonable assurance that the SAI and its personnel comply with relevant ethical
requirements.
Integrity is the core value of a ‘Code of Ethics’. Auditors have a duty to adhere to
the highest standards of behaviour in the course of their work and their
relationships with the staff of the audited entities. An SAI should develop and
disseminate to its staff a code of professional ethics and conduct that is applicable
to the institution and to its employees. At the same time, there should be
procedures in place that ensure compliance with the codes of ethics and conduct.
The INTOSAI Code of Ethics highlights some of the major aspects of ethical
conduct – namely, trust, confidentiality, credibility, integrity, independence,
objectivity, impartiality, political neutrality, conflicts of interest, professional
secrecy, competence, and professional development.
e. Internal controls
SAI top management should ensure the existence and implementation of
appropriate structures, rules, regulations and procedures that ensure achievement
of the desired objectives. These structures, rules, regulations and procedures in
their entirety are what constitute the internal control system of an SAI. The
quality of the SAI’s products and services are ensured by the adequacy and
correct implementation of the internal controls.
The Committee of Sponsoring Organisations of the Tread way Commission
(COSO), a US private-sector initiative has established a common definition of
internal controls, standards, and criteria against which companies and
organisations can assess their internal control systems. The COSO framework
defines internal control as a process designed and affected by those charged with
governance, management, and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations and compliance
86
with applicable laws and regulations. It follows that internal control is designed
and implemented to address identified business risks that threaten the
achievement of any of these objectives.
The COSO framework provides for the following five interrelated components of
an internal control system. These components provide an effective framework for
describing and analysing the internal control system implemented in an
organisation. The five components are:
I. Control environment
The control environment includes the governance and management functions and
attitudes, awareness and actions of those charged with governance and management
concerning the SAI’s internal control and its importance in the entity. The control
environment sets the tone of the SAI, influencing the control consciousness of its
people. It is the foundation for effective internal control, providing the necessary
discipline and structure.
II. Risk assessment
The SAI management should obtain an understanding of the SAI’s processes for
identifying business risks, and take actions to address those risks, and the results
thereof. The process is described as the “entity’s risk management process” and
forms the basis for how management determines the risks to be managed.
III. Control activities
Control activities are the policies and procedures that help ensure that management
directives are carried out; for example, that necessary actions are taken to address
risks that threatens the achievement of the entity’s objectives. Examples of specific
control activities include those relating to: authorisation, performance reviews,
information processing, physical controls, and segregation of duties.
IV. Information and communication
The information system comprises the procedures and records established to
initiate, record, process and report on the SAI’s performance against planned
objectives.
V. Monitoring
Monitoring of controls is a process to assess the effectiveness of internal control
performance over time. It involves assessing the design and operation of controls on
a timely basis, and taking necessary corrective actions modified for changes in
conditions. Management accomplishes monitoring of controls through ongoing
activities, separate evaluations, or a combination of the two.
It is the responsibility of each line functionary to ensure compliance with the internal
controls relevant to the work of that functionary.
87
f. Continuous Improvement
The SAI should be in a state of readiness to address current issues more
effectively, deal satisfactorily with emerging issues, and take advantage of new
opportunities. The SAI should continuously upgrade its organisational capacity
and competence of its personnel to remain abreast of developments in the field of
auditing, and be able to address emerging issues in the rapidly changing audit
environment. SAIs should update their strategic plans at periodic intervals to
make sure that their efforts are aligned to the major auditable issues facing the
particular country.
To ensure a system of continuous improvement, SAIs need to develop and
implement strategies for professional staff development, research and
development and organisational development. At the same time, improvement
implies change. Often good intentions fail to become reality because SAIs do not
have a well-developed change management strategy. Change management
actions should be integrated with any action plan for initiating new approaches.
For example, an SAI that does not have a QA function should include change
management measures in its action plan for setting up the QA function. If
necessary, SAIs should consider training some members of management and
staff to become champions of change management, whose services could then be
used to coordinate change management processes whenever the SAI undertakes
any major change initiative.
3.3.2.6. Administrative Support
Effective performance of audit work is dependent on the timely and adequate provision
of administrative support. In some SAIs, it is known by different names, such as office
support or back office support. The elements of the domain are shown in the following
flow diagram:
Figure 11: Domain of Administrative Support

a. Monetary resources
There are two dimensions to this element that need consideration. One is the
availability of adequate budget for the SAI as a whole. This was discussed earlier
under the section ‘Independence and legal framework’. The other dimension is the
88
optimal utilisation of the budget to procure and provide the required infrastructure
and material support to the various functions. It is the responsibility of the
administrative support division.
b. Material resources
The SAI should have sufficient material resources, including physical
infrastructure, to enable its staff to perform their duties satisfactorily. Material
resources include office buildings, working space for each employee, furniture
and fittings, electric and water supply, training facilities, library, document
storage facilities, and transportation. There might also be a need for gender
specific infrastructure such as separate leisure rooms for female and male staff,
depending on the cultural environment of the SAI.
c. Technology
Technology is another key element of material resources. However, in this age of
information and knowledge, technology has become a driver of revolutionary
change in work process. Therefore, SAIs needs to leverage on technology to
function efficiently and effectively. Technology includes telecommunications,
information technology systems, internet and intranet, general office support
software, information and decision-making systems, software for audit planning,
documentation and reporting.
d. Support services
Support services include such items as secretarial assistance, security,
transportation and event management. Depending on circumstances, it might be
cost-effective to outsource some support services.
3.3.2.7. External stakeholder relations
The elements of the domain are shown in the following flow diagram:
Figure 12: Domain of External Stakeholders relation

The SAI should sustain effective working relationships and communication with external
stakeholders to ensure sufficient impact of its audit reports and other products and
services. It also needs inputs from external stakeholders in order to improve the quality of
its work processes and products. The overall effectiveness of the SAI in promoting
greater accountability, economy, efficiency and effectiveness in the functioning of public
sector entities depends critically on the relationships it establishes and maintains with
external stakeholders.
89
The SAI’s stakeholders include the audited entities, parliament (or equivalent bodies),
political executives, public, peers (other SAIs), donors, international organisations,
media, professional and academic institutions, private sector auditing firms and others
who have an interest or are affected by the SAI’s products and services.
While it may not be feasible to deal with all stakeholders, SAIs should conduct
stakeholder analysis to identify their significant stakeholders and their interests and
influence on the SAI’s functioning. Based on the stakeholder analysis, SAIs should
implement measures to establish and maintain such relations with them that will help to
leverage its efforts without compromising its independence and objectivity.
Developing and maintaining relationships appropriate to each category of stakeholder is
likely to entail considerable effort by the SAI. As such, the SAI may consider developing
and disseminating a standard document on external stakeholder protocols to sustain
effective working relationships with them. The purpose of this document would be to
provide clearly defined, consistently applied and transparent policy and practices on how
the SAI will work with the stakeholders. It may identify what the external stakeholders
can expect from the SAI and what the SAI expects of them. Such action may be
particularly required because those relations may be at risk in a changing socio-political
environment.
The following table briefly outlines the SAI’s External Stakeholder Relationships, by
stating the key requirement of each external stakeholder and key audit mechanisms that
can help in meeting these requirements.
Table 4: SAI’s External Stakeholder Relationships
Stakeholder Requirement of the Key mechanism to fulfil
stakeholders from the SAIs stakeholders requirements
Audited entities To provide value added Audit Reports, Audit
information to enhance the committees, Management letters,
performance of the entity Certificates
Parliament / Receive appropriate, Audit reports and briefing
legislature professional advice to facilitate sessions
effective oversight over the
Executive
Public Receive reliable and relevant Web sites, media reports and
information that provides direct correspondence
reasonable assurance about the
performance of the Executive
Peers (other Knowledge sharing & Training assistance, Peer review
SAIs ) organisational development
Donors Be assured of the quality of Access to OAGN practices,
governance Utilisation of Audit reports & certificates
specific donor funding
90
Stakeholder Requirement of the Key mechanism to fulfil
stakeholders from the SAIs stakeholders requirements
International To fulfil the commitments with International & regional
Organisations regard to organisational workshops, seminars, and board
development meetings
Media Reliable information on Press notes, releases, and
performance of audited agencies interviews
Professional & Knowledge sharing Contracts and other agreements
Academic for engaging external experts.
Institutions Seminars and workshops
Private sector Their roles and responsibilities Terms of engagement
auditing firms when undertaking audits on
behalf of SAIs
3.3.2.8 Results
The elements of the domain are shown in the following flow diagram:
Figure 13: Results domain and its elements

The SAI is required to deliver quality audit reports and other services that promote
accountability, transparency, value for money in the use of public resources and
contribute towards good governance. Towards this end, SAIs should implement
mechanisms for measuring the:
• Quality of its outputs (that is, the SAI’s audit reports and services); and
• Longer-term impact of it products and services.
This issue of performance measurement was also highlighted earlier in the section on
‘Internal Governance’. In order to implement a performance measurement system, the
SAIs must develop performance measures for their various functions. In addition, they
must develop and implement a system for regularly assessing the respective SAI
performance against each of the performance measures.
Appendix 4 is an example of a checklist that may be used as a self-assessment tool as
well as for obtaining the views of the audited entities with regard to the SAI’s work or
services.
With regard to their audit reports and management letters, performance measures could
include:
91
Significance: How important is the matter that was examined in the audit? This, in turn,
can be assessed in several ways, such as the financial outlay of the audited entities and
the effects of the audited entity's performance on the public at large or on major national
policy issues.
Reliability: Are all opinions and observations in the audit reports and management letters
fully supported by valid and sufficient evidence?
Objectivity: Did the SAI duly consider the audited entity's responses to preliminary audit
observations? Did the working papers demonstrate an impartial consideration and
analysis of all evidence gathered?
Clarity: Are the audit reports and other products clear and concise in presenting the
results of the audit? This typically involves being sure that the scope, findings and any
recommendations can be easily understood by users of the audit report who may not be
experts in the matters that are addressed, but that they may need to act in response to the
report.
Timeliness: Were the audit reports, management letters and services delivered at an
appropriate time? This may involve meeting a statutory deadline or delivering audit
results when they are needed for a policy decision or when they will be most useful in
correcting management weaknesses.
Impact measures could include:
• Progress that management has made in reducing the number of unresolved errors
and irregularities identified during audits;
• Percentage of audit recommendations accepted by audited entities;
• Percentage of audit recommendations implemented by audited entities;
• Percentage of Public Accounts Committee (PAC) directives to audited entities
that are based on audit observations; and
• Extent of satisfaction of PAC and audited entities with SAI’s products and
services.
3.4 Factors to consider prior to the implementation of the SAI-QMS
framework
Before introducing OAGN QMS framework, there are certain issues to be considered,
such as:
¾ Who should make the decisions on quality? Should there be a separate unit at the
OAGN for quality issues, or should line managers make the decisions on quality
issues and be responsible? What are the pros and cons of different solutions for the
OAGN?
92
¾ How should the OAGN secure the necessary knowledge and experience in
quality issues – theories and procedures? There is a clear need for an OAGN to
have staff with experience in quality issues.
¾ How should the quality assurance model be related to the existing “quality
documents” such as manuals and guidelines? How should the quality control
model support and be supported by manuals and guidelines?
¾ How is the OAGN going to ensure that the OAGN-QMS is kept relevant and not
“shelved”, but updated as “a living thing” of interest to all? To develop an
OAGN-QMS takes a lot of effort, but it is potentially even more difficult to maintain.
93
Section 2
QAR of OAGN Process
3.5 Planning the QAR of OAGN

The QA review at the OAGN level is a comprehensive review that deals with the key result
areas within the OAGN that affects its performance in all streams of auditing. Based on the
observations, the purpose is to identify the gaps in relation to the desired condition for each
key result area, the factors contributing to the gaps and strategies for addressing the gaps.
Before starting the process of gathering data, the review team should carefully develop a
QAR plan. The plan should, inter alia, state the review objectives, scope, likely sources of
data and information, data gathering methods and tools to be used, limitations, if any in the
review approach, resources required and timelines. Appendix 5 has provided suggested
format for QAR plan of OAGN. The plan should be supported with the tools proposed in
the plan, such as survey questionnaire, document review checklists, interview
questionnaires, focus group facilitation materials, and physical observation checklist.
A comprehensive OAGN-level QAR requires the use of a variety of data and information
gathering methods other data-gathering techniques such as document review, interviews,
focus groups, and physical observations. Information should be gathered from different
levels of staff across functional units, and not from just the Head of the OAGN or a few
functional units. This is important to ensure data quality, as well as to understand
different perspectives on the same issues.
The team should set up contact meetings with the different department heads before
starting the reviews. Personnel with the relevant skills should be involved in conducting
the review. These skills include, amongst others, those relating to project management,
facilitation, interviewing, communication, auditing and data analysis. If these skills are not
all available within the Quality Assurance function, then the OAGN can consider
seconding staff both internally and externally to the team. This can also assist in providing
capacity building to the QA team members.
3.6 Conducting the QAR of OAGN
Once the OAGN has created its QMS, the Quality Assurance Review Team (QAR Team)
is expected to conduct the review. This can be a very challenging task for several reasons,
including:
¾ Dealing with senior staff and identifying deficiencies in their practices;
¾ Obtaining sufficient evidence on areas that can have some degree of subjectivity;
and
¾ Inquiring about processes that may not fall within the expertise of the reviewer.
94
The issue concerning sufficiency of evidence is crucial. Some information may be
provided to the reviewer through, for example, interviews that may not be supported by
written documentation. The reviewer has to exercise professional scepticism when faced
with information. Where there may be uncertainty or inconsistency, the reviewer should
undertake further work or try and only report on what he or she has reliable evidence on,
and state the uncertainties when reporting.
After receiving information, the reviewer has to undertake analysis to provide
information that can be used for decision making by management. The purposes of the
analysis will be to:
(a) Assess gaps in the OAGN’s QMS,
(b) Identify factors contributing to those gaps, and
(c) Suggest strategies for addressing those gaps.
3.7 Gathering Evidence

As mentioned in an earlier section, there are various methods of gathering evidence. The
following is a brief discussion of the different methods that may be considered for
obtaining evidence.
Table 5: Element-wise Suggested Methods for collecting evidence

QMS Sources Methods
Element
1 Independence and Legal Framework
a Independence ♦ The Interim Constitution of Document Review,
Nepal,2007
♦ Audit Act, 1991 Focus Groups
♦ Specific Legislations related to
Audit
b Mandate ♦ The Interim Constitution of Document Review,
Nepal, 2007
♦ Audit Act, 1991 Interviews, and
♦ Specific Act for the SAI Browsing
♦ OAGN’s Websites
2. Human Resources
a Recruitment ♦ Auditing Standards relating to Document Review,
resources and recruitment
♦ Act, Rules, Policies and Interviews, Focus Group
Guidance related to Human Discussions, and
Resources
95
QMS Sources Methods
Element
♦ Conditions of Service or Salaries
Commission Document Review
b Retention ♦ OAGN Policy on retention of Interview, Survey
staff
♦ The AG Group Discussions
♦ OAGN Staff
c Professional ♦ OAGN Auditing Standards Document Review
Staff relating to professional staff
development Interviews
Development ♦ Strategic Plan & Training Plan of
the OAGN Focus Group
♦ Human Resources Policies and Discussions
Guidelines
♦ Training Policies and Guidelines Browsing
d Welfare ♦ Strategic Plan Interview
♦ Human Resources Policies and
Guidance Document Review
♦ Activities of the Staff Welfare
Unit/Branch Group Discussions
♦ OAGN Staff
e Performance ♦ Performance Appraisal System Document Review,
Management ♦ Human Resources Policies and Interviews,
Guidance Focus Group
♦ Counselling, Guidance and Discussions,
Monitoring Processes Browsing,
♦ Professional Development Physical Observation,
through such means as on-the- and
job training, self-directed studies, Survey
internal and external assignments
3. Audit Methodology, Standards and Audit Performance
a Standards ♦ Audit Manuals and Reports Document Review,
♦ INTOSAI Standards Browsing, and
♦ ISSAI Standards Interviews
♦ NSA/ISA Standards
b Manuals and ♦ Audit Manuals Document Review,
Other Guidance ♦ Audit Policy Instructions and Browsing, and
Guidance Focus Group Discussions
♦ OAGN Staff
96
QMS Sources Methods
Element
c Tools ♦ OAGN Staff Document Review,
♦ Audit Working Papers Interviews, and
Focus Group Discussions
d Quality ♦ AG Interview, Document
Assurance ♦ QA Review Policy Review,
♦ Audit Policy Instructions and Interviews, and
Guidance Focus Group Discussions
♦ QAR Team
♦ OAGN Staff
e Audit ♦ AG Interview, Document
Performance ♦ Audit Manuals and Reports Review,
♦ External Stakeholders Interviews, and
♦ Audit report Focus Group Discussions
4. Leadership and Internal Governance
a Strategic and ♦ Strategic Plan, Acts & Document Review,
Operational Constitution Interviews, and
Planning ♦ Annual Activity/Performance Focus Group
Report Discussions
♦ Auditing Standards of the
OAGN
♦ Code of Corporate Governance
b Internal ♦ Strategic Plan Interview ,
Communicatio ♦ Annual Audit Plans Document Review,
n ♦ OAGN’s Organizational Browsing, and
Structure or Organogram Focus Group
♦ OAGN issuances and Discussions
instructions
c Accountability ♦ Office Instructions Manual Document Review,
♦ OAGN Annual Audit Report Browsing,
♦ OAGN Annual Activity Report Interviews, and
Focus Group
Discussions
d Code of Ethics ♦ Code of Ethics for Public Document Review,
or Conduct Officers Browsing, and
♦ INTOSAI Code of Ethics Focus Group
Discussions
e Internal ♦ Office Instructions Manual Document Review,
Controls ♦ Organogram Browsing, and
Interviews
97
QMS Sources Methods
Element
f Continuous ♦ Strategic Plan Document Review,
Improvement ♦ Organogram Browsing, and
♦ Office Instructions Manual Interviews
5. Administrative Support
a Monetary ♦ Annual Estimates Document Review
Resources ♦ Procedure Manual for preparing and
Budget for the OAGN Focus Group
Discussions
b Material ♦ Annual Activity Report Document Review,
Resources ♦ Annual Procurement Plan Interviews, and
♦ OAGN Staff Focus Group
Discussions
Observation
c Technology ♦ Annual Activity Report Document Review,
♦ OAGN Staff Browsing,
Focus Group
Discussions, and
Observation
d Support Services ♦ Annual Activity Report Document Review,
♦ OAGN Staff Interviews, and
Focus Group
Discussions
6. External Stakeholder Relations
a Key External ♦ AG Document Review,
Stakeholder ♦ External stakeholders Browsing,
Expectations ♦ Annual Audit Report Interviews, and
♦ Annual Activity Report Focus Group
♦ Strategic Plan Discussions
b Communicating ♦ AG Document Review,
with External ♦ Communication Strategy Interviews, and
Stakeholders ♦ OAGN’s Press Relations Office, Focus Group
if any Discussions
♦ Annual Audit Report
♦ PAC Reports
♦ Websites & Media
♦ Professional and Academic
Institutions
98
7. Results
a Outputs (Quality, ♦ AG Document Review,
Quantity) ♦ Report on the QAR Browsing, and
♦ Annual Audit Report of the Interviews
OAGN
♦ Performance Report of OAGN
♦ PAC Resolutions
♦ Parliament and Other
Stakeholders
b Impact ♦ External Stakeholders Document Review,
♦ Audit Follow Up Report Browsing,
♦ Annual Audit Report Interviews, and
♦ Audit Performance Reports Focus Group
♦ Audited entities, PAC Members Discussions
3.7.1 Document Review

Document review is the process of gathering information from various types of
documents relevant to the different elements and sub-elements of the OAGN’s QMS. The
following principles could assist the review team in obtaining first-hand information on
the OAGN:
¾ Establish contact with a coordinator at the OAGN well ahead of time;
¾ Provide a comprehensive list of documents that the QAR team would require from
the OAGN to the coordinator;
¾ Agree with the coordinator on a date by which the documents would be made
available;
¾ Once the documents are received, establish if they correlate to the documents
requested; and
¾ Organize the material in such a way that it is available to all members of the QAR
team.
Table 6: Reviewing method of guiding list of documents

QMS Framework List of Documents
Independence and Legal Framework
• Interim Constitution of Nepal • By-laws and regulations
with reference to articles
• Public Financial Management legislation
referring to the external audit
function • Any other documents that could clarify the
mandate and legal basis of the OAGN
99
• Audit Act, 1991
• Financial Procedure Act and
Regulation
Human Resources
• Human Resource Management • Minimum qualification framework for new
policy documents appointments
• Human Resource Development • Performance Appraisal manual
Plan
• Recruitment and selection procedures
• Conditions of service
• Succession planning manual
• Scheme of Service
• Promotion policy, rules and regulations
• Performance assessment results
• Copy of the organisational structure of the
of the past three years per job
OAGN
level
• Promotion policy
• Assessment results of staff for
the last three years • Career development policy
• Staff retention policy • List of qualifications of staff
• Personnel Welfare policy
Audit Standards, Methodology and Audit Performance
• Auditing standards of the • Audit files (samples) of different types of
OAGN (all types of audits the audit
conducted)
• Audit reports (sample) of different types of
• Audit manuals and guides of the the audit
OAGN (all disciplines)
• Documents relevant to audit tools used by
• Documents of the technical the OAGN
review process of the OAGN
• QAR Policy of the OAGN
Leadership and Internal Governance
• Annual Activity Report • Internal audit reports
• Strategic plan • Report on the performance report (activity
report)
• Operational plan
• Self assessments (if any)
• OAGN’s communication
manual • Training plan of the OAGN
• Delegations and management • Training manuals
100
framework • Training courses (sample)
• Code of professional ethics and • Annual training reports
conduct of the OAGN
• List of research projects the OAGN has
• Quality Assurance manual approved for the next year/two years
• External audit report • Co-operation agreements with
professional associations
• Peer review reports (if any)
• Continuous professional development
(CPD) programme of the OAGN
• Change management strategy of the
OAGN
Administrative Support
• Budget • Asset register
• Procedure manual for preparing • IT inventory
a budget for the OAGN
• Management Information System (MIS)
• Information Communication manual
and Technology (ICT) strategic
• MIS reports (sample)
plan
• Annual Procurement Plan
External Stakeholder Relations
• Communication strategy • Previous assessment reports conducted by
donors / peers / self assessment
• Press release (sample)
• Stakeholder survey results
• Public Accounts Committee
(PAC) (or similar body) reports • Media clips
and resolutions
• Website address of the OAGN
Results
• Performance report of the OAGN • Constitutional review reports
• Annual activity report of the OAGN • Public Accounts Committee (PAC)
resolutions
• Activity report of the OAGN
• Peer review reports (if any)
• Individual audit reports
• Any sources that might indicate
• Benchmarks in the OAGN
impact
101
3.7.2 Physical Observation
Physical observation is a visual process made by the QAR team to record what they see
using a checklist sheet. Observation may be on physical surroundings or of ongoing
activities, processes or discussions. It is used to verify the existence and appraise the
sufficiency, adequacy and convenience of the OAGN’s material resources, technology
and support services. Observation checklists can also be developed to observe the
behaviours of the OAGN’s personnel for the particular processes or activities offered at
that particular time and whether these are in compliance with official requirements. In
addition, it may provide an overview of the OAGN’s relationship with its stakeholders
(Audited entities, Parliament, Executive, etc.).
Appendix 6 provides a physical observation checklist for work environment and
facilities.
3.7.3 Focus Group Discussion
A focus group discussion is a process of focused discussion on a given issue with a group
of people. It involves the use of a sequence of key questions. This can be a powerful
technique for gathering information on the OAGN’s functioning, challenges and
strategies. Unlike one-to-one interviews, focus groups allow participants to build on each
other’s comments and opinions and can, thereby, be a rich source of qualitative
information. The QAR team should ensure that the focus group meetings are held for
different categories of staff and management across functional units instead of engaging
only a limited category of OAGN personnel. Strong facilitation skills are critical for the
success of focus group discussions. Facilitation is a specialised skill acquired through
training and experience. As such, it would be appropriate to ensure that at least some
members of the QAR Team have such skills. Appendix 7 provides guidance on
conducting focus group discussion.
3.7.4 Interview
An interview is a data and information collection procedure in the form of a carefully
planned set of questions that the QAR team asks the OAGN employees with a view to
obtaining their in-depth ideas and perceptions regarding the OAGN. A proper set of key
questions have to be drafted in advance for this purpose. Appendix 8 provides guidelines
on conducting interview.
3.7.5 Survey Questionnaire
For assessing an OAGN’s QMS, the information presented in Paragraph 3.3 (Key
domains and Elements of the SAI level QMS Framework suggested by IDI) provides a
comprehensive framework. From this framework, a questionnaire for QAR of OAGN has
been suggested which is included in Appendix 9. The questionnaire has been designed
with reference to the relevant ISSAI and ASOSAI guidelines. The OAGN can obviously
modify this survey questionnaire to suit their specific needs.
102
3.7.6 External Stakeholders
Although this is not an evidence gathering tool, an explanation below is provided to
highlight the importance of this area. In normal circumstances, an OAGN’s external
stakeholders include Head of State, Parliament, Head of the Executive, Audited Entities,
Internal Audit, Public, Media, Professional Associations and Private Sector Auditors,
Peer SAIs, Aid Donors, etc.
In Appendix 10 is an suggested method for getting information from external
stakeholders, what information is required from them, how the information can be
obtained, and how to deal with the information obtained.
3.7.7 Content Analysis
After gathering the evidence, the reviewer is required to undertake an analysis of
information. Most of the information gathered using the techniques such as document
review, interviews and focus groups is likely to contain qualitative data that requires
analysis and classification. The QAR team may use the content analysis tool for this
purpose. Guidance on content analysis of qualitative information is provided in
Appendix 11. For quantitative data, the QA team can use common analysis tools such as
percentages, ratio analysis, and trend analysis.
3.8 Reporting on the QAR of OAGN

3.8.1 Report preparation
Based on the observations and findings at the QAR of OAGN, the quality assurance
review team should prepare a Quality Assurance Review Report.
3.8.2 Reviewing completeness of checklist
The QAR team should review the completeness of information collection by ensuring
that all information related to the checklists has been collected and reviewed. The review
team should go through all the documents and analyse the responses by making sure that
there is a logical flow of information. The reviewer must exercise professional judgment
when reviewing the information gathered. If information gathered is not consistent, the
reviewer must seek further clarification from the working papers. If the working papers
are not sufficiently clear, the reviewer should discuss it with the team leader and make a
decision on how to resolve the situation.
3.8.3 Preparing a draft report outline
(A): As a first step for reporting and identifying individual findings, suggested template
for recording QAR finding is included Appendix 12. the QAR team should
consider the following information:
• Findings: All material negative findings should be recorded precisely by stating
the nature and extent of the findings. While describing the findings in the draft
QAR report, it should (a) list all findings or gaps for each sub-element of the
103
OAGN-QMS, (b) evaluate the risk of each finding or gap, and (c) identify the
main reasons underlying each finding. However, findings need not always be
negative. The QA team should keep a record of significant positive observations
so that those can be included in the QAR report. This will ensure balanced
reporting.
• Impact: This attribute identifies the real or potential effect of the findings. The
review team should consider how the existence of problems, gaps or findings
may influence the OAGN’s policy, independence and audit processes in future.
• Cause: The reason for identified findings or gaps and problems. The reasons
underlying the identified gaps or problems form the basis for making
appropriate recommendations.
• Comments made by the senior manager: The reviewer should obtain and
record all comments from the senior managers on the observations made.
• Name of reviewer: It is necessary to state the name of the reviewer who made a
particular observation.
(B): The next step is to bring together all significant individual findings in a way that
provides an effective overview. For this, the QA team may consider using an
overview of findings recording form included in Appendix 13. This form records
each material finding, the corresponding risk assessment, likely impact, probable
causes, senior manager’s comments, and the QA team’s recommendations.
The summary recording form can help the review team to arrange their findings logically,
and prepare for effective meetings with senior management of the OAGN.
3.8.4 Discussing findings with, and obtaining feedback from, OAGN senior
management
The review team should meet with the OAGN senior management to discuss the findings
or gaps and ensure they are clearly understood. If required, the gaps identified by the
reviewing team should be corrected on the working papers.
Before the meeting, the team should:
¾ Go through the recorded observation forms, and summarise and agree on the
observations;
¾ Agree on the most effective way of presenting the observations;
¾ Make an appointment with the Senior Management for the meeting;
¾ Arrange the documents that should be available during the meeting;
¾ Agree among the team who should lead the discussions, and who should record the
conclusions arrived at; and
¾ Agree on the sequence of presenting the issues. It is advisable to start with the good
practices (positive findings) before highlighting the weaknesses.
104
During the meeting, the team should:
¾ Give an opportunity to the Senior Managers to discuss the issues;
¾ Take note of all points that are clarified by the Senior Managers;
¾ Note all disagreements between the team and the Senior Managers, and consider
whether there is a need to verify such issues;
¾ If necessary, agree with the Senior Managers for a second round of feedback; and
¾ Suggest recommendations for weaknesses accepted.
However, there are certain things the team should try to avoid when giving feedback to
Senior Management. These include:
¾ An aggressive way of talking, especially when commenting on the gaps or
weaknesses;
¾ Destructive criticism of the work of the OAGN;
¾ Giving unmerited praise; and
¾ Generalise comments that in fact only apply to a specific issue or audit work.
After the meeting, the team should:
¾ Verify the issues that the Senior Managers claimed are in place;
¾ Summarise the observations obtained during the discussion;
¾ Finalise the observations at this point; and
¾ Extend thanks for their cooperation during the meeting.
3.8.5 Preparing the Draft Report
After discussion with senior management, the QAR team is required to:
¾ Analyse the observations with the explanations received;
¾ Investigate further evidence to matters upon which there have been diverse
opinions;
¾ Discuss and reach a consensus about the findings to be dropped;
¾ Agree on the amendments to be made on the draft report; and
¾ Discuss the recommendations and decide on the findings to be included in the
report to be submitted to the AG.
Appendix 14 provides sample format for QAR of OAGN report.
105
3.8.6 Discuss the summary of findings with the AG
The QAR team leader should discuss with the head of the SAI the summary of findings
and recommendations. To make the discussion effective:
o Be punctual;
o Start to present the good practices;
o Continue to present the weaknesses;
o Be brief and to the point with the presentation;
o Record both the matters that are accepted and not accepted by the AG;
o When disagreement arises, do not remove or disclose any findings on which the
AG disagrees without being convinced with the evidence presented during the
discussion;
o Note all disagreements for further clarification;
o Ask whether there are any questions, recommendations or comments;
o Thank the AG and staff for assistance; and
o Close the meeting.
3.8.7 Finalising the Report
To finalise the report, members of the team are required to have a meeting and discuss
the observations obtained during the discussion with the AG.
The team is required to consider all the points indicated above, and to then prepare the
final report. The final report should be signed by the QA Team Leader.
106
Chapter 4
QAR of Financial Audit
4.1 Financial Audit Process Overview
In conducting QAR for financial audit it is important to gain an understanding of the
financial audit process and the OAGN’s specific requirements and guidelines applicable
to the audit. This will serve as the benchmark by which quality assurance in financial
audit may be measured. It is also important to consider the requirements for quality
control system for financial audit in accordance with International Standard on Supreme
Audit Institution (ISSAI 1220).
In this chapter the different stages of the financial audit process and the detailed steps
involved in each phase are explained to serve as a guide for the QAR team. The financial
audit process discussed herein is based on the International Standards of Supreme Audit
Institutions (ISSAI), International Standards on Auditing (ISA) and the INTOSAI
Auditing Standards. The related auditing standards are discussed in each step where
applicable. INTOSAI is in the process of adopting the International Standards of
Auditing. Where these standards have been adopted by INTOSAI the ISSAI reference is
used otherwise the ISA reference is used.
The steps in the audit process can be broadly grouped into: Pre-Engagement Phase;
Planning Phase; Execution Phase; and Reporting Phase. A table showing the different
stages and the different activities involved in each stage and the relevant auditing
standard is shown in Appendix 15.
4.1.0 International Standard for Supreme Audit Institutions (ISSAI) 1220 “Quality
Control for an Audit of Financial Statements”
ISSAI 1220 establishes standards and provides guidance on specific responsibilities of
the audit team leader or audit director and audit team members regarding quality control
procedures that are applicable to individual audit. The audit team must implement quality
control procedures that are applicable to the individual audit.
In particular, the audit team leader or audit director should:
a) Take responsibility for the overall quality on each audit to which he/she is assigned.
b) Consider whether members of the audit team have complied with ethical requirements
and document such an understanding.
c) Form a conclusion on compliance with independence requirements and obtain
information to evaluate whether there are potential threats to independence or any
identified breaches; take appropriate action to eliminate such threats and document
conclusions.
d) Be satisfied that appropriate procedures regarding the acceptance and continuance of
relationships with audited entities and specific audits have been followed, and that
conclusions reached on this regard have been documented.
107
e) Be satisfied that audit team collectively has the appropriate capabilities, competence
and time to perform the audit in accordance with professional standards and
applicable regulatory requirements, and to enable the issuance of an auditor’s report
in the circumstances.
f) Be responsible for the direction, supervision and performance of the audit in
compliance with professional standards and regulatory and legal requirements, and
that the auditor’s report issued is appropriate in the circumstances.
g) Review the working papers in order to be satisfied that they demonstrate that
sufficient appropriate audit evidence has been obtained to support conclusions
reached for the auditor’s report to be issued.
h) Be responsible for the audit team undertaking appropriate consultation on difficult or
contentious matters; be satisfied that the nature and scope of, and conclusions
resulting from such consultations are documented and agreed with the party
consulted; and determine that conclusions resulting from consultations have been
implemented.
Differences of Opinion
Where differences of opinion arise within the audit team, with those consulted and,
where applicable, between the audit team leader or audit director and the audit quality
control reviewer, the audit team should follow the OAGN’s policies and procedures for
dealing with and resolving differences of opinion.
Audit Quality Control Review
For audits where the OAGN requires that an audit quality control review be performed
for an audit, the responsible official should:
a) Determine that an audit quality control reviewer has been appointed;
b) Discuss significant matters arising during the audit, including those identified
during the audit quality control review, with the audit quality control reviewer;
and
c) Not issue the auditor’s report until the completion of the audit quality control
review. An audit quality control review should include an objective evaluation of
the significant judgments made by the audit team; and the conclusions reached in
formulating the auditor’s opinion and report.
Monitoring
The audit team leader or audit director should consider the results of the OAGN’s quality
assurance reviews to determine the impact if any, on the individual audit.
108
4.1.1 Pre-engagement phase
The pre-engagement phase refers to the basic considerations before starting a financial
audit engagement. This has reference to the code of ethics and competency of the audit
team.
a) Compliance with the Code of Ethics The IFAC Code of Ethics establishes
ethical requirements for professional accountants and provides a conceptual framework
for all professional accountants to ensure compliance with the five core principles of
professional ethics, namely:
1. Integrity;
2. Independence;
3. Conflicts of interest;
4. Confidentiality; and
5. Professional competence and due care.
The INTOSAI Code of Ethics (ISSAI 30) also provided the following ethical
requirements for OAGN officials:
1. Trust, Confidence and Credibility,
2. Integrity,
3. Independence, Objectivity and Impartiality,
4. Political neutrality,
5. Conflicts of interest,
6. Professional Secrecy,
7. Competence and
8. Professional Development
b) Audit aspects to be considered during in planning and executing the audit
1. Organizational environmental analysis such as potential new audited entities; policy
changes like decentralization of local government functions; impact of donors and
other institutional partners; changes to accounting standards(cash to accruals);
delegation for signing off all audit opinions; changes to accounting and auditing
regulatory framework; policy changes (centralization / decentralization functions);
and outsourcing of functions.
2. Organisation’s / OAGN’s engagement risk such as audit complexity is greater than
the in-house competence; planned resources are not realised (personnel and
budget); limitation of audit scope (audited entity not providing information
requested); increase in audit backlogs.
109
3. Assessment of capacity (skills and resources) such as targets for qualified
personnel; provision for continued professional development; appropriate planning,
development and training (against prescribed accounting and auditing standards;
availability expertise to utilise information technology (audit working papers, audit
tools)).
4.1.2 Planning phase
The planning phase covers the following steps / activities
A. Understanding the Entity and its Environment.
ISSAI 1315, “Identifying and Assessing the Risks of Material Misstatements
Through Understanding the Entity and its Environment” provides that the auditor
should obtain an understanding of the entity and its environment, including its internal
control, sufficient to identify and assess the risks of material misstatement of the financial
statements whether due to fraud or error, and sufficient to design and perform further
audit procedures. The auditor understands of the entity and its environment consists of an
understanding of the following aspects:
(i) Regulatory and other external factors including the applicable financial
reporting framework
Legislative and regulatory requirements often determine the applicable financial
reporting framework to be used by management in preparing the entity’s financial
statements. In most cases, the applicable financial reporting framework will be that
of the jurisdiction in which the entity is registered or operates and the auditor is
based, and the auditor and the entity will have a common understanding of that
framework.
(ii) Nature of the entity
The auditor should obtain an understanding of the nature of the entity. The nature of
the entity refers to the entity’s operations, its ownership and governance, the types of
investments that it is making and plans to make, the way that the entity is structured
and how it is financed. An understanding of the nature of an entity enables the
auditor to understand the classes of transactions, account balances and disclosures to
be expected in the financial statements.
(iii) Objectives and strategies and related business risks
The auditor should obtain an understanding of the entity’s objectives and strategies,
and the related business risks that may result in material misstatement of the
financial statements.
The entity conducts its business and operates programs and project in the context of
industry, regulatory and other internal and external factors. To respond to these
factors, the entity’s management or those charged with governance define objectives,
which are the overall plans for the entity. Strategies are the operational approaches
by which management intends to achieve its objectives. Business risks result from
110
significant conditions, events, circumstances, actions or inactions that could
adversely affect the entity’s ability to achieve its objectives and execute its
strategies, or through the setting of inappropriate objectives and strategies. Just as
the external environment changes, the conduct of the entity’s business is also
dynamic and the entity’s strategies and objectives change over time.
(iv) Measurement and review of the entity’s financial performance
The auditor should obtain an understanding of the measurement and review of the
entity’s financial performance. Performance measures and their review indicate to
the auditor aspects of the entity’s performance that management and others consider
being of importance. Performance measures, whether external or internal, create
pressures on the entity that, in turn, may motivate management to take action to
improve the business performance or to misstate the financial statements. Obtaining
an understanding of the entity’s performance measures assists the auditor in
considering whether such pressures result in management actions that may have
increased the risks of material misstatement.
Internally-generated information used by management for this purpose may include
key performance indicators (financial and non-financial), budgets, variance analysis,
segment information and divisional, departmental or other level performance reports
and comparisons of an entity’s performance with that of competitors.
(v) Internal control
The auditor should obtain an understanding of internal control relevant to the audit.
The auditor uses the understanding of internal control to identify types of potential
misstatements, consider factors that affect the risks of material misstatement, and
design the nature, timing, and extent of further audit procedures.
Internal control is the process designed and affected by those charged with
governance, management, and other personnel to provide reasonable assurance about
the achievement of the entity’s objectives with regard to reliability of financial
reporting, effectiveness and efficiency of operations and compliance with applicable
laws and regulations. It follows that internal control is designed and implemented to
address identified business risks that threaten the achievement of any of these
objectives.
Internal control, as discussed in ISSAI 1315, consists of the following components:
(a) The Control Environment
The control environment includes the governance and management functions and
the attitudes, awareness, and actions of those charged with governance and
management concerning the entity’s internal control and its importance in the
entity. The control environment sets the tone of an organization, influencing the
control consciousness of its people. It is the foundation for effective internal
control, providing discipline and structure.
111
(b) The Entity’s Risk Assessment Process
The auditor should obtain an understanding of the entity’s operational process for
identifying business risks relevant to financial reporting objectives and deciding
about actions to address those risks, and the results thereof. In evaluating the
design and implementation of the entity’s risk assessment process, the auditor
determines how management identifies business risks relevant to financial
reporting, estimates the significance of the risks, assesses the likelihood of their
occurrence, and decides upon actions to manage them. The evaluation of
operational risk by the auditor serves to minimise the audit risk to the acceptably
low level.
(c) The Information System, including the related business processes, relevant
to financial reporting, and Communication
The auditor should obtain an understanding of the information system, including
the related entity's business processes, relevant to financial reporting, including
the following areas:
o The classes/items of transactions in the entity’s operations those are
significant to the financial statements.
o The procedures, within both IT and manual systems, by which those
transactions are initiated, recorded, processed and reported in the financial
statements.
o The related accounting records, whether electronic or manual, supporting
information and specific accounts in the financial statements in respect of
initiating, recording, processing and reporting transactions.
o How the information system captures events and conditions, other than
classes of transactions, which are significant to the financial statements.
o The financial reporting process used to prepare the entity’s financial
statements, including significant accounting estimates and disclosures.
(d) Control Activities
The auditor should obtain a sufficient understanding of control activities to
assess the risks of material misstatement at the assertion level and to design
further audit procedures responsive to assessed risks. Control activities are the
policies and procedures that help and ensure that management directives are
carried out to address risks that threaten the activities of the entity’s
objectives. Control activities, whether within IT or manual systems, have
various objectives and are applied at various organizational and functional
levels. Examples of specific control activities include those relating to:
authorization, performance reviews, information processing, physical
observation, and segregation of duties.
112
(e) Monitoring of controls
The auditor should obtain an understanding of the major types of activities that
the entity uses to monitor internal control over financial reporting, including
those related to those control activities relevant to the audit, and how the
entity initiates corrective actions to its controls.
Monitoring of controls is a process to assess the effectiveness of internal
control over time. It involves assessing the design and operation of controls
on a timely basis and taking necessary corrective actions modified for changes
in conditions. Management accomplishes monitoring of controls through
ongoing activities, separate evaluations or a combination of the two. Ongoing
monitoring activities are often built into the normal recurring activities of an
entity and include regular management and supervisory activities.
B. Establishing audit objective and scope
International Standard on Auditing (ISA) 200, ”Objective and General Principles
Governing an Audit of Financial Statements” and International Standards of
Supreme Audit Institution (ISSAI 1200) "Overall Objectives of the Independent
Auditor and the Conduct of an Audit in Accordance with International Standards
on Auditing" requires that the objective of an audit of financial statements is to enable
the auditor to express an opinion whether the financial statements are prepared in all
material respects, in accordance with the applicable financial reporting framework.
The auditor should determine the characteristics of the engagement that defines its scope
such as the financial reporting framework used and locations of the components of the
entity and legal requirements. He should ascertain the reporting objectives of the
engagement to plan the timing of the audit and the nature of the communications
required, such as deadlines for interim and final reporting, and the key dates for expected
communications with management and those charged with governance.
C. Determining materiality
(i) “Materiality” is defined in the International Accounting Standards Board’s
“Framework for the Preparation and Presentation of Financial Statements” in the
following terms:
“Information is material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the item or error judged in the particular
circumstances of its omission or misstatement. Thus, materiality provides a
threshold or cut-off point rather than being a primary quantitative
characteristic which information must have if it is to be useful.”
(ii) The assessment of what is material is a matter of professional judgment. ISA 320
and ISSAI 1320 “Audit Materiality” provide guidance on the concept of
113
materiality and its relationship with audit risk. The auditor should consider
materiality and its relationship with audit risk when conducting an audit.
In designing the audit plan, the auditor establishes an acceptable materiality level so
as to detect quantitatively material misstatements. However, both the amount
(quantity) and nature (quality) of misstatements need to be considered. Examples of
qualitative misstatements would be the inadequate or improper description of an
accounting policy when it is likely that a user of the financial statements would be
misled by the description, and failure to discuss the breach of regulatory
requirements when it is likely that the consequent imposition of regulatory
restrictions will significantly impair operating capability.
The auditor needs to consider the possibility of misstatements of relatively small
amounts that, cumulatively, could have a material effect on the financial statements.
For example, an error in a month end procedure could be an indication of a potential
material misstatement if that error is repeated each month.
The auditor considers materiality at both the overall financial statement level and in
relation to classes of transactions, account balances and disclosures. Materiality may
be influenced by considerations such as legal and regulatory requirements and
considerations relating to classes of transactions, account balances, and disclosures
and their relationships. This process may result in different materiality levels
depending on the aspect of the financial statements being considered.
Materiality should be considered by the auditor when:
¾ Determining the nature, timing and extent of audit procedures; and
¾ Evaluating the effect of misstatements.
In addition to exercising professional judgment, OAGN should consider any
legislation or regulation which may impact that assessment. Materiality is also
based on the “context and nature” of an item and includes, for example, sensitivity as
well as value. Sensitivity covers a variety of matters such as compliance with
authorities, legislative concern or public interest. The public interest reflects the fact
that all public funds represent the taxpayers’ money and therefore the accountability
for spending public money is much greater than for a private business. Public
interest requires an understanding that money is not simply spent and recorded in the
books of account but that the money was spent on its intended purpose in an
economic, efficient and effective manner.
D. Assessing the risks of material misstatement
ISSAI 1315 and ISA 315 also requires that the auditor should identify and assess the
risks of material misstatement at the financial statement level, and at the assertion level
for classes of transactions, account balances, and disclosures. For this purpose, the
auditor:
114
Identifies risks throughout the process of obtaining an understanding of the entity and
its environment, including relevant controls that relate to the risks by considering the
classes of transactions, account balances and disclosures in the financial statements;
Relates the identified risks to what can go wrong at the assertion level;
Considers whether the risks are of a magnitude that could result in a material
misstatement of the financial statements; and
Considers the likelihood that the risks could result in a material misstatement of the
financial statements.
The auditor uses information gathered by performing risk assessment procedures,
including the audit evidence obtained in evaluating the design of controls and
determining whether they have been implemented, as audit evidence to support the risk
assessment to determine the nature, timing and extent of further audit procedures to be
performed.
The auditor determines whether the identified risks of material misstatement relate to
specific classes of transactions, account balances, and disclosures and related assertions,
or whether they relate more pervasively to the financial statements as a whole and
potentially affect many assertions. The latter risks (risks at the financial statement level)
may derive in particular from a weak control environment.
Such considerations, therefore, have a significant bearing on the auditor’s general
approach, for example, an emphasis on substantive procedures (substantive approach), or
an approach that uses tests of controls as well as substantive procedures (combined
approach).
E. Considering the going concern assumption
ISSAI 1570 and ISA 570 provide guidance on the auditor’s responsibility in the audit of
financial statements with respect to the going concern assumption used in the preparation
of financial statements, including considering management’s assessment of the entity’s
ability to continue as a going concern.
The appropriateness of the going concern assumption in the preparation of the financial
statements is generally not in question when auditing either a government entity or those
public sector entities having funding arrangements backed by the government. However,
where such arrangements do not exist, or where government funding of the entity may be
withdrawn and the existence of the entity may be at risk, this ISA will provide useful
guidance. As governments privatise government entities, going concern issues will
become increasingly relevant to the public sector. This assumption is equally useful in the
public enterprises.
When looking at going concern in the public sector entities, lack of appropriate funding
may affect differently compared to their private sector counterparts. A public sector
entity will not necessarily go out of business but rather it will not be able to fulfil its
mandate in terms of service delivery. Usual relationships identified in the financial
115
statements (e.g., liabilities exceeding assets, negative cash flow) will be indicative of
such problems.
F. Considering fraud in financial audit
ISSAI 1240 and ISA 240 “The Auditor’s Responsibility to Consider Fraud in the
Audit of Financial Statements” provides guidance on the auditor’s responsibility to
consider fraud in an audit of financial statements. In planning and performing the audit
to reduce audit risk to an acceptably low level, the auditor should consider the risks of
material misstatements in the financial statements due to fraud. The auditor should
maintain an attitude of professional scepticism throughout the audit, recognizing the
possibility that a material misstatement due to fraud could exist, notwithstanding the
auditor’s past experience with the entity about the honesty and integrity of management
and those charged with governance.
An auditor conducting an audit obtains reasonable assurance that the financial statements
taken as a whole are free from material misstatement, whether caused by fraud or error.
An auditor cannot obtain absolute assurance that material misstatements in the financial
statements will be detected because of such factors as the use of judgment, the use of
testing, the inherent limitations of internal control and the fact that much of the evidence
available to the auditor is persuasive rather than conclusive.
When obtaining reasonable assurance, an auditor maintains an attitude of professional
scepticism throughout the audit considers the potential for management override of
controls and recognises the fact that audit procedures that are effective for detecting error
may not be appropriate in the context of identified risk of material misstatement due to
fraud.
G. Preparing a detailed audit plan
ISSAI 1300 and ISA 300, “Planning an Audit of Financial Statements”, provide
guidance on the considerations and activities applicable to planning an audit of financial
statements. The auditor should plan the audit so that the engagement will be performed in
an efficient manner. The auditor should establish the overall audit strategy. The overall
audit strategy sets the scope, timing and direction of the audit, and guides the
development of the more detailed audit plan.
The auditor should prepare a detailed audit plan on determining overall responses and
designing and performing further audit procedures. The auditor should identify the
processes to be audited, the key risks and controls relevant to each component and decide
on the most suitable audit approach to obtain audit assurance e.g. whether the controls
will be tested or substantive tests will be performed.
At this stage of the audit process the high level planning is completed. The auditor
should have knowledge of the following important elements:
¾ The components to be audited (from the financial statement);
116
¾ High level risks and the management’s response to them (other high level
working papers); and
¾ Understanding of the IT systems in operation with a preliminary risk assessment.
The auditor’s responsibility at this stage is to document the operations of the organization
on a component level. This is critical to the remainder of the audit and determines,
amongst others, the type of audit tests e.g. test of controls as well as the nature of such
procedures. The system descriptions after completion should inform anyone who reads it
as to the risks and controls, as well as an assessment of those risks and controls. The risk
and controls relate to the point of transaction within its lifecycle. For example, the risks
relating to the procurement of an asset are specific and different to those surrounding the
usage of the same asset.
4.1.3 Execution phase
ISSAI 1330 and ISA 330, “The Auditor’s Responses to Assessed Risks,” establishes
standards and provides guidance on determining overall responses and designing and
performing further audit procedures to respond to the assessed risks of material
misstatement at the financial statement and assertion levels in a financial statement audit.
The auditor should determine overall responses to address the risks of material
misstatement at the financial assertion level. Such responses may include emphasizing to
the audit team the need to maintain professional scepticism in gathering and evaluating
audit evidence, assigning more experienced staff or those with special skills or using
experts, providing more supervision, or incorporating additional elements of
unpredictability in the selection of further audit procedures to be performed.
a) Performing Tests of Controls

When the auditor’s assessment of risks of material misstatement at the assertion level
includes an expectation that controls are operating effectively, the auditor should
perform tests of controls to obtain sufficient appropriate audit evidence that the
controls were operating effectively at relevant times during the period under audit.
The auditor’s assessment of risk of material misstatement at the assertion level may
include an expectation of the operating effectiveness of controls, in which case the
auditor perform tests of controls to obtain audit evidence as to their operating
effectiveness.
Tests of operating effectiveness of controls are performed only on those controls that
the auditor has determined are suitably designed to prevent, or detect and correct, a
material misstatement in an assertion.
When the auditor has determined that it is not possible or practicable to reduce the
risks of material misstatement at the assertion level to an acceptably low level with
audit evidence obtained only from substantive procedures, the auditor should perform
tests of relevant controls to obtain audit evidence about their operating effectiveness.
The auditor may find it impossible to design effective substantive procedures that by
117
themselves provide sufficient appropriate audit evidence at the assertion level when
an entity conducts its business using IT and no documentation of transactions is
produced or maintained, other than through the IT system.
Testing the operating effectiveness of controls is different from obtaining audit
evidence that controls have been implemented. When obtaining audit evidence of
implementation by performing risk assessment procedures, the auditor determines
that the relevant controls exist and that the entity is using them. When performing
tests of operating effectiveness of controls, the auditor obtains audit evidence that
controls operate effectively.
b) Performing substantive procedures
Substantive procedures are performed in order to detect material misstatements at the
assertion level, it include two types of audit procedure a) tests of details of classes of
transactions, head of expenditure/revenue and disclosures b) substantive analytical
procedures. The auditor plans and performs substantive procedures to be responsive
to the related assessment of the risk of material misstatement.
Irrespective of the assessed risk of material misstatement, the auditor should design
and perform substantive procedures for each material class of transactions, head of
expenditure/revenue and disclosure. This requirement reflects the fact that the
auditor’s assessment of risk is judgmental and may not be sufficiently precise to
identify all risks of material misstatement. Further, there are inherent limitations to
internal control including management override.
Accordingly, while the auditor may determine that the risk of material misstatement
may not be reduced to an acceptably low level by performing only tests of controls
for a particular assertion related to a class of transactions, head of
expenditure/revenue and disclosure the auditor always performs substantive
procedures for each material class of transactions, head of expenditure/revenue and
disclosure. Different types of substantive procedures are given below:
i) Performing test of detail
Tests of details are the application of one or more of seven types of audit
technique such as comparison, computation, confirmation, enquiry, inspection,
observation and physical examination to individual items or transactions or heads
of expenses/revenue. Tests of details are often effective for audit objectives
relating to non-routine transactions, as these do not often follow predictable
trends. Also, non-routine transactions are not usually directly comparable to other
classes of transactions or head of expenditures/ revenue in the current or prior
periods.
118
Enquiry and observation techniques are often performed when selecting
individual items for tests of details or as part of the investigation and follow-up of
audit findings. Vouching is a term often used to refer to tests of details using a
combination of comparison, computation and inspection techniques.
The objective of tests of details may be either:
To obtain audit evidence as to whether the financial statement assertions
addressed by the audit objective include significant misstatements; or
To estimate the amount of the audit difference for the financial statement
assertions that the auditor believes do include significant misstatements.
The auditor selects items to be tested from a population using different sampling
techniques. The auditor defines the population in advance, considering the
following:
The auditor cannot obtain audit evidence about the completeness of a population
by examining items drawn from that population because omitted items have
no chance of selection;
The auditor may be able to improve the effectiveness of the audit procedures by
subdividing a population, performing different tests for each subdivision; and
The period covered is important for tests of details applied to classes of
transactions. The conclusion does not relate to the entire period unless the
items for the test of details are selected from a population that covers the
entire period.
ii) Performing substantive analytical procedures
ISSAI 1520 and ISA 520 provide guidance on the application of substantive
analytical procedures during the audit. The auditor should apply analytical
procedures as risk assessment procedures to obtain an understanding of the entity
and its environment and in the overall review at the end of the audit. Analytical
procedures may also be applied as substantive audit procedures.
“Substantive Analytical procedures” means evaluations of financial information
made by a study of plausible relationships among financial and non-financial data.
Analytical procedures also encompass the investigation of identified fluctuations
and relationships that are inconsistent with other relevant information or deviate
significantly from predicted amounts.
Analytical review procedures include analysis of ratios, study on the relationships
between financial and operating information of the entity and comparisons with
similar organizations or industry, comparison of financial information with
comparable information from another period or periods, etc.
Prior to issuing the auditor’s report though, final analytical procedures should be
performed. These generally consist of a high level review of the financial
119
statements and related management performance reports (which could include
non-financial information) in order to provide assurance that the financial
statements, taken as a whole, are consistent with the knowledge of the business,
the results of the audit procedures and management’s own analyses.
The decision about audit procedures to be used to achieve a particular audit
objective is based on the auditor’s judgement about the expected effectiveness
and efficiency of the available audit procedures in reducing the assessed risk of
material misstatement at an acceptably low level.
When designing and performing analytical procedures as substantive procedures,
the auditor will need to consider a number of factors such as the following:
• The suitability of using substantive analytical procedures given the
assertions.
• The reliability of the data, whether internal or external, from which
the expectation of recorded amounts or ratios is developed.
• Whether the expectation is sufficiently precise to identify a
material misstatement at the desired level of assurance.
• The amount of any difference of recorded amounts from expected
values that is acceptable.
c) Using audit sampling and other means of testing
ISSAI 1530 and ISA 530 provides guidance on the use of sampling and other means of
selecting items for testing when designing audit procedures to gather audit evidence.
When designing audit procedures, the auditor should determine appropriate means for
selecting items for testing so as to gather sufficient appropriate audit evidence to meet
the objectives of the audit procedures.
“Audit sampling” (sampling) involves the application of audit procedures to less than
100% of items within a class of transactions or head of expenditure/revenue such that
all sampling units have a chance of selection. It is in effect a process at the end of
which items to be tested are identified. This will enable the auditor to obtain and
evaluate audit evidence about some characteristic of the items selected in order to form
or assist in forming a conclusion concerning the population from which the sample is
drawn. Audit sampling can use either a statistical or non-statistical approach. The
main aim of sampling is to reduce the audit risk to an acceptably low level.
When performing tests of controls the auditor uses sampling as a means of selecting
items for testing the operating effectiveness of controls. Based on the auditor’s
understanding of internal control, the auditor identifies the characteristics or attributes
that indicate performance of a control, as well as possible deviation conditions which
indicate departures from adequate performance. The presence or absence of attributes
can then be tested by the auditor.
120
Substantive procedures are concerned with amounts and are of two types: tests of
details of classes of transactions, head of expenditure/revenue, and disclosures and
substantive analytical procedures. The purpose of substantive procedures is to obtain
audit evidence to detect material misstatements at the assertion level. In the context of
substantive procedures, audit sampling and other means of selecting items for testing
relate only to tests of details.
When performing tests of details, audit sampling and other means of selecting items
for testing and gathering audit evidence may be used to verify one or more assertions
about a financial statement amount (for example, procurement of goods and services,
existence of machinery and equipment, program execution etc.).
d) Evaluating the sufficiency and appropriateness of audit evidence
Based on the audit procedures performed and the audit evidence obtained, the auditor
should evaluate whether the assessments of the risks of material misstatement at the
assertion level is appropriate.
An audit of financial statements is a cumulative and iterative process. As the auditor
performs planned audit procedures, the audit evidence obtained may cause the auditor
to modify the nature, timing, or extent of other planned audit procedures. Information
may come to the auditor’s attention that differs significantly from the information on
which the risk assessment was based. For example, the extent of misstatements that
the auditor detects by performing substantive procedures may alter the auditor’s
judgment about the risk assessments and may indicate a material weakness in internal
control. In addition, substantive analytical procedures performed at the overall review
stage of the audit may indicate a previously unrecognized risk of material
misstatement. In such circumstances, the auditor may need to re-evaluate the planned
audit procedures, based on the revised consideration of assessed risk for all or some of
the classes of transactions, head of expenditure/revenue, or disclosures and related
assertions.
The auditor should conclude whether sufficient appropriate evidence has been
obtained to reduce to an acceptably low level the risk of material misstatement in the
financial statements. In developing an opinion, the auditor considers all relevant audit
evidence, regardless of whether it appears to corroborate or to contradict the assertions
in the financial statements.
The sufficiency and appropriateness of audit evidence to support the auditor’s
conclusions throughout the audit are a matter of professional judgment. The auditor’s
judgment as to what constitutes sufficient appropriate audit evidence is influenced by
such factors as the following:
¾ Significance of the potential misstatement in the assertion and the likelihood of
its having a material effect, individually or aggregated with other potential
misstatements, on the financial statements;
¾ Effectiveness of management’s responses and controls to address the risks;
121
¾ Experience gained during previous audits with respect to similar potential
misstatements;
¾ Results of audit procedures performed, including whether such audit
procedures identified specific instances of fraud or error;
¾ Source and reliability of the available information;
¾ Persuasiveness of the audit evidence; and
¾ Understanding of the entity and its environment, including its internal control.
If the auditor has not obtained sufficient appropriate evidence as to a material financial
statement assertion, the auditor should attempt to obtain further audit evidence. If the
auditor is unable to obtain sufficient appropriate audit evidence, the auditor should
express a qualified opinion or a disclaimer of opinion.
Audit Documentation
ISSAI 1230 establishes standards and provides guidance on audit documentation. This
standard provides that the auditor should prepare, on a timely basis, audit documentation
that provides:
(a) A sufficient and appropriate record of the basis for the auditor’s report; and
(b) Evidence that the audit was performed in accordance with ISSAIs and applicable
legal and regulatory requirements.
In documenting the nature, timing and extent of audit procedures performed, the auditor
should record:
(a) Who performed the audit work and the date such work was completed; and
(b) Who reviewed the audit work performed and the date and extent of such review
Preparing sufficient and appropriate audit documentation on a timely basis helps to
enhance the quality of the audit and facilitates the effective review and evaluation of the
audit evidence obtained and conclusions reached before the auditor’s report is finalized.
Documentation at the time the work is performed is likely to be more accurate than
documentation prepared subsequently.
4.1.4 Reporting phase
The reporting phase includes evaluating audit conclusions; determining significance of
audit findings; communicating audit findings and preparing the audit report.
a) Evaluating audit conclusions
ISSAI 1700 and ISA 700 provide guidance on the matters the auditor considers in
forming an opinion on the financial statements. The auditor should review, assess and
evaluate the conclusions drawn from the audit evidence obtained as a basis for the
expression of an opinion on the financial statements.
122
When forming an opinion on the financial statements, the auditor evaluates whether,
based on the audit evidence obtained, there is reasonable assurance about whether the
financial statements taken as a whole are free from material misstatement. This involves
concluding whether sufficient appropriate audit evidence has been obtained to reduce to
an acceptably low level the risks of material misstatement of the financial statements and
evaluating the effects of uncorrected misstatement identified.
Forming an opinion as to whether the financial statements give a true and fair view or are
presented fairly, in all material respects, in accordance with the applicable financial
reporting framework involves evaluating whether the financial statements have been
prepared and presented in accordance with the specific requirements of the applicable
financial reporting framework for particular classes of transactions, head of
expenditure/revenue and disclosures.
This evaluation includes considering the following, in the context of the applicable
financial reporting framework:
a. The accounting policies selected and applied are consistent with the financial
reporting framework and are appropriate in the circumstances;
b. The accounting estimates made by management are reasonable in the
circumstances;
c. The information presented in the financial statements, including accounting
policies, is relevant, reliable, comparable and understandable; and
d. The financial statements provide sufficient disclosures to enable users to understand
the effect of material transactions and events on the information conveyed in the
financial statements, for example, in the case of financial statements prepared in
accordance with International Financial Reporting Standards (IFRS), the entity’s
financial position, financial performance and cash flows.
b) Determining significance of audit findings
The auditor should determine significance of audit findings and classify them as to the
severity of where and how it will be reported. The categories are as follows:
¾ Included in management letter only;
¾ Included in the audit report under emphasis of matter; and
¾ Included in the audit report as a qualification issue.
The auditor uses professional judgment in determining the difference between the items.
However, for the findings included under qualification issues the auditors can use the
materiality calculation to guide them. In determining distinction between management
letter and emphasis of matter, the following table can be used:
123
Table 7: Distinction between management letter and emphasis of matter
Characteristics of Management Letter Characteristics of Emphasis of Matter
only findings findings
Isolated finding Common findings
Insignificant or not material Significant
Unlikely to recur Recurring or likely to recur (and may have
been previously reported)
Matter resolved prior to issuance of audit Matter unresolved at the time of issuing
report audit report
Mistake / omission Fraud / misappropriation of funds /
corruption
Isolated legal non-compliance with no Any legal non-compliance in particular
financial effect with:
• Public Procurement Act;

• Financial Procedure Act; and
• Local Government Finance Act.
c) Communicating audit findings
ISSAI 1260, “Communication of Audit Matters with those Charged with
Governance” provides guidance on communication of audit matters arising from the
audit of financial statements between the auditor and those charged with governance of
an entity. These communications relate to audit matters of governance interest. The
auditor’s communications of matters include only those audit matters of governance
interest that have come to the attention of the auditor as a result of the performance of the
audit.
The auditor should communicate audit matters of governance interest on a timely basis.
This enables those charged with governance to take appropriate action.
In addition to communicating with governance, auditors usually bring matters arising
from the audit to the attention of management. The mechanism usually used for this
process is a management letter. At this stage of the audit, the transaction testing and
working papers should be completed.
The auditor should ensure that when issues arise that they are communicated and cleared
in a timely fashion. If the issues are not simply clarified but are the result of an error or
weakness in the audited department, then the information should be communicated to
management. The format of the management letter should be standardised and include
the following aspects:
¾ The problem or finding;
¾ The risk;
¾ The recommendation; and
124
¾ A space provided for management to comment on the finding.
Management letters can be issued in two times during the course of the audit depending
on the auditors' assessment of the significance of the findings. A Preliminary
management letter could be issued after an audit visit is completed. It seeks responses
from the management of the audited entity. A final management letter highlighting the
significant issues can be issued at the conclusion of the audit after summarising and
incorporating the management response. Panel of discussion is the appropriate tool to
finalize the significant issues.
The management letter should provide all findings that will be included in the audit
report as well as other less significant findings.
d) Preparing the audit report
ISSAI 1700 and ISA 700 provides standards on the form and content of the auditor’s
report issued as a result of an audit performed by an independent auditor of the financial
statements of an entity.
The auditor should review and assess the conclusions drawn from the audit evidence
obtained as the basis for the expression of an opinion on the financial statements.
e) Basic elements of the auditor’s report
While the basic elements of an auditor’s report as presented in this handbook apply to the
audit of financial statements in the public sector, the legislation giving rise to the audit
mandate may specify the nature, content and form of the auditor’s report.
The auditor’s report includes the following basic elements, ordinarily in the following
layout:
¾ Title;
¾ Addressee;
¾ Opening or introductory paragraph:
o Identification of the financial statements audited;
o A statement of the responsibility of the entity’s management and the
responsibility of the auditor;
¾ Scope paragraph (describing the nature of an audit):
o A reference to the relevant national and international standards or practices;
o A description of the work the auditor performed;
¾ Opinion paragraph containing:
o A reference to the financial reporting framework used to prepare the financial
statements (including identifying the country of origin of the financial
reporting framework when the framework used is not International
Accounting Standards); and
125
o An expression of opinion on the financial statements;
¾ Date of the report;
¾ Auditor’s address; and
¾ Auditor’s signature.
Additional elements of the auditor’s report in an audit in accordance with ISSAI
and ISA:
Consistency in the auditor’s report, when the audit has been conducted in accordance
with the ISAs/ISSAIs, promotes credibility in the global marketplace by making more
readily identifiable those audits that have been conducted in accordance with globally
recognised standards. It also helps to promote the reader’s understanding and to identify
unusual circumstances when they occur.
Management’s responsibility for the financial statements:
The auditor’s report should state that management is responsible for the preparation and
the fair presentation of the financial statements in accordance with the applicable
financial reporting framework and that this responsibility includes:
¾ Designing, implementing and maintaining internal control relevant to the
preparation and fair presentation of financial statements that are free from material
statement, whether due to fraud or error;
¾ Selecting and applying appropriate accounting policies; and
¾ Making accounting estimates that are reasonable in the circumstances.
e) Auditor’s responsibility
The auditor’s report should state that the responsibility of the auditor is to express an
opinion on the financial statements based on the audit.
The auditor’s report should state that the audit was conducted in accordance with ISAs/
ISSAIs. The auditor’s report should also explain that those standards require that the
auditor comply with ethical requirements and that the auditor plan and perform the audit
to obtain reasonable assurance whether the financial statements are free from material
misstatement.
The auditor’s report should state that the auditor believes that the audit evidence the
auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s
opinion.
i. Auditor’s opinion
An unqualified opinion should be expressed when the auditor concludes that the financial
statements give a true and fair view or are presented fairly, in all material respects, in
accordance with the applicable financial reporting framework.
126
When expressing an unqualified opinion, the opinion paragraph of the auditor’s report
should state the auditor’s opinion that the financial statements give a true and fair view or
present fairly, in all material respects, in accordance with the applicable financial
reporting framework (unless the auditor is required by law or regulation to use different
wording for the opinion, in which case the prescribed wording should be used).
When the International Financial Reporting Standards or International Public Sector
Accounting Standards are not used as the financial reporting framework, the reference to
the financial reporting framework in the wording of the opinion should identify the
jurisdiction or country of origin of the financial reporting framework.
ii. Modified reports
An auditor’s report is considered to be modified in the following situations:
The following matters do not affect the Auditor’s Opinion:
¾ An emphasis of matter should be expressed when the auditor modifies the auditor’s
report by adding a paragraph to highlight a material matter regarding a going
concern problem or a significant uncertainty of which is dependent upon future
events and which may affect the financial statements.
The following do affect the Auditor’s Opinion:
¾ A qualified opinion should be expressed when the auditor concludes that an
unqualified opinion cannot be expressed but that the effect of any disagreement
with management, or limitation on scope is not as material and pervasive as to
require an adverse opinion or a disclaimer of opinion. A qualified opinion should
be expressed as being “except for” the effects of the matter to which the
qualification relates;
¾ A disclaimer of opinion should be expressed when the possible effect of a limitation
on scope is so material and pervasive that the auditor has not been able to obtain
sufficient appropriate audit evidence and accordingly is unable to express an
opinion on the financial statements; and
¾ An adverse opinion should be expressed when the effect of a disagreement is so
material and pervasive to the financial statements that the auditor concludes that a
qualification of the report is not adequate to disclose the misleading or incomplete
nature of the financial statements.
Whenever the auditor expresses an opinion that is other than unqualified, a clear
description of all the substantive reasons should be included in the report and, unless
impracticable, a quantification of the possible effect(s) on the financial statements.
When there is a limitation on the scope of the auditor’s work that requires expression of a
qualified opinion or a disclaimer of opinion, the auditor’s report should describe the
limitation and indicate the possible adjustments to the financial statements that might
have been determined to be necessary had the limitation not existed.
127
4.2 QAR Process of Financial Audit Level
After understanding the audit process and methodology described in section 4.1, the
review team should apply this knowledge to their reviews. The different phases are
planning, conducting QA review, Reporting and follow up action. This will be done
through firstly by identifying the deficiencies in the audit methodologies and then
adapting a Checklist for file review. The Financial Methodology Checklist (Appendix
16) and Quality Assurance Questionnaire (Appendix 17) will assist in the completion of
the process as narrated below. Activities to be performed in different phases of individual
financial audit level reviews are given below:
4.2.1 Planning Phase
In planning phase of the financial audit level review the reviewer needs to identify the
appropriate audit assignments, obtaining knowledge about the assignments, assessing the
risk and determining the focus areas for review. Sample checklists are also to be
customized during this phase to make specific for the selected assignments. Followings
are the activities of the planning phase.
4.2.1.1 Selection of the appropriate audits
The main method of conducting Quality Assurance Review at the financial audit level is
through the scrutiny of files containing the working papers. As such, it is advisable to
have a representative mix of audits covering different types of financial audits as
specified above, and from different audit teams or directorate in order to assess
consistency between the audit processes and approach adopted by each team or
directorate as far as practicable.
The Quality Assurance Review team obtains from the Office, a list of completed audits
during, for example, the last twelve month period prior to the review, showing the team
responsible for the audit and from which the files are selected on a random basis.
4.2.1.2 Criteria for selection of financial audit files
The Quality Assurance Review team selects a sample of files for review and this depends
on the number of quality assurance reviewers involved so as to complete the review
within the allotted timeframe. A typical sample may consist of audit files which meet the
following conditions, amongst others:
¾ Audits rated as high risk by, and to the OAGN;
¾ Public Interest;
¾ Large or complex audits;
¾ Complex accounting policies or system;
¾ Material time and resources were allocated to the audit;
¾ A significant change of audit opinion from one year to the other;
¾ Audit engagements with expenditure/revenue exceeding a certain value;
128
¾ Audits contracted out to private auditors; and
¾ Adequate coverage of different sections and senior personnel responsible for audit
within the OAGN.
4.2.1.3 Information requirements of the Quality Assurance reviewing team, sources
and methods of gathering such information
Before carrying out the Quality Assurance Review on the working paper file of an entity,
the reviewers should obtain some information on the entity. The information that the
Quality Assurance Review Team should obtain, the sources and the methods of obtaining
them are as shown in the below.
Table 8: Sources and methods of gathering information

Information Source Method
Required
1 Knowledge ¾ The Legislations governing the ¾ Perusing previous
of the entity entity Management Letters
¾ The Strategic Plan of the entity ¾ Going through
¾ Media coverage of the activities of previous annual
the entity Audit Reports to
¾ Anonymous letters on the Parliament
activities of the entity. ¾ Reading Activity
¾ From past experience of the Reports of the entity
Reviewers whose file has been
¾ The Registry of the OAGN earmarked for review
¾ The Documentation Unit of the ¾ Perusing Press
entity Cuttings
2 Budgetary The Annual Budgets of the Entity Going through the
Allocations Budget
3 Financial Financial Report Examination of the
position Statement of Account documents
4.2.1.4 Identification of focus area for review: After obtaining sufficient knowledge
about the audit assignment, its auditing procedure, nature of audited entities business,
guidance's and instruction given by the respective Directorate as well as policy
directorate of the office, applicable specific auditing guidelines etc., the should perform
the risk assessment as stated on the section 3 of this handbook to determine the focus area
for review. These are the significant potential areas which are reviewed in the execution
phase of the quality assurance review.
129
4.2.1.5 Customization of the Checklist
Few specimens of the checklist are given in the Appendix 15 and 16 which can be
customized according to the needs of individual assignment. Customization of the
Checklist depend upon the focus area identified under the preceding paragraph of this
handbook,
Specimen of the Financial Audit methodology checklist Appendix 16 is illustrated
below)
Appendix -15
Financial Audit Methodology
YES NO COMMENTS
I. Financial/Regularity Audit Performed:
1. Attestation of financial accountability of
accountable entities, involving examination
and evaluation of financial records and
expression of opinions on financial
statements.
Copy of specimen of Quality Assurance Questionnaire (Appendix 16) is illustrated

below)
INTOSAI ISA Ref. YES NO N/A Comments WP
Ref. (Describe the brief Ref.
explanation of findings
and link it to next
template which showed
the next Appendix )
A TERMS OF
REFERENCE
1 Is a copy of the Par. 3.1.4(g) ISA 210
engagement letter on file? & 1.0.34 par. 2, .10
(for new and existing
appointments)
To enable the QAR Team to design a practical checklist for individual file reviews, there
is an important step that needs to customize checklist by assessing the audit methodology
of the OAG against the checklist devised in Appendix 16. The audit methodology of the
OAG can consist of various documents including updated manuals, guidelines,
memorandum, notices etc. These have to be considered together when completing the
checklist.
130
After identifying the weaknesses in the current methodology the QAR Team should
provide these reports as inputs into the institutional level reports (under the element of
audit methodology). The next stage is to customise the file review checklist i.e.
preparation of QA Questionnaire shown in Appendix 17 to take account of the
differences noted in the methodology. Furthermore, the OAG should consider any of its
own practices that are not included in the practices. For example, specific audits of
previous outstanding record of irregularities. Additional questions should be developed
for such areas.
The QAR Team should then adapt the questionnaire through for example, shading the
non-relevant questions and adding additional questions. At this stage the review team is
in a position to commence the individual file review process.
4.2.2 Execution Phase
This is the actual stage in which reviewer conducts review of individual financial audit
file. It includes completing the financial review checklists, gathering information using
different review techniques and analyzing them to derived appropriate conclusions.
Followings are the activities of the execution stage:
4.2.2.1 Gathering information
The purpose of gathering information through completing Quality Assurance
questionnaires by the reviewers is to enable them to:
(i) Form an opinion on the quality of work that has been done on site by the audit team;
(ii) Identify the underlying reasons for unsatisfactory performance;
(iii) See whether the reasons are not inherent in the OAGN; or
(iv) Fix responsibility for any adverse situation.
Besides the Quality Assurance questionnaires, various other types of information may be
required, for example:
a) The total number of assignment under the responsibility of the OAGN categorized
under Ministries / Departments, Statutory Corporations, Local authorities, Donor-
funded projects, etc;
b) The total number of completed audit files under each category; or
c) Whether files identified for review and classified under the same category e.g.
Local Authorities emanate from different audit managers to ensure uniformity in
approach.
As mentioned earlier various methods are available for gathering information, namely
Interview, Focus group, Document Review, Survey or Physical Observation. For QAR of
individual files the documentation of audit evidence in the file or generated by the audit
is the main method of gathering information. The audit file should document all of the
evidence necessary to support the audit report issued.
131
4.2.2.2 Review of files
Prior to reviewing the files, it is important that the Reviewer has a good understanding of
the OAGN’s practices and procedures in the conduct of audit assignments. It is also
imperative that the reviewer is familiar with, and understands the content and layout of
the OAGN’s working paper files being reviewed. In the absence of standard working
papers the reviewer should confirm all audit documentation has been provided.
Quality Assurance Review is conducted by completing the revised questionnaire
mentioned in Appendix 17. The reviewer can also consider re-performance of selected
audit procedures by following through the relevant extracts of the annual report
pertaining to an audited entity back to observations in the working paper file and vice
versa.
To assist the reviewer in understanding the nature of items covered in the Checklist, the
Table of below summarises the issues addressed in the questionnaire with guidance as to
where to look for information and what are the potential findings.
Table 9: Summary of QA individual file review
S. Audit To provide assurance Key instruments Potential findings Quality Assurance
requirements that employed Questionnaire
N. Reference
Number
1 Audit The work is • Financial At the Planning
adequately planned Audit Manual stage some of the
Planning and the audit issues items that normally
are selected on the • Audit Policy require
basis of risk, their instructions improvement are:
relevance to the and guidance
OAGN’s mandate, • Completeness/ A-1
significance and • Laws and Existence of
auditability. regulations engagement
letters
• Audit Plan • Completeness/ B-13
Existence of
• Software permanent files
support tools • inadequate C
(Sampling Consideration of
etc.) Staff
• Completeness/ B-10-b
• Working Existence of audit
Papers plan
• Directives issued C-2
by the AG and
Audit Directorate
not implemented
132
N. Reference
Number
• Whether risk B-14
assessment is
performed
• Evidence of E-1
internal audit
assessment
• Whether files E-3
indicate
scheduling of
staff, time budget
and evidence of
supervision /
direction
• Insufficient C-9
information on
the knowledge of
the audited
entities C-4
• Documentation
2 Staffing for Adequate staffing • Audit • Lack of review C
the is provided for the manuals due to changes in
audit to be the audit team
audit conducted • Audit Office • Changes in
efficiently and policies, staffing were not
effectively procedures & reflected in files
guidelines during the course
of the audit
• Audit Plan C
(Staff
scheduling &
time budget)
3 IT tools Appropriate IT • Software • Lack of evidence F8
tools are available support tools of reconciliation
in the OAGN as a between account
measure of audit balance and the
quality sample
improvement populations as
derived by the
CAATs
133
N. Reference
Number
4 Other tools Appropriate • Office • No evidence on F
and guidance, audit intranet site file of standard
tools and rates utilised from
Guidance techniques are in • Audit policy internal
place , useful and instructions instructions
applied and guidelines
consistently
5 Conducting All audits are • Regularity At the Fieldwork

the conducted with due (Compliance stage some of the
regard for and Financial) issues that may be
Audit efficiency and Audit Manual included for
economy in terms improvement are:
of time spent and • Approved
resources utilised audit plans • Adequacy of lead H-1
and in accordance schedules in the
with the legal • Approved files
mandate, policies Test • Whether the WPs L
and practices of the programmes show the audited
Office period/financial
• Progress year for financial
reports audits
• Whether the C-6,7
• Sampling scope of the audit
guides was indicated
• Whether the E-8
• Electronic information
tools system was
assessed
• Working • Whether the L-6
papers index related to
the WPs
• Whether I-4
irrelevant
materials were
filed
• Whether WPs B-14, L-6
were signed by
the reviewers
134
N. Reference
Number
• Whether tick B-14,L-6
marks or work
performed were
explained
• Whether the B-14
reviewer checklist
was on file
• Whether core L-6
issues are
considered in the
recommendations
6 Consultation Consultation is • Audit • Opinions B-16
sought from Manuals provided by third
and advice experts and party experts
specialists with • Audit were not included
appropriate Policies, in the files
competence, skill, procedures • Credentials of
knowledge, and guidelines third party experts P
judgment and not validated
authority to ensure • Specialist
due care and reports
authoritative
opinion when • Working
dealing with Papers
unusual, unfamiliar
and complex
issues.
7 Supervision Personnel working • Audit • No evidence M-1
in the audit team Manuals of review on all
and review receive an working papers
appropriate level of • Audit Office • Review was
leadership and policies, not completed
direction so that procedures prior to the
they are and guidelines issuance of the
encouraged to report
perform to their • Human M
potential and to resources
ensure that audits policies and
are properly guidance
135
N. Reference
Number
completed carried
out. • Working
papers
Adequate
supervision of all
audit personnel is
provided so as to
ensure that audits
are properly carried
out. All audit work
is reviewed by a
senior member of
the audit staff
before the audit
opinions or reports
are finalised.
8 Evidence Sufficient, • Audit Issues raised in
appropriate, Manuals reporting may
competent and include the
relevant evidence is • Audit Office following:
obtained to provide policies,
a reasonable basis procedures • Existence of the
to support the and guidelines final management P -7
conclusion letter
expressed in the • Review of • Whether matters
report. working for the attention
papers by of the reviewer
senior were summarised
management • Suggestions for
of the SAI the Audit Director
on the individual P-10
audit: The review
team should make
suggestions to the
Audit Director/
Directorate being
reviewed for P
consideration in
order to improve
its operations.
136
N. Reference
Number
9 Documentati The system of • Auditing • Evidence of non- L
on documentation in standards standards review
the Supreme Audit on files
Institution is • Audit • Working papers
designed to ensure Manuals poorly cross
that all the audit referenced
processes are duly • Audit Office L-6
recorded and policies,
available both for procedures
subsequent follow- and guidelines
up as well as for
future audits. • Working
papers
4.2.2.3 Analysis of information

Information obtained from an analysis of the Quality Assurance questionnaire and from
other sources are analysed for the purpose of producing a report on the weaknesses noted
and addressed to the Auditor- General. The information in the “Comments” column of
the checklist (Appendix 17) can be very useful at the analysis stage. To fill in that
column, it may be necessary for the QA Team to interview some members of the audit
team or even senior management, in addition to documents review to be able to analyse
the root causes for non-compliance to Auditing Standards.
4.2.2.4 Recording observations
The review team should utilise the individual findings recording form provided in
Appendix 18 for recording the details relating to the findings. These findings only relate
to a situation where there is a negative finding as per the checklist in Appendix 17. This
will require consideration of the implications the findings including the linkages to the
casual factors and the elements of the institutional level assessment. In addition, the
reviewer will be required to state the category of the error using the following guide:
9 High risk – signifying fundamental failures where for example, the audit opinion or
key conclusions are incorrect;
9 Medium risk – identifies where information provided to the reader of the audit
report is omitted or information that is not important is included;
9 Low risk – other matters such as poor referencing or evidence of review.
137
After completing the individual audit findings the review team then need to compile the
Quality Assurance Review Recording Form that summarises all findings into the
template provided in Appendix 19. Below is an explanation of the Quality Assurance
Review Recording Form which can be used directly as the reporting template for the
review.
Quality Assurance Review Recording Form

a) Quality Assurance Questionnaire reference: The Quality Assurance Questionnaire
(QAQ) reference has a combined reference consisting of: i) the reference number
allocated to the completed QAQ and ii) the different items checked on the QAQ. For
example, if the reference allocated to the completed questionnaire is (V) and the
absence of the letter of engagement (item#A.1 in the QAQ) on file was observed
during the review, the reference which should be recorded on the Quality Assurance
Review Recording Form is (V) A.1.
b) Positive observation: Acknowledge the good practices of the audit team. A summary
of the positive responses provided in the checklist should be given at the beginning of
the report.
c) Negative observations: Record all material negative observations precisely,
including the nature and extent of the finding. The observation evolves from the
reviewer’s results against appropriate evaluation criteria, based on the requirements
of quality standards defined in the checklist and using professional judgment and the
Reviewer’s experience.
Criteria may vary according to the area being reviewed and audit objectives. The
criteria may be the policies, procedures and standards of the Office of the Auditor
General, International Standards of Auditing and generally accepted accounting
principles. Other criteria may include the requirements of laws, regulations,
grants, contracts, etc.
d) Effect: The reviewer must also answer the question “What risk does the weakness
expose?” The real or potential impact of both positive and negative observations is
identified. Its significance can be judged in relation to the extent of risks that the
OAGN may be exposed to as a result of compromising on quality and continuing with
the current negative practice.
e) Clearing of findings:
i. Comments by the Director/ Audit Officer: The reviewer obtains from the
audit team or audit management through fact-finding interviews and
discussions, comments on the observations raised on the Quality Assurance
Review Form. As far as possible, the comments should include the position
title of the OAGN staff with whom the discussions were held.
ii. Causal factors: The answer to the question “Why is there a deviation from
requirements?” should be explained. Through discussions with the Audit
138
team / Management, the Reviewer would identify the underlying reasons for
the satisfactory or unsatisfactory conditions or observations. The
identification of the causal factors assists the reviewer in determining
corrective action and may form the basis for the recommendations for
needed action by the audit team or other organization in the OAGN. All
pertinent discussions and comments by the staff member of the Office must
be recorded on the Quality Assurance Recording Review Form.
f) Recommendations: The reviewer must then arrive at a conclusion as to “What
should be done?” The recommendation flows from the cause previously identified in
the finding. The reviewer should come up with appropriate and practical
recommendations and record them on the Quality Assurance Review Recording
Form.
The relationship between the recommendations, underlying observation and
causal factors must be clear and logical. The recommendation must state what
needs to be changed or rectified.
g) Name of reviewer: The name of the reviewer who conducted the review and made
the recommendation must be stated.
h) Signature and date: The review team leader must ensure that all observations are
completed, correctly stated, signed off and dated on the Form(s).
4.2.3 Reporting phase

After the Quality Assurance Finding Recording Forms is completed. The reviewer should
prepare the Quality Assurance Review Report. The templates provided in Appendix 19
can be adapted to follow the format of the standard report, e.g. including introduction and
summary. The activities to be performed in the Reporting stages are as follows:
Format of the QAR report of Financial Audit
Having recorded all the observations on the QAR recording from, the review team will be
position to prepare the brief review report.
The report may include the following:

Table of contents
Introduction - May explain the background for the review report.
Objectives- It contains objectives of the quality assurance review work.
Approach and methodology used - This would include the actual work done and the
procedures followed by the quality assurance review team. It would cover items such as:
¾ Main data gathering techniques used
¾ Limitations, if any, of the approach
139
Observations - In this section, the review team should include the following items under
each financial audit key areas such as terms of reference, planning, execution, reporting
and general (supervision, other audit consideration, related parties and using the work of
another auditor, etc.):
¾ Positive Observations – The summary of the positive observations;
¾ Areas for Improvement – The summary of the findings including effects, casual
factors sub elements and recommendations;
Overall Conclusion– The review team's opinion when they have after considering all the
information about observation.
Management Response– Management’s responses on the overall conclusions and
recommendations.
Possible sample of financial audit review report template is indicated in the Appendix
20.
4.2.3.1 Clearing of findings and feedback to the Assistant Auditor General Director /
Audit Officer
The review team should meet with the audit team to discuss the findings to ensure that
they are clearly understood. If required by the Office, the shortcomings identified by the
audit team should be corrected on the working papers.
Preparing to discuss the summary of findings with the Assistant Auditor General,
Director/ Audit Office
After feedback is given and draft report is prepared, the next stage will be to present the
summary of the findings to the Assistant Auditor General, Director / Auditor Officer. The
review team should consider the following aspects before presenting the summary of
findings:
¾ Go through the recorded observation forms, or summarised form and agree on the
observations;
¾ Agree on the mode of presentation of the observations, whether in writing, oral or
both and whether visual aids are required;
¾ Arrange logistics;
¾ Make an appointment with the Assistant Auditor General, Director / Auditor
Officer for the meeting;
¾ Consider the documents to have in the meeting;
¾ Agree among the team who should lead the discussions, and who should record
comments of the senior management and conclusions reached;
¾ Discuss among the team and agree whether the issues to be discussed are to be
made available to the Assistant Auditor General, Director / Auditor Officer in
advance of the meeting. If so, make arrangements for distribution; and
140
¾ Agree on the sequence of presenting the issues and it is advisable to start with the
good practices of the audit work before highlighting the weaknesses.
Discuss the summary of findings with the Assistant Auditor General, Director /
Auditor Officer
In order to finalise the QA report, there is a need to discuss the summary of the findings
and the recommendations with the Assistant Auditor General, Director / Auditor Officer.
The following guidelines will definitely make the discussion effective and acceptable:
9 Be punctual;
9 Start to present the good practices;
9 Continue to present the weaknesses;
9 Presentation must be brief and to the point;
9 The responses given by the Audit Director/ Audit Officer must be recorded;
9 Ask if there is any question needing clarification;
9 Ask for comments and recommendations;
9 Thank the Audit team involved in the audit for their usual cooperation and
assistance; and
9 Close the meeting.
In certain circumstances, where there is disagreement over findings, the process
underlined can be followed to resolve the findings:
¾ The findings should be discussed with the audit team, who should indicate for
every finding whether there is agreement / disagreement on the finding;
¾ Where agreement was reached on a high risk matter:
o The audit team should ensure that the matters are addressed timely;
o The review team should perform additional review work to corroborate that the
matter has been addressed and should indicate whether the matter has been
resolved to their satisfaction and the date on which the reviewer confirmed that
it was resolved; and
¾ Where there was disagreement on a high risk matter, or other important matter the
audit team should clearly state the reason for the disagreement and ensure that the
OAGN’s process for differences of opinion is followed to resolve the matter. Detail
on such process should be included in the working paper.
Where a difference of opinion between the review team and the audit team exist the
following procedures for dealing with differences of opinion can be followed:
141
¾ Where the reviewer makes recommendations on high risk findings from the review
that the audit team does not accept and the matter is not resolved to reviewer’s
satisfaction, the consensus need to be sought with Senior Management.
¾ Even when policies and procedures (processes) are put in place to resolve
differences of opinion a resolution may not be reached where matters are
contentious and strong opinions are held. In the event that consensus cannot be
reached, clear designation of which person will take the line responsibility for
making the final decision may be necessary. The person who signs the audit report
will be the most appropriate person. If a member of the audit team or a person
involved in resolving the difference of opinion continues to disagree with the
resolution, he or she may disassociate him or herself from the resolution of the
matter and should be offered the opportunity to document that a disagreement
continues to exist.
The steps in the process to be followed by the audit team to resolve differences of opinion
include:
• Consider the reasons for the difference of opinion: Consideration of whether or
not the difference of opinion arises from a different interpretation of facts, or from a
more technical or personal interpretation of “grey areas”, often where there are no
standards to give a precise interpretation or application of principles;
• Research: The matter is thoroughly researched by the research and development
component of the Office and credible information is obtained that supports the
difference of opinion expressed;
• Consider past experience: Consideration of similar circumstances or experience
among senior staff elsewhere in the SAI or the region may provide guidance for
consensus in the resolution of the difference of opinion; and
• Mediation: Other individuals with current, specialist professional expertise
identified within the OAGN may be brought in to mediate the difference of opinion.
4.2.3.2 Exit meeting with the Assistant Auditor General, Director / Auditor Officer
During the exit meeting the review team leader confirms that all the shortcomings that
were identified during the review were resolved and he provides a certificate to the audit
team or will be resolved in the future audit.
The audit team and the review team should compile a list of lessons learned and share
this with other staff members doing similar audits.
4.2.3.3 Annual report on QA
The QA unit or committee or the staff member responsible for QA should produce an
annual report of the whole Office on quality issues. This report should be submitted to
The Auditor General. The report should contain:
142
¾ Introduction;
¾ Statistical information on, for example, the number of reviews conducted and
passed compared to previous years to show trends;
¾ Objectives,
¾ scope and approach of the reviews;
¾ Periods covered;
¾ Sample size / reviewers;
¾ A summary of the findings (observations) with an emphasis on common issues;
¾ Cause;
¾ Recommendations and action plans to address the shortcomings, including training
needs; and
¾ Conclusion.
It is good practice to submit quarterly progress reports to the Auditor General and to
bring important matters such as a break down of QC under his attention immediately.
143
Chapter 5
QAR of Performance Audit
5.1 Purpose and Overview
To assist the quality assurance review team to understand the desired quality controls in
performance auditing and, thereby, provide a basis for the QA teams to assess
(i) The quality of OAGN’s performance audit methodology, and
(ii) Compliance with required controls by the performance audit teams.
This chapter focuses on the quality controls in performance auditing in terms of the
good practice process for managing such audits. The quality controls relate to those that
apply to each phase of a performance audit process, as well as the overarching quality
controls that are equally applicable to all phases of the audit process.
5.2 Performance Audit Standards and Guidelines
INTOSAI has issued a number of standards which are relevant to quality assurance in
SAIs. They have been placed along with other standards in the framework of
International Standards of Supreme Audit Institutions (ISSAIs).
5.2.1 International Standards of Supreme Audit Institutions (ISSAIs)
Principle 3 of ISSAI 20 states, “SAIs should implement an appropriate system of quality
assurance over their audit activities and reporting and subject such system to periodic
independent assessment.” Various other ISSAIs reinforce this need.
One of the basic principles in government auditing states that “to ensure that high quality
work is done, appropriate standards must be followed. The objectives of the particular
type of work or the particular assignment should dictate the specific standards that are
followed. Each SAI should establish a policy on which INTOSAI standards, or other
specific standards, should be followed in carrying out the various types of work that the
organisation conducts to ensure that the work and products are of high quality”. (ISSAI-
100)
ISSAI-200 on INTOSAI Auditing Standards-General Standards (paragraph 1.25) states
that “the SAI should adopt policies and procedures to review the efficiency and
effectiveness of the SAI’s internal standards and procedures”.
The Standards are further amplified in paragraph 1.27, which states that “the SAI should
establish systems and procedures to: (a) confirm that integral quality assurance
processes have operated satisfactorily; (b) ensure the quality of the audit report; and (c)
secure improvements and avoid repetition of weaknesses”.
As such, the SAI must as a matter of policy define and decide upon the appropriate
standards and level of quality for its outputs, and then establish comprehensive
procedures designed to ensure that this level of quality is attained. These policies and
procedures should be established by reference to the international standards and best
144
practices aligned with objectives of the SAI, which will normally reflect the legal
requirements and socio-political expectations that the SAI faces.
As a further means of ensuring quality of performance, additional to the review of audit
activity by personnel having line responsibility for the audits concerned, it is desirable for
SAIs to establish their own quality assurance arrangements. That is, planning, conduct
and reporting in relation to a sample of audits may be reviewed in depth by suitably
qualified SAI personnel not involved in those audits, with consultation with the relevant
audit line management regarding the outcome of the internal quality assurance
arrangements and periodic reporting to the SAI's top management. (paragraph 1.28)
In paragraph 1.29, it says that “it is appropriate for SAIs to institute their own internal
audit function with a wide charter to assist the SAI to achieve effective management of
its own operations and sustain the quality of its performance”.
Another paragraph in ISSAI-200 that explains quality assurance reviews as an auditing
standard is paragraph 1.30 – “The quality of the work of the SAI can be enhanced by
strengthening internal review and probably by independent appraisal of its work.”
The emphasis here is that quality reviews would be strengthened if conducted by SAI
personnel who are not members of the audit team.
The establishment of a separate QA function within the SAI and independent of the audit
units and the engagement of quality reviewers or other external experts such as other
SAIs or audit firms are considered to be ways of enhancing the quality of SAI’s work.
The various aspects of setting up and managing the QA function are discussed in detail in
chapter 2. The QAR processes are considered in chapters 3 and 5.
That said, ISSAI-300 explains that one of the field standards applicable to all types of
audit refers to the need by the auditor “to plan the audit in a manner which ensures that an
audit of high quality is carried out in an economic, efficient and effective way and in a
timely manner”.
5.2.2 ASOSAI Guidelines on Audit Quality Management System
The ASOSAI AQMS guidelines refer to ISSAIs at appropriate places. These ISSAIs have
already been discussed earlier in this chapter. In this section, the focus is on additional
issues highlighted in the ASOSAI guidelines.
The Guidelines on Audit Quality Management System provide specific guidance in
establishing quality management systems (QMS) in OAGN. The OAGN’s QMS should
be designed to provide ‘reasonable assurance’ in the light of the likelihood and
magnitude of potential risks, that it conducts the audits, both regularity and performance,
in accordance with the applicable legislative requirements, rules and regulations, audit
standards, policy manuals, guidelines and procedures. Reasonable assurance recognises
that the cost of managing risks should not exceed the benefits likely to be derived.
Reasonable assurance should not be construed to mean absolute assurance of all aspects
of quality for each individual audit and for the audit process.
145
Paragraph 1.9 of the Guidelines states that:
“Quality Assurance, however, is understood as planned or systematic actions necessary to

provide adequate confidence that a product or service will satisfy given requirements for
quality. Quality Assurance is process centric” .
The ASOSAI AQMS framework contains several elements, one of which is about
“continuous improvement,” which has several sub-elements under it. The overriding
principle of this element is the determination of how well the SAI is achieving its goals,
and whether the system is appropriately designed and operating effectively. Towards this
end, it has to set up a variety of review mechanisms all designed to provide that audit
practices meet accepted standards, and to help the SAI continuously improve the quality
of its outputs and services.
Paragraph 2.14 underscores the following: “As part of its internal quality assurance
mechanism, the SAI should ensure that applicable standards are followed on both pre-
audits and post-audits and that deviations from the standards that are determined to be
appropriate are documented.”
The quality assurance review is part of the overall quality assurance system, which is
concerned with all steps and techniques that the SAI auditors must follow to assure good
quality audit.
Paragraph 6.15 distinguishes between internal audit and internal quality assurance:
“Compared to the internal audit function, internal quality assurance exercise is generally
narrower in scope. The internal audit assesses whether the operating systems function
efficiently as per established policies and procedures whereas, internal quality assurance
assesses whether individual engagements are performed in terms of applicable standards,
policies and guidance.”
5.2.3 ASOSAI Performance Audit Guidelines
These guidelines provide the methodology and a broad framework for the conduct of the
performance auditing process, and also provide the basis by which the quality of the audit
product can be judged.
The guidelines take into account relevant INTOSAI Auditing Standards and are based on
generally accepted principles of performance auditing distilled from the experience of
ASOSAI members. Following Paragraphs refer to various aspects of quality assurance in
performance auditing, including distinction between QA and QC, nature of quality
assurance review (QAR) programme, nature of a QAR report, and the responsibility of
audit managers to address the findings of QARs.
146
Table 10: Relevant paragraphs from the ASOSAI Performance Auditing
Guidelines
Paragraph Pertient Paragraph
8.14 The SAI should implement quality assurance/control policies
and procedures. Quality assurance refers to policies, systems
and procedures established by SAIs to maintain a high
standard of audit activity. Quality control refers to the
requirements applicable to the day-to-day management of
audit assignments.
8.17 A system of quality assurance should provide indicators for
recruitment and promotion; guidance for assignment of
administrative and technical aspects of quality control to
appropriate staff; a basis for communication of quality control
policies, procedures and outcomes to all relevant staff; and
adequate monitoring and review of the quality assurance
systems
8.18 Quality assurance mechanisms include planning reviews– the
planning of selected tasks may be reviewed by SAI
management independent of the task to ensure adequate
consideration has been given to all matters considered
essential for the successful completion of the task at the
planning stage.
8.20 A quality assurance review programme is a series of
independent peer reviews of activities undertaken within the
SAI that assesses the overall quality of the work performed.
The results of the programme should be reported to the SAI
management at least annually. A quality assurance review may
examine adherence to policy and procedures and identify areas
where there is any scope for improvements in these policies
and procedures, or it may assess the quality of work performed
to meet specified objectives.
8.21 Quality assurance reviews will generally address both
adherence to specified processes and the quality of the work
performed on a selected task or group of tasks, and may
include an annual programme of task reviews and ad-hoc
reviews of any task undertaken at any time.
8.22 Tasks selected by SAI management should, as far as possible,
be representative of the nature of all tasks undertaken by the
SAI. The reviews would include a selection of high risk, large
and complex tasks, and some smaller and less complex tasks.
8.23 The report on the quality assurance review programme should
summarise the results of all the reviews including the tasks
selected (number and type), the findings and any
147
recommendations. The report should not focus on individual
audits, but be a summary of those findings identified during
the review programme.
8.24 Quality assurance reviews are generally undertaken using a
questionnaire to ensure consistency across the reviewing
teams, but the approach would allow for the qualitative
characteristics of audits to be assessed.
8.25 The quality of performance audits should be assessed against
the relevant auditing standards. In short, the quality assurance
review process reports whether there is sufficient, appropriate
evidence to support the audit report.
8.26 Review team members will be selected by the SAI
management on the basis of their knowledge and experience
and should generally be at the audit manager level. The team
members must be independent of the work they review.
8.27 The quality assurance review reports, in addition to identifying
weakness in current methodology and practices, should
accentuate positive findings and identify improved practices
that may be introduced as office-wide best practice.
8.28 It is the responsibility of all audit managers to address the
findings of the quality assurance reviews of their tasks. SAI
management should be responsible for ensuring that problems
noted or recommendations for improvements are adopted in
appropriate changes to SAI methodology and practices.
5.2.4 Performance Auditing Guide
The OAG policy provides that, to ensure the maintenance of the highest quality of
auditing services to its clients, a system of quality control policies and procedures are
established. It includes a review of general quality control considerations and review of
selected individual performance audit engagements.
5.3 Selection of the appropriate audits for QAR
The main method of conducting a QAR at the performance audit level is through the
scrutiny of the working papers contained in the performance audit files. This method
should be supported, where necessary, by other information-gathering methods such as
unstructured discussions with performance audit team members, structured interviews,
and focus groups.
For post-audit QARs, the QAR team should obtain a list of completed audits during, for
example, the last 12-month period prior to the review. From the list of completed audits
obtained, the QAR team may select a sample of performance audits for review based on
considerations of risk and representativeness. The QA team may consider the following
while assessing risk and ensuring representativeness:
148
5.3.1 Assessing Risk while selecting performance audit files for quality review
Table 11: Assessing risk for individual performance audit review
Risk
No Factors Note
High Medium Low
Public interest
(parliamentary/ media/
users group etc.)
Scope of Audit
(Large/medium/small)
Complex Audit
Substantial time was

allocated to the audit
Substantial resources were

allocated to the audit
Significant objectives
from social and/or
economic perspective
Audits that raised much

disagreement between
audited entity and audit
team
Significant limitation in
the scope of the audit
New area of audit
. Significant shortcomings
in previous audits
Assessment
5.3.2 Factors to be considered to ensure representativeness. The following are some

strategies to ensure the representativeness of the performance audits selected for
post-audit QARs:
149
• Select at least one audit file of each performance audit team leader.
• Select performance audits that pertain to different sectors (e.g. education, health,
infrastructure, economic services, transportation, etc); and
• Select performance audits that pertain to different streams of government
functioning (e.g., expenditure, revenues, public-private partnerships).
In case of pre-issuance QARs, representativeness is not a key consideration. The primary
consideration for selecting audits for pre-issuance reviews is whether it is appropriate for
the OAGN to publish the draft audit report under the circumstances without risking its
reputation. The following are examples of indicators which may trigger a pre-issuance
review:
• Due to unforeseen circumstances, the risk of the audit has increased;
• Significant disagreements with management;
• Significant limitations on the scope of the audit; and
• The auditor is uncertain of the audit observations and recommendations and would find
benefit from an independent review.
5.3.3 Other considerations – Timing of the review
A pre-issuance review needs to be performed before the audit report is issued. Various
factors may influence the timing of the pre-issuance review, such as:
• When the audit report is due for issue (legal requirements);
• The complexity of the audit;
• whether the review needs to occur at appropriate stages during the audit, so that
significant matters may be resolved to the reviewer’s satisfaction promptly;
• The availability of suitable pre-issuance reviewers; and
• The time required by pre-issuance reviewers to perform the review.
5.4 Objective of QAR of Performance Audit
The objective of an individual performance audit level QAR is to provide assurance as to
whether appropriate quality controls were complied with by the different performance
audit teams. The main purpose of the quality assurance is to identify weaknesses in
quality controls at performance audit levels, assess the extent of compliance with existing
quality controls and suggest strategies for addressing those weaknesses. To achieve this,
some of the main issues for consideration are:
9 Determine if required quality controls are in place;
9 Determine if existing controls are being properly implemented;
150
9 Confirm the quality of the audit practices and reports, and identify potential ways
of strengthening or otherwise improving the controls;
9 Determine if proper documentation for the control procedures exist;
9 Determine if the audit was properly planned, and whether risks were identified
and received the appropriate attention;
9 Confirm that sufficient work was undertaken to support the findings and
observations in the audit reports;
9 Confirm the working papers are in accordance with OAGN policies and
procedures;
9 Determine if conclusions are properly explained and supported by audit working
papers;
9 Determine that audit findings and observations opinions are fully supported and
documented in working papers; and
9 That the performance audit report issued is appropriate in terms of significance,
scope, timing, etc.
To achieve this objective, the OAGN should conduct regular QARs of selected
performance audits every year. The primary emphasis of pre-issuance review is to assure
the OAGN top management that the audit report to be issued is appropriate under the
circumstances, while that of post audit reviews is to identify potential areas of
improvements in subsequent performance audits.
While the primary objective of QARs at individual audit engagement level is to assess the
extent of compliance by audit teams with approved quality controls, it is also important to
periodically assess whether the quality controls reflected in the performance audit
methodology approved by the OAGN are adequate and aligned with international good
practice. While the QA function should conduct compliance check QARs every year for
a sample of performance audits, the methodology check should be conducted once every
few years, or whenever there is significant development in the INTOSAI community with
regard to performance audit methodology. Such a methodology check can very well be
part of an OAGN-level QAR; however, an OAGN-level QAR will generally have a wide
scope covering number of areas for examination, and may, therefore, not assess in detail
the adequateness of an OAGN’s performance audit methodology.
5.5 Plan the QA Review
The quality assurance team should develop a review plan that describes scope and
methodology, execution period, human and other resources, names of team members and
other special considerations. Team members should consist of staff with suitable
qualifications and experience so as to fully understand the performance audits to be
reviewed.
151
Before developing a QAR Plan, the review team should fully understand the performance
auditing framework within an OAGN. In particular, the following aspects are important
to have better understanding of the performance auditing framework within an OAGN:
• OAGN Mandate and Legislative Framework
• Structure of the Performance Auditing Function
• OAGN’s Strategic Plan for Performance Audits
• Planning Individual Performance Audits
• Conducting the Audit
• Reporting the Audit
• Managing the Audit and Relationships with Entities
• Parliamentary Review
• Follow-up
• Quality Assurance requirements of the OAGN
In the case of working papers being documented in electronic form, the review team
should ensure that they have adequate access to and competence to review such working
papers.
Planning the QAR
A QAR plan at individual performance audit level contains background, objective,
scope and approach, methodology, review period, budgetary and other resources required
for review, and names of the review team members. A sample of QAR Plan of
performance audit is given at Appendix 21. As regards the scope, the QAR team may
decide to focus on a certain stage of a selected performance audit and not necessarily on
all stages, For example, if the QAR team has defensible reasons to conclude that the
planning stage of the selected audit poses much higher risk than the other stages, then it
should focus its review on that stage, rather than equally on all stages of the audit.
As mentioned earlier in this chapter, the quality assurance of individual performance
audits covers two aspects:
(i) Adequacy of the OAGN’s performance audit methodology, and
(ii) Adequacy of compliance by performance audit teams.
(1) Methodology Check – It is an assessment of the extent to which the OAGN’s
performance audit methodology (practices/processes) is adequate and aligned with
relevant ISSAIs and other good practices.
(2) Compliance Check – It involves checking whether the performance audit teams
complied with approved performance audit practices/processes of the OAGN.
152
A suggested performance audit methodology check questionnaire is available at
Appendix 22. It is based on good practice discussed in the ISSAIs and ASOSAI
Guidelines on Performance Auditing.
5.6 Conducting the QAR
Once the QAR plan has been approved, the QAR team will take necessary steps to
execute the plan. The following activities are involved in execution of a QAR:
5.6.1 Review of Performance Audit files – Prior to reviewing the files, it is important
that the Reviewer has a good understanding of the Supreme Audit Institution’s
practices and procedures in the conduct of performance audit assignments. It is
also imperative that the reviewer is familiar with, and understands, the content
and layout of the OAGN’s working paper files being reviewed. In the absence of
standard working papers, the reviewer should confirm that all audit
documentation has been provided.
5.6.2 Gathering information – The QAR team should gather information required to
support their review objectives. The QAR team gathers information while
reviewing individual performance audits using various sources and methods of
gathering. The primary basis of gathering information at individual audit level
QARs is a review of performance audit related guidelines and working papers in
the selected PA (performance audit) files. This method of document review may
be supplemented by other methods such as interviews and group discussions with
management of performance audit team and other relevant knowledgeable
persons, depending on the needs of the particular situation. To ensure
completeness of compliance checks, and consistency of checks across QAR
teams, it is desirable that the QA team develops a quality assurance review
questionnaire (QARQ) for compliance check. Unlike the QARQ for methodology
check, the QARQ for compliance check should be based directly on the OAGN’s
approved performance audit manual or guidelines and other supporting
instructions. The QAR teams should avoid using the methodology check
questionnaire for compliance checks since the objectives of methodology and
compliance checks are very different, as stated earlier in this chapter.
5.6.3 Record and Analyze Observations
The review team should utilise the QAR Recording Form suggested at Appendix 23 for
recording the details relating to the findings. These findings only relate to a situation
where there is a negative finding as per the QARQ for compliance check. This will
require consideration of the implications of the findings, including the linkages to the
causal factors and the domains and elements of the OAGN level quality management
system (QMS). In addition, the reviewer will be required to state the category of the error
using the following guide:
9 High risk – signifying fundamental failures where for example, the audit opinion or
key conclusions are incorrect;
153
9 Medium risk – identifies where information provided to the reader of the audit report
is omitted or information that is not important is included; and
9 Low risk – other matters such as poor referencing or evidence of review.
After completing the individual audit findings, the review team then needs to compile the
Quality Assurance Review Recording Form that summarises all findings including
positive findings. Below is an explanation of the Quality Assurance Review Recording
Form that can also be used directly as the reporting template for the review.
5.6.4 Discuss findings with Audit team members
After the Reviewer completes the Quality Assurance Recording Forms, the next stage is
to present the summary of the findings to the Audit team to ensure that there is a common
understanding among all concerned. If required by the OAGN, the shortcomings
identified by review team should be corrected on the working papers of the PA teams.
The correction of shortcomings in working files could be possible in the case of pre-
issuance reviews, but in the case of post audit reviews it could be the area for
improvement in future audits.
The review team should consider the following aspects before presenting the summary of
findings:
¾ Go through the recorded observation forms, or summarised form and agree on the
observations;
¾ Agree on the mode of presentation of the observations, whether in writing, oral or
both and whether visual aids are required;
¾ Arrange logistics;
¾ Make an appointment with the Audit team for the meeting;
¾ Consider the documents to have in the meeting;
¾ Agree among the team who should lead the discussions, and who should record
comments of the senior management and conclusions reached;
¾ Discuss among the team and agree whether the issues to be discussed are to be
made available to the Audit team in advance of the meeting. If so, make
arrangements for distribution; and
¾ Agree on the sequence of presenting the issues. It is advisable to start with the
good practices of the audit work before highlighting the weaknesses.
5.7 Report the Quality Assurance Review
5.7.1 Prepare Draft QAR Report
After having discussed the review findings with Audit teams, QAR team should prepare
the Quality Assurance Review Report. A suggested format for a QAR report at the
individual performance audit level may be seen in the sample report at Appendix 24.
154
Special considerations in preparing QAR Report
In certain circumstances, where there is disagreement over findings, the process
underlined can be followed to resolve the findings:
¾ The findings should be discussed with the audit team, who should indicate for
every finding whether there is agreement / disagreement on the finding;
¾ Where agreement was reached on a high risk matter:
• The audit team should ensure that the matters are addressed in a timely way;
• The review team should perform additional review work to corroborate that
the matter has been addressed and should indicate whether the matter has
been resolved to their satisfaction and the date on which the reviewer
confirmed that it was resolved; and
¾ Where there was disagreement on a high risk matter, or other important matter the
audit team should clearly state the reason for the disagreement and ensure that the
OAGNs process for differences of opinion is followed to resolve the matter. Detail
on such a process should be included in the working paper.
Where there is a difference of opinion between the review team and the audit team, the
following procedures can be followed:
¾ Where the reviewer makes recommendations on high risk findings from the review
that the audit team does not accept and the matter is not resolved to reviewer’s
satisfaction, the QAR team should seek the advice of Senior Management.
¾ Even when policies and procedures (processes) are put in place to resolve
differences of opinion, a resolution may not be reached where matters are
contentious and strong opinions are held. In the event that consensus cannot be
reached, clear designation of which person will take the line responsibility for
making the final decision may be necessary. The person who signs the audit report
will be the most appropriate person. If a member of the audit team or a person
involved in resolving the difference of opinion continues to disagree with the
resolution, he or she may disassociate himself or herself from the resolution of the
matter and should be offered the opportunity to document that a disagreement
continues to exist.
The steps in the process to be followed by the audit team to resolve differences of opinion
include:
• Consider the reasons for the difference of opinion: Consideration of whether or not
the difference of opinion arises from a different interpretation of facts, or from a more
technical or personal interpretation of “grey areas”, often where there are no
standards to give a precise interpretation or application of principles.
155
• Research: The matter is thoroughly researched by the research and development
component of the Office and credible information is obtained that supports the
difference of opinion expressed.
• Consider past experience: Consideration of similar circumstances or experience
among senior staff elsewhere in the OAGN or the region may provide guidance for
consensus in the resolution of the difference of opinion.
• Mediation: Other individuals with current, specialist professional expertise identified
within the OAGN may be brought in to mediate the difference of opinion.
5.7.2 Conduct exit meeting with senior management
Prior to finalising their report, the QAR team may discuss the draft report with
representatives of senior management to obtain their response. Since senior management
representatives are likely to have several commitments, it might be more efficient if the
QA team arranges for discussion of several QAR reports during a single exit meeting.
5.7.3 Finalise QAR Report
The QAR team should consider the results of the exit meeting and finalise the report. The
final report may be submitted to the QA unit for circulation to relevant units and levels of
the OAGN through QA Committee.
5.8 Follow-up of the QAR Report
All deficiencies and recommendations pointed out in the QAR reports should be
communicated to the respective officials, or units for taking appropriate measures and
remedial actions. Shortly after receiving the QAR reports, the concerned directorate of
the OAGN should prepare an Action Plan to implement the recommendations provided in
the QAR reports.
In response, the OAGN may organise a brain-storming session involving people from all
levels of the management to review on the deficiencies and recommendations provided
by the QAR team. The session could focus on, at least, the following areas:
• Priority of the QAR recommendations;
• Proposed actions;
• Responsible official / unit / division / department to implement the action; and/or
• Deadlines for implementation.
If there are shortcomings and recommendations related to the policy decisions or
requiring amendment to the existing policies or introduction of new policies, it may be
appropriate to consult with the AG. The final action plan should, however, be approved
by the AG or the appropriate delegated authority.
156
Appendices
157
Appendix 1
(Related to chapter 1 paragraph 1.9.4 Selection of an external reviewer)
Sample Terms of Reference (ToR) for External QAR
1. INTRODUCTION
The INTOSAI is increasingly emphasising the importance of quality assurance activities
of OAGN. Standards, and more importantly the extent to which OAGN comply with
standards, are continuously reviewed and increasingly regarded as an important
component of good governance practices. ASOSAI has incorporated several QA
activities in its work plans and is keen to support OAGN in establishing/enhancing
quality assurance systems, procedures and working methods. The OAGN requested the
arrangement of a QA visit and the arrangements for the visit were thereafter initiated.
2. MAIN OBJECTIVE
The main objective of the visit is to assist the OAGN to determine whether its audits
comply with international standards, and make recommendations on how the quality of
audits could be improved. In addition, the resource team will assess the QA system
implemented at the OAGN, and will make recommendations to the OAGN on its
functioning.
3. SPECIFIC OBJECTIVES OF THE QA VISIT

The following aspects will be addressed during the QA/support visit:
• Quality control reviews on specific audits;
• Collection of findings and reporting back to the AG;
• Assessment of the QA system at the OAGN and making recommendations to the
AG on functionality and appropriateness; and
• Training of quality assurance reviewers.
4. DATE OF THE REVIEW VISIT

The review visit will take place from _______to _______. The review team will be on
site at the OAGN during this period and, in collaboration with staff identified for this
purpose, will execute the activities agreed to in items 2 and 3 of the Terms of Reference.
158
5. REVIEW TEAM
The review team will consist of the following members:
Team member 1 - SAI of _______
Team member 1 will act as the project leader and, in consultation with other team
members, will focus the activities towards achieving the objectives of the review visit.
The SAI of _______ will identify counterparts within its OAGN to work alongside the
resource team with the view to transferring skills. The OAGN will also be responsible for
providing the necessary logistical and administrative support to the resource team in
order to fulfil their responsibility for achieving the required objectives of the visit.
6. METHOD OF WORK
The resource team will conduct the quality assurance review by using the following tools,
techniques or procedures:
• Prepare criteria as benchmarks for testing the QA systems and procedures;
• Gather information to test the above-mentioned criteria. Information is primarily
gathered through a review of documents, and may be supplemented by interviews,
focus group workshops and physical observations;
• Compare relevant information against the criteria to arrive at findings;
• Deliver a presentation to the AG and senior managers on the findings and
recommendations;
• Provide on-the-job training for local quality assurance reviewers if so specified by
the Terms of Reference (TOR); and
• Draft a report on the review visit and the course of action agreed upon with the
AG.
The resource team may also refer to the ASOSAI Audit Quality Management System
Guidelines in the conduct of the QA review.
159
7. EXPECTED OUTPUTS
Upon completion of the review visit, it is expected that the review team would have
reviewed a considerable number of audit files and given feedback to the responsible audit
manager and the audit team. From the review, the team will produce the following:
• Findings to be presented to the AG and management team with appropriate
analysis and possible recommendations;
• Draft an action plan which is agreed upon with the AG.
The review process is also expected to produce OAGN quality reviewers highly trained
in theory and in practice of the process.
8. REPORTING
The review team will give a verbal debriefing to the AG and the management at the end
of the assignment. A written report will be presented to the AG not later than two weeks
after completion of the assignment. Team Member 1 will be responsible for compiling
the report.
………….
Signature of AG
160
Appendix 2
Peer Review Checklist Appendix to ISSAI 5600
(Related to chapter 1 Paragraph 1.9.4 Conducting external review)
Introduction
The following pages are designed to serve as a framework regarding issues that might be
addressed in the course of a peer review. They include a checklist of questions. This
checklist furnishes a catalogue of issues that may be covered in a peer review. It is
neither a prescriptive list of issues that should or must be included nor is the checklist
exhaustive. A peer review might certainly also cover other topics which are not
mentioned in the checklist.
Against the background of the manifold differences in SAIs’ audit mandates and tasks,
not all of these questions will be applicable to all SAIs and the reviewed SAI might wish
the peer review to be limited to or focus on selected specific items. An excellent tool /
basis to decide on what an SAI wants the peer review to be limited to or focus on is a
self-assessment, in order to identify areas for improvement. The self-assessment may also
be based on this checklist. The peer review can then take place once the measures taken
upon the results of this self-assessment are implemented in order to assess them.
The main function of the checklist is to ensure that the framework of the SAI’s audit
function can be reviewed comprehensively and to draw the reviewers’ attention to issues
which merit particular regard. It is also intended as a tool by which to compare the
practical audit work with generally accepted standards. Therefore, the checklist is based
on internationally accepted standards and compiles information for example from the
“Guidelines on Audit Quality” as well as from the International Standards of Supreme
Audit Institutions (ISSAI), especially the Lima Declaration (ISSAI 1), the Mexico
Declaration on SAI Independence (ISSAI 10), the ISSAI 20 and 21 on Transparency and
Accountability and the ISSAI 40 on Quality Control for SAIs. There is also a strong
international consensus on three fundamental elements of the legal base that are critical to
the quality of an SAI’s work:
• Assured independence of the SAI, preferably by appropriate provisions in the
country’s constitution;
• A clear audit mandate, specified in legislation and coupled with the legal powers
needed to implement that mandate; and
• Assurance that the SAI will perform the audits that are expected of it in
accordance with internationally accepted standards or other professional standards
with which the SAI must comply.
161
1 Understanding the general framework
Accountability for the use of public funds is a cornerstone of good public financial
management. SAIs are the national bodies responsible for scrutinising public revenue and
expenditure and providing an independent opinion on how the executive branch has used
public funds. These fundamental objectives guide the work of all SAIs, though their
individual structure and management vary to a large extent. These depend on the
constitution, tradition, history and a number of other reasons. The main types generally
identified are
• The auditor general model,
• The board system and
• The court model.
Whereas the legal provisions governing the work of SAIs worldwide vary to a great
degree, there is also strong international consensus that the principles laid down in the
Declarations of Lima and Mexico should be adhered to if SAIs wish to perform their
tasks efficiently and effectively. In comparing the institutional framework with the
postulates expressed in these declarations, reviewers should bear in mind that their task is
not to attempt to implement a model (their model), but rather to examine if the provisions
provide for an adequate fulfillment of an SAI’s tasks.
The following paragraphs deal with questions that may be asked by reviewers when they
gather background information; from the reviewed SAIs’ perspective, they may also hint
at what to expect. The checklist may also serve as a yardstick for self-assessment
practices.
1.1 Legal independence
The peers may gain an understanding as to how the Declaration of Lima’s postulates
regarding independence are met. Experience has shown that the legal provisions on
independence are the key element of the general framework and understanding them is a
key element of a successful peer review. Thus, they might wish to see how the
establishment of the SAI and the necessary degree of their independence is laid down in
the Constitution and/or applicable legislation; how the independence of its members and
officials is guaranteed and what provisions are in place with a view to financial
independence and relevant INTOSAI guidelines.
Special consideration should be given to freedom of outside influence on the audit

opinions.
Independence should not only be guaranteed in the constitution and legislation, but also
be guaranteed in the auditors’ daily work.
• Does the SAI provide parliament with independent, objective and reliable
162
information on Government performance?
• How is the head of SAI appointed?
• How long is his/her term of office?
1.2 Financial independence
• Is the SAI’s financial independence guaranteed legally and evidenced in practice?
• Does the SAI receive sufficient funds to achieve its mandate, including accessing
funds to buy in external advice and support if needed?
• Does the SAI present its budget to the parliament directly or indirectly – after
discussion with the Treasurer?
• Is the SAI authorised to use the funds allotted to it under a separate budget
heading as it sees fit or is the budget subject to any interference by the executive
power or parliament?
1.3 Organisational independence
• Is the SAI’s organisational structure (court system, auditor general or board
system, etc.) set forth in legal provisions or in some other way formally approved?
• Is the organisation structure suitable to fulfil the SAI’s mandate?
1.4 Audit mandate
• Are the powers of action open to the SAI laid down in the constitution
and/or applicable legislation and do these specify its missions, powers and
responsibilities? This chiefly concerns its right to freely to decide upon the
selection, implementation, reporting and follow up on audits.
• Does the SAI’s mandate describe the procedures for reporting audit findings
and audited entity’s obligation to fully cooperate with its auditors by giving them
free access to all the information or documents they seek?
1.5 Audit functions and approach
• What precisely are the audit functions of the SAI?
• May the SAI exercise its audit functions at its own discretion or are there also
mandatory audits to perform?
• Do they cover the central government level or do they also extend to
regional and local government as well as to state owned enterprises or other
entities?
• Do they encompass private entities as well, for example if they receive public
funds?
• Does the SAI’s audit cover all government operations and transactions that
163
have a financial impact?
• Are the SAI’s basic audit powers, duties and reporting responsibilities
embodied in the Constitution or other legislation?
• Are rules in place that defines the relationship with internal auditors and with
other government entities and with private audit firms that carry out external
audits in the public sector?
1.6 Strategy
• Has the SAI imposed upon itself a performance standard that it strives to achieve?
• Are those standards adhered to by its staff and do key stakeholders perceive the
SAI to be working to sound professional standards?
• Has the SAI developed strategic goals based upon this self-imposed standard,
which govern the achievement of its aims, (for example its advisory functions,
real-time audit etc.), its focus on audit standards (financial and performance audit
etc.) and the proper and effective use of public funds as well as the development
of sound financial management?
• May employees participate in the definition of the SAI's strategic goals?
• Does the SAI have, and implement, an audit strategy and performance indicators
that constitute guidance allowing it to address its tasks and evaluate the impact for
the audited bodies as well as for public finances?
1.7 Internal governance
• Does audit legislation authorise the SAI to issue rules and regulations for
the internal governance of the organisation, including such matters as
selection, training, functions and promotion of staff?
• Has the SAI developed an ethics code describing what is expected of staff
and formalising processes to avoid conflicts of interest and other improper
actions?
• Does the SAI effectively formalise and implement the values of ethics and
integrity based on the principles generally accepted by the INTOSAI community?
• Does the SAI encourage the development of an auditor’s behaviour that is
consistent with these values?
• Does a policy exist to monitor compliance to ethics and independence
requirements?
• Does the SAI regularly review its working methods, manuals and practices
to improve its effectiveness?
1.8 Accountability
164
• To whom does the SAI report on its activities and performance?
• Is this done by means of periodic public reporting?
• Is the SAI subjected to periodic external scrutiny and/or audit? Is it ensured that
the scope of this audit does not interfere with the SAI’s independence?
• Are the processes for selecting the external auditors transparent?
• Are the results of the external scrutiny process made publicly available and
are agreed recommendations acted on by the SAI?
• Does the SAI report regularly on how its resources have been used and what
results have been achieved?
1.9 Legal / administrative recommendations
• Is the SAI authorised to propose recommendations for amendments to draft
laws and administrative procedures when it notes room for improvement?
• Is the SAI authorised to draw attention to audit findings that have a bearing on the
rationale for policy decisions or on the impact of such decisions?
• Is the SAI authorised to recommend legislative amendments, if it has found
evidence that applicable legal provisions have or may have effects not desired by
the Legislature or if the SAI finds that the Legislature's objectives can be achieved
more efficiently?
• Does the SAI make use of these authorisations?
2 Internal standards and regulations/quality control procedure

2.1 Audit types
• What types of audit does the SAI perform?
• How does the SAI balance the different types of audit, i.e. regularity/compliance,
financial and performance audit, and combinations thereof?
2.1.1 Financial and regularity/compliance audit
• Does the SAI have a mandate for auditing the adherence to regulations providing
the basis for disbursements, collection of revenues and commitment of funds?
• Does the mandate cover the accuracy with which revenues and expenditures
are calculated, supported by vouchers and stated in the accounts as well as
compliance with applicable financial management, provisions and principles?
• Does the SAI have jurisdictional functions? What are the procedures and sanctions
applied?
2.1.2 Performance audit
165
• Does the SAI carry out various methods of performance audits such as:
process based studies, organisational studies, impact and outcome studies,
cost benefit analysis, specific service and quality management studies,
environmental and IT audits?
• Are provisions in place with regard to looking into whether the optimum
ratio between the objectives pursued and the resources utilised has been sought
and obtained?
• Does the SAI examine the economy, efficiency and effectiveness of measures?
• Does the audit cover the effectiveness of government operations and transactions
including the extent to which agreed targets have been achieved (effectiveness)?
• Does the audit cover the examination of the extent to which the input of resources
was kept to the minimum necessary to achieve the preset objectives (efficiency)?
• Does the audit also imply a need for evaluating programme results? As a matter of
principle, such an evaluation should address the following aspects:
- target achievement;
- outcomes;
- performance (efficiency of implementation and efficiency of the programme
itself?); and
- the impact on the general public
2.1.3 Exceptions and materiality of findings
• Is it laid down that the SAI should avoid audit gaps whenever possible, i.e. is it
ensured that the widest possible overview over public financial management is
achieved?
• Especially, is the avoidance of audit gaps that impose a material risk laid down?
2.1.4 Real-time audit

• Are there any rules authorising the SAI to perform audit work at an early stage of
a project or programme, e.g. once a decision has been taken but expenditure has
not yet been incurred and any potential damage might still be avoided?
2.2 Audit standards
• Does the SAI use audit standards which clearly set out how audit work has to be
performed?
• Do these standards align with the audit tasks, INTOSAI standards (ISSAIs) as
well as other guidelines and professional standards?
• If yes, how does the SAI make sure that these standards are implemented?
166
• If the auditors follow international / external standards – do they need to give a
reason when they decide not to adhere to them in an individual case?
• Does the SAI conduct audit missions in accordance with its own standards?
• Does the SAI see to it that its standards are regularly updated?
• Are the standards easily available for all auditors (e.g. in libraries, in the form of
electronic records or via the Internet)?
• Is there a procedure in place to verify that all auditors know the standards?
• Are the audit standards disseminated?
• Are the standards clearly authorised and are SAI staff obliged to adhere to them
when carrying out their audit work?
• How are auditors encouraged to master and widely use the standards?
• Has the SAI, as a first step, defined and decided upon the appropriate standards
and level of quality for its outputs and then established comprehensive procedures
designed to ensure that this level of quality is attained?
• Does the SAI have a role in (national) standard setting for) government accounting
and auditing standards?
• If not, is the relationship between the SAI and the entity responsible for
developing government accounting standards defined?
• Is the SAI involved in legislation concerning audit procedures?
2.3 Quality control
• Do the audit standards provide for reviews of quality control?
• Are there systems and procedures in place to:
- confirm that integral quality assurance processes have operated satisfactorily;
- ensure the quality of the audit report;
- ensure improvements and avoid repetition of weaknesses;
- make sure that there is a good communication flow;
- make sure that there is a feedback process;
- implement the principles of ISSAI 40.
• Has the SAI also established its own quality control arrangements regarding
audit planning, conducting and reporting?
• May audits be reviewed in depth by suitably qualified SAI staff not involved in
those audits and is this actually done?
167
• Is there a guarantee that audit work is performed by one official and authorised by
another?
• Are there processes in place to identify generic lessons from these quality
reviews and to disseminate these within the SAI?
• Does the SAI have a quality assurance manual in compliance with international
standards?
• Does the manual set up the goals and demand of audit quality?
• Does the manual describe responsibilities, processes, methodologies as well as the
means to measure the quality of SAIs audits?
• Does the SAI have a detailed plan of each audit it plans to deliver that sets clearly
as to how the audit will be conducted?
• Does the team of each audit report regularly about the development of audit work
and compliance with the planning as well as with the quality assurance manual?
2.4 Internal / external review
• Has the SAI instituted its own internal audit function with a wide charter to assist
it to achieve effective management of its own operations and sustain the quality of
its performance?
• Does this internal audit function report directly to the head of the SAI?
• Is there a formal process for ensuring that the recommendations of the internal
audit function are acted on, once the SAI has accepted them?
• Does the SAI set an internal review to prevent risks and provide a reasonable
assurance to fulfil in good conditions the missions it is assigned according
to its objectives, strategy and performance criteria (see also point 3.2.3
Economy, efficiency and effectiveness)?
• Does the SAI seek the views of audited entities regarding the quality of its audit
reports?
• Has a team of quality assurance auditors been formed to carry out these tasks?
• Does the SAI periodically evaluate its work methods by self assessments in order
to implement a process of continuous improvement?
• Does the SAI undergo periodic external evaluation, e.g. peer reviews, of its work
as part of a commitment to a continuous improvement process?
2.5 Relations to other public entities
• Is the relationship between the SAI and Legislature and also Government
clearly defined by law according to the conditions and requirements of
168
the national situation, with SAI independence as the guiding principle?
2.6 Security of information
• Does the SAI have clear standards in place to assure that information is
treated with due confidentiality?
• Does the SAI ensure that privileged information acquired is made available
only to the addressee and not to third parties?
• Does the SAI ensure the communication of these standards among the
auditors as well as their application?
3 Structural aspects
3.1 Formal rules
3.1.1Structure and responsibilities
• Does the SAI possess an organisational structure that enables it to fulfil its
tasks in good conditions of effectiveness, economy and efficiency?
• Are functions and responsibilities defined clearly and transparently for all staff
and are overlaps avoided?
• On the other hand, is the full coverage of all SAI tasks ensured?
• Does the SAI have an efficient system of internal reporting and communication?
• Does the SAI have a mechanism in place to ensure quality control and quality
assurance within the overall structure?
• Is there a commitment on the part of the SAI’s top executive to promote and
ensure that quality control is practised?
3.1.2 Alterations in the audit tasks
• Is the SAI able and flexible enough to respond to changes in its audit tasks in a
timely manner, provided the law permits?
3.2 Functional areas
3.2.1The audit process – structure and documentation
• Is the entire audit process clearly structured and are the roles of all those
involved defined clearly and transparently?
• Is there a clear procedure for resolving differences of opinion?
• Is the audit process adequately and continuously documented?
• Does the SAI have a wide field of attributions to evaluate and decide on all
aspects that are essential for the accomplishment of its missions?
169
3.2.2Technical and administrative requirements
• Does the SAI possess the technical and communicational means needed to fulfil
its tasks?
• Is the IT equipment adequate?
• Does the SAI foster the use and the development of information technologies,
including the use of computer based auditing methods?
• Have training events on computer-assisted auditing been held?
• Does an audit manual on IT assisted audit exist?
• Does this include an (electronic) archiving function and the internet/intranet?
• Are there administrative units within the SAI which support the work of audit
teams by carrying out clerical, IT and publishing tasks?
3.2.3 Economy, efficiency and effectiveness
• Are there provisions (e.g. financial and human resources, logistical and transport
provisions) to ensure that the SAI performs its tasks in an economic, efficient and
effective way?
• Does the SAI have benchmarks to monitor its performance and does it address
weaknesses?
• Is information about weaknesses in the SAI’s performance reported to senior
management and consistently acted upon?
3.2.4 Human resources
3.2.4.1General strategy
• Has the SAI established a clear strategy providing adequate assurance it has
the necessary staff, both in numbers and skills, to address its tasks (workforce
plan)?
• Are there clear policies in place covering such human resource issues as staff
entitlements to training and development, staff appraisals, pay and
remuneration, dealing with conflicts of interest, and staff rotation?
• Does the SAI have a policy in place to identify the staff having the skills
currently needed by the SAI?
• Does the SAI provide for maintaining know-how of staff leaving the
organisation?
• Does the SAI lay stress on personal/social skills as well as technical skills?
170
3.2.4.2 Recruitment strategy

• Has the SAI established a clear strategy for recruiting and selecting new staff
members?
• Does the SAI seek excellence and anticipate its future needs according to the
type of work the SAI expects to perform in the future?
• Is the recruitment strategy separated from the general strategy?
• Does it provide for education objectives and programmes, or are these drawn up
in a separate document?
• Can the SAI access persons with specialised knowledge such as engineers,
architects or IT specialists?
• Does the SAI use adequate ways of recruiting (e.g. assessment centres etc.) and is
it independent in selecting new staff?
• Does the SAI ensure that its staffing needs are publicly known so as to
make the hiring process transparent and generally open to applicants, thus
providing for equal opportunities?
• Does the SAI place adequate emphasis on professional education and
experience when recruiting staff?
3.2.4.3 Initial and induction training
• Does the SAI provide initial training and induction training designed to help
new arrivals? This concerns (among other things) such matters as organisational
structure, internal and external working relationships, ethical standards,
performance standards, etc
• Does induction training include a trial period and a period of practical field work?
• Does the SAI prefer recruiting skilled/experienced staff or does it want to train
the newcomers itself?
3.2.4.4 Technical and skills training
• Does the SAI provide for technical and skills training intended to equip
auditors with the methodological knowledge and skills needed to plan, conduct
and report on whatever type of audit (compliance, regularity, financial or
performance) the individual auditor is expected to perform, and to do so
efficiently and at a high level of quality?
• Does the SAI have a dedicated technical support unit that updates technical
documents and provides support?
• Does the SAI use staff as facilitators who have considerable
171
expertise/experience in the knowledge and skill areas which shall be trained?
• Are staff training needs evaluated?
• Are auditors given the chance to point out training opportunities at home or
abroad?
3.2.4.5 Managerial training
• Is there managerial training for those supervising an audit team?
• Does this ensure that managers have the skills required as they progress within the
organisation, for example operational and strategic planning, budgeting for time and
money, analysing of results, communication, presentation and social skills?
• Is there a strategy in place to identify and train future managers?
3.2.4.6 Continued training
• Is there a policy in place to ensure that auditors routinely undergo training to
continuously maintain and enhance their professional capabilities?
• Does the SAI have a commitment to life-long learning?
• Is there a training programme detailed by weeks and months, and are education
objectives determined for a year or a longer period?
• Is there a mechanism in place to ensure that all auditors take part in training?
• In order to improve the knowledge and know-how of staff, and help them
deal with the increasing diversity of the tasks they have to undertake, do they have
the opportunity to benefit from external training courses, internships, or
secondments- including the opportunity to participate in joint audit missions with
other SAIs ?
• Are employees adequately motivated to develop their professional skills?
3.2.4.7 Evaluation
• Is staff performance evaluated on a regular basis?
• Are the evaluation criteria generally known?
• Is the evaluation performed objectively?
• Are the objectives and the proposed use of evaluation results been defined?
3.2.4.8 Employee feedback
• Does the SAI ensure that staff are treated fairly and equally? Does the SAI obtain
feedback on these issues?
• Is a mechanism in place allowing staff to express their opinions confidentially
172
and permitting that the suggestions made are taken into account?
4 Audit approach
Audit approaches vary according to the mandates of SAIs. The following subparagraph
therefore deals first with questions that apply to all forms and mandates, while the
second subparagraph lists questions that will only be asked if the SAI’s audit mandate
provides for the specific type of audit.
4.1 Audit selection
4.1.1 General strategy
The general strategy may differ in respect to mandatory financial audits – with the legal
obligation to cover all entities – and performance audits that are fully under discretion of
the individual SAI.
• Does the SAI give proper consideration to the following when it decides what
areas to audit and when to perform those audits:
- the assessment of risks and the significance, sensitivity and materiality
and added value of the audit topics;
- the financial and human resources required for the performance of
particular audits, including consideration of the availability of audit
staff with the required skills, also taking into account the size and
complexity of the audited entity;
- the time at which the results of particular audits are likely to prove
most useful, including consideration of timing requirements imposed by
law;
- the potential need to revise audit priorities in response to changing
circumstances; and
- the selection and timing of audits may also be influenced by the work of
internal auditors or other auditors performing audits on the same bodies.
4.1.2 Priority of audit tasks
• When selecting audit tasks to be included in audit planning, does the SAI take due
care to avoid audit gaps?
• Does the SAI use relevant criteria to prioritise audit topics?
• How does the SAI handle relative priority among potential audit subjects,
considering audits required by law, where applicable, and the limits of the
mandate?
• Do indicators exist for quickly and reliably measuring the financial weight,
materiality and risk of the audit?
173
• Is the SAI free to use a sampling technique?

• Is the SAI free to leave specific accounts unaudited?
4.1.3 Selection of bodies to be audited
• Does the SAI select audit subjects with a view to generating audit findings that
provide an overview of the government operations that come under its audit
authority?
• Does the SAI collect information about the audited subjects and use this to identify
areas which merit inspection?
4.1.4 Cost efficiency
• Cost-consciousness may require that preference be given to audits which,
based on previous knowledge, are likely to generate significant findings.
• Are new audit areas also adequately taken into account?
• Are there rules to this effect?
4.2 Audit planning
4.2.1 Resources
• Does the reviewed SAI have an effective process in place by which it decides on
how to use its discretionary resources to best effect?
• Are resources used in audit(..) missions allocated appropriately?
• Are audits delivered within the deadlines?
• Does the SAI use any information collected during previous audit(..) work or
benchmarking exercises to help it estimate adequately resources and timeframe of
the audits?
• Are contingency plans in place to reduce the delays caused by the assignment of
staff to other tasks, leave of absence or sick leave?
• Does the SAI have a policy of considering the need for financial and human
resources required for the performance of particular audits, in particular:
- the number and skills of the staff available for the audit;
- the resources such as time, funding and others including external expertise, when
relevant, necessary for conducting audit work; and
- the risks that may be encountered in the audit?
4.2.2 Adequacy
• Does the SAI develop an understanding of the environment, accountability
and key management systems of the audited body prior to the actual audit?
174
• Are there procedures in place to ensure the quality of the audit questions and
methods, which are supposed to be used in the audit?
• Does the SAI provide for a follow-up review to determine whether appropriate
action has been taken on audit findings and recommendation previously reported?
• Does the SAI ensure that the audits delivered by the SAI are in accordance with
its applicable standards?
• Does the SAI identify the key elements of the internal control system?
4.3 Audit implementation
4.3.1 Staff
Does the SAI have a policy to ensure that
• all those involved in the audit understand the plan as a whole and the tasks
assigned to that person;
• each official involved in the audit has the skills needed to carry out the assigned
tasks; and
• there are no conflicts of interest or other factors that might impede any official
involved in the audit from carrying out the assigned tasks in a competent and
objective manner?
• Is the non-existence of conflicts of interest recorded?
• prior to the approval of the plan, those involved have been given the opportunity
to express an opinion on the tasks assigned to them and to participate in the
development of the plan.
4.3.2 Documentation and procedures
• Is the audit process documented adequately and transparently? Is the same true
for internal decision-making?
• Are the audit records duly registered to facilitate finding them?
• Are the physical and environmental conditions appropriate to ensure the adequate
preservation of the records irrespective of whether they are on paper or in
electronic form?
• Are appropriate steps taken in the following areas:
- audit documentation is properly kept, adequately describes audit tests and
findings, is referenced and is easily traced to the relevant elements of
the task plan and detailed audit programmes;
- the audit plan provides the links under which the working papers can be
found;
175
- treatment of printed evidence in a computer-assisted audit;
- audit evidence is sufficient and appropriate;
- audit evidence procedures are properly followed;
- security levels are in place to limit the access to documents which form
part of the audit evidence;
- the planned audit approach remains appropriate in the light of information
gathered in the audit or appropriate changes are made;
- internal control systems of the audited body are properly documented,
evaluated and tested;
- controls of an IT nature are adequately taken into account;
- proper sampling, analytical procedures, data gathering and information
analysis techniques are used, where appropriate;
- working papers include relevant, reliable and sufficient evidence
supporting all findings, opinions, conclusions and recommendations;
- auditors have documented the work performed in such a manner that
an independent person should be able to re-perform the work and be able
to understand the nature, timing and extent of the work that was done; and
- a checklist is drafted to ensure that the work done is properly documented.
4.3.3 Review before field work
• Before starting actual field work, is the plan reviewed to assure that it can
be properly implemented?
• Are all members of the audit team involved in this review to ensure that everyone
understands the plan as a whole as well as their roles in the audit, and to give
them an opportunity to raise any concerns that they may have?
• Are auditors encouraged to point out possible shortcomings in the audit task plan
and in the quality control system?
• Is the audit scope and/or task plan adjusted if significant unanticipated problems
arise?
• Are these modifications submitted to the manager in charge for approval?
• Does the SAI adopt and implement professional standards; strengthen
methods and techniques for preventing and detecting fraud and corruption;
enhance communication and reporting, and foster the publication and use of
guidelines and procedure manuals?
176
4.3.4 Continuous documentation

• Is the completion of individual tasks in the audit plan documented and
reviewed, evidenced and approved by the immediate supervisor of the auditor
responsible?
• Are audit working papers systematically collected, reviewed and maintained?
• Are changes in the approved audit plan documented, along with the reasons for
then, especially if they significantly alter the audit methodology or the time table
or other resources required to carry it out?
• Are those changes reviewed and approved by the official, if any, who
approved the original plan?
4.3.5 Supervision during audit
• Does the organisational structure include a supervision department or is the
supervisor part of the audit team?
• Or who else is in charge of supervision?
• Does the audit team leader adequately supervise those involved in the audit to
ensure that the audit tasks are carried out properly?
4.3.6 Review upon audit completion
• With a view to identify changes and improvements necessary for future audits:
Does the audit team leader, and his/her supervisors, if any, review all aspects
of the audit tasks performed during the audit, including tests carried out,
findings and working papers and document such reviews?
• Does the relevant auditor/audit team examine the causes and
consequences of the shortcomings found during the audit process?
4.3.7 External expertise
• Does the SAI seek assistance from external experts if unexpected problems or
technical issues are encountered during the audit work requiring skills beyond
those represented in the team?
• Does the SAI ensure that the work performed by the expert is properly
documented and evaluated?
• Is a glossary drawn up of the technical terms used by the external experts in
order to ensure understandability?
177
4.4 Audit reporting

4.4.1 Methodology
• Are reported audit issues properly analysed and concluded?
• Have all audit findings been evaluated as to their materiality, legality and factual
evidence and all relevant material findings included?
• Are all the facts fairly presented?
• Are sources of facts, figures and quotations mentioned?
• Are relevant and material events subsequent to the audit taken into account, to
the extent that the auditor is aware of and documents them?
• Is there documentary evidence in support of all conclusions and opinions?
• Is there a clear audit trail for audit steps, findings, conclusions and
recommendations prepared by the auditor and his assistants?
• Are the working papers fully cross-referenced?
• Are reports concise, clear, timely, precise, simple, objective, balanced and
constructive?
• Are they clearly perceived and well understood by the audited entity and the
various stakeholders?
• Are all findings and conclusions supported by adequate and reliable audit
evidence in the audit working papers?
• Are the recommendations developed by the SAI in accordance with
standards of good professional practice?
• Do reports, where applicable, expressly present positive conclusions or
state relevant measures and sanctions to be taken by the SAI?
• If so, does the auditor ensure there is sufficient evidence to support such positive
conclusions?
• Are time limits adhered to?
• Are applicable procedures followed with regard to serious irregularities and fraud
discovered in the audit?
• Is the full methodology of the audit performed well described in the reports
providing therefore more transparency and credibility to the findings?
178
4.4.2 Internal procedure

• Who is involved in drafting the report?
• Is it ensured that the report is in line with the audit findings?
• Are the reports reviewed for adequacy, conclusiveness, properness, readability
etc. by an experienced auditor, audit panels and/or a prosecutor general office
which are independent of the audit team?
• If applicable, is this review coupled with or followed by further reviews of the
draft report at higher levels or other parts of the organisation, especially if the
subject of the report is sensitive or the material is unusually
complex or technical? Such review by a transversal department is
recommended to avoid, especially on legal issues, successive inconsistent opinions
stemming from different units, issued by the SAI.
• Is there any clear statutory provision and internal guidance as to who has the authority
to approve and issue the audit report (audit manager, audit panel, other)?
4.4.3 Different viewpoints conflicting evidence
• Is the draft audit report, after internal review, provided to the audited body
for review and comment within a specified time frame?
• To what extent are comments received from an audited body considered by the
SAI?
• Are these comments published in the report?
• How are factual disagreements resolved?
• Is all material conflicting evidence acknowledged in the report, together with an
explanation of why it has been rejected or is not reflected in the report
conclusions?
4.4.4 Reporting on misdemeanour
• Does reporting take place in accordance with the SAI’s mandate and relevant
legislation?
• Does the audit process foresee and the SAI ensure that cases of misdemeanour,
such as fraudulent behaviour, violation of contracts or other criminal offences are
reported to the prosecuting authorities without delay?
4.5 Follow-up and further treatment of the SAI’s findings
4.5.1 Follow-up
• Are follow-up audits conducted?
179
• Is there adequate and sufficient monitoring that the audit recommendations are
followed in due course?
• Is the time period between completion of the audit and the follow-up on the
implementation of the recommendations specified?
• Are there methods governing the implementation of follow-ups, as well as
definite criteria specifying when a follow-up is to be made?
• Does the SAI comply with it?
• In case the recommendations are not implemented or not implemented in due
course – does the SAI ensure this is documented and justified by the audited
entity?
4.5.2 Impact of performance audits performed by the SAI
• Does the SAI assess the impact of its audits on the performance of the audited
entity?
• Does the evaluation take into account the views of the various stakeholders?
• Are there quantifiable indicators for measuring the impact of the audit?
• Did implemented recommendations achieve improvements in performance?
4.5.3 Perception of the SAI
• Are there indicators of the way the SAI, its tasks, mission performance, and
professional competence is perceived?
• Is the SAI a body held in high esteem for the work it performs?
• Is the SAI regarded as an independent and professional organisation and
respected by the public in general and the various stakeholders in particular as
having positive influence on the improvement of state activities?
• Is the perception of the SAI evaluated?
• In what way are the results obtained from the evaluation to be used?
• What types of mechanisms have been considered to improve the perception of the
SAI from its stakeholders’ perspective?
4.4.4 Publication
• If audit legislation empowers the SAI to publish the results of its work: are
those publications elaborated with a view to being understandable to report users
and to the general public?
• In what form are the reports distributed?
180
• Does the SAI publish on the internet as well?
• What type of relationship does the SAI have with the media?
4.5.5 Managing institutional risk
• How does the SAI handle potential cases of audit failure, i.e. when complex
audits, possibly also involving matters which are highly visible and/or
politically sensitive, might undermine its credibility?
• Has it established a clear procedure for assessing these institutional risks and for
adapting to them, considering such matters as complexity of the audit, audit
costs, controversy associated with the matters being audited and likely co-
operation or resistance by the audited body?
4.5.6 Managing external relations
Does the SAI devote management time and attention to strengthening relations with
• parliament and its committees;
• the government to achieve improvements in government accounting and internal
controls;
• line ministries and state agencies, to enable auditors to do their work
efficiently, without interference and impediments;
• the media, to assure that the public is aware of key SAI products and of the
actions taken (or not taken) in response;
• private sector auditors and relevant professional associations, as to sharing
experiences that can strengthen quality in both sectors;
• the academic community to facilitate drawing on that source of specialised
expertise, when needed, and in recruiting high quality graduates; and
• the audit community, including co-operation at the bilateral and multilateral
level, to facilitate benchmarking, sharing of knowledge, experiences,
techniques and information on good practices.
181
Appendix 3
(Related to Chapter 2 Paragraph 2.11 Annual QAR Reporting)
Summary Report of QAR findings with Sample Report
The following format could be used by the QA Directorate for prepare the annual QA
report:
Name Period Audit Findings and Nature QAR WP Ref to QAR
of the of the Team Recommendations of the Team Findings and
Audit Audit Leader QAR Leader Recommendations
xxx xxx xxx xxx xxx xxx xxx
Name of the Audits – identify the specific audits reviewed by the QAR teams. Since this
is an annual report to top management, it should not be restricted only to performance
audits that were reviewed by the QA unit; rather, it should cover all types of audits
reviewed: financial attest audits, financial compliance audits and performance audits.
Period of the Audit– Indicate the periods or dates of above-mentioned audits were
conducted.
Audit Team Leader – it is important to state the name of the audit team leader to be
directly responsible for implementing the recommendations given by the QA Review
Team.
Nature of QAR – In this column, any of the different types of QAR (or a combination
thereof) may be indicated, such as pre-issuance reviews, post audit reviews, internal and
external reviews.
QAR Team Leader – The name and designation of the person responsible for the QAR
is indicated in this column for purposes of coordination and clarification on the
recommendations forwarded by the QAR Team.
On the other hand, the summary report on significant QAR findings and their relationship
to the OAGN’s QMS may contain the following components:
Name of the SAI – Indicate on the space provided the name of the OAGN.
Name of Team Members – List the names of the team leader and the members of the
audit team that completed the audits subjected to a quality review.
Methods Used – Mention the different methods used in the QA review of the completed
audits, such as, documents review, interviews, focus groups, analytical techniques, etc.
182
Domain – Identify the particular domain in the Quality Management System (QMS)
framework to which the good practice and negative findings relate. The domain could
either be any one of the domains such as Independence and Legal Framework, Human
Resource, Audit Standards, Methodology and Performance, External Stakeholders
Relation, etc.
Good Practices – These are the conditions in the SAI that meet the criteria or the desired
standards in relation to the domains being reported on.
Negative Findings – Only the significant findings should be summarised in this section.
These significant QAR findings on the completed audits are such that they pose high risk
if not addressed by OAGN’s top management.
Consequences/Likely Consequences – These are the effects or likely effects of the

findings. There may be more than one consequence for each of the negative findings.
Assessing the effects/likely effects can help determine the significance of findings.
Causes – These are the reasons why the negative findings exist or persist. There may be
more than one cause for each of the negative findings. The QAR team has to exhaust all
the underlying reasons or causes to be able to determine the appropriate
recommendations for solving the negative findings.
Recommendations – These are the solutions being offered by the QAR team to ensure
that the negative findings do not occur in future. It is important to remember that the
recommendations should be based on the causes underlying a finding, and not directly on
the finding itself. Consequently, there should be a one-to-one relationship between causes
and recommendations. .
183
(Sample Annual QA Report)
Name of SAI: Office of the Auditor General,Nepal
Name of Team Members:
Methods Used:
• Reviewing the documents collected in the process of audit exercise which is
maintained in the permanent and current audit file which was based on Quality
Assurance Review Questionnaire given in draft Quality Assurance Handbook on
Performance.
• Meeting and discussions with audit team member, Directors, Assistant Auditor
General of PAD and top management of OAG/N.
Domain 3: Audit Standards, Methodology and Audit Performance
A. Findings (conditions)
• Audit team has not been prepared Audit program in prescribed format.
• Audit team has not documented techniques applied for gathering audit evidence
and audit test procedures used in the available working papers.
• Audit team has not been prepared Audit plan in prescribed format.
B. Consequences/Likely Consequences/Effects
• Audit file does not provide information regarding field work, supervision,
delegation of work, activities completed while conducting audit.
• Audit file has not provided information about techniques used for gathering audit
evidence and audit test procedures used.
• Audit file does not provide information regarding audit objectives for each
MOPS, audit criteria to be used for each audit objectives, approach to audit with
details, manpower engaged, estimated working man days and detailed time and
work schedule.
C. Causes
• Detailed audit plan has prepared and documented in audit file but due to time
limitation audit program may not be prepared.
184
• Detail audit plan has specified the audit techniques and methods applied for
gathering information; however detail guidance to documentation techniques and
test procedure to be applied is not mentioned in PAG.
• Detailed audit program has prepared and documented in audit file which covered
almost all information of audit plan so they felt plan is not necessary.
D. Recommendations
• Audit program needs to be prepared in prescribed format and documented in
audit file.
• Checklist should be developed for gathering audit evidence and audit test
procedures used needs to be documented in working papers.
• Audit plan should to be prepared in prescribed format and documented in audit
file.
Domain 4: Leadership and Internal Governance

A. Findings(conditions)
• The audit files do not contain any sort of document related to declaration made on
the part of audit team and condition of conflict of interest between the auditor and
the entity under audit and close affiliations with management of audited entity.
• OAG/N has not formulated strategic plan for P A.
• Central Co-ordination Unit has neither practiced of separating the audit topic
which are to be audited by SAI personnel or outsourced nor developed monitoring
framework to ensure that all selected topic/issues are audited and reported in time.
• The audit files do not contain the documents related to monitoring of audit team
and supervision of field work.
• Audit team has not documented Performance Audit Progress Record Form,
Information Collection Form, Process Analysis Template, Risk Assessment
Process, Work Programme, Audit finding Form, Audit file Documentation,
Audit Review Form, Performance Audit Peer Review form and Annual Report,
Response & Decision of the Public Accounts Committee audit tool in working
files.
• Audit team has not used working paper prescribed by OAG/N. The collected
documents are not properly indexed and cross- referenced.
• Audit team may be impaired the independence of their work and creditability of
OAG/N.
185
• In the absence of strategic plan for PA topics are selected on yearly basis. Due to
this reason OAG/N is facing difficulties in determining number and topics to be
audited in subsequent years including resources required to carry out performance
audit.
• Out of the 25 topics selected by Central Co-ordination Unit in F/Y 2009/10 only
16 topics were completed. It created difficulty in determining resources needed
correctly for carrying out P A.
• Audit work at field level was completely depending upon audit team engaged.
• Documents and evidences could not be collected and recorded. Absence of use of
the prescribed tools have hampered performing audit in structured and prescribed
manner.
• Supporting document could not be compared with audit findings due to lack of
proper cross-referencing with each other which impacted review process.
C. Causes
• OAG/N has not made mandatory to declare and document the condition of
conflict of interest and affiliations with management of audited entity.
• Existing PAG has not made specific provision to formulate strategic plan.
• The roles and responsibilities of Central Co-ordination Unit are not clearly
mentioned in P A G.
• Questionnaire technique was used and reviewed by supervisor. OAG/N has not
deputed supervisor to supervise audit field work.
• Performance Audit Division has not made compulsory to use these forms.
Training to the auditor on the use of these formats was not given to the auditor.
• Absence of proper monitoring and supervision of documentation process of the
audit performance by the senior staff.
D. Recommendations
• OAG/N should make mandatory to declare and document condition of conflict of
interest and affiliations with management of audited entity.
• P A G should be updated and provisions should be made to develop strategic
plan for P A.
• The role and responsibility of Central Co-ordination Unit need to be mentioned
in P A G. Monitoring framework should be established while selecting topics or
issues and OAG/N personnel PA capabilities should be assessed.
186
• Documentation of monitoring and supervision should be managed and
reported to higher authority.
• Audit working paper files should contain all key documents such as audit tool 1
to 12 to each stage of the audit process and senior staff should monitor.
• Audit team should use and maintain working papers as prescribed by OAG/N
and all evidence, supporting information and findings are to be documented and
properly organised with appropriate indexing and cross-referencing. Senior staff
should timely supervise the documentation process.
Domain 6: External Stakeholder Relations

A. Findings (conditions)
• Audit objectives, scope, criteria and methodology were not formally
communicated to audited entity.
• Audit team has not discussed on preliminary audit findings with project
management to obtain their comments. Audit report was prepared without taking
response from audited entity.
• Audit team has not given appropriate time to audited entity management for their
response.
• Audited entity cannot get appropriate knowledge about audit coverage so that
they may not provide appropriate information.
• Comments of audited entity on audit findings were not incorporated in audit
report, the audited entity may disagree on contents of audit report resulting
inappropriate findings and recommendation.
• Audited entity was not availed sufficient time to respond on audit report.
C. Causes
• The practice of formally communicating audit objectives, scope and criteria is not
adopted but practice of brief discussion on these aspects in entry meeting has been
done.
• Offices are located far from OAG/N and due to time constraints of submitting
annual report exit conference could not be organised.
• To meet the dateline for submission of Auditor General's annual report 2010 the
audit team could not provide required time to audited entity.
187
D. Recommendations
• Audit objectives, scope, criteria and methodology should be formally
• Audit team should discuss on preliminary audit findings with audited entity's
management to obtain their comments and audit report should be prepared after
taking audited entity's response.
• OAG/N should give time as specified in the legislation to audited entity for their
response on auditor's findings and on the basis of audited entity's response
Assistant Auditor General designate to review the responses.
Domain 7: Results
A. Findings
• P A team has not assessed and categorized risk as mentioned in P A G.
B. Consequences/Likely Consequences
• Proper risk faced by entity may not be identified by audit and risky areas might be
left out.
C. Causes
• Appropriate training was not provided to the auditors on risk assessment and
categorization process.
D. Recommendations
• Training on risk assessment and categorization should be given to audit team and
risk assessment performed should be properly documented.
NOTE: The above example covers only one domain of the QMS to serve as as
illustration. If there are findings relating to other domains, the same should be
included by following the above reporting structure.
188
Appendix 4
(Related to Chapter 3 Section 1 Paragraph 3.3.3.8)
Checklist for Self Assessment and Audited entities Feedback
For those who decide it would be useful and helpful to seek the views of audited entities
about the work of an OAGN, you may wish to consider some of the following possible
lines of inquiry. These questions could also be used for a “self assessment” process.
Adding value
9 Was the focus of the audit too wide, too narrow, about right?
9 What insights into services did the audit provide?
9 What changes have been prompted or reinforced by the audit?
Approach and methods

9 Do you consider that the examination used suitable techniques for:
• Obtaining data?
• Analysing data?
9 Was the audited entity given the opportunity to comment on:
• Aims of the audit?
• Proposed methodology?
• Appointment of consultants?
9 If negative answers are received, explanations should be sought.
Working relationships
9 To what extent were the audit staffs courteous and professional in dealings
with the audited entity and its staff?
9 Was the audited entity:
• Kept up to date with progress?
• Given an opportunity to comment as results emerged?
189
Contribution to modernising Government
To what extent did this report make a positive contribution to the following aspects of the
Government?
9 Promoting good governance
9 Better financial management
9 Supporting innovation
9 Forward looking
9 Citizen-focused
9 Supporting appropriate risk-taking
9 Improving the civil service
9 Outcome focused
9 Better use of Information Technology
Fair and objective reporting
9 Did the draft reports present the facts:

• Accurately?
• Fairly?
9 Were the views of other parties:
• Incorporated?
• Given a fair hearing?
9 How good and fair was the press coverage?
General comments
9 How would you rate the overall quality of the audit report(s)?
9 How effective was the report in making things better? Or in saving money?
190
Appendix 5
(Related to chapter 2 section 2 paragraph 3.5)
Quality Assurance Review Plan of OAGN
1. Background and Jurisdiction of OAGN
2. Summary of the Terms of Reference
3. Objectives of the QAR
4. Scope and Approach of QAR
5. Methodologies to be used
6. Limitations of QAR, if any
7. Composition of QAR Team
8. QAR Timings
9. QAR Budget
…………… ……………………
Prepared by: Approved by:
Date: Date:
191
Appendix 6
(Related to Chapter 3 Section 2 Paragraph 3.7.2)
Physical Observation Checklist for Work Environment & Facilities
Name: Office of the Auditor General, Nepal

Observation by: ______________________________________________________
Date :________________(dd/mm/yy)
Instructions:
The checklist of questions below refers to the quality of work environment and existence
of materials and infrastructure.
• When responding to Existence questions, please check yes or no cases (in Existence
column).
• When responding to an appraisal question (sufficiency, adequacy, convenience,
human behaviours) please check cases 1 to 5 in the ranking column.
• (Note: 1 - unacceptable, 2 - poor, 3 - good, 4 - very good, 5 - excellent).
• In case you have any remark, please post it in the appropriate “Remarks” column.
Existence Ranking Remarks
No Item Yes No 1 2 3 4 5
A Physical work environment
Office convenience
There is sufficient room

space.
Office rooms are well
organised.
192
Work areas are clean.
Work areas are tidy.
Work areas are free from

sound.
Room temperature is
adequate.
Furniture is efficiently
arranged.
Lighting condition in
work areas is adequate.
Storage equipment exists
for all staff.
Storage spaces for all
staff are adequate.
Common space and commodities
Waiting areas for visitors

exist.
Waiting areas for visitors
are convenient.
Drinking water facilities
exist.
Drinking water facilities
are convenient.
Rest rooms exist.
Rest rooms are

conveniently situated.
193
Parking facilities exist.
Parking facilities are

convenient.
Training rooms
Training rooms exist.
Training rooms are well

equipped.
Meeting rooms
Meeting rooms exist.
Meeting rooms are well

equipped.
Security
Security checkpoint
exists prior to office
access.
Fire security exists.
Location
Departments/divisions/
sections are efficiently
located.
Library and Archives
194
Space is sufficient.
Library is well organised.
Access to library is easy.
Categories and numbers

of books are sufficient.
Library is clean.
Permanent files exist.
Audit Reports exist.
Courseware exists.
Borrowed materials are

controlled and followed-
up.
Access to confidential
information is controlled.
B- Stationery, tools and equipments
Stationery
Stationery supplies for all

staff members are
sufficient.
Technology
195
Number of desktop
computers and laptops is
sufficient.
Anti-virus protection
exists.
Internet access for all the
staff exists.
Internet access is easy.
Intranet exists.
Printers exist.
Printers are sufficient.
Printers are effective.
Photocopying facilities
exist.
Photocopying facilities
are convenient.
Relevant software exists.
Fax machines exist.

Fax machines are
effective.
Telephones for internal
communication exist.
Telephones for internal
communication are
effective.
196
Telephones for external
communication exist.
Telephones for external
communication are
effective.
Control for minimising
misuse of computers and
other costly equipment
(Fax, international calls,
mobile phones, etc.) are
effective.
C- Guidance Document
Audit Manuals exist.
Audit Manuals are
sufficient.
Audit Toolkits exist.
Audit Toolkits are
sufficient.
Auditing Standards exist.
Audit Laws exist.
Office Procedures
Manuals exist.
Office Procedures
Manuals are sufficient.
197
Appendix 7
Guidance on conducting Focus Group Discussion
DEFINITION
A focus group can be defined as a group of interacting individuals having some common
interest or characteristics, brought together by a moderator/facilitator, who use the group
and its interaction as a way to gain information about a specific or focused issue. The
moderator/facilitator is any credible person whose main task is to lead the
process/discussion in order to arrive at the objective of the focus group.
Focus groups, as differentiated from interviews, are more of a discussion method where
participants have more opportunities of interacting between themselves and among the
groups, led by the moderator/facilitator. The discussion focuses on the key questions,
usually limited in number as opposed to interviews where questions asked are
significantly more in number.
PURPOSE
The Focus group as a technique is particularly well suited for gaining an insight into
certain issues. Hence, the participants should be chosen based on their ability to provide
specialised knowledge or insight into the issue under study.
For assessing the needs of a particular organisation, the purpose of the study would be to
identify what the current situation is in that organisation, and its vision. The resulting
information would then be compared to get a picture of what the capacity building needs
of that organisation are.
STRENGTHS
Focus groups provide several advantages and limitations over other approaches used to
gather needs assessment/information. Among their advantages are the following:
• Researchers can interact directly with respondents (allows clarification, follow-up
questions, probing) and gain information from non-verbal responses to supplement
(or even contradict) verbal responses.
• Data uses respondents' own words; can obtain deeper levels of meaning, make
important connections, and identify subtle nuances.
• Very flexible; can be used with wide range of topics, individuals, and settings.
198
LIMITATIONS
Among its limitations are the following:
• The moderator/facilitator has less control over the group; less able to control what
information will be produced.
• Produces a relatively wide variety of data and information, making data analysis more
difficult.
• Small numbers and convenience sampling severely limit ability to generalise to larger
populations.
• Requires carefully trained moderator/facilitator who is knowledgeable about group
dynamics.
• Moderator/facilitator may knowingly or unknowingly bias results by providing cues
about what types of responses are desirable.
• Uncertainties about the accuracy of what participants say.
• Results may be biased by presence of a very dominant or opinionated member; more
reserved members may be hesitant to talk.
• Data analysis is often complex and time-consuming.
• The quality of the conduct of the focus group and the data and information gathered
are dependent on the participants’ qualifications and competencies.
WHO SHOULD CONDUCT FOCUS GROUPS?
Conducting a focus group requires a high level of competence. The facilitator must
possess facilitation techniques, discussion-leading skills; know-how to write appropriate
questions, and how to analyse qualitative data. The facilitator is primarily concerned with
directing the discussion, keeping the conversation flowing, and taking minimal notes. The
facilitator or moderator keeps the discussion focused without discouraging the sharing of
ideas, and gets all members to contribute while making sure that one or two members
don't dominate.
Moderators / facilitators should develop qualities outlined by Kvale (1996) and Fern
(2001)
• Knowledgeable – must be thoroughly familiar with the topics of the focus group.
• Enthusiastic – must value and like his or her role in the focus group, but must remain
impartial.
• Approachable – must be able to blend in and make sure the group can relate to him
or her.
• Sensitive – must be able to listen attentively to what is said and how it is said; be
empathic.
199
• Open and flexible – must respond to what is important to the participants.
• Critical – must be able to politely challenge what is said. For example, you might
question inconsistencies in participants' replies.
TARGET AUDIENCE
Focus groups are composed of people (8-15) who are similar to each other on some
specified criteria of interest. Homogeneity is determined by the purpose of the study and
serves as the basis of invitation of participants.
Because the idea of focus groups is to take advantage of group interactions, it is
important to use the information at the group level, not the individual level. Hence, the
focus group may be:
• Senior management of the OAGN (or those who participate in and have influence on
the decision-making process in the OAGN).
• Middle and lower level management of the OAGN (audit team leaders, head of
Training, etc.).
• External stakeholders.
It is possible to consider the possibility of inviting 1-2 representatives of the external
stakeholders to the senior management focus group.
In the case of regional focus groups, it is possible to consider the possibility of inviting 1-
2 representatives of the regional secretariat.
HOW TO CONDUCT / USE FOCUS GROUPS
Before the Actual Conduct of the Focus Group:
1. Clearly define the purpose of the exercise.
2. Specify qualifications of participants as to level and experience.
3. Develop the questions. Writing good questions is crucial, so revise them until they are
clear and succinct. Use the following guidelines:
• Ask questions that encourage description and depth.
• Use simple, clear language. Use language participants understand. Avoid asking
questions that have several possible meanings or questions that are so long that
they are difficult to follow.
• Avoid biased questions or questions that lead participants to answer in a particular
way.
• One concept per question. Questions addressing more than one concept may
confuse participants, leading them to answer only one part of the question or to
answer neither part. The solution is to separate two ideas into two questions.
• Choose relevant subjects.
200
• Consider level and capability of target participants.
• List areas to probe to ensure a wide coverage of the specific topics in all sessions.
4. Design and develop the materials to be used. Design discussion guide questions that
are complete and concise and rewrite any question that might prompt a respondent to
ask for clarification.
5. Conduct a pilot test among a pre-defined target audience whose qualifications
approximate those of the intended target audience.
6. Revise and complete the discussion guide and all visuals preferably one day before its
conduct.
7. Check up on venue. Ensure that the venue is convenient, comfortable, and relaxing.
Rooms with one-way mirrors, conference tables, and microphones hanging from the
ceiling may make participants feel like they are performing, so make the setting
informal, because people are more likely to open up if they feel at home.
During the actual conduct of the Focus Group
Dressing appropriately for the venue will improve rapport. It is acceptable to wear blue
jeans for a student focus group, but better to wear more professional attire among
programme managers or administrators.
1. Begin by introducing yourself as the moderator/facilitator. If you are conducting the
Focus Group with a co-facilitator, ask him/her likewise to introduce him or herself.
Ask also the Recorder to introduce self, if any. Emphasise the roles that each person
plays during the Focus Group – that of facilitating the sessions.
2. After the introduction, ask the group members to introduce themselves, or use an
icebreaking exercise to get them involved. To preserve confidentiality and
commonality, then ask members to introduce themselves by first name only and to
avoid topics that emphasise differences in status that might threaten cohesion.
3. Consider following this agenda:
• welcome the participants to the Focus Group;
• discuss the purpose of the Focus Group;
• present the agenda or process map of what will be done; and
• review administrative matters with the Group, if necessary.
4. Convey to the participants the expectations in terms of what the Focus Group should
produce and tell everyone that all contributions will be valued and will remain
confidential.
5. Inform participants of your plan to record the sessions, if necessary.
6. Facilitate the session and be guided by the following principles:
201
• the major goal of your facilitation is to collect useful information to meet the goal
or purpose of the Focus Group, i.e., capacity building needs assessment;
• carefully word each question to be asked;
• allow the groups a few minutes for each member to carefully record their answers.
Then facilitate discussion around the answers to each question;
• after each question is answered, carefully reflect back a summary of what you
heard. This allows the other members of the Focus Group to hear the answers if
they had missed them the first time; and
• ensure even participation. If one or two people are dominating the discussion,
attempt to call on others. Consider a round-table approach, including going in one
direction around the table, giving each person a minute to answer the question. In
most cases, the Moderator/Facilitator should be able to “read and feel” the group
pulse.
7. Summarise at appropriate points during the discussion by reviewing with the Group
what has been said.
8. Close the session by thanking the participants and ensuring them that they will be
provided with a copy of the documentation of what transpired during the Focus
Group.
Immediately after the conduct of the Focus Group
1. Transcribe and analyse the data. A brief summary and analysis, highlighting major
themes, is sufficient when decisions must be made quickly, the results are readily
apparent, or the purpose of the group is purely exploratory.
2. Focus groups generate large quantities of data. It is important, therefore, to have a
clear plan for special formatting that may be needed to meet the requirements of the
project.
3. Make conclusions. Evaluate the results by how well they answer the study's central
questions.
4. Disseminate results. To emphasise the importance of participants' contribution in the
assessment and make future participation more likely, share the results with them,
describing response patterns, general impressions, and how the results will be used.
202
WHEN TO CONDUCT FOCUS GROUPS
1. Focus Groups should be conducted when we want to optimise the results of other
research tools administered. Hence, they can be held after having gathered the
different data and information resulting from other tools, mainly the survey
questionnaire.
2. Focus Groups can also be a tool to assist in the development of surveys by identifying
issues most relevant to potential respondents.
PRINCIPLES FOR PLANNING FOCUS GROUP MEETINGS
1. Define the terms used so that all respondents have the same understanding of what is
being asked.
2. Prepare the Focus Group script. The script determines the content of the discussion
within each group. Hence, it should contain a list of probing questions designed to
elicit answers to your broader study questions. These broader study questions are
rarely asked directly in the focus group sessions. Instead, composing the script
involves considerable thought about what specific probes would best get at the
broader questions you want answered for the project.
3. The task of designing the materials and developing the questions usually takes much
longer than one would expect, and therefore you might want to estimate the time you
will need, and then double it.
4. Have your facilitator, colleagues, and appropriate members of your advisory
committee participate in developing, reviewing, and editing the questions and
documents.
5. Condensing, organising, and making meaning of focus group content as a result of
questions asked is often the most time-consuming and expensive part of an
evaluation, so consider how you will analyse data early in the study design process.
It is not appropriate for supervisors to facilitate groups with subordinates.
203
Appendix 8
Guidelines on conducting Interview
INTRODUCTION
Conducting interviews is a common technique used for gathering information during
needs assessments. To ensure comprehensiveness of a needs assessment, interviews
should be preceded by a survey and, if possible, complemented by the use of other data
and information gathering tools as well. The results of the survey should feed into the
interview. It is important to recognise that the quality of the needs assessment is likely to
be inadequate if only the interview tool is used for obtaining data and information on
capacity building needs assessment.
WHAT IS AN INTERVIEW
An interview is a data and information collection procedure in the form of a carefully
planned set of questions that an interviewer asks a respondent to obtain in-depth ideas
and perceptions on a topic of interest. With regard to needs’ assessments, this is
conducted to promote clarity and deeper understanding of the respondent’s perception of
capacity building needs of SAIs, and the associated strategies and challenges. Depending
on the situation, there may be more than one interviewer and, in some cases, even more
than one interviewee.
PURPOSE OF INTERVIEWS
The overall purpose of an interview during needs assessment is to gather data and
information relevant for assessing the capacity building needs of the target SAIs.
Interviews provide an opportunity to gather rich, qualitative descriptions in order to
answer key questions relating to the capacity building needs of SAIs. That includes views
and opinions of the interviewee on development needs of the SAI, such as key result
areas, challenges to be addressed, capacity building strategies and support required etc.
The following are some of the common purposes of using this tool:
• To identify causes and effects of an existing, or likely condition affecting the SAI’s
effectiveness;
• To obtain specific information on issues pertaining to highly specialised functions;
• To clarify information gathered through other tools; and
• To validate information gathered using other tools.
204
STRENGTHS AND WEAKNESSES OF INTERVIEWS
Strength
• They provide information directly from people;
• They provide flexibility to explore new ideas and issues not anticipated during
planning;
• Facilitates expression of diverse opinions and ideas;
• Allow the respondent to elaborate on his or her responses;
• Allow the interviewer to probe for deeper understanding and clarity about the
respondent’s answers;
• Facilitates arriving at a common understanding between interviewers and
interviewee; and
• Provide opportunity to obtain sensitive and confidential information that the
interviewee may not be willing to provide in a public place/forum.
Limitations
• They are generally not appropriate if quantitative data are needed;
• There is risk of gathering unreliable information if the interviewees are not carefully
selected;
• Information provided by the interviewee may not be representative of the population
from which the interviewee is selected;
• They are susceptible to interviewer biases;
• It may be difficult to prove the validity of findings;
• Information gathered through interviews are not easily quantified, and analysis can be
quite challenging;
• Can be tiring to conduct several interviewees over a short period of time.
WHO SHOULD CONDUCT INTERVIEWS
Interviews should be conducted by members of the needs assessment team who possess
skills necessary for effective interviewing. The interviewer should possess:
• Fluency in the language to be used for conducting the interview;
• Effective listening skills;
• Good observation skills;
• Effective discussion leading skills;
• Time management skills;
205
• Ability to remain neutral even if he or she is tempted to take a position in response to
any comment of the interviewee;
• Good writing skills;
• Ability to take notes quickly without straying from the flow of the conversation;
• Analytical and synthesising skills; and
• Knowledge of, and experience in, auditing
TARGET AUDIENCE
The interviewees may be selected from within the OAGN as well from among external
stakeholders. Within the OAGN, interviews may be conducted with selected people from
different levels, ranging from top management down to non-supervisory staff. Selection
of the level of the interviewee would depend on the purpose of the interview. For
example, if the purpose of an interview is to obtain views on strategic capacity building
concerns of the OAGN, then it is recommended to interview representatives of the
OAGN’s top and senior management. On the other hand, if the purpose is to obtain
information on highly specialised functions within the OAGN, it might be more useful if
the interviewee is an expert in that functional area. If the interview aims to gather data
and information at a more operational level, then it might be more effective to select
interviewees from middle and junior management level, and experienced non-supervisory
staff. If time permits, it is recommended to interview persons from different levels of the
OAGN’s organisational structure. That will enable the interviewer to elicit information
from different perspectives and thereby provide a more holistic picture. Depending on the
capacity building domain being focused, it would be useful to interview representatives
of external stakeholders of the OAGN, for example, from some audited entities, the
ministry of finance, and public accounts committee.
WHEN TO CONDUCT INTERVIEWS
Interviews can be conducted at different stages of a needs assessment process. However,
it is recommended that interviews are conducted after obtaining a reasonably good
understanding of the OAGN. That will enable a more effective conduct of interviews. As
such, it might be better to conduct interviews after obtaining responses to a detailed
survey and, to the extent possible, after some review of documents pertaining, at least, to
the structure and functions of the OAGN.
HOW TO CONDUCT AN INTERVIEW
Using the interview technique involves three stages: Planning the interview, conducting
the interview and concluding and documenting the findings.
Planning the interview
The effectiveness of conducting an interview is directly related to the quality of planning
that precedes it. The interviewer should plan meticulously before conducting an
interview. The following are some suggested steps for effective planning of an interview:
206
• Select the interviewer(s) possessing the requisite interviewing skills. Sometimes, a
panel of interviewers may be used, with a mix of expertise. In the latter case, bear in
mind the risk that an interviewee may feel uncomfortable facing many interviewers at
the same time.
• Research the OAGN. Study all available back ground information on the OAGN. If
the survey responses have been received, this would be right time to go through it.
• Determine the position from which the interviewee will be drawn. If it is one among
several similar positions, then you may even identify the specific person to be
interviewed.
• Research the position. Develop an understanding of the position to which the
interviewee belongs. Where is it located in the organisational structure, how many
people report to that position, what are the primary responsibilities of the position,
etc?
• Identify a few key questions from Annex-1 or Annex-2, depending on the level to
which the interviewee belongs. These few questions may form the basis of the
interview discussions.
• Organise the questions in logical sequence. It might be helpful to start with a few
simple closed questions before moving on to more challenging open questions. That
will help the interviewee to relax and settle down.
• Plan your opening remarks required to establish rapport with the interviewee.
• Agree with interviewee on the time and location of interview.
• Ensure availability of all materials and equipment necessary while conducting the
interview. This may include results of a survey conducted prior to the interview, any
references that may be necessary during the interview, recording equipment, etc.
• Inform the interviewee in advance of the key interview questions and the capacity
building framework. The former will enable the interviewee to reflect on possible
responses and thereby facilitate richer discussions during the interview. Familiarity
with the capacity building framework will facilitate easier linkage between the
interview discussions and the domains and elements of the framework.
Conducting the interview
Beginning the interview:
• Acquaint yourself with the interview guide and questions before arriving at the venue.
• If it is a long questionnaire, identify priority questions, bearing in mind the other tools
already used or to be used, the position of the interviewee in the organisational
hierarchy, time available for the interview, etc.
• Introduce yourself and your team members, if any.
207
• Establish a rapport with the interviewee. This may include thanking him or her for
providing the opportunity for the interview.
• Explain the purpose of the interview.
• Indicate how much time it is likely to take.
• Address terms of confidentiality. Explain who will get access to their answers and
how their answers will be analysed. If their comments are to be used as quotes, get
their written permission to do so.
• One of the challenges is to capture the interviewee’s responses even while paying
attention to his or her responses and the process. One way is to take along a colleague
to take notes. Another option is to obtain recording equipment. In such cases, obtain
interviewee’s consent and reiterate the confidentiality agreement mentioned above, so
that the interviewee does not feel uncomfortable observing all his or her comments
being meticulously recorded.
Discussing the topic:
• Adopt appropriate non verbal communication, e.g. facing the interviewee directly,
direct eye contact with interviewee, leaning slightly towards him, open posture,
nodding periodically to demonstrate attention to the flow of the interviewee’s
comments, etc.
• Start with factual questions. Questions requiring opinions and judgments should
follow. In general, begin with the present and move to questions about the past or
future.
• Listen carefully and demonstrate through verbal and non verbal means that you are
attentive to what the interviewee is saying.
• Use probing techniques. Encourage informants to detail the basis for their conclusions
and recommendations. For example, an informant’s comment, such as “The OAGN’s
mandate should be expanded?” can be probed for more details, such as “What
specific changes in the mandate would you recommend?”
• Maintain a neutral attitude. Interviewers should be sympathetic listeners and avoid
giving the impression of having strong views on the subject under discussion. That
may create an atmosphere of conflict if the interviewer is perceived by the
interviewee as taking an opposing stand. Neutrality is essential also because some
informants, trying to be polite, will say what they think the interviewer wants to hear.
• Control the discussion, but do so skilfully. The discussion should be directed towards
obtaining the facts or other information pertinent to the purpose of the interview, and
towards conserving time. A skilled interviewer will guard against the interviewee’s
discussing irrelevant matters to avoid answering questions or providing information
on painful or disturbing topics.
208
• Provide clear transition between major topics, e.g., ‘We've been talking about critical
issues facing human resource management in OAGN. Now I'd like to move on to
strategies that could be used to address these issues.’
• Get all the information needed during one interview; avoid to the greatest extent
possible the necessity of a second interview, especially if the interviewee in unlikely
to be available for a second round of interview.
Concluding and documenting
• Ask a closing question that allows the interviewee to respond to any issue that was
not covered but might be considered important by him or her, e.g., ‘Are there any
other issues you would like to discuss?’
• Briefly summarise the key information obtained at the conclusion of the interview.
• Do not extend the interview beyond a reasonable period of time, which should closely
approximate the time agreed upon when the appointment was made.
• Thank the interviewee before closing the interview.
• Prepare a memorandum of the interview discussions as soon as possible after the
interview. The memorandum should state the OAGN, the name and position of the
interviewee, the name of the interviewer, venue of interview, date and time of
interview. It should record the key data and information resulting from each key
question. If possible, get the formal or informal agreement of the interviewee later.
After conducting the various interviews, conduct a content analysis of the data and
information gathered and prepare a report. The analysis should link back the data and
information gathered from the interviews to the domains and elements of the capacity
building framework discussed in the IDI’s capacity building needs assessment guidance.
Please refer to Annex-4 for guidance on content analysis. The report should outline the
capacity building needs, strategies, challenges, and resource requirements as identified
through the interviews. For a suggested structure of the report, please refer to the IDI’s
capacity building needs assessment guidance.
Interviews can be used in conjunction with other information gathering tools or as a self
standing tool. However, more in-depth information is likely to be gathered if it is used in
combination with other information gathering tools such as surveys, focus groups,
document reviews, and physical observations.
PRINCIPLES FOR FORMULATING INTERVIEW QUESTIONS
• Keep in mind the kind of information you are looking for when formulating
questions. This will help avoid irrelevant questions and wasting time.
• Allow for open questions. While the nature of questions will be influenced by the
primary purpose of an interview, allowing some open questions will enable the
interviewee to choose their own terms when answering questions.
209
• Questions should be as neutral as possible. Avoid wording that might influence
answers, e.g., evocative, judgmental wording.
• Ensure questions are short rather than long.
• Avoid negatively worded questions. For example, ask ‘What are the key domains of
OAGN that need more attention?’ instead of asking, ‘what are the problems facing in
OAGN?’
• Questions should be asked one at a time. Avoid compound questions.
• Questions should be worded clearly. This includes knowing any terms particular to
the OAGN or the interviewee’s culture.
Provide for a closing question that allows the interviewee to respond to any issue that was
not covered but might be considered important by him or her.
210
Appendix 9
Questionnaire for QAR of OAGN
Division
AAG
DATE OF REVIEW
FINDINGS DISCUSSED WITH
AAG DATE
REVIEWER DATE
If the finding to a particular question is positive, a tick should be inserted in the “YES”
column.
If the finding is negative, a tick should be inserted in the “NO’ column, followed by an
appropriate reason / explanation in the remarks column. In such an instance, reference
should be made to the minutes of the discussion of the findings with management.
Instances may be found where the answer to a question is “NO”, but that the situation
was still within the scope of INTOSAI Auditing Standards (e.g. non-compliance with
Office methodology, although still within scope of INTOSAI Auditing Standards). This
should clearly be spelt out and reported accordingly.
If a question is not applicable, a tick mark should be inserted in the “not applicable”
column, together with an adequate explanation.
211
REF: Lima and Mexico

I. INDEPENDENCE AND LEGAL Declaration
FRAMEWORK ISSAI 1, 10 and 11
YES NO N/A COMMENT
Independence
1. Is the AG appointed by Parliament?
If no, please specify
_________________________
2. Is there a fixed term of office for the AG?
If Yes, please specify term.
____________________________
3. Does the AG and "Members" for collegial bodies
have legal immunity in the normal discharge of the
duties?
If No, please specify.
______________________________
4. Does the OAGN submit its budget directly to
Parliament without going through the treasury
department, which is its audited entity?
5. Is the OAGN entitled to use and re-allocate the
funds allotted to them under a separate budget
heading do so in ways that they consider to be
appropriate?
6. Is the OAGN's budget reviewed and approved by
Parliament?
If No, please specify _______________________
7. Is the OAGN free to determine the nature of its
organisational structure and functional process
without outside interference?
8. Is the independence of the AG laid out in the
constitution or audit law?
If not, please provide explanations regarding the
basis for the independence of the AG.
9. Is the AG protected by Law for his/her audit
report?
Please provide the relevant clause of the law.
10. Is the procedure for removal of the AG embodied
in the constitution or law?
11. Are the Audit staffs of the OAGN independent
from the Audited entities i.e. are they working for
the audited entity?
Mandate (Legal Framework)
12. Is there a constitutional provision regarding the
appointment of the AG?
13. What is the legal basis of OAGN’s mandate?
212
a) Constitution
b) Special law other than the Constitution
c) Others
14. Does the OAGN submit its Periodic / Annual report
to Parliament?
If no, please specify
____________________
15. Which body is responsible for assessing whether
the OAGN is achieving its mandate?
a) Parliament
b) Head of State
c) Ministry of Finance
d) Others
16. Does the OAGN have audit jurisdiction to audit the
following bodies? (Tick as many boxes as
appropriate.)
a) Federal or national government (Ministries
and Government departments - Executive)
b) Legislative
c) Judicial organs of the state
d) Intelligence agencies
e) Armed forces
f) Police department
g) Local government units (cities, provinces,
municipalities)
h) Government-owned or controlled
corporations / companies
i) Bodies / autonomous bodies not owned but
substantially funded by the government or
from the State Budget
j) Foreign agencies and enterprises with
whom the State has joint venture
agreements
k) Agencies to whom performance and
delivery of public services is contracted out
l) Others (Please specify)
______________________________
17. Does the OAGN have unrestricted access to the
information?
18. Is there a constitutional provision regarding the
appointment of the AG?
19. Does the OAGN have the legislative mandate to
carry out the following types of audit? (Please tick
at relevant rows.)
a) Financial audits
b) Audit of compliance with laws and
213
regulations
c) Performance/Value-for-Money audits
d) Concurrent audits (for example, audit
during implementation of a project)
e) IT Audit
f) Environment Audits
g) Privatisation Audits
h) Others (Please Specify)
_______________________________
20. Are the above audits specifically mentioned in the
OAGN’s mandate?
If No, Please specify.
_________________________
21. Are there any entity not audited by the OAGN?
If yes, please specify.

___________________________________
22. Do the OAGN personnel have unrestricted access
to information?
If No, please specify.

____________________________________
. REF: ISSAI 200

II. HUMAN RESOURCES
YES NO N/A COMMENT
23. Does the OAGN establish policies and procedures to
provide it with reasonable assurance that it has
adequate number of competent and motivated staffs
with the capabilities and commitment to ethical
principles necessary to perform its audits in
accordance with professional standards and
applicable regulatory and legal requirements?
24. Does the OAGN have an office, section or person in
charge of the human resource management?
25. Does the OAGN have Human Resource Management
policies in the following areas? (Please tick as many
as appropriate boxes.)
a) Recruitment
b) Retention
c) Performance appraisal
d) Career development and training
e) Welfare
f) Performance management
214
26. Does the OAGN have an approved job description
for each position of the organisational structure?
27. Is the job description kept up-to-date?
28. In recruiting personnel, does the OAGN specify
minimum qualifications as per the job description
29. Are position profiles being tailored to the individual
requirements of all positions?
30. Has the OAGN adopted qualification requirements
for different levels of staff and management?
31. Are there adequate competencies and skills available
to meet the requirement for executing OAGN's
mandate?
32. Is recruitment taking place in a manner that allows
management to adequately address the audit needs in
that environment?
Consider matters such as vacancies, overall skills
levels, staff turnover, etc.
Recruitment
In cases where the OAGN requires expert staff who
cannot be recruited on the basis of conditions of the civil
service, special arrangements should be concluded with
them, placing them outside the regular wage scales.
33. Is retaining qualified staff a problem?
34. Does the OAGN have a reward mechanism in place
that provides incentives to staff members?
35. Which of the following incentives are provided by
the OAGN?
a) Naming and honouring the Auditor(s) of the
Year
b) Certificate of Excellence for outstanding
performance
c) Financial remunerations/benefits
d) Other incentives. Please specify.
_________________________________
Professional Staff Development
36. Are the following methods used by the OAGN for
the development of capabilities and competence?
a) Professional education
b) Continuing professional
education
c) Work experience
d) Coaching
37. Does the OAGN have a mechanism in place that
takes care of career planning and career development
opportunities for staff members?
215
38. Which of the following career planning and
development opportunities does your OAGN provide
for staff members? (Tick as many boxes as
appropriate.)
a) Relevant workshops or seminars
b) Professional university courses
c) Feedback on job performance
d) Merit-based promotions
e) Specialisation
f) Performance feedback and
coaching
g) Planned job rotation
h) Continuing professional
education
i) Phased retirement
j) Career counselling about challenging
assignments and possibilities for more
exposure and demonstration of skills
k) Assessment techniques and programmes to
help staff members assess their interests,
aptitudes and capabilities, and linking the
information derived to possible careers and
jobs
l) Self-directed and self-development
materials
m) Pre-retirement and post-retirement
counselling
39. Does the OAGN have a mechanism for identifying
technical and management skill gaps?
40. If yes to the above question, do you take measure to
address the identified gaps?
41. Does the OAGN have criteria set for promotion and
upgrading your employees?
42. Is there proof of detailed training needs’
identification taking place on a regular basis?
43. Are the training needs that are identified during the
quality control reviews:
a) Communicated to the relevant training staff?
b) Contained in the training business plan for the
next year?
44. Is there proof of success measurement against the
training business plans?
45. Is there proof of proper manpower planning?
46. Is there proof of proper career planning?
47. Is there proof of development (including the
216
scheduling of staff for audits) taking place in line
with this planning?
48. Does the OAGN ensure that auditors attending
training programmes or courses have applied the
knowledge gained?
49. Does the OAGN ensure that the auditor’s knowledge
gained via different training programmes (education
programmes) is being successfully used in the audit?
50. Does the auditor receive guidance during the audit
(including guidance from Head of a Unit, mentor,
and team members)?
52. Does the OAGN evaluate the current level of
knowledge on a regular basis to determine current
and future personal and organisational needs?
53. Is the effectiveness of the training plans evaluated?
54. Is there an annual training service agreement on
individual auditor basis in place?
55. Are there procedures for on-the-job training?
56. Is on-the-job training provided for each auditor?
57. Is the provided on-the-job training documented?
58. Do the audit managers design the composition of
teams and needs of the staff?
Welfare
59. What types of programme are in place for staff
welfare?
a) Health care programme
b) Social activities
c) Recreational & sporting facilities
d) Fitness programmes
e) Housing
f) Conducive environment
g) Counselling services
h) Others. Please specify.
________________________________
Performance Management
60. Are performance appraisals being performed on a
regular basis?
61. Is remuneration linked to performance?
62. Does the OAGN have a mechanism for
communicating job functions or areas of
responsibility to your staff?
63. Assignment of Audit Teams:
• Does the OAGN assign an audit team leader or
audit director to each audit to take responsibility
for that audit on behalf of the OAGN?
217
• Does the OAGN establish policies and
procedures requiring that:
a) The identity and role of the audit team
leader or audit director are communicated to
key members of audited entity management
and those responsible for governance;
b) The audit team leader or audit director has
both the necessary capabilities, competence,
authority and sufficient time to perform the
role; and
c) The responsibilities of the audit team leader
or audit director are clearly defined and
communicated to that team leader or
director?
. REF: ASOSAI AQMS

III. AUDIT STANDARDS, METHODOLOGY AND AUDIT Para 2.28, 2.29, 4.3-4.6
PERFORMANCE
YES NO N/A COMMENT
Standards
1. Has the OAGN formally adopted international
auditing standards?
2. Who determines audit standards
a) The AG
b) Audit Board
c) Professional Body in the Country
d) Ministry of Finance
e) Others , please specify
______________________________
3. Are these standards aligned to international standards
such as (IFAC, INTOSAI, Country specific or
Regional standards)?
Manuals and Other Guidance
4. Does the OAGN have audit manuals to guide staff in
the different audit areas like
a) Regularity audit
b) Performance audit
c) IT Audit
5. Are the manuals aligned to accepted standards?
Please check sample manuals and compare with
International Standards.
6. Are the manuals actually used in the audit process?
Please check a few samples.
7. Do all the staffs have access to the manuals? Please
218
verify among several staff members.
8. Is the manual updated at regular intervals? Please
note the last date of amendments.
9. Do the manuals have policies and procedures
designed to maintain the confidentiality, safe
custody, integrity, accessibility and retrievability of
audit documents?
10. Does the OAGN have policies and procedures on the
retention of audit documentation to meet the needs of
the OAGN and requirements of laws or regulations?
Audit Tools
11. Do staff use audit tools (e.g. Checklists, CAATS and
Others)?
12. Does the OAGN use audit automation Software (e.g.
ACL, Team mate, Case ware & others)?
Please specify. ________________________
Quality Assurance
1. Is there a dedicated unit responsible for QA?
2. Is the QA system addressing all dimensions of the
OAGN?
3. Are QA results used to improve performance of the
OAGN?
4. Does the OAGN have a QA manual?
5. Do the QA plans get submitted on time?
6. Does the QA plan comply with the strategy for the
selection of files?
7. Does the QA plan comply with the strategy on the
identification and selection of reviewers?
8. Have all QA reviewers been adequately trained?
9. Can all QA reviewers prove that they regularly
undergo continuous professional development to
ensure that they are technically up-to-date?
10. Does the selection include an adequate mix of files?
11. Was adequate care taken to keep the selection of files
confidential to prevent “window-dressing”?
12. Are the QA reviews carried out in accordance with
the quality review plan?
13. Are the QA reviews carried out using the approved
questionnaires?
14. Are the results of each of the reviews discussed with
:
a) Audit management
b) The audit team
15. And were all differences resolved?
219
16. Are the outcomes of the reviews adequately
addressed in action plans, which in turn feed back
into the Unit’s strategic plans?
17. Is there proof of follow-up of the action plans of the
previous year?
18. Is an annual report prepared detailing the following:
1. A description of the monitoring
procedures performed
2. Conclusions drawn
3. Description of repetitive or other
significant deficiencies
4. Action taken to resolve or amend
those deficiencies.
19. Does an independent body carry out an annual
evaluation of the OAGN’s Quality Review
programme?
Audit Performance
Does the OAGN establish policies and procedures to
provide it with reasonable assurance that audits are
performed in accordance with professional standards and
applicable regulatory and legal requirements, and that the
reports that are issued by the OAGN are appropriate in
the circumstances?
Audit Planning
1. Is the OAGN’s system of planning for all types of

audit adequately prepared to ensure that all significant
entities and programmes are covered, available
resources are optimally utilised for conducting the
audits and the work is completed expeditiously?
2. Do the criteria for its performance audit planning

process reflect reasonable and attainable standards of
performance against which economy, efficiency, and
effectiveness of programmes and activities are
assessed?
Staffing for the Audit
3. Does the OAGN establish a system where it keeps a

record of its pool of senior, middle-level and junior
auditors showing /identifying their competencies,
professional training and education from where the
OAGN draws the list of staff for possible assignment
in the conduct of its audits?
4. Has the OAGN establish a system of staffing audit
teams where the collective knowledge of particular
220
subject matters and audit proficiency, including
Information Technology (IT)-related aspects,
necessary to fulfil the requirements of audit are
considered?
5. Has the OAGN establish a system of evaluating
available expertise elsewhere when specialized and
technical skills necessary for conducting performance
audits are not available internally?
Information Technology (IT) Tools

6. Does the OAGN have established procedures and
approaches in auditing in an IT- environment such
that these provide reasonable assurance that the IT
audit tools and staff utilised are able to evaluate
whether the effectiveness and efficiency of IT controls
in information systems and related operations are
operating as intended?
Other Tools and Guidance
7. Does the OAGN have a group that helps implement

knowledge-based initiatives to help the OAGN
improve on the following areas?
a) Knowledge about how to do the work,
including continued support of methodology,
audit tools and techniques;
b) Knowledge about the OAGN, including an
organisational database and expanded
knowledge of the organisation delivered
through the intranet; and
c) Knowledge about current developments in
the areas of auditing.
8. Has the OAGN developed good practice guides for
each discipline/branch of audit, using documented
global good practices on audit methodology, tools
and techniques, to ensure uniformity and
consistently high quality in its services?
Conducting the Audit

provide it with reasonable assurance that the
practices and procedures to be followed by the team
in carrying out performance audits are followed, such
as:
a) Developing audit questions;
b) Developing audit programmes entirely
focused on the audit criteria, allowing for
221
flexibility and in consideration of levels of
details;
c) Method and means adopted for analysis of
data for deriving audit conclusions; and
d) Developing findings and recommendations.
Consultation

provide it with reasonable assurance that:
a) Appropriate consultation takes place on
complex, unusual or unfamiliar issues and
difficult or contentious items within the
OAGN with external experts and with the
audited entity;
b) Sufficient resources such as authoritative
literature, reference library for technical
literature, and in-house experts are available
to enable appropriate consultation to take
place;
c) The nature and scope of such consultations
are documented; and
d) Conclusions from consultations are
documented and implemented.
Evidence and Documentation
11. Has the OAGN establish procedures such that quality

assurance in evidence gathering is ensured through
the following?:
a) Evidence gathering linked to audit criteria
and audit objective; and
b) Compliance to Auditing Standards
particularly with reference to the quality of
competence, relevance, and reasonableness
of audit evidence and to the performance
audit guidelines documenting the procedure
of evidence gathering.
12. Has the OAGN adopted quality assurance in
documentation/working papers of its performance
audit in compliance with auditing standards and audit
guidelines issued by the OAGN on performance
audits, and in the verification of evidence by OAGN
top management?
222
Supervision and Review
13. Has the OAGN adopted a sound system of

supervision and review of audits essential for
maintaining good quality of audit such that it covers
the following?
a) Assigning responsibilities;
b) Providing sufficient guidance to staff
members;
c) Staying informed about significant problems
encountered;
d) Reviewing the work performed;
e) Overseeing individual development; and
providing coaching and feedback.
Reporting and Follow-up
14. Are the audit reports prepared by the OAGN

consistent with standards of reporting?
15. Has the OAGN develop a strategy for consistent and
systematic follow-up processes to enable them to
contribute significantly to effectiveness of the audits
conducted in bringing systematic improvement in the
functioning of the entity?
ASOSAI AQMS –
IV. LEADERSHIP AND INTERNAL GOVERNANCE Appendix A,
Chapters 4 and 6
YES NO N/A COMMENT
Leadership and Direction
1. Does the OAGN set the appropriate tone and direction

for the organisation?
Such as Accountability, Integrity and Reliability
2. Does the OAGN have a stated vision and mission?
3. Does the OAGN have short- and long-term goals?

Please state them here.
4. Does the OAGN emphasise and promote continuous
improvements?
Please verify through speech texts and minutes of
meetings.
5. Does the OAGN have a Standard on Quality and
Continuous Improvements?
6. Does the OAGN establish policies and procedures
designed to promote an internal culture based on the
223
recognition that quality is essential in performing
engagements? Such policies and procedures should
require the OAGN Head (or equivalent) or OAGN
managing board member (or equivalent), to assume
ultimate responsibility for the OAGN’s system of
quality control?
7. Does the OAGN continuously inspire its staff to
comply with the approved standards and procedures
and make their best efforts to deliver quality services
and products?
Strategic and Operational Planning
8. Does the OAGN have a strategic plan?

9. Does the OAGN have an operational plan?
10. Are the plans meeting their objectives? Please
compare a sample plans’ objectives with
achievements.
11. Is there a mechanism to measure the achievement?
12. Are the staffs at various levels aware of the plans?

Please test check with a sample of staff from various
levels.
13. Do the AG and other top managers have a
constructive quality assurance dialogue with the heads
of audit functions about audit work being done in the
units/sections?
Please ask for relevant minutes of meetings.
14. Do the AG and other top managers decide what audits
should be commenced?
Please verify with relevant minutes of meetings.
15. Do the top managers set important quality
requirements for the audit?
Examples of some important quality control
requirements include timeliness and compliance to
audit methodology and standards. A checklist of the
requirements should indicate the quality expectations
from the audit engagement.
Please consider matters such as the existence of a top
manager’s checklist.
16. Do the heads of the units/sections maintain and
improve the quality of work through a quality
improvement plan? Consider quality factors such as:
a) Ongoing training programme
b) Implementation of new knowledge
c) Management of post audit projects for follow-
up purposes
224
d) Recruitment of new people
e) Use of highly-skilled section managers
f) Improvement of the quality in audit
recommendations
g) Individual auditor training plan in place
h) Competence plan for the audit function
i) System for organisational learning in place
17. Does the OAGN encourage a culture of quality
through such means as:
a) Formal or informal dialogue
b) Mission statements
c) Newsletters
d) Briefing memoranda
18. Do the heads of the units/sections have a constructive
quality assurance dialogue with top managers about
audit work being done?
Consider matters such as:
a) Ongoing discussions during the audit work
b) Discussion of audit findings
c) Audit team included in the discussions
19. Are the OAGN’s policies and procedures addressing
performance evaluation, compensation, and
promotion designed to demonstrate the OAGN’s
overriding commitment to quality?
Internal Communications
20. Does the OAGN have agreed procedures for
communicating decisions made by management?
21. Does the OAGN have agreed procedures for
communicating policy decisions?
22. Are policy documents accessible to all levels of staff?
23. Does the OAGN have mechanisms for disseminating
information to staff?
Accountability
24. Are mechanisms in place to assess if the OAGN has
achieved its mandatory obligations?
Such mechanisms may include:
a) Survey
b) Study
c) External reviews
d) Feedback from parliament
e) Research
25. Does the OAGN report on its performance?
26. Does the OAGN publish its annual report?
27. Does the OAGN make its annual report public?
225
28. If yes, does it use any of the means below?
a) Through its website
b) Newspapers
c) Circulation of copies to stakeholders
29. Is the performance report of the OAGN audited?
30. Are the OAGN’s accounts externally audited?
31. Does the OAGN voluntarily participate in
peer/external reviews?
Code of Ethics and Conduct
32. Is there a documented Code of Ethics, adapted to the
OAGN’s environment, in place covering the issues in
INTOSAI Code of Ethics?
33. Is the above code adhered to?
34. Are there procedures to ensure that the Code of Ethics
is adhered to?
35. Does the OAGN ensure that all auditors comply with
the OAGN’s requirements which relate to integrity,
objectivity, professional competence and due care?
designed to provide it with reasonable assurance that
the OAGN and its personnel comply with relevant
ethical requirements, such as the following:
a) Integrity;
b) Objectivity;
c) Professional competence and due care;
d) Confidentiality; and
e) (e) Professional behaviour?
designed to provide it with reasonable assurance that
the OAGN, its personnel and, where applicable,
others subject to independence requirements
(including experts contracted by the OAGN and other
personnel), maintain independence where required by
the Code and national ethical requirements. Such
policies and procedures should enable the OAGN to:
a) Communicate its independence requirements
to its personnel
b) Identify and evaluate circumstances and
relationships that create threats to
independence, and to take appropriate action
to eliminate those threats or reduce them to an
acceptable level by applying safeguards, or, if
considered appropriate, to withdraw from the
engagement?
226
38. Do the policies and procedures require:
a) Private auditors engaged by the OAGN to
provide with relevant information about client
engagements, including the scope of services,
to enable the OAGN to evaluate the overall
impact, if any, on independence requirements.
b) Personnel to promptly notify the OAGN of
circumstances and relationships that create a
threat to independence so that appropriate
action can be taken; and
c) The accumulation and communication of
relevant information to appropriate personnel
so that:
• The OAGN and its personnel can readily
determine whether they satisfy
independence requirements;
• The OAGN can maintain and update its
records relating to independence; and
• The OAGN can take appropriate action
regarding identified threats to
independence on specific changes.
39. Does the OAGN have policies and procedures to

provide it with reasonable assurance that is is notified
of breaches of independence
40. Does the OAGN obtain, at least annually, written
confirmation of compliances with its policies and
procedures on independence from all personnel
required to be independent?
41. Does the OAGN have criteria for determining the
need for safeguards to reduce the threat of familiarity
with audited entity to an acceptable level, when using
the same senior personnel on an audit engagement
over a long period of time?
42. Does the OAGN have procedures to handle
complaints & allegations concerning failure to comply
with professional standards and regulatory
requirements of non-compliance with the OAGN’s
system of quality control?
43. Does the OAGN do follow-ups and investigate all
complaints and allegations?
Continuous Improvement
Research and Development
44. Does the OAGN have a Research and Development
(R&D) division?
227
45. Has the OAGN formulated a short and/or long term
R&D plan?
46. Have any research studies being done to enhance the
effectiveness of the OAGN?
47. Does the OAGN have sufficient funding for research?
Organisational Development
48. Does the OAGN review and redefine organisational
structure in accordance with strategy and
environment?
49. Does the OAGN organisational structure clearly
define lines of authority and responsibility?
50. Does the OAGN encourage staff to participate in
improving the organisation?
Change Management
51. Does the OAGN have a change management unit or
section?
52. Does the OAGN have a change management plan?
53. Does senior management provide sufficient support in
implementing a change management plan?
54. Does the OAGN have sufficient resources to carry out
change management process?
55. Does the OAGN effectively involve HR in change
management?
56. Does the OAGN reinforce change with job
descriptions?
57. Does the OAGN have a plan to address change
management resistance?
Ref: ASOSAI AQMS paragraph

V. Administrative Support 2.2
YES NO N/A COMMENT
Monetary resources
1. Does the OAGN have a short term financial

resource planning?
2. Is the budgeting process integrated into your annual
plan?
3. Does the OAGN have regular reviews of its budget?
4. Does the OAGN’s financial practice lead to

relatively accurate financial projections?
228
5. Does the OAGN have a sufficient number of
qualified staff for financial management?
If not completely, then how many qualified staff for
financial management does the OAGN need?
6. Does the OAGN keep adequate financial records
and accounts?
7. Is the OAGN financial report used for planning and
review purposes?
Material resources
8. Does the OAGN own office premises?
9. Does the OAGN have sufficient office space?
10. Is the lighting condition appropriate in the OAGN’s
office?
11. Does the OAGN have well-equipped meeting
rooms?
a) Multimedia-PA system, Projector
b) Computer
c) Telephone
d) Chairs and table
e) White board
f) Flip charts
12. Does the OAGN have well-equipped training
rooms?
13. Are the OAGN Departments/Divisions/Sections
located together?
Technology
14. Is the OAGN computerised?
15. Which of the following functions are computerised
in the OAGN?
a) Payroll
b) Finance
c) Audit planning
d) Asset Management
e) Archiving system
f) None of the above
16. Are the Desktop Computers and Laptops used for
daily work by all users?
17. What type of Internet access does the OAGN have?
a) Broadband
b) Dial-up
c) None at all
18. Who has access to the Internet?
a) Senior management only
b) Senior and middle management
229
c) All staff and management
19. Does the OAGN have internal IT support staff?
20. Are the IT personnel professionally qualified?
Please check a sample of the IT personnel’s
background qualification.
21. Does the OAGN offer internal IT training and
development programmes?
22. Does the OAGN have a Local Area Network?
23. Does the OAGN have photocopying equipment and

facilities?
24. Does the OAGN have a Wide Area Network?
25. Does the OAGN’s technology meet auditors’ needs?

Please conduct a focus group for discussion on this
topic before concluding.
Support Services
26. Which of the following support services do you
have in your OAGN?
a) Security
b) Maintenance
c) Transportation
d) Secretarial
e) Others ________________________
27. Are these Support Services provided in a timely
manner?
28. Does the OAGN have adequate security measures to
safeguard your facility?
. REF: ASOSAI QMS

VI. EXTERNAL STAKEHOLDER RELATIONS Chapter 5
YES NO N/A COMMENT
1. Does the OAGN have a strategy for establishing
and maintaining effective working relations with
external stakeholders?
2. Does OAGN have a formalised mechanism to
follow up on feedback on its performance
received informally or formally from external
stakeholder?
Parliament / Head of State / Head of Executive
3. Please circle the entity (Parliament/Head of
State/Head of Executive) that the OAGN
primarily reports to/is affiliated with. Is the
relation with the entity indicated set down in
law, or some other legislation?
230
4. Does the OAGN work directly with the entity
indicated?
5. Does the OAGN hold meetings or hearings with
them?
6. Are those meetings or hearings in public?
7. Following those meetings or hearings, is a report

with recommendations produced?
8. Does the OAGN seek regular feedback from the
entity indicated on its performance?
9. To what extent do the Executives implement
Public Accounts Committee's or its equivalent's
recommendations?
a) Completely
b) To a large extent
c) To a little extent
d) Not at all
Audited Entities
10. Is the role of the OAGN appreciated by the
audited entities? This can be established through
a customer satisfaction survey by the OAGN.
a) Completely
d) Not at all
11. Does the OAGN have a policy for
communicating with audited entities?
12. What is the extent of response of audited entities
to your OAGN?
a) Completely
d) Not at all
13. What is the extent of acceptance of the audited
recommendations?
a) Completely
d) Not at all
14. What is the extent of the implementation of the
audit recommendations?
a) Completely
d) Not at all
231
15. Is the audited entity given a reasonable
opportunity to respond to the draft audit reports?
16. Are the audited entity responses fairly
considered before finalising the audit report?
17. Does the OAGN make sound recommendations
for further improvements in audited entity
performance?
18. Does the OAGN seek feedback from audited
bodies on the quality of its work, staff and
systems?
19. Are the OAGN staffs trained in communicating
effectively with audited entity?
Internal Audit
20. Does the OAGN have an internal audit
department or equivalent?
21. Does the internal audit department report to the
AG directly?
22. Does the internal audit department have a
charter?
23. Does it have qualified personnel?
The media and the public
24. Are audit products made public?
25. Does your OAGN have the right to go to the
media with its audit findings?
26. Does the OAGN have a clear policy framework
for dealing with the media?
27. Does the OAGN deal professionally with the
media by providing high quality press releases
and press conferences?
28. Does the OAGN have a policy to ensure that its
publications are widely accessible to audiences?
29. Does it use such correspondence to inform future
audit activity?
30. Are professionally qualified members of the
OAGN encouraged to play active roles in their
professional associations?
Professional associations and private sector
auditors
31. Does the OAGN have professional relations with
other professional institutions and private sector
auditors?
32. Are there formal liaison meetings between a
senior member of the OAGN and the relevant
professional associations on a regular basis?
232
33. Are there arrangements for secondments
between staff in the OAGN and in private sector
auditing firms?
34. Does the OAGN contract out a proportion of its
audits to private sector auditors to enable it to
benchmark its costs and processes?
Consultation
35. Has the OAGN designed policies and procedures
to ensure that appropriate consultation takes
place on difficult and contentious issues?
36. Do the audit team and management have access
to experts either within the OAGN or outside,
pertaining to areas such as information
technology, taxation, technical, etc?
37. Is there proof of consultation with other
management members in instances of high risk/
uncertainty (peer reviews)?
38. Is there a technical department responsible for
research into complex technical or public sector
specific matters?
39. Are internal technical publications being
prepared on a regular basis?
40. Are all technical publications adequately
circulated?
Peers (OAGNs and regions)
41. Does your OAGN have cooperation
arrangements with other OAGNs?
Aid Donors
42. Does your OAGN deal with any donor agencies?
43. Does the OAGN meet regularly with donor

agencies to identify what external audits need to
be done and when?
44. Are there mechanisms which a OAGN can
undertake such that it can become the auditor of
first choice by donor agencies?
VII. RESULTS ISSAI 400
YES NO N/A COMMENT

1. Does the OAGN have a system to objectively
measure its results?
2. Is there a system to assure that performance
measures are of acceptable quality?
3. Is performance measurement conducted by staff
independent of those responsible for delivering
233
the audit reports (and other products, if any)?
4. Does the OAGN follow up on its performance

measurement results?
Outputs
5. Are the products delivered by the OAGN in

accordance with its audit mandate?
6. Does the OAGN have targets with regard to the
number of products of each type?
7. Does the OAGN measure performance against
the targets?
8. Does the OAGN have performance measures to
assess the quality of its products?
9. Does the OAGN assess product quality against
the performance measures?
10. Does the OAGN set deadlines for submission of
its products?
11. Does the OAGN meet its deadlines for
delivering its products?
12. To what extent is the OAGN is able to meet its
targeted outputs?
Impact
13. Does the OAGN have performance measures to
assess the impact of its products?
14. Does the OAGN regularly assess impacts against
these measures?
234
Appendix 10
Getting Information from External Stakeholders
WHO ARE THE SAIs’ EXTERNAL STAKEHOLDERS?

The OAGN has many external stakeholders which are vary from country situation
depending on the political system. The IDI’s capacity building needs assessment
guidance lists some of the common such stakeholders, namely, Head of State, Parliament,
Head of the Executive, Audited Entities, Internal Audit, Public, Media, Professional
Associations and Private Sector Auditors, Peer SAIs, and Aid donors.
WHY SHOULD INFORMATION BE OBTAINED FROM THEM
OAGN do not work for itself. They deliver products and services to different external
stakeholders who work together with the OAGN to promote public accountability and
transparency. Therefore, the perception of these stakeholders of the effectiveness of the
OAGN is an important element in the assessment of the latter’s capacity building needs.
Moreover, OAGN need the support of these stakeholders to ensure that their products and
services have the desired impact of promoting public accountability and transparency in
particular, and better governance in general. By gathering information directly from the
stakeholders, the needs assessment team will have the opportunity to assess the external
stakeholders’ perception of the OAGN’s effectiveness and also whether the relationship
between the OAGN and those stakeholders is helping to promote the impact of the
OAGN’s work. Such an assessment will, in turn, enable the needs assessment team to
determine capacity building needs of the OAGN and the way forward from there.
WHAT INFORMATION IS REQUIRED FROM THEM
The following kinds of information from external stakeholders would be useful to the
needs assessment team:
• What are the expectations of each external stakeholder from the OAGN?
• To what extent have their expectations been met?
• What could be the reasons why some expectations have been met?
• What could be the reasons why some expectations have not been adequately met?
• What could be done to enable the OAGN to better meet those expectations not met
adequately?
• How could the external stakeholders cooperate with the OAGN to enable the latter to
better meet their expectations?
235
WHO SHOULD OBTAIN THE INFORMATION
The skills required to obtain information from external stakeholders are not any different
from the skills required for obtaining information from internal stakeholders. These
would include the following:
• Inter personal skills;
• Communication skills;
• Meeting facilitation skills;
• Ability to remain neutral even if tempted to take a position in response to any
comment of the interviewee;
• Analytical and synthesising skills; and
• A good understanding of the role of the OAGN in the broader political context.
If a combination of tools is used to gather information from these stakeholders, it is
recommended that for each tool, the lead is taken by a member of the needs assessment
team who is relatively more skilled in the use of that tool. If the needs assessment team
members are not from the OAGN, it may be a good idea to include at least one member
of the OAGN in the team while meeting stakeholders. The position of this member in the
OAGN should be appropriate for the level of the external stakeholder to be consulted. For
example, if the team plans to meet the Minister of Finance, it may be appropriate if the
OAGN representative is the AG or a Deputy AG. On the other hand, if the external
stakeholder representative is an operational line manager, then it may be more
appropriate if his/her operational counterpart in the OAGN is included in the needs
assessment team. These decisions would also be influenced by the formal protocols and
culture. It may, therefore, be best to go by the advice of the top management of the
OAGN.
WHEN SHOULD THE INFORMATION BE OBTAINED
It is advisable to meet the external stakeholders after obtaining a good understanding of
the OAGN and its perspectives on their needs. Moreover, it is important that decisions
regarding meeting (or not meeting) with the OAGN’s external stakeholders, which of the
stakeholders to meet, the timing of the meeting, and the information gathering tools to be
used are taken after close consultations with the AG and after having obtained his or her
consent.
HOW SHOULD THE INFORMATION BE OBTAINED
Some of the approaches that could be adopted to gather such information include the
following:
• Meet representatives of each external stakeholder separately;
• Meet representatives of different external stakeholders together, say in a focus group;
236
• Invite them to join focus groups involving internal stakeholders of the OAGN;
• Survey the external stakeholders without meeting them face-to-face;
• Review relevant documents belonging to the external stakeholders that are related to
the work of the OAGN; and
• Physically observe the interaction of OAGN officials with external stakeholders in
different situations, e.g., during audits, and meetings of Public Accounts Committee.
As evident from above, all the tools relevant for gathering information from the internal
stakeholders of the OAGN can be used for getting information from the external
stakeholders. The criteria for selection of tools would be the same as for selecting tools
for gathering information from internal stakeholders, such as nature of information to be
gathered (e.g., qualitative or quantitative, confidential or unclassified, specialist or
general), availability of the identified external stakeholder representatives, time and other
resources of the needs assessment team.
The AG should be updated regularly on the meetings with the stakeholders and
information gathered from them, to ensure that he or she is not taken by surprise at any
point. It is recommended that the needs assessment team leader reaches an agreement
with the AG on the process that should be followed in this regard.
237
Appendix 11
Guidance on Content Analysis of Qualitative Information
Content Analysis
This is the process of organising and summarising large volumes of qualitative
information in order to reach some conclusions. Content analysis can also help in
providing quantitative findings from qualitative information. Content analysis is a key
tool for analysing qualitative information gathered through interviews and focus groups.
It can also be used for analysing qualitative information obtained through surveys or any
other tools.
The following steps are recommended for a content analysis:
Step#1-Read: Go through all the qualitative information gathered.
Step#2-Categorise: From the nature of the various items of information, identify broad
categories or issues under which the different items of information can be allocated. With
regard to capacity building needs assessment, the information may be categorised under
the following issues:
• Current situation relating to each element within each element;
• Desired situation for each element within each element;
• Causes for the gap between current and desired situations;
• Suggested strategies for addressing the gaps;
• Likely challenges in implementing the strategies;
• Resources requirements for implementing the strategies.
Step#3-Combine: If two or more items of information under a category convey more or
less the same idea, combine them with appropriate wording. For example, suppose an
interviewee suggested ‘Document the audit processes used by expert performance
auditors’ as a strategy for improving performance audit processes in the OAGN, another
suggested ‘Prepare operational guidance on how to conduct performance audits’ while a
third interviewee suggested ‘Formulate performance audit guidelines based on the
INTOSAI’s performance audit implementation guidelines’. These three suggestions
could be combined as one strategy, ‘Develop performance audit manual based on best
practices’.
Step#4-Quantify: If the qualitative information you are analysing has been obtained
from more than one person, determine the number of people who provided each item. If
appropriate, you may then calculate the percentage of the total number interviewed who
offered that item of information. For example, suppose after combining similar items,
238
you find that seven of ten interviewees suggested ‘Development of audit manuals’ as a
strategy to address inadequacies in the ‘Manuals and Guidance’ element of the ‘Audit
Methodology and Standards’ element. Here, ‘Seven’ is quantification and so is ‘seven of
ten’. Then we can also say that 70% of the interviewees suggested this strategy. While
quantifying, you may consider different weighting being given to information from
different interviewees, depending on their experience and expertise in the area under
discussion
Step#5-Write the report as per the key broad issues above.
239
Appendix 12
(Related to Chapter 3 Section 2 Paragraph 3.8.3A)
Template for Recording QAR Findings
QMS QMS Element

Element No name
Name of QA Name of AAG
reviewer responsible for
the QMS
element
Date Date
W/P Ref: Finding No
Finding:
{Insert the description of the finding or gap}
Impact:
{What can be the effect of the risk occurring}
Cause:
{Reason for finding/gap or problem}
AAG’s feedback:
{Insert the AAG’s response}
240
Appendix 13
(Related to Chapter 3 Section 2 Paragraph 3.8.3B)
Overview of Findings Recording Form
QMS Domain Name of Element within the Domain:

Name:
Impact/Likely Impact
Senior management
Recommendation
Finding Description
Risk level
feedback
Cause
Finding No
241
Appendix 14
QAR Report of OAGN
• Table of Contents –
• Executive Summary – The executive summary may contain the following:
o Brief background;
o Significant observations, and
o Key recommendations
• Introduction –
• Approach and Methodology used – It would cover items such as:
o The OAGN-QMS framework used;
o Main data gathering techniques used; and
o Limitations, if any, of the approaches used.
• Domain-wise findings and recommendations – The review team should include the
following items under each element of the OAGN-QMS framework:
o Desired condition – The team may consider the desired condition for each QMS
element discussed earlier in this chapter.
o Current situation – This should be a brief description of the existing policies and
processes relating to the QMS element.
o Weaknesses – These are the gaps between desired condition and current situation.
o Factors contributing to the weaknesses – It is critical to identify these factors
since they form the basis for recommendations.
o Management Response – Responses on current situation should be discussed in
this part.
o Recommendations – Suggestions for improvements in future by the OAGN. The
recommendations should be clear, meaningful and practical.
• Annexes – These are generally supporting information that interested readers may
like to study.
242
(Sample QAR Report)
EXECUTIVE SUMMARY
The Office of the Auditor General of Nepal, a constitutional body, is the Supreme Audit
Institution of the country. It derives its mandate from the Interim Constitution of Nepal,
2007. Through its audit reports to the Parliament and other stakeholders on the use of
public resources, it seeks to promote transparency and good governance in the public
sector. The total human resource strength of the OAG is 450, including the AG. The AG
is supported by 4 Deputy Auditors General, 14 Assistant Auditors General, 42 Directors,
150 Team Leaders, and 95 support staff, in performing the OAGN functions. The OAGN
is centralised at the capital city of the country. There are no field audit offices either at
regional level or at district level. During the Year 2006/07, the actual expenditure
incurred by the OAGN in performance of its constitutional obligations amounted to an
equivalent of approximately NRS1.5 million as against recovery of approximately
NRS22 million at the instance of audit observations. Thus, for every dollar spent on
audit, an amount of NRS15 was contributed to the national exchequer by the OAGN.
An international team carried out a QAR of OAGN in XXXXX. The team visited the
OAGN and used the combination of tools, namely, survey, document review, focus
groups, interviews with both external and internal stakeholders and physical observation
for gathering data and information.
The following are some of the significant issues that need priority attention of the
OAGN’s management:
• The legal provisions pertaining to the OAGN should be amended to strengthen its
independence and mandate.
• More effective and proactive leadership is desirable to push forward reforms for
strengthening the OAGN, more so at this critical stage of transition from an Interim
Constitution to a new Constitution. It should leverage on the strong support of the
current Public Accounts Committee (PAC), Secretary, Ministry of Finance and the
Task Force studying the needs for strengthening the OAGN to forge ahead in this
direction. In addition, there is a need for developing and implementing a strategic
roadmap for the OAGN instead of functioning only on the basis of annual operating
plans. Further, the AG should consider delegating operational decision making to
lower levels, so that the top management can focus more on strategic issues.
• The professional competence, morale and size of the OAGN’s staff require serious
attention.
• The internal capacity for research and development of methodological guidance
requires substantial strengthening.
• The OAGN needs to consider regular external audits and peer SAI reviews as a
means to continuous improvement, as well as to promote accountability to its
stakeholders.
243
• The nature and timing of the internal audit is inadequate to assist the OAGN’s
financial and management practices.
• There is scope for improvement in the quality of field audit supervision by Directors
and Assistant Auditors General.
• The existing physical infrastructure is quite insufficient for creating a conducive
working environment.
• The OAGN needs to change its work processes, audit methodologies and size of it
audit reports to better meet the expectations of the PAC and other primary external
stakeholders.
More details of the OAGN’s current conditions, weaknesses, factors contributing to the
weaknesses and recommendations under each of the eight elements of the quality
management framework used by the QA team may be seen in the main body of the
report.
Nepal is in a state of significant political and economic transition. The OAGN enjoys the
strong support of its primary stakeholders such as the PAC and Secretary, Ministry of
Finance. Consequently, it is the most appropriate time for the top management of the
OAGN to act proactively and decisively to initiate measures to strengthen its
independence and mandate to better meet the growing expectations of its stakeholders.
INTRODUCTION
This report is on the QAR of OAGN conducted by an international team of reviewers.

The team initiated the process by sending a survey questionnaire to obtain preliminary
information on the current condition relating to each element of the quality management
framework used by the team as the basis for the review. Subsequently, the team visited
Nepal from XX. The team was then expanded to include two managerial level staff of the
OAGN. The two local team members helped provide contextual understanding and
clarification of local issues during the review process. The first two days of the visit were
spent in gaining a better understanding of the OAGN, through review of various
documents and interaction with the local team members, and planning the needs
assessment implementation strategy. This was followed by three days of in-depth data
collection and analysis using the various toolkits developed as part of the IDI’s Needs
Assessment (NA) guidance. The team conducted focus group discussions of OAGN
senior management and staff on XX. Structured interviews of the Chairman and two
other members of the Public Accounts Committee and the Secretary, Ministry of Finance
on XX followed by similar exercises with the AG and Deputy Auditor General on XX.
Systematic physical observation of the workings of the OAGN was also conducted on
XX.
244
OAGN BACKGROUND AND PARTICIPANTS
A. The OAGN – A brief profile and context

The OAGN was established as a Constitutional body in 1948. It recently developed its
vision and mission statements. The vision of the office is to ‘Enhance Good Governance
through Accountability and Transparency in the Public Sector’ while its mission is to
‘Provide trustworthy, effective and independent audit for the efficient management and
utilisation of public resources’.
After a period of political turmoil during 2000 to 2003, parliamentary democracy was
restored in Nepal in February 2003. Currently, the political system is founded on the
Interim Constitution of 2007. A new national Constitution was adopted in 2004. While
peace and stability has returned to Nepal, there is a sense of uncertainty amongst the
people regarding the system of governance and the political scenario that will emerge as
the provisions of the new Constitutions are tested in practice. The effect of this
uncertainty about the political future of the country was perceived even amongst the
management of the OAGN. The country is also under substantial economic pressures, the
impact of which is evident also in the infrastructure and functioning of the OAGN.
The AG holds a Constitutional status and is appointed for a term of six years by the
President on the advice of a Constitutional Council after parliamentarian hearing. The
Council is composed of the Prime Minister, Speaker of Legislature-Parliament, Chief
Justice of the Supreme Court and three Minister designated by the Prime Minister. The
independence and mandate of the AG are defined in Articles 122 to 124 of the Interim
Constitution of Nepal 2007. The Audit Act, 1991 provides in greater detail the functions,
responsibilities and powers of the AG. In addition to compliance audits and audits of
financial statements, the OAGN also conducts a number of performance audits of various
issues every year. However, the AG does not certify the consolidated financial statements
of the Government. The AG submits an annual audit report to the President who, in turn,
tables it in the Legislature-Parliament. During the above-mentioned period of political
turmoil, the Parliament was dissolved and consequently none of the OAGN’s audit
reports received Parliamentary scrutiny. The backlog reports have now been taken up for
scrutiny by the Public Accounts Committee of the Legislature-Parliament.
In the changed socio-political scenario, the primary stakeholders have high expectations
from the OAGN in promoting accountability and transparency in the public sector and
contributing to better governance. A Task Force consisting of representatives from
primary stakeholders was formed in XX to specifically look into ways and means of
strengthening the OAGN. Given the strong support it enjoys from some of the primary
stakeholders, and given that a new Constitution is expected to be drafted in the near
future, it is perhaps the right time for the AG to proactively take necessary steps towards
amending the legal framework and move closers towards the requirements for an
independence Supreme Audit Institution stated in the INTOSAI’s Lima Declaration of
1977 and Mexico Declaration of 2007.
245
B. Participants
A total of XXX officials participated in the structured interviews. This group included the
AG and four Deputy Auditor General, the Chairman and three other members of the
Public Accounts Committee, and the Secretary of the Ministry of Finance.
XXX officials participated in the unstructured interviews: one an AAG, two Directors,
and one Team Leader.
The Focus Group Discussion had XXX participants for the senior level and XXX
participants for the middle and junior levels representing different functional units of the
OAGN.
The list of participants of the interviews and focus group discussions can be seen in
Annex X.
APPROACH AND METHODOLOGY
The team initially sent a survey questionnaire to the OAGN. The questions related to the
following domains of the quality management system (QMS) framework used by the
review team:
i. Independence and Legal Framework
ii. Human Resources
iii. Audit Standards, Methodology and Performance
iv. Leadership and Internal Governance
v. Administrative Support
vi. External Stakeholder Relations
vii. Results
In line with standard principles of survey questionnaire development, the questionnaire
mainly comprised closed questions with a limited number of open questions to provide
some flexibility of response to the respondents. The purpose of the survey was to gather
preliminary information on the current condition of the OAGN under each of the above
domains. The survey results can be seen in Annex X.
This survey was followed by a visit to the OAGN. The team reviewed various manuals
and documents provided by the OAGN pertaining to its legal mandate, vision and
mission, strategic plan, audit reports, audit manuals on various topics, among others. A
list of the documents reviewed for gathering information relating to each of the above
domains can be seen in Annex X. The local OAGN members of the team were also
interviewed to provide the appropriate contextual background to these reviews.
XXX Focus Group Workshops were then conducted: one for senior management
representatives and the other for the middle and lower level management and non-
supervisory staff. The list of focus group participants can be seen in Annex X. These
246
workshops were aimed at identifying the organisation’s current condition from the views
of both levels of participants to ensure a comprehensive assessment of the different
perspectives on quality management requirements and practices in the OAGN.
Interviews with some of the OAGN’s important external stakeholders were also
conducted to find out, among others, their perception of the role of the OAGN in
promoting accountability and good governance, their views about the usefulness of the
OAGN’s audit and audit reports, and their suggestions about further improving the
quality of the OAGN’s audits and audit reports. The stakeholders interviewed were the
Chairman of Public Accounts Committee, its Secretary and two other members, and the
Secretary of Ministry of Finance. The record of the interviews can be seen in Annexes X.
An interview of the AG, held after the interviews with the above-mentioned stakeholders,
was carried out to gather information and opinions about the most important challenges
and opportunities facing the OAGN. It also covered the initiatives adopted and those
required to address current and emerging issues and her opinion about the suggestions of
its stakeholders on how the OAGN could further improve the quality of its audits and
audit reports. The record of the interview can be seen in Annex X.
A group interview was also conducted with the four Deputy Auditor General who were
earlier listed as participants of the Focus Group for senior management, but were not
available on the scheduled date due to unforeseen urgent developments. Their views were
asked about the challenges faced by the OAGN in achieving its Vision and Mission, what
initiatives have been taken by its Office to address these challenges, and how they
perceive their roles for the effective implementation of the strategies to address these
challenges. The record of the interview can be seen in Annex X.
Besides, wherever feasible, the team physically visited the various departments,
divisions, directorates, training hall and library of the OAGN to assess the existing
infrastructure and identify deficiencies, if any, in facilities and support equipment that
could adversely affect the OAGN's performance. The team documented their physical
observations using the physical observation checklist developed as part of the capacity
building needs assessment project. This can be seen in Annex X.
FINDINGS AND RECOMMENDATIONS
The team collectively conducted a content analysis of the substantial amount of
qualitative data and information through review of documents, focus groups of senior
management representatives as well of middle and junior management and non-
supervisory staff, structured interview with the AG and unstructured interviews with the
local members of the needs assessment team. The following are the domain-wise findings
and strategies resulting from the analysis
247
Domain 1: Independence and Legal Framework
A. Desired Condition:
The independence and mandate of the OAGN should be as comprehensive as laid down
in the INTOSAI Lima Declaration and Mexico Declaration.
B. Current Conditions and Initiatives:
Articles 96, 109, 122, 123 and 124 in the Interim Constitution, 2007 and Sections 3 - 11
of the Audit Act, 1991 are, largely aligned with the requirements of the Lima Declaration
and Mexico Declaration.
• The remuneration and other conditions of the service of the AG cannot be altered to
his disadvantage during his tenure.
• The budget of the AG and the OAGN is not voted in the Legislature-Parliament.
• The AG has a fixed tenure of six years, and is not eligible for subsequent
appointment in other government services.
• The AG can be removed only through impeachment proceedings approved by at
least two-thirds of the membership of Legislature-Parliament.
• The AG can freely restructure his organisation as long as there is no financial
implication.
• The number of employees provided to the OAGN cannot be reduced without the
AG’s prior approval.
• Although the Audit Act provides for various performance-related checks by the
OAG, these checks are all referred to in connection to 'the accounts,' which tends to
have a financial connotation.
• The AG has full access to the information of the audited entity's, including
information available with private contractors engaged by them. However, in
revenue audits, the OAGN does not have access to the books of accounts
maintained by the tax payers in the private sector.
In consequence to the OAGN communicating various organisational problems arising out
of some of the above limitations, the PAC formed a seven-member Task Force in July
2007 to review the needs for strengthening of the OAGN. The Task Force consists of the
Chairman and three other members of the PAC, the AG, the Secretary, Ministry of
Finance, and the Financial Comptroller General. The committee work is coordinated by
one of the members of the PAC.
C. Weaknesses:
1. The legal provisions relating to financial and personnel independence of the
OAGN are inadequate in reality,
248
2. There is some ambiguity regarding OAG’s Performance Audit mandate. In
addition, there is some limitation on access to information for revenue audits.
D. Factors contributing to the weaknesses:
The OAGN’s independence and mandate are inadequate because of the following
reasons:
1. Financial and personnel independence
1.1 Before submission to the Legislature-Parliament, the proposed budget of the
OAGN can be curtailed by Ministry of Finance after consultation with the
OAGN, but without necessarily obtaining the latter's consent.
1.2 The OAGN has to approach the Ministry of Finance even for re-
appropriation of funds within the overall budget of OAGN already approved
by the Legislature-Parliament.
1.3 The AG does not have the authority to create the number of staff positions
that is considered necessary to deliver the mandate and appointment of such
staff without the approval of the Government.
2. Mandate:
2.1 Ambiguity regarding the mandate of performance audit has arisen due to the
use of word "accounts" in Article 123 of the Interim Constitution.
Incidentally, in the year 2004, the OAGN was challenged by the auditees,
and the performance audit planned with regard to those auditees was
dropped. Though such a situation occurred only once, it reflects a potential
risk of the OAGN being challenged again in future.
2.2 The legal provisions do not explicitly provide for access to the books of
accounts of tax payers in the private sector.
E. Recommendations:
The OAGN should take advantage of the strong support of the Task Force initiative and
draft suitable amendments, as a top priority, to the legal provisions that addresses the
above limitations. In addition, the OAGN may consider specifically including an audit of
such issues as environment and forensic audits due to the expectations in this regard
expressed by some of the primary stakeholders.
Since the new Constitution of Nepal is expected to be drafted in the very near future by
the Constituent Assembly, this is the right time for the OAGN to be proactive in this
regard by initiating draft amendments to legal provisions.
249
Domain 2: Human Resource
The OAGN should have an adequate number of competent and motivated staff to
discharge its functions effectively.
B. Current conditions and initiatives:
The OAGN staffs are guided by the service regulations which cover some of the main
issues relating to human resource management –namely recruitment, selection criteria for
international training, promotions, performance appraisal and post retirement benefits.
Despite several-fold increases in the volume of government transactions audited by the
OAGN over the last few years consequent to a doubling of government revenues and
expenditure, the staff numbers has not increased since then.
To ensure staff retention, the OAGN has a policy of obtaining written undertakings from
employees to work in the OAGN for specified periods on return from professional study
courses paid for by the government.
The OAGN has detailed job descriptions for all audit positions up to the level of Deputy
Auditor General of OAGN. These descriptions correspond to positions in the
organisational hierarchy and not to the different functional units. There is no separate
documentation of the roles and responsibilities of each functional unit of the organisation.
Concerns were expressed by all levels of employees regarding the morale and motivation
of the OAGN staff.
The OAGN has, among others, taken the following initiatives:
• The service regulation of the OAGN staff has been integrated in the Civil Service
Act, thereby providing them the same benefits and opportunities as those in other
streams of the civil service;
• The OAGN has proposed the following Human Resource (HR) related issues to the
Task Force set up for strengthening the OAGN:
¾ Special financial incentives for audit staff; and
¾ More opportunities for exposure tours, short-term training and more study abroad.
• Annually eight OAGN staff from different levels are awarded an equivalent of six
months salary each for meritorious performance.
• The OAGN has sent a proposal for special allowances for staff possessing chartered
accountancy qualifications to motivate and retain them.
• The OAGN staffs is permitted to go on full time chartered accountancy courses with
full salary and 25% of basic salary as special allowances. In addition, the office pays
the course enrolment fees and a book allowance.
250
• All audit staff are expected to complete at least 18 hours of continuing education
programme (CEP) every year.
C. Weaknesses:
1. The number of existing audit staff may not be adequate for the workload of the
OAGN compared to the significant increase in the revenues and expenditure of the
Government over the years.
2. The morale and motivation of the staff is relatively low.
3. The roles and responsibilities of functional units are not clearly stated and
documented.
D. Factors contributing to the Weaknesses:
1. The OAGN has not conducted any systematic analysis of the staff requirements due
to the manifold increase in the amount of revenues and expenditure covered in audit.
2. A number of factors affecting employee motivation and morale were revealed during
the needs assessment such as:
¾ Limited career development opportunities;
¾ Inadequate financial incentives;
¾ Poor physical infrastructure;
¾ Inadequate guidance by supervisory officers; and
¾ Inadequate training in the use of advanced audit techniques such as audit
sampling.
3. Inadequate appreciation by OAGN's management of the importance of clearly
identifying roles and responsibilities of different functional units for promoting work
efficiency and accountability.
E. Recommendations:
1. Propose staff requirement to Government after conducting a systematic analysis of
staff requirement vis-à-vis current workload.
2. The OAGN should explore ways and means to address the various factors
contributing to relatively low employee morale stated in D-3 (above).
3. Document and disseminate the roles and responsibilities of each functional unit.
251
Domain 3: Audit Standards, Methodology and Performance
A. Desired condition:
The OAGN’s audit processes should be based on the INTOSAI Auditing Standards and
other international best practices (example International Standards on Auditing) to the
extent applicable to the national rules and regulations.
The OAGN revised its auditing standards in 2004, and these are now well aligned with
INTOSAI Auditing Standards and other international best practices. It also approved
revised operational guidelines for financial audit relating to expenditure, revenue, project
financial statements and procurement. All these were developed under technical
assistance from the World Bank. However, the guide on procurement audit will be
revised to align with the recent change in the government legislation on procurement.
These guidelines will be implemented from audits starting from second half of 2007.
The OAGN has a separate performance auditing guide developed in June 2000. This is
now being updated based on feedback received from performance audit experiences.
Compliance with these guidelines is ensured through internal peer review quality
assurance system of the OAGN.
The OAGN has received World Bank funds for developing audit tool kits to enable more
effective implementation of the audit guidelines. The products are expected to be ready
by September 2007.
External consultants were engaged for developing the above guidelines. The OAGN
staffs were involved with the consultants from the draft stage in developing the
performance audit guide. However, in the case of the financial audit guidelines, the initial
drafts were prepared by the consultant and revised based on feedback received from the
OAGN.
These guides were developed in English even though that is not the working language of
Nepal. These were subsequently translated into the local language, which is also the
official language of Nepal. Concerns were expressed by various levels of staff regarding
the clarity of both versions of these guidelines.
The guidelines have been circulated to all sections. In addition, a one-day workshop was
held in July 2005 to consider changes in the Annual Audit Plan format in line with the
new guidelines.
Audit guidelines for some other important areas of audit, such as local government bodies
and state owned enterprises have not yet been developed.
252
C. Weaknesses:
1. There is inadequate confidence among the staff on how to implement these
guidelines.
2. There is inadequate internal capacity to develop guides.
3. No comprehensive guidelines have been developed for audit of local government
bodies and state owned enterprises that are being undertaken regularly by the OAGN.
D. Factors contributing to the weaknesses:
1. Regarding inadequate confidence of staff:
1.1. Development of the guides was in English, in which most of the staff were not
adequately conversant;
1.2. The quality of the subsequent translation into local language is not
satisfactory.
2. There has been inadequate involvement of the OAGN staff in developing the
financial audit related guidelines, leading to inadequate internal capacity to develop
such products.
3. The OAGN does not have sufficient resources and internal expertise for developing
such guidelines.
E. Recommendations:
1.1 In future, guides should be developed concurrently in both English and local
language from the draft stage.
1.2 The review of the local language translation should be done by teams who
collectively possess adequate experience in government audit as well as fluency
in English and local languages. The revision of the local language versions should
be completed and circulated as soon as possible, since the audits are expected to
begin in the near future.
2. In future, the development process for audit guidelines should ensure close
involvement of the selected OAGN staff with the external consultant from the
initial stages of development and not confined to only the review stage.
Reviewing draft guides cannot replace the capacity development resulting from
being closely involved in developing the guides from initial stages.
3. Initiate steps for developing the required guidelines stated at C-3. While doing so,
the OAGN may consider the suggestions at 1.1 and 2 above.
253
Domain 4: Leadership and Internal Governance
The top management of the OAGN should ensure that the institution’s decision-making
and control mechanism functions economically, efficiently, and effectively and thereby
serves as a model organisation in promoting good governance.
Leadership and direction:
o An initiative taken by the OAGN led to the formation of the Task Force responsible
for recommending measures to strengthen the OAGN.
o As per current practice, all financial decisions as well as most operational decisions
are taken at the AG level.
o There was widespread expression of concern among various levels of OAGN staff
regarding the quality of leadership in the OAGN.
Strategic and operational planning:
o The OAGN has Vision and Mission statements, but there is no detailed strategic plan
identifying the medium term directions for achieving the Vision and Mission. The
non-supervisory staffs were not involved at any stage in the development of these
statements.
o The OAGN has annual operational plans separately for audit, budget management
and training, respectively.
Oversight and Accountability:
o Article 123 of the Interim Constitution requires the AG to audit the OAGN. This is
being done annually by a team of OAGN staff selected by the AG and is being
interpreted by the office as external audit.
o Internal audit is conducted annually by private sector professional chartered
accountancy firms selected by the AG.
o Both the above audits are, by and large, in the nature of financial audits.
Code of conduct:
o The conduct of the OAGN staff is guided by audit service rules and internal
guidelines on code of conduct. The internal guidelines are based on the INTOSAI
Code of Ethics.
o Disciplinary actions against violation of code of conduct are guided by audit service
regulations. In case of potential acts of corruption, action is taken as per provisions of
the Anti-Corruption Act.
254
o Concerns were expressed in the focus group discussion of middle level staff regarding
the culture of compliance to the code of conduct.
Quality assurance:
o In addition to normal supervision at the audit planning, implementation and reporting
stages by line functionaries, all draft annual audit reports are reviewed by a
committee consisting of the AG, Deputy Auditor General and the concerned Assistant
Auditor General (AAG), Directors and line supervisors to ensure quality and
correctness.
o Concerns were raised by the members of junior staff regarding the extent and quality
of field audit supervision by their senior line functionaries.
o The OAGN follows a system of "post audit quality review" of their audit processes.
The process is documented and implemented annually. The review tool kits were
based on the earlier audit guidelines, and have not been aligned with the recently
developed auditing standards and guidelines.
o Peer review of financial audit was conducted once by a neighbouring SAI in 2003.
Overall grading for the four pilot audits selected for the review was good. The peer
review team observed that the audit working papers and the final reports indicated
that the auditors have closely applied the guidelines approved by the OAGN.
C. Weaknesses:
1. More effective and proactive leadership is desirable to push forward reforms for
strengthening the OAGN, more so at this critical stage of transition in the political
and economic environment.
2. The OAGN has not prepared a strategic road-map for the medium term.
3. There is no independent external audit of the OAGN to assure its accountability to the
Parliament and other stakeholders.
4. The nature and timing of internal audit is inadequate to assist the OAGN’s financial
and management practices.
5. There is scope for improvement in the quality of field audit supervision by Directors
and Assistant Auditor Generals, particularly due to the inadequate confidence
expressed by various members of staff on how to implement the new audit guidelines.
6. There is scope for improving the post audit quality review system.
1.1 There is over centralisation of decision making in the AG.
1.2 Inadequate exposure of senior management to the international community of
auditors and to audit best practices.
255
2. There is inadequate appreciation of the concept and the need for strategic planning.
Currently the annual audit plans are being accepted as strategic plans.
3. There is a conflict of interest between interpretations of Article 123 of the
Constitution as a provision for external audit, since it involves the AG auditing the
accounts of his own Office.
4.1 The internal audits in the OAGN, being post mortem audits, do not adequately
facilitate timely action on irregularities.
4.2 The OAGN’s internal audits, being financial audits, do not look into performance
aspects of business operations.
5.1 The minimum supervisory checks to be done by the Directors and higher level
management are not documented. Consequently, there is inadequate assurance on
the quality of supervision from these levels.
5.2 Supervision by the Directors and Higher level management are normally conducted
towards the end of field audits, by which time it may be too late for the field audit
teams to make necessary improvements.
6 The Post Audit Quality Review toolkits have not yet been aligned with the latest
auditing standards and operating guidelines developed in 2005.
E. Recommendations:
1.1 The AG should review the current status of delegation of authority. Distinction
should be made between operational and policy decision making, while determining
the desirable extent of delegation of authority. The AG should consider delegating
operational decision making to lower levels as much as possible.
1.2 The OAGN should explore possible agreements with peer OAGN's and other
agencies to provide greater opportunity to senior management for international
interaction and knowledge sharing.
2. Develop senior management’s capacity in strategic planning and management. In this
connection, the suggestion 1.3 above may also be beneficial.
3. The OAGN may explore ways of avoiding the conflict of interest inherent in the
current system of external audit of the OAGN under Article 123 of the Constitution.
Since a high-level Task Force has been constituted by the Public Accounts
Committee of Parliament to recommend strategies for strengthening the OAGN, this
may be the right time to propose, among others, inclusion of external audit of the
OAGN by auditors appointed independently by an appropriate body rather than by the
AG.
4. The responsibility of internal audit may be expanded to cover performance related
issues of all units of the OAGN. Moreover, it would be appropriate to carry out
concurrent internal audit in addition to the audit after the close of the financial year.
256
5.1 The OAGN should develop and implement guidelines identifying the nature and
extent of supervisory checks of field audit teams by Directors and Higher level
management.
5.2 The Directors should determine the timing of the field supervision based on their
assessment of the importance of the audit and the capacity of the field audit teams,
instead of generally visiting all teams only towards the end of the field audits.
6. The post audit quality review toolkits should be reviewed against the latest auditing
standards and operating guidelines, and suitably updated.
Domain 5: Administrative Support
The OAGN should optimally manage to ensure timely delivery of support services and
infrastructure to its departments / divisions / sections.
The office is located in a very old building that was built for residential purposes rather
than for office accommodation.
Concerns were expressed about inadequacy of physical infrastructure with particular
reference to office space, equipment, furniture and fixtures, transportation for operational
activities and communication facilities. In addition to confirming the above inadequacies,
physical observation by the QAR team revealed other infrastructural limitations in such
areas as lighting, canteen facilities, rest rooms, visitors' lounge, maintenance of building,
storage space, library, internet, IT networking facilities and other IT infrastructure.
The OAGN, amongst others, has taken the following initiatives:
o Obtained with World Bank assistance 100 desktop and 20 laptop computers, several
laser printers and 250 USB memory sticks.
o Obtained funds for hiring of a staff bus and purchase of seven cars.
o Installed a modern conferencing system with assistance of World Bank Funds.
o Proposed additional budget for hiring of additional office space.
C. Weaknesses:
1. The existing physical infrastructure is not sufficiently conducive for an efficient
working environment.
1.1 The architecture and age of the building along with the current physical layout of the
different functional units.
257
1.2 Inefficient management of dead stock, leading to shortage of space for productive
use.
1.3 Lack of adequate financial resources.
E. Recommendations:
1.1 There is scope for more efficient physical rearrangement of related functional units
and senior management within the existing space.
1.2 Implement a system of regular disposal of dead stock.
1.3 The OAGN should continue vigorously pursuing from the Government for more
financial resources. It may also continue working with external donor agencies for
financial and infrastructural support.
Domain 6: External Stakeholder Relations
Sustain effective working relationship and communication with external stakeholders to
ensure impact of OAGN’s audit reports.
The OAGN is receiving strong support from the PAC and the Secretary, Ministry of
Finance. At the same time, both stakeholders have expressed the need for more efficient
functioning of the OAGN and change in the audit approach in line with external
developments.
Concerns were expressed by the various levels of OAGN staff on the lack of appreciation
by the audited entities of the work of OAGN.
The OAGN, among others, has taken the following initiatives:
• In 2006/07, the OAGN organised four interaction programmes in four regions for
increasing mutual understanding between the audited entities and the OAGN. Further,
such interaction programmes are planned for implementation towards end of 2007.
Similar interaction programmes are held annually for Secretaries of different
ministries.
• In May 2007, the OAGN presented a paper in the Parliament on the challenges faced
by the OAGN in discharging its functions effectively,
• The OAGN organised a visit programme for members of PAC to its premises to
discuss its problems.
• In June 2007, the AG invited the Speaker of the Parliament, Minister of Finance,
Chairman of the PAC, Chief Secretary of the Government of Nepal and Secretary of
the Ministry of Finance on the occasion of the OAGN's 49th Foundation Day. On that
258
occasion, the AG expressed the problems of the OAGN in discharging its functions
effectively.
Consequent to the above initiatives, the PAC constituted a Task Force consisting of
different stakeholders to look into the capacity building needs of the OAGN. The report
of the Committee is expected soon.
C. Weaknesses:
1. The audit reports of the OAGN have not been adequately meeting the expectations of
the PAC and the audited entities.
2. The impact of OAGN’s audit observations is unsatisfactory.
1.1 The practice of conducting audits only after the close of the financial year has led
to delayed submission of audit reports. This, in turn, has reduced the value
addition by audit.
1.2 Some disagreement between two primary stakeholders (PAC and Ministry of
Finance) on the one hand, and the OAGN on the other, regarding the prioritisation
of audit issues and approach.
1.3 Inadequate appreciation by the audited entities on the roles and responsibilities of
the OAGN in promoting better governance in the public sector.
1.4 Inadequacies mentioned with regard to Professional Staff Development have
affected the professional capacity of audit staff to conduct the types of audit
expected by the PAC and Ministry of Finance.
2.1 Delay by the audited entities in taking action on audit observations.
2.2 Insufficient information provided by the audited entities to the OAGN regarding
action taken on audit observations.
E. Recommendations:
1.1 The OAGN may consider conducting concurrent audits in consultation with the
PAC, over and above its constitutional obligation to conduct post audits.
1.2 Implement mechanisms for more effective communication with the primary
stakeholders on the OAGN's roles and responsibilities as well as the obligations
of the different stakeholders towards audit.
1.3 Refer to recommendations in Element 6 (above) for strengthening professional
staff development.
2.1 Strengthen the penalty provision in the Financial Procedure Act 1999 to reduce
delays in response by audited entities and also to improve the quality of
information provided by them to the OAGN regarding actions taken on audit
observations.
259
Domain 7: Results
Deliver quality audit reports and services that promote accountability and transparency in
the public sector, more efficient management and utilisation of public resources and
contribute towards good governance.
Reports relating to financial audit of 4,000 audited entities units and performance audit of
33 issues were issued to the audited entities in 2006. The reason for the large number of
financial audit reports is 100% coverage of audited entities units annually. The list of
performance audit issues may be seen in Annex X.
The annual audit reports are submitted to Parliament approximately a year after the close
of the financial year. The report consists of about 2,000 pages, and is divided into five
volumes, in addition to the executive summary of more than 100 pages.
The legal provisions do not require the OAGN's report to be submitted to the President by
a prescribed date nor for the President to table it in Parliament.
The AG does not certify the consolidated financial statements of the government. Also, it
does not conduct specialised audits such as those relating to environment, Information
Technology and fraud due to absence of explicit mandate.
The PAC expressed the need to reduce the size of the report by focusing only on priority
issues, conduct more performance audits, initiate specialised audits relating to
environment and fraud and improve timeliness of reports by conducting concurrent
audits. The Secretary, Ministry of Finance, also raised the need for concurrent audit and
timeliness of OAGN's reports to enhance the effectiveness of its audits.
The OAGN measures the impact of its financial audits in terms of the total financial
value of irregularities highlighted and recovered for every local unit of currency spent on
the OAGN. For example, the Audit Report 2006 mentions financial irregularities of local
currency units 3,000 and actual recovery of local currency units 1,921 for every local
currency units 100 spent on the OAGN. The impact of performance audit is measured in
terms of the number of audit recommendations implemented by the audited entities.
C. Weaknesses:
1. Impact of OAGN's audits is less than the expectations of the primary stakeholders.
1.1 Delay in submission of the reports due to late submission of financial statements
by some audited entities.
1.2 Delay in appointment by the OAGN of statutory auditors of wholly state-owned
enterprises (SOEs).
260
1.3 Preparation of voluminous audit reports.
1.4 Absence of concurrent auditing.
1.5 Large number of audited entities units covered vis-à-vis the staff available.
1.6 No prescribed timeframe for submission of audit report to the President.
E. Recommendations:
1.1 Continue working with the Ministry of Finance and Financial Comptroller
General to improve timeliness for submission of financial statements by the
audited entities.
1.2 Implement a system for timely appointment of statutory auditors for wholly
owned SOEs, including setting of fixed target date for such appointments.
1.3 Consider increasing the minimum financial value of audit observations that are to
be included in the AG's Report. The OAGN may also consider prioritisation of
the nature of information to be included in the audit report, keeping in mind the
needs of the primary stakeholders.
1.4 There appears to be no legal impediment to concurrent audit by the OAGN. Given
the strong support from the PAC and the Secretary, Ministry of Finance for
concurrent auditing, the OAGN may initiate such an approach as soon as possible.
1.5 Section 3(1) of the Audit Act, 1991 authorises the AG to determine the nature,
timing and extent of audit. The OAGN may avoid 100% coverage of audited
entities units annually. Instead it may conduct an ABC analysis of audited entities
units based on risk profiling; the highest risk units (Category A) may be audited
annually while B & C categories may be audited biennially and triennially,
respectively.
1.6 The OAGN may consider initiating the process for amending the legal provisions
to incorporate provision for submission of audit report to the President, by a fixed
date and in turn, tabling of the report in the Parliament within a prescribed period
of receipt of the report by the President.
261
ANNEXES
Annex X: Organisational Structure of the OAGN
Annex X: OAGN Level Quality Management System Framework
Annex X. Survey Results
Annex X: List of Documents Reviewed
Annex X: List of Interviewees and Focus Group Participants
Annex X.: Interview Memorandum of AG
Annex X.: Interview Memorandum of Deputies of AG
Annex X: Interview Memorandum of Public Accounts Committee (PAC)
Annex X.: Interview Memorandum of Secretary of Ministry of Finance
Annex X: Physical observation report on office infrastructure
Annex X: List of Agencies involved in Capacity Building of OAGN
Annex X: Results of the Focus Group Discussion – Senior Management
Annex X: Results of the Focus Group Discussion – Middle/Junior Management and

non-supervisory staff
Annex X: Performance Audit Topics Selection and Reported in 2006
262
Appendix 15
(Related to Chapter 4 Paragraph 4.1)
Financial Audit Process
AUDITING
STAGES ACTIVITIES
STANDARD
Compliance with the Code of ethics IFAC Code of Ethics
PRE- ISSAI 30
Competency of audit engagement
ENGAGEMENT ISSAI 1220
team
Understanding the entity and its ISA 315
environment ISSAI 1315
Establishing audit objective and ISSAI 1200
scope ISA 200
Determining materiality ISSAI 1315
Assessing the risk of material ISA 330
misstatement ISSAI 1330
PLANNING
Considering the appropriateness of
ISSAI 1570
management’s use of the going
ISA 570
concern assumption
ISSAI 1240
Considering fraud in financial audit
ISA 240
ISSAI 1300
Preparing detailed audit plan
ISA 300
Using sampling and other means of ISSAI 1530
testing ISA 530
ISSAI 1400
Performing tests of controls
ISA 400
Performing Substantive analytical ISSAI 1520
EXECUTION
procedures ISA 520
ISSAI 1400
Performing Test of detail
ISA 400
Evaluating the sufficiency and ISA 230
appropriateness of audit evidence ISSAI 230
ISA 260
Communicating audit findings
ISSAI 260
ISSAI 1700
REPORTING Evaluating audit conclusions
ISA 700
ISSAI 1700
Preparing the audit report
ISA 700
263
Appendix 16
(Related to Chapter 4 Paragraph 4.2 & 4.2.15)
Financial Audit Methodology Checklist
YES NO COMMENTS
I. Financial / Regularity Audit
Performed:
accountable entities, involving
examination and evaluation of financial
records and expression of opinions on
financial statements
the government administration as a whole
3. Audit of financial systems and
transactions, including an evaluation of
compliance statutes and regulations
4. Audit of internal control and internal audit
functions
5. Audit of the probity and propriety of
administrative decisions taken within the
audited entity
6. Reporting of any other matters arising
from or relating to the audit that the
OAGN considers should be disclosed
II. Standards for Audit
1. International Standards on Auditing(ISA)
2. INTOSAI Auditing Standards
3. OAGN Policy Standard, Operational
Guideline
III. Quality Control Procedures (ISSAI
1220)
1. Responsibility for quality assigned audit
director or team leader
2. Audit director or team leader has
considered ethical requirements.
3. Audit director or team leader has ensured
independence of the audit team.
4. Audit director or team leader has assessed
capabilities, competencies and time
available to perform audits.
5. Risks of acceptance have been
264
YES NO COMMENTS
considered.
6. Audit director or team leader has taken
responsibility for direction, supervision
and performance of the audit team.
7. Audit director or team leader has
reviewed working papers.
8. Appropriate consultation/resolution of
contentious or difficult matters.
9. Differences of opinion are appropriately
resolved.
10. Audit Quality Control Review has been
appropriately engaged.
11. Results of Audit Quality Control Review
have been considered.
IV. Pre-Engagement Phase
1. Code of Ethics
a. Integrity (adherence to high standards
of behaviour)
b. Independence ( independent from
audited entity and other outside
interest groups)
c. Conflicts of interest ( care should be
taken that services do not lead to
conflict of interest)
d. Confidentiality ( information obtained
in the auditing process not disclosed
to third parties)
e. Professional competence and due care
2. Assessment of Capacity(skills and
resources)
3. Authorization Letter to audit
V. Planning Phase
1.1 Understanding the entity and its
environment consisting of the following
aspects:
a. Industry, regulatory, and other
external factors including the
applicable financial reporting
framework
b. Nature of the entity, including the
entity’s selection and application of
accounting policies
265
YES NO COMMENTS
c. Objectives and strategies and the
related business risks that may result
in a material misstatement of the
d. Measurement and review of the
entity’s financial performance
1.2 Understanding the entity’s internal
control consisting of the following
components:
a. Control Environment includes the
governance and management functions
and attitudes, awareness, and actions
of those charged with governance and
management concerning the entity’s
internal controls and its importance in
the entity.
b. The entity’s risk assessment process
for identifying business risks relevant
to financial reporting objectives and
deciding about actions to address
those risks, and the results thereof.
c. The information system, including the
related business processes, relevant to
financial reporting, and
communication.
d. Control activities to assess the risks of
material misstatement at the assertion
level and to design further audit
procedures responsive to assessed
risks.
e. Monitoring of controls or activities
that the entity uses to monitor internal
control over financial reporting,
including those related to those control
activities relevant to the audit, and
how the entity initiates corrective
actions to its controls.
2. Establishing Audit Objective and Scope
a. Expressing an opinion whether the
financial statements are prepared, in
all material respects, in accordance
with an applicable financial reporting
266
YES NO COMMENTS
framework
b. Determining the audit procedures to be
performed in conducting an audit in
accordance with International
Standards on Auditing or other
professional, legal or regulatory
requirements in addition to ISAs.
3. Determining Materiality
a. Establishing an acceptable materiality
level considering both the amount
(quantity) and nature(quality) of
misstatements
b. Considering audit risk in assessing the
level of materiality
4. Assessing the risk of material
misstatement
a. Determining overall responses to
assessed risks at the financial
statement level
b. Designing further audit procedures to
respond to assessed risks at the
assertion level
∞5. Considering Going Concern
Assumption
a. Assessing the entity’s ability to
continue as a going concern
6. Considering Fraud in Financial Audit
a. Considering risk of material
misstatement arising from fraud of
error
b. Maintaining an attitude of
professional scepticism throughout the
audit, recognizing the possibility that a
misstatement due to fraud could exist
7. Preparing detailed audit plan
a. Establishing an overall audit strategy
which sets the scope, objective,
timing, appropriate materiality level,
high risk areas and evaluation of
internal control. Including
documentation of the key systems.
b. Developing a detailed audit plan which
267
YES NO COMMENTS
includes the nature, timing and extent
of audit procedures to be performed to
obtain sufficient appropriate audit
evidence to reduce audit risk to an
acceptably low level.
VI. Execution Phase
1. Using Sampling and Other Means of
Testing
a. Using audit sampling in selecting
items for testing (Statistical sampling)
b. Using other means (Non-statistical
sampling)
2. Performing Tests of Controls
a. Performing tests of controls to obtain
sufficient appropriate audit evidence
that the controls are operating
effectively at relevant times during the
period under audit.
3. Performing Analytical Procedures
a. Evaluating financial information made
by a study of plausible relationships
among financial and non-financial
data.
b. Investigating identified fluctuations
and relationships that are inconsistent
with other relevant information or
deviate significantly from predicted
amounts.
4. Performing Test of Details
a. Performing tests of details of classes of
transactions, account balances, and
disclosures to detect material
misstatements at the assertion level.
5. Evaluating the sufficiency and
appropriateness of audit evidence
a. Recording in the working papers
information on planning the audit, the
nature, timing and extent of audit
procedures performed, and the results
thereof, and the conclusions drawn
from the evidence obtained.
b. Evaluating the sufficiency and
268
YES NO COMMENTS
appropriateness of audit evidence to
determine whether the audit was
performed in accordance with ISAs
and applicable legal and regulatory
requirements.
c. Identifying the preparer and reviewer
of working papers
VII. Reporting Phase
1. Communicating Audit Findings
a. Communicating audit matters arising
from the audit of financial statements.
b. Preparing management letter on a
timely basis.
2. Evaluating Audit Conclusions
a. Reviewing and assessing the
conclusions drawn from the audit
evidence obtained as the basis for the
expression of an audit opinion
b. Determining significance of audit
finding
3. Preparing the Audit Report
a. Preparing the audit report considering
the following basic elements:
- Title;
- Addressee;
- Opening or introductory paragraph:
• Identification of the financial
statements audited;
• A statement of the responsibility of
the entity’s management and the
responsibility of the auditor;
- Scope paragraph (describing the nature
of the audit)
• A reference to the ISAs or relevant
national standards or practices;
• A description of the work the
auditor performed
- Opinion paragraph containing:
• A reference to the financial
reporting framework used to
prepare the financial statements
269
YES NO COMMENTS
(including identifying the country
of origin of the financial reporting
framework when the framework
used is not International
Accounting Standards); and
• An expression of opinion on the
- Date of the report;
- Auditor’s address; and
- Auditor’s signature
b. Preparing narrative report
. 4. Follow-up of action taken on findings
communicated thru management letter.
∞ Item no. V (5) is irrelevant to OAGN in present context.
270
Appendix 17
(Related to Chapter 4 Paragraph 4.2 &4.2.1.5)
QAQUESTIONNAIRE FOR FINANCIAL AUDIT

DIRECTORATE
AUDITED ENTITY
FINANCIAL YEAR-END OF AUDITEE
STAGE OF COMPLETION
REVIEW COMMENCED ON
REVIEW COMPLETED ON
FINDINGS DISCUSSED ON
NAME OF REVIEWER
We, the undersigned, confirm that the findings of this review have been:
• Discussed with management (executive manager/provincial auditor, centre manager,
audit manager);
• Communicated to the whole audit team;
• Included as part of an action plan that will be included in the strategic plan, where
appropriate; and
• Included as part of the training plan.
INTRODUCTION:
INTOSAI Audit Standards requires that an auditor should conduct an audit in accordance
with the necessary standards. This implies that a certain standard of work should be
evident in all audit files. In ensuring a consistent level of quality of audit work throughout
an audit entity, it is necessary to ensure that:
• All personnel adhere to the principles of independence, integrity, objectivity,
confidentiality and professional behaviour (professional requirements);
• The audit entity is staffed by personnel that have attained (and maintain) the technical
standard and professional competence required to enable them to fulfil their
responsibilities;
• Audit work is assigned to personnel that have the degree of technical training and
proficiency required in the circumstances;
• There is sufficient direction, supervision and review of work at all levels to provide
reasonable assurance that the work performed meets appropriate standards of quality;
271
• Whenever necessary, consultation within or outside the firm is to occur with those
that have appropriate expertise;
• The continued adequacy and operational effectiveness of quality control policies and
procedures is monitored.
In achieving the above, IDI-ASOSAI QA Review has designed a program that focus on
ensuring a high quality audit product at the financial audits level. This review document
focuses on the evaluation of quality at the level of the financial audit.
The document takes cognisance of the requirements of ISA/ISSAI and the INTOSAI
auditing standards. Reviewers are not restricted to the items included in the checklist and
any other matters that may impact on the quality of the audit should be considered.
Where-ever possible references have been made to the source of the requirements tested.
This is, however, not necessarily a complete list.
The review document is to be used for all types of regularity audits, excluding
performance and forensic auditing.
column.
If the finding is negative, a tick should be inserted in the “NO” column, followed by
an appropriate reason / explanation in the remarks column. In such an instance,
reference should be made to either the minutes of the discussion of the findings with
management and/or the final QAR-report.
Instances may be found where the answer to a question is “NO”, but that the situation
was still within the scope of ISA/INTOSAI (e.g. non-compliance with Office
methodology, although still within scope of ISA/INTOSAI). This should be clearly be
spelt out and reported accordingly.
If a question is not applicable, a tick should be inserted in the N/A column, together
with an adequate explanation.
All questions should, as far as possible, be referenced to the relevant working papers
in the audit file.
272
Comments
Description
INTOSAI ISA /ISSAI Ref.
YES NO N/A (Describe the brief explanation of WP
Ref. findings and link it to next template Ref.
which showed the next Appendix )
A TERMS OF REFERENCE
1 Is a copy of the Audit Authorization letter on Par. 3.1.4(g) &
ISA 210 par. 2, .10
file? (for new and existing appointments) 1.0.34
B Quality Control Procedures

1. Has responsibility for the overall quality of the
ISA 220 par. 8
audit been assigned to an audit director or
ISSAI 1220
audit team leader?
2. Is there documentation that the Assistant
Auditor General and audit director have
considered whether members of the team have ISA 220 par 8
Par 2.2.1
complied with ethical requirements (e.g. Parts
A & B of IFAC Code or OAGN Code of ISSAI 1220
Conduct) including integrity, objectivity,
professional competence and due care,
confidentiality and personal behaviour?
3
Have any such issues been identified by the
audit director or audit team leader?
4. If ethical issues are identified, is there
documentation that these have been
communicated to relevant OAGN personnel
and resolved as appropriate?
Has the assistant auditor general or audit Par 2.2.2 and

5.
director formed a conclusion on compliance Pars. 2.2.27 to ISA 220, Par 12
with independence requirements applicable to 2.2.31 ISSAI 1220
the audit?
6.
Is there documentation that the assistant
auditor general /audit director has obtained
information necessary to evaluate potential
threats to independence?
273
Comments
Description
7. Is there documentation that the information
obtained has been evaluated to determine if
there is a threat to the independence of the
OAGN or the audit that needs to be
addressed?
Have actions been taken to eliminate such
8. threats or reduce them to acceptable levels?
Is there documentation of conclusions on
9 • Where relevant, is there documentation
that the audit team leader/audit director /
audit team leader have considered issues
related to the acceptance an audit
engagement:
- The integrity of key management
and those charged with governance
of the entity.
- Is the audit team competent to
perform the audit engagement and
has the necessary time and
resources
- Whether the OAGN and
engagement team can comply with
the ethical requirements.
• If issues arise from any of those
ISA 220 Para 14
considerations, is there documentation
and 18.
of how issues were resolved.
ISSAI 1220
• Has the audit director/audit team leader
ensured that the team collectively has
the appropriate capabilities, competence
Ref. ISA 220 .19
and time to perform the audit in
accordance with professional standards
ISSAI 1220
and applicable regulatory and legal
requirements and to enable the issuance
of an auditor’s report that is appropriate
in the circumstances?
274
Comments
Description
10 • Is the documentation that the assistant
auditor or audit director has taken
responsibility for the direction,
supervision and performance of the
audit, by informing audit team members
of:
- their responsibilities; ISA 220 Para 21
- the nature of the entity’s business; ISSAI 1220
- risk related issues
- problems that may arise and
- the detailed approach to the
performance of the audit.
11 • Has the assistant auditor general or audit

director reviewed the working papers to
ensure that there is sufficient appropriate
audit evidence to support the
conclusions reached and the auditor’s
ISA 220 Para 26
12 report to be issued?
ISSAI 1220
• Has the assistant auditor general or audit
director or members of the audit
identified difficult or contentious
matters requiring consultation?
• If so, has the assistant auditor general or
audit director:
- ensured appropriate consultations
have taken place;
- been satisfied that the nature and
ISA 220 Para 30.
scope of, and conclusions resulting
ISSAI 1220
from such consultation are
documented and agreed with the
party consulted, and
- determined that conclusions
resulting from consultations have
been implemented.
13 • Have differences of opinion arisen
within the team with those consulted or
if applicable, with the audit quality
ISA 220 Para 34
control review? If so, have these been
ISSAI 1220
resolved following the OAGN’s policies
and procedures?
275
Comments
Description
14 • Has the assistant auditor general or audit
director determined if the OAGN has
appointed a quality control reviewer for
this audit?
ISA 220 36 & 38.
- If an audit quality control reviewer
ISSAI 1220
(AQCR) has been appointed, has the
appropriate OAGN official discussed
significant matters arising from the
audit with the AQCR?
- If AQCR has been appointed, was the
audit quality control review
completed before the auditor’s report
was issued?
- If AQCR has been appointed, has the
ACQR evaluated significant
judgments made by the team and the
conclusions reached in arriving at the
auditor’s report?
• Has the audit team leader or director

considered the results of the OAGN’s ISA 220 Para 41.
monitoring process? ISSAI 1220
C PLANNING
1
Do the audit working papers reflect adequate
ISA 300 par 2, 8 &
planning by means of a planning Par. 3.1.3 (k)
9
memorandum or similar documents?
ISSAI 1300
2 Is there evidence that the planning
memorandum was approved timely by a senior
person responsible for the audit?
3 Were all significant changes to the audit plan ISA 300 par. 12
Par. 3.1.4
documented, substantiated and approved? ISSAI 1300
4 Do the audit working papers indicate an
appropriate level of knowledge of the audited
entities business and industry in order to ISA 310 par. 8
Par. 3.1.3 (a)
identify risks, events, transactions and ISSAI 1300
practices that may have a significant effect on
the financial statements?
276
Comments
Description
5 Were complex audits split into more
ISA 300 par 2, 8 &
manageable units in order to carry out the
Par. 3.1.1 9
audit in the most effective and cost efficient
ISSAI 1300
way?
6 Does the components/ accounts identified and
ISA 200 par. 2
audited cover the entire spectrum of the Par. 3.1.4 (b)
ISSAI 1300
financial statements?
7 Were audit objectives (assertions) correctly ISA 500 par. 13 &
identified for each individual account or group Par. 3.1.3 (d) 14
of transactions or activities? ISSAI 1300
8 Is there evidence that audit staffs who were
assigned to the audit have the degree of
Par. 3.2.4 (f)
technical training and proficiency required in
the circumstances?
9 Does a sufficient audit timetable exist and are
the planned dates reasonable? Consider the
following:
• Physical observation or inspection of the
activities or programs?
• Receipt of certificates or audit
confirmations?
• A starting date for the audit?
• A finalisation date for the detail work for Par. 3.1.4 (e)
senior review?
• A planned date for issuing the report?
• Completion of the planning process prior
to the commencement of the detailed
field work phase?
• Proper supervision of junior staff by
senior staff?
• Sufficient time for final review?
10 Do the working papers reflect time spent on
the engagement by the audit staff and reasons
for significant variances from the budgeted
audit time?
11 Were appropriate directions given to assistants
Par. 3.2.3 (a)
to whom work is delegated?
D. OVERALL PLANNING MATERIALITY
1 Was an acceptable materiality level used to Par. 3.1.3 (f) ISA 320 par. 5
detect quantitative material misstatements? & 3.1.4 (a) ISSAI 1320
277
Comments
Description
2 Were qualitative factors considered for ISA 320 par. 5
“
materiality? ISSAI 1320
3 Is the planning materiality figure still
appropriate for the evaluation of the results of ISA 320 par. 11
“
audit procedures and were the reasons for ISSAI 1320
changes properly documented?
4 Was materiality considered during the
evaluation of the results of audit procedures ISA 320 par. 12-16
“
performed and were proper conclusions ISSAI 1320
reached in this regard?
E. RISK ASSESSMENT AND INTERNAL
CONTROL
1 Was the inherent risk assessed at the financial
statement level as well as assertion level for
ISA 400 par.11
account balances, classes of transactions and Par. 3.1.4 (a)
activities? Is the inherent risk assessment
justifiable in view of risk factors identified?
2 Do the working papers contain evidence that a
preliminary review and evaluation of the ISA 400 par. 19 &
Par. 3.1.3 (e)
control environment and control procedures 20
have been carried out?
3 Was the internal audit department adequately
Par. 3.1.3 (g) ISA 610 par. 11
evaluated?
4 If it was intended to rely on the work
performed by Internal audit, was the work Par. 3.1.3 (g) ISA 610 par.16
evaluated and tested to confirm its adequacy?
5 Are the audited entities’ internal controls and Par. 3.3.1 to ISA 400 par. 12,
accounting systems sufficiently documented? 3.3.4 18 & 14
6 Was the operational system description in an
acceptable form (i.e. other system notes, Par. 3.3.1 to
ISA 400 par. 26
integrated narrative and evaluation or flow 3.3.4
charts)?
7 Was every system verified by way of for
Par. 3.3.1 to ISA 400 par. 15
example walkthrough tests and was the
3.3.4
verification adequately documented?
8 Were there appropriate conclusions on the
Par. 3.3.1 to
adequacy of the systems (design of the ISA 400 par. 21
3.3.4
accounting and internal control system)?
278
Comments
Description
9 Is the preliminary assessment of control risk
for each financial statement assertion Par. 3.3.1 to ISA 400 par. 22 &
justifiable? Were key controls identified to 3.3.4 24
substantiate the assessment per assertion?
10 Was the audit approach appropriate? Was the
preliminary assessment of control risk, in
conjunction with the assessment of inherent Par. 3.1.4 (e) ISA 400 par. 10
risk, considered in developing the audit
approach?
F INFORMATION SYSTEM
ENVIRONMENT
1 Was the extent of use and importance of the
ISA 401 par. 08
computerised environment assessed and Par. 3.3.4 N/A
expected audit approach documented?
2 Were the application systems that had a
significant effect on the accounting & ISA 401
Par. 3.3.4 N/A
financial reporting process, identified for each ISSAI 1220
cycle and concluded on?
3 Were the CIS general controls adequately
evaluated taking the following into account:
Organisation and management controls
Application systems development and
maintenance controls Par. 3.3.4 ISA 401 par. 07 N/A
Computer operation controls
System Software controls
Logical access controls
Disaster recovery controls
4 Were the CIS application controls adequately
evaluated taking the following into account:
Control over input
Par. 3.3.4 ISA 401 par. 08 N/A
Control over processing and computer
data files
Controls over output
5 Was the overall reliance on CIS general
controls taken into consideration to evaluate Par. 3.3.4 ISA 401 par. 09 N/A
the effectiveness of CIS application controls?
6 Where no reliance could be place on general
and application controls, were manual controls
considered that might provide effective Par. 3.3.4 ISA 401 par. 11 N/A
compensating controls at the application
level?
279
Comments
Description
7 Did the auditor consider an appropriate
ISA 410 par. 15
combination of manual and CAAT’s Par. 3.3.4 N/A
ISA 4011 par. 07
procedures?
8 In determining the use of CAAT’s were the
following factors considered:
Computer knowledge, expertise and
experience of the auditor.
Availability of CAAT’s and suitable Par. 3.3.4 ISA 4011 par. 07 N/A
computer facilities.
Impracticability of manual tests.
Economic, effectiveness and efficiency.
Timing.
9 Where CAAT’s were used, does the working
papers contain sufficient documentation to
Par. 3.2.3 (d) ISA 4011 par. 22 N/A
describe the CAAT application, such as the
following:
a. PLANNING:
CAAT objectives
N/A
Specific CAAT to be used and exercised,
Staffing, timing and cost.
b. EXECUTION:
CAAT preparation and testing procedures
and controls,
Details of tests performed by the CAAT,
Details of input, processing and output, N/A
and
Relevant technical information about the
entity’s accounting system, such as
computer files layouts.
c. AUDIT EVIDENCE:
Output provided,
Description of the audit work performed N/A
on the output, and
Audit conclusions
d. REPORTING:
N/A
Recommendations to management.
G. TESTS OF CONTROL
1 Was audit evidence obtained through tests of
Par. 3.3.1 to
control to support any assessment of control ISA 400 par. 31
3.3.4
risk which is less than high?
280
Comments
Description
2 Does it appear that the tests of controls over
Par. 3.3.1 to ISA 400 par. 30 &
the internal controls are appropriate in the
3.3.4 31
circumstances?
3 Does it appear that the test of control results Par. 3.3.1 to
ISA 400 par. 34
are properly assessed and evaluated? 3.3.4
4 In cases where the assessed level of control
risk was revised, were the nature, timing and Par. 3.3.1 to
ISA 400 par. 34
extent of planned substantive procedures 3.3.4
modified?
H DEVELOPMENT OF DETAIL AUDIT

PROGRAMMES
1 Is there evidence of a senior person having
approved audit programmes prior to the Par. 3.2.3 (d)
commencement of fieldwork?
2 Are audit programmes designed to support
Par. 3.2.3 (d) ISA 500 par 2-6
opinions furnished on financial statements?
3 Are the audit programmes sufficiently
ISA 400 par. 42 &
comprehensive to result in satisfactory Par. 3.2.3 (d)
47
assurance in all areas of significant audit risk?
4 Is each step of the audit programme initialled
ISA 230 par. 11
with evidence to indicate that the work was Par. 3.2.3 (d)
ISSAI 1230
completed?
I Substantive Procedures
a. Test of Details
1 Were the test of details designed (if designed
at all) to obtain assurance regarding the
reasonableness of account balances or series Par.3.5 ISA 520 par. 12
of transactions and were all criteria met in this
regard?
2
Where any analytical reviews were performed
to restrict the nature, timing and/or extent of
test of detail, are the results from such an ISA 520 par. 10 &
analysis appropriately measured against 12
materiality? Was corroboration obtained for
explanations received?
281
Comments
Description
3 Were appropriate test of detail designed and
performed for each transaction, account
ISA 500R par. 12
balance and disclosure per assertion and were Par.3.5
& 17
the sufficiency and appropriateness of the
evidence considered?
4 Regarding the timing of the test of detail, was
the most efficient manner of conducting is Par.3.5 ISA 530
taken into account?
5 Were procedures developed to address
performance dimensions (value for money Par.3.5
assertion) to the relevant sources?
6 Were all third-party confirmations received
back? Were these confirmations compared to
Par.3.5 ISA 505
the client’s records and differences
investigated?
7 Where test of detail were performed on
balances earlier than the year-end/closing of
the books, were roll forward procedures Par. 3.5 ISA 530 par 42
performed on those amounts processed during
the intervening period?
8 If statistical or non-statistical sampling is used
for substantive testing:
Is the sampling size and sampling
Par. 3.5.2 ISA 530
approach appropriate?
15. Is the sample representative of the
population?
Fixed Assets
9 Is there evidence that a fixed assets register
Par. 3.5 ISA 500 par 15
has been properly maintained?
10 Is the nature and extent of tests in respect of
fixed assets appropriate in respect of: Par. 3.5 ISA 500 par 15
Additions and disposals of fixed assets
Inventories
11 Did the client perform a year en stock take? Par. 3.5 ISA 500 par 15
12 Do the audit working papers properly reflect
attendance at and evaluation of the client’s
Par. 3.5 ISA 500 par 15
stock take, including:
The timing and extent of stock take
282
Comments
Description
observation
Test counts and related follow ups

Bank and Cash
13 Were bank request confirmations obtained in
Par. 3.5 ISA 500 par 15
respect of all banking accounts?
14 Were the bank certificates agreed to the bank
Par. 3.5 ISA 500 par 15
reconciliation statements/
15 Was other information, included in the
financial statements, verified to determine if Par. 3.5
any inconsistencies exist?
b.
Performing Substantive analytical
Procedures
1 Were substantive analytical procedures
performed during the planning phase of the Par. 3.6 ISA 520 par.8
audit in order to identify risks?
2 Where substantive analytical reviews were
ISA 520 par. 7(b)
performed, does it give assurance regarding
Par. 3.6 & 12
the reasonableness of account balances or
series of transactions or activities?
3 Where any Substantive analytical reviews
were performed to restrict the nature, timing
and/or extent of substantive procedures are Par. 3.6 ISA 520 par. 15
results from such analysis appropriately
measured against materiality?
4 Were the objectives of the substantive
Par. 3.6 ISA 520 par. 12
analytical procedures clearly defined?
5 Were the procedures correctly executed? Par. 3.6 ISA 520 par. 4 - 6
6 Was the correct conclusions reached? Par. 3.6 ISA 520 par. 13
J EVALUATION OF RESULTS
1 Are errors found when sampling appropriately ISA 530 par 54 –
Par. 3.5
considered? 56
2 Are summaries of audit differences prepared
and the aggregated effect of the differences Par. 3.5
evaluated?
283
Comments
Description
3 Does the auditor responsible for the audit
Par. 3.5
review the summary of audit differences?
K AUDIT WORKING PAPERS:
1 Are, well supported, conclusions stated for Par. 3.5.5 to ISA 230 par 11
each component audited? 3.5.6 ISSAI 1230
2 Is there evidence of audit objectives having Par. 3.5.5 to ISA 230 par 15
been met in each procedure? 3.5.6 ISSAI 1230
3 Are financial statement amounts readily Par. 3.5.5 to
traceable to a respective account balance? 3.5.6
4 Are adjusting entries adequately supported by
Par. 3.5.5 to ISA 230 par 15
the working papers and cross-referenced to
3.5.6 ISSAI 1230
appropriate schedules?
5 Is there adequate ate support in the working
Par. 3.5.5 to ISA 230 par 15
papers for all the information contained in the
3.5.6 ISSAI 1230
notes to the financial statements?
6 Generally do the working papers:
Include indexing/signatures and dating by
preparer and reviewer?
Indicate the meanings of audit tick
marks?
Indicate source of information?
Indicate the purpose of photocopied Par. 3.5.5 to ISA 230 par 15
documents? 3.5.6 ISSAI 1230
Containing memoranda or other evidence
covering significant and unusual
accounting and reporting matters?
Indicate that all schedules, prepared by
the audited entities, have been cast and
cross cast?
7 Are all queries and exceptions arising from Par. 3.5.5 to ISA 230 par 15
audit tests adequately explained and resolved? 3.5.6 ISSAI 1230
8 Where appropriate do the audit working
papers have evidence of consultation Par. 3.5.5 to ISA 230 par 15
procedures with those who have appropriate 3.5.6 ISSAI 1230
expertise?
L REVIEW
1 Do the audit working papers demonstrate
adequate manager involvement in ISA 220 par 21 -27
Par. 3.2.3
planning/supervision/review process of the ISSAI 1220
audit?
284
Comments
Description
M OTHER AUDIT CONSIDERATIONS
1 Were adequate procedures designed in respect
of auditing the budgetary process of the Par. 3.6.4 ISA 250
audited entities?
2 Are events subsequent to the financial
statement date adequately documented and are Par. 3.5 ISA 560
significant events considered for disclosure/?
3 Are management representation letters
obtained, signed by the appropriate members
Par. 3.5 ISA 580
of management, or other forms of
representation obtained?
4 Was there adequate communication with the
Par. 3.5 ISA 230 par 15
audited entities throughout the audit (audit
ISSAI 1230
steering committee meetings)?
O COMPLIANCE WITH LAWS AND
REGULATIONS
1 Were adequate procedures designed and
executed to be able to express an opinion on Par. 3.5 ISA 250
the compliance with laws and regulations?
P REPORTING
1 Are the financial statements properly
Par. 4.0.1 to
presented and intelligible and do they meet the ISA 200 par 2
4.0.29
applicable standards?
2 Are the notes to the financial statements in
accordance with professional standards and Par. 4.0.1 to
ISA 200 par 2
sufficient and appropriate in the 4.0.29
circumstances?
3 Are the accounting policies and the nature and ISA 200 par 2 &
Par. 4.0.1 to
effect of any changes therein clearly disclosed ISA 700 par 14
4.0.29
in the financial statements?
4 Are the audit reports in accordance with the Par. 4.0.1 to
ISA 700
applicable standards? 4.0.29
5 Were procedures performed to ensure the Par. 4.0.1 to
ISA 700 par 14
completeness of financial statements? 4.0.29
6 Were aspects or deficiencies for follow-up
Par. 4.0.1 to
during the next audit identified and
4.0.29
documented properly?
7 Was there a management letter for discussion Par. 4.0.1 to
with the management of the Audited entity? 4.0.29
8 Does the management letter set out:
285
Comments
Description
- The problem, its nature and possible
consequences?
- Practical and cost-effective
Par. 4.0.1 to
recommendations?
4.0.29
- Reference to verbal or informal queries?
- Any un-finalised matters from the
previous year’s letters?
9 Did a member of management sign the Par. 4.0.1 to
management letter? 4.0.29
10 Were all significant matters identified in the
Par. 4.0.1 to
management letter addressed in the Audit
4.0.29
Report?
11 Was the legal basis identified in the report to Par. 4.0.1 to
the Audited entity? 4.0.29
12 Was the audit report submitted in good time in Par. 4.0.1 to
ISA 700
accordance with the set target dates? 4.0.29
13 Par. 4.0.1 to
Were the reasons for late submission valid?
4.0.29
14 Had the following been confirmed prior to
disclosure:
That information, which is made public,
is properly backed-up by supporting
documentation.
That the facts, which are made public, are Par. 4.0.1 to
properly presented for the sake of the 4.0.29
necessary transparency, openness and
accessibility.
That the level of disclosure is properly
defined, for example, is it an interim,
final or special audit report.
That the accounting officer concerned is
informed in writing about the information
that will be made public.
15 Generally, do the audit working papers, the

audit procedures undertaken, and the results of
the audit procedures support and confirm the
Par. 4.0.1 to
audit opinion furnished?
4.0.29
In my opinion, based on the review
performed, the audit was performed with due
care.
286
Comments
Description
Q CONTRACTING OUT
1 Was an engagement letter issued to the audit
firm stipulating their responsibilities?
2 What measures had been taken to establish
proper communication channels between the
controller and the firm?
3 Did the controller approve the audit plan after
proper review thereof?
4 Were all changes to the audit plan approved
by the controller?
5 Did the controller ensure that the auditing
standards were complied with? Did the
controller perform an overall review of the
work performed by the firm?
6 Did the controller adequately monitor the
audit costs?
7 Was the budgetary process evaluated?
8 Was adequate work done on the compliance
with laws and regulations?
9 Did the controller ensure that copies of the
relevant audit files were retained or available?
R FRAUD AND ERROR
1 Where indications of fraud were discovered
during the audit, was it adequately followed Par. 3.4.1 ISA 240
up?
S RELATED PARTIES
1 Were audit procedures designed to obtain
sufficient audit evidence regarding the
identification and disclosure by management
Par. 2.2.31 ISA 550
of related parties and the effect of related party
transactions that are material to the financial
statements?
T USING THE WORK OF ANOTHER
AUDITOR
1 Were the work performed by other auditors,
properly evaluated and taken into
consideration during the current audit. Par 3.1.3 (h) ISA 600
(Computer audit, Performance audit and
Forensic audit)
287
Examples of substantive procedures for the review Public Enterprises' audit files
INTOSAI ISA Ref. YES NO N/A Comments WP
Ref. (Describe the brief explanation of Ref.
findings and link it to next template
U. EXAMPLE OF SUBSTANTIVE
PROCEDURES FOR PUBLIC
ENTERPRISES
a. Long term liabilities
1. Has third party confirmation been obtained in Par. 3.5 ISA 500 par 15
respect of all long-term amounts owing?
2. Are long term liabilities within the audited Par. 3.5
entities permitted borrowing powers?
3. Are the lender’s terms being complied with in Par. 3.5
respect of the long term liabilities?
b. Fixed Assets
1. Is there evidence that a fixed assets register Par. 3.5 ISA 500 par 15
has been properly maintained?
2. Is the nature and extent of tests in respect of Par. 3.5 ISA 500 par 15
fixed assets appropriate in respect of:
Additions and disposals of fixed assets
Ownership and physical existence
Transactions before and after the balance
sheet date to determine that a proper cut
off has taken place
The balances of fixed asset and related
accounts
3. Were leases reviewed and do the working Par. 3.5 ISA 500 par 15
papers establish that leases were properly
accounted for (e.g. Capitalised if appropriate,
income or expense agreed to lease, etc.)?
4. Were title deeds inspected in respect of Par. 3.5 ISA 500 par 15
property ownership?
5. Were original external confirmations obtained Par. 3.5 ISA 500 par 15
for all material assets and liabilities where
appropriate? (Refer to 5.1.3 Vol. IV (2) Part 2,
Section 3). If not, what alternative procedures
were performed with regard to the verification
of material assets and liabilities?
288
c. Investments
1. Do the working papers show that details were Par. 3.5 ISA 500 par 15
examined in respect of:
1. Purchase price/date
2. Changes during the year
3. Market Value at year end
2. Was information obtained and evaluated with Par. 3.5 ISA 500 par 15
regards to purchases and sales before and after
the year-end so that a proper cut off was
achieved?
3. Were appropriate calculations of investment Par. 3.5 ISA 500 par 15
income checked and correlated with recorded
income?
4. Was adequate consideration given to current Par. 3.5 ISA 500 par 15
vs. long-terms classification of investment?
d. Inventories
1. Did the client perform a year en stock take? Par. 3.5 ISA 500 par 15
2. Do the audit working papers properly reflect Par. 3.5 ISA 500 par 15
attendance at and evaluation of the client’s
stock take, including:
The timing and extent of stock take
observation
Test counts and related follow ups
Conclusions as to the adequacy of the
stock count procedures
Consideration given to counting or
confirming consignment stock or stock
held by others
Where the stock take in taken at a date
other than the balance sheet date was
adequate consideration given to stock
transactions between the stock take date
and the balance sheet date
If perpetual stock records are maintained
are differences disclosed by the client’s
physical stock properly reflected in the
account
3. Were cut off tests performed and appropriately Par. 3.5 ISA 500 par 15
documented?
e. Debtors / Accounts Receivable
1. Were tests performed to confirm the existence Par. 3.5 ISA 500 par 15
of debtors
289
documented as to credit notes, cash receipts
and returns?
3. Was the reasonableness of the provision for Par. 3.5 ISA 500 par 15
doubtful accounts and write-offs adequately
and appropriately covered in the working
papers?
4. Are other accounts receivable adequately Par. 3.5 ISA 500 par 15
verified?
f. Creditors / Accounts Payable
1. Do the audit working papers indicate that Par. 3.5 ISA 500 par 15
source documents were examined?
2. Do the audit working papers indicate that Par. 3.5 ISA 500 par 15
adequate confirmation coverage was made and
documented, or examination of suppliers’
statements when considered appropriate,
including zero balances and/ or unreasonable
or unexpectedly low balances?
documented as to purchases and
disbursements, including a search for
unrecorded liabilities?
4. Were the tests of balances of the accrued Par. 3.5 ISA 500 par 15
liabilities adequate?
5. Are other current liabilities adequately Par. 3.5 ISA 500 par 15
verified?
g. Cash flow information
1. Have the appropriate cash inflows and cash Par. 3.5
outflows been properly recorded in the cash
flow Statements?
2. Is there evidence on the file that the cash flow Par. 3.5 ISA 500 par 15
statement was audited?
3. Was other information, included in the Par. 3.5
financial statements, verified to
determine if any inconsistencies
exist?
Notes: 1.Items F1-9 under the head "Information System and Environment" is withheld until the Government of Nepal and Office of the Auditor General
introduced computer based accounting and auditing system.
2. Items Q1-9 under the head "Contract Out" is used only when QA review is conducted for Public Enterprises.
3. Different items of under head "Examples of Substantive procedures for public enterprises are only used in the QA review of Public enterprises
audit files.
290
Appendix 18
(Related to Chapter 4 Paragraph 4.2.2.4)
INDIVIDUAL FINDING RECORDING FORM
Name of Signature Date
Reviewer
Financial year QAQ reference
Reviewing object name
Name of Director/ Signature Date

Audit Officer
Conducting Financial audit phase Planning/ Conducting/ Reporting

(circle please)
WP No WP ref No
Observation:
Insert the observation here
Cause
Write the reason of observation including the sub element reference
Effects:
Write down impact of observation
Feedback from the Director / Audit Officer

Insert the feedback here
Recommendation
Insert recommendation
291
INDIVIDUAL FINDING RECORDING FORM AT THE FINANCIAL AUDIT LEVEL

FINDING RECORDING FORM AT THE FINANCIAL AUDIT LEVEL
Name of A Signature Date 31.10.2008

Reviewer
Financial year 2007 QAQ reference C1
Reviewing object name Agency of secondary education
Name of B Signature Date 01.11.2008

Director/Audit
Officer
Conducting Financial audit phase Planning/ Conducting/ Reporting
(circle please)
WP No RW08-1 WP ref No R–3
Observation:
INTOSAI Standards paragraph 3.1.3 (k), International Auditing standards 300 paragraph 2, 8
& 9 and International Standards of Supreme Audit Institution 1300 require working papers
to include a planning memorandum.
Although the OAGN methodology requires the preparation of planning memorandum, there
was no planning memorandum on file. There was no indication that a plan was prepared
before the execution of the audit.
Cause
During the period under review the OAGN was under pressure to meet the statutory deadline
and teams were going out for audits without preparing audit plans and there was no proper
supervision. Last year the report was produced six weeks after the deadline.
Effects:
Objectives of the audits may not be achieved due to lack of planning and this may result in
wastage of resources.
Feedback from the Director/ Audit Officer

The observation is noted and we make all the necessary effort to prepare audit plans and
place them on file.
Recommendation
The OAGN should develop an operational plan that considers all resource requirements and
allocates sufficient resources to enable audit teams to conduct their audits efficiently and
effectively. Adherence to the operational needs should be monitored by the supervisors.
292
Appendix 19
(Related to Chapter 4 Paragraph 4.2.2.4)
QUALITY ASSURANCE REVIEW RECORDING FORM
1. TERMS OF REFERENCE
A. Positive observation
Summary of the Key Positive Aspects from the Review
B. Areas for improvement
QAQ Observation Causal Factors Effects Recommendations Director/ Audit Officer

reference Comments
Sub-element
293
2. PLANNING
QAQ Observation Causal Factors Effects Recommendations Director/Audit Officer's

reference Comments
Sub-element
3. EXECUTION PHASE
294

reference Comments
Sub-element
4. REPORTING PHASE

reference Comments
Sub-element
Signed by …………………… Date …………….
295
SAMPLE: QUALITY ASSURANCE REVIEW RECORDING FORM
1. TERMS OF REFERENCE
Copy of audit engagement letter was attached in audit file and it confirmed the auditor’s acceptance of the appointment, the objective and scope of the audit, the extent of the
auditor’s responsibilities to the client and the form of reports.

reference Comments
Sub-element
A1 There are no documents Office does not have The audit management The OAGN needs to The policy of objective
demonstrating specific policy to assess the did not know whether establish the policy of objective assessment of the competency of
compliance with Code of competency of staff before they had assigned assessment of the competency of the the available manpower within
Ethics and assessment of assigning the audit competent team to the available manpower in the the respective Directorate will be
the audit team engagement and system of audit. Directorate before assigning audit. formulated
competency. evaluating the compliance There should be proper
of Code of Ethics. No any documentation of competency
guidance was given in this assessment and competency. OAGN
regard. should create a roster of its
manpower considering the expertise
based on each sector and nature of
Internal Governance audit. The assessment and
monitoring policy needs to be
formulated recognizing the
requirement of the Code of
Conduct.
296
2. PLANNING
Materiality logically determined and well documented according to the IAS.
QAQ Observation Causal Factors Effects Recommendations AAG/ Director

reference Comments
Sub-element
C.1 There was no planning During the period under Objectives of the audits INTOSAI Standards paragraph 3.1.3 (k) and The observation is noted
memorandum on file. review the OAGN was may not be achieved International Auditing standards 300 and we make all the
There was no indication under pressure to meet the due to lack of planning paragraph 2, 8 & 9 and International necessary effort to
that a plan was prepared statutory deadline and teams and this may result in Standards of Supreme Audit Institution 1300 prepare audit plans and
before the execution of were going out for audits wastage of resources. require working papers to include a planning place them on file.
the audit. without preparing audit memorandum. It would be good for the
plans and there was no OAG to come with a proper operational plan
proper supervision. Last that will cater for all resource requirements
year the report was and enable audit teams to conduct their
produced six weeks after the audits efficiently and effectively. Adherence
deadline. to the operational needs should be monitored
by the supervisors.
Internal governance
H.5 The risk assessment did There is no manual or The audit programs OAGN should prepare manual for the OAGN has felt the
not evaluate the technical guidance related to might lead to implementation of the risk assessment necessity of developing
significance of the risks risk assessment. ineffective audit concept of guideline. Process, toolkit and manual, format and
identified and the audit execution. checklist for risk assessment need to be toolkit for risk and
procedures did not defined in the manual; internal control
clearly respond to the Audit methodology and assessment. Due to
risks identified. resources constraint
standard (Manual and
Guidance) OAGN has yet to
develop such document.
297
D-6 Audit procedures in audit The audit programs were The audit procedures As audit progresses, changes due to The audit team leader
program appear to be not updated in case may not attain the audit additional audit procedures should be will ensure that such
inadequate to attain the additional or alternative objectives. reflected in the audit program changes are fully
audit objective. audit procedures were demonstrated in the
undertaken during and upon future.
completion of the audit.
Audit Methodology (Tools)
Human Resource (Training)
298
Appendix 20
(Related to Chapter 4 Paragraph 4.2.3)
Sample Template of draft report
FINANCIAL AUDIT REVIEW REPORT

TABLE OF CONTENTS
INTRODUCTION

OBSERVATIONS
1. Terms of reference
2. Planning
3. Execution
4. Reporting
5. General
Overall conclusion
Management response
INTRODUCTION
Please insert the background information
Please insert the main data gathering techniques
Limitations, if any, of the approach
OBSERVATIONS
1. Terms of reference
Positive observation
Areas for improvement
Observation:
Effects:
Casual factors sub elements:
Recommendation:
2. Planning
Observation:
Effects:
Recommendation:
3. Execution
Observation:
Effects:

Recommendation:
4. Reporting
Observation:
Effects:
Recommendation:
5. General
Observation:
Effects:
Recommendation:
OVERALL CONCLUSION
MANAGEMENT RESPONSE
Appendix 21
(Related to chapter 5 paragraph 5.3)
QAR Plan of performance audit
1. Background
a. Background of topic reviewed
b. Audit period
c. Audit Objectives
d. Audit Scope
e. Audit Methodologies used
f. Audit team members and Team Leader
g. Numbers of Audit Findings
2. Objective of QAR
3. Approach and Methodology of QAR
4. Key Areas to be Reviewed
5. QAR Team
6. QAR Timing
7. QAR Budget
Prepared by: Approved by:

Date: Date:
Sample QAR Plan

OFFICE OF THE AUDITOR GENERAL
QUALITY ASSURANCE REVIEW PLAN OF
PERFORMANCE AUDIT
…………………………..
1. Background of the audit to be reviewed :
........ Project lies in ......... part of Nepal. Project aims to............................ Project started from
fiscal year..... With an estimate cost of NRs ...... but presently this cost is assumed to
amounting NRs.............. and incurred NRs ......... till fiscal year......
a. Audit period: Performance audit of this project is carried in year … by Performance Audit
Division (PAD).
b. Audit Scope: Analysis of detailed feasibility study, cost estimation, operation, headworks
construction, project management, monitoring and evaluation system of the project
.Progress evaluation and analysis of operational activities and related data of the project
since project commencement i.e.2001/02 to 2008/09.
c. Audit team Leader, members and their qualifications
S.N. NAME POSITION QUALIFICATION
2. Objectives of the Quality Assurance Review

The main objective of quality assurance review is to evaluate compliance of performance audit
guide and instructions in audit planning, executing or conducting, reporting and follow up
period that indentify the gaps between intended and actual performance and suggest for
implementation of guide and instruction.
3. Approach and Methodology of the Quality Assurance Review
In order to quality assurance review process the main focus will be concentrated to review the
documents which are collected in auditing process either in permanent or current audit files.
Documentation review will be based on Quality Assurance Review Questionnaire for
individual performance audit. Likewise additional queries, interview and meeting might be
held with audit team on the matters of insufficient QAR Questionnaire.
4. Key areas to be reviewed
Following key areas are indentified to review.
Key Areas Activities to be performed Methodologies to be used
Performance Audit Existence of written performance Document review
Manual and Guidance audit manuals, guidance and
instructions.
Approved PA manual, guidance is Document review
aligned to international good
practices.
Policies and procedure to recruit Document review

personnel for SAI.
Compliance of PA team member's conflict of Document review and
Ethical Requirements interest, if any, discussion with
Management
PA team members close affiliations Document review and
with the management or operational discussion with
activities of an audited entity. Management.
Strategic Performance Existence strategic plan for PA. Document review
Audit Planning Criteria to be followed to select audit Document review
topic and approval from Central Co-
ordination Unit(CCU)
Alignment between PA strategic Document review
plan and OAGN strategic plan.
Determination of engagement of Document Review.
OAGN personnel or External
expert.
Selection of qualified , competent Document Review.
, independent external expert
Monitoring and review Document review.
mechanism and proper supervision
at each stage of audit.
Documentation of supervision, Document review
monitoring and review.
Planning stage Conduction of preliminary survey. Document Review i.e.
Information collection
form.
Adequate knowledge or Document review
understanding of audited entity or
topic.
Risk assessment procedure Document Review i.e.
followed by audit team and Process analysis Template
evaluation of risk i.e. High, and Risk assessment
Medium and Low. process
Defining audit objectives for Key Document review
issues /Line of audit enquiry
/Matters of Potential Significance
Identification of audit scope. Document review
Assessment of audit criteria Document review
(Matter of Potential Significance-
MOPS) and relevancy with audit
objectives with clear sources.
Communication of audit Document review
objectives, scope, criteria, timing,
duration, audited entity to be
visited.
Appropriate audit Document review
method/techniques/procedure for
gathering information.
Preparation of Overview Report Document Review

and Audit plan in prescribed Format approved by PA
format and approval division.
Conducting stage Preparation and approval of audit Document Review i.e.
program Work Program Format.
Changes in course of approval Document review
plan
Collection of sufficient ,relevant Document review
and competent evidence and
documentation
Performance evaluation of audited Document review
entity.
Techniques used for gathering Document Review ,
evidence Discussion with audit team
.
Developing audit findings Document review
comparing criteria, condition,
causes and consequences.
Entry conference with the audited Document review
entity's management to discuss
about its objectives, scope and
timing; To meet with key audited
entity staff and establish suitable
liason arrangements.
Monitoring audit progress Document review
PA Progress record form
and report.
Documentation of working paper Document Review
,documents and evidence Audit File Documentation
and Audit Review Form
.Review paper as per audit
tool 1 to 12.
Reporting stage Discussion on draft preliminary Document review
findings with audited entity's Exit conference meeting
appropriate and responsible level minute
Consideration of audited entity's Document review
response
Methodologies to be used such as Document review
criteria, condition, causes and
consequences in every findings of
audit.
Recommendation based on Document review
findings and related with
objectives and practical
accordingly
Evaluation of collected evidence Document review
with related findings
Cross reference of evidence with Document review
finding.
Reader friendly language Document review

Issuance of report in time Document review
Follow up Written response from audited Document review
entity.
Designate a competent officer to Document review
review responses
Review of Public Accounts Document review
Committee directions and
recommendations on PA report
Regular follow up audit. Document review
Areas to be covered when follow Document review
up
Time given to implement. Audit Document review
findings and recommendations
Documentation of monitoring Document Review
report Annual Report, Response
& Decision made by
management, Public
Account Committee
instructions if any.
5. Resources
a. QAR team members and Team Leader
S.N NAME POSITION QUALIFICATION
b. Milestones and deadlines

Review work will be done in following Manner
S. No Activities Responsible Time frame
person
6.
7. QAR Budget:
Appendix 22
(Related to chapter 5 paragraph 5.5 (2))
Performance Audit Methodology Check Questionnaire
DIRECTORATE
AUDITED
ENTITY/PROJECT/PROGRAMME
PERIOD COVERED
REVIEW COMMENCED ON
REVIEW COMPLETED ON
FINDINGS DISCUSSED ON
NAMES OF REVIEWERS
column.
If the finding is negative, a tick should be inserted in the “NO” column, followed by an
appropriate reason / explanation in the remarks column. In such an instance, reference
should be made to either the minutes of the discussion of the findings with management
and/or the final QAR report.
Instances may be found where the answer to a question is “NO”, but that the situation was
still within the scope of ISSAIs (e.g. non-compliance with Office
Standards/Methodology/Guidelines, although still within scope of ISA/INTOSAI). This
should be clearly be spelt out and reported accordingly.
If a question is not applicable, a tick should be inserted in the N/A column, together with an
adequate explanation.
The “Comments” column may be used to record such issues as additional information
required, the likely sources of that information and actions to be taken to get the
information. Please see example against item A.1 below.
All items should, as far as possible, be referenced to the relevant working papers in the PA
audit files.
ISSAI/ASOSAI
QARQ PA WP
Description Yes No Partly N/A
Code Guidelines/PAG Ref.
Ref.
Part 1: Ethical requirements
A Ethical requirements of Auditors
1. Is there documentation ISSAI 20
to assure that none of Principle 4,
the PA team members ISSAI Para 17,
have any conflict? 22-26, ISSAI 200
Para 2.31
2. Have there been any ISSAI 200 Para
instances of PA team 2.28
members participating
in the management or
operations of an audited
entity, such as by
becoming members of
management
committees, etc? (If yes,
this will negatively
affect auditor
independence and
should reported by the
QA team in their report)
PART II: Quality Controls at each stage of the Performance Audit Process at the
Individual Level
B Planning Stage
1. Did the audit team ISSAI 3000 Para
conduct a pre-study 3.3 page 47;
(preliminary study) to ASOSAI PA
establish whether Guidelines Para
conditions existed for a 3.16
more comprehensive
performance audit of the
selected topic?
2. Is the background PAG 31.1,31.2,
information of topics to 31.3, 31.4,31.5
be audited is collected
and documented?
308
3. Is there documentation ISSAI 300 Para
to establish that the 1.3 (a) & (b),
audit team obtained ISSAI 300 Para
adequate understanding 1.4 (a), ISSAI
audited agency/project, 3000 Para 3.3
including its IT systems pages 51-52,
if any? ASOSAI PA
Guidelines Para
3.11
4. Is there documentation ISSAI 300 Para
to establish that the 1.4 (a), PAG
audit team performed 32.2,32.3
proper risk assessment
and operational process
analysis of the selected
agency/project,
including IT system
related risks, if relevant?
identify key issues /lines 3.3 page 48,
of audit enquiry/Matters ASOSAI PA
of Potential Significance Guidelines Para
(MOPS) based on the 3.4,PA Guide
above risk assessment to 32.2,32.3,32.4
ensure that appropriate
attention is devoted to
important areas of the
audit?
define appropriate audit 1.3 (d) & 1.4 (b),
objectives for each key ISSAI 3000 Para
issue/line of enquiry? 3.3 page 48,
ASOSAI PA
Guidelines Para
3.5-3.7,PA Guide
32.5
7. Did audit team identify ISSAI 300 Para
the scope of the audit? 1.4 (b), ISSAI
3000 Para 3.3
pages 49-50,PA
Guide 32.6
define appropriate audit 13,PA Guide 32.7
criteria to focus the
audit and to provide a
basis for developing
audit findings?
309
9. Were the audit criteria ISSAI 3000 Para
• Reasonable, 3.3, footnote at
• Reliable, page 52
• Objective, ASOSAI - PA
• Useful, guidelines Para
• Understandable, 3.22
• Comparable,
• Complete and
• Acceptable and
attainable?
10. Were the audit criteria ASOSAI PA
relevant to the audit Guidelines Para
objectives for each key 4.2
issue/line of audit
enquiry?
11. Were the audit criteria ASOSAI PA
arranged in a logical Guidelines Para
manner so that the audit 4.2
examination could be
conducted as efficiently
as possible?
12. Were audit topic, ISSAI 3100 Para
objectives, scope and 18
criteria communicated
to the audited entity?
13. Were appropriate ISSAI 3000 Para
auditing 3.3 page 54,
methods/techniques/pro ASOSAI PA
cedures determined for Guidelines Para
gathering information to 4.4
test each audit criteria?
310
14. Did the overview report ISSAI 300 Para
prepared by audit team 1.3 & 1.4
includes complete ASOSAI, PA
information such as guidelines Para
• Background 4.28 to 4.30,P A
information Guide 31.7
• Policy
• Laws
• Objectives and
target
• Financial review
• Operational
status of
project/program
• Segment
operational
model
• Audit objectives,
• Audit scope,
• Lines of audit
inquiry
• Personnel
engagement
• Recommendatio
n whether to
continue or
terminating the
audit?
15. Did the audit plan ISSAI 300 Para
include complete 1.3 & 1.4
information such as ASOSAI, PA
• Audit objectives guidelines Para
for each MOPS 4.28 to 4.30,P A
• Audit criteria to Guide 32.10
used for each
audit objectives
• Audit scope
• Approach to
audit with details
• Manpower
• Estimated
working man
days
• Detailed time
and work
schedule?
311
16. Was the Overview ISSAI 200 Para
Report and Audit plan 1.24
was approved by
appropriate authority in
prescribed format?
C Conducting Stage
1. Did the Audit P A Guide 40.5
programme is prepared
and approved in
prescribed format
conduct the audit as per 2.3(c)
approved audit plan and
programme?
3. In case of deviation ISSAI 300 2.3
from approved audit Para (c)
plan, were
authorisations obtained
from the competent
authority?
4. Did the audit team P A Guide
recorded the audit test 40.4,40.6,40.9,
procedure and 40.10,40.11 &
techniques used for 40.12
gathering audit
evidence?
5. Did the audit team P A Guide 40.8
assess the performance
of the audited entity
such as financial and
non financial
performance analysis?
6. Did the audit team ISSAI 300 Paras
collect competent, 5.1 & 5.4, ISSAI
relevant and sufficient 3000 Para 4.2
evidence for testing each page 61, ASOSAI
audit criteria? PA Guidelines
Paras 5.6 & 5.7
7. Did audit team develop ISSAI 3000 Para
audit findings by 4.3 page 63,
relating criteria to actual ASOSAI PA
conditions observed Guideline 4.31 &
during audit? 4.32,PAG 50.7 &
50.8
312
assess the likely 4.3 page 64,
consequences of the ASOSAI PA
audit findings? (This Guidelines Para
will help the audit team 4.36
prioritize the audit
findings and decide
which ones to include in
the PA report)
D Reporting Stage
1. Did audit team discuss ISSAI 3000,
preliminary audit appendix 4, page
findings with audited 118, ISSAI 3100
entity's management to Para 34, ASOSAI
obtain their comments PA Guidelines
by such means as Para 6.12, & 8.12
organising exit
conference?
2. After the exit ASOSAI PA
conference, was the Guidelines Para
audit report prepared 6.13
after taking into account
the audited entity’s
responses?
3. Did audit team develop ISSAI 3000 Para
audit recommendations 4.3 page 63,
based on criteria, ASOSAI PA
condition, causes and Guidelines Para
consequences of the 4.35
audit findings?
4. Does the audit report Appendix to
clearly describe the ISSAI 3100 Para
financial, administrative 5.3 page 15
and managerial context
within which the area
examined was carried
out?
5. Were the collected Appendix to
evidence appropriately ISSAI 3100 Para
presented and used 5.3 page 15
including graphics and
statistics?
6. Were the audit scope, ISSAI 3100 Para
objectives, audit criteria, 30, ASOSAI PA
methodology, findings, Guidelines Para
recommendations 6.16,PAG 50.5 &
clearly mentioned on the 50.6
audit report?
313
7. Was the language used ISSAI 3100 Para
in the audit report 31
reader-friendly, well
structured and
unambiguous?
8. Did the audit report ASOSAI PA
describe relevant facts Guidelines Para
and findings sufficiently 6.18
to allow readers to
understand the basis
upon which the audit
observations have been
formed?
9. Did the ISSAI 3100 Para
recommendations 32, ASOSAI PA
address the audit Guidelines Para
objectives? 4.39
10. Were the audit ISSAI 3100 Para
recommendations 32
presented in a logical ASOSAI PA
fashion? Guidelines Para
4.38
11. Did the ASOSAI PA
recommendations Guidelines Para
address significant 4.38
issues?
12. Were the ISSAI 3100 Para
recommendations 32, ASOSAI PA
practical? Guidelines Para
4.39
13. Did the ISSAI 3100 Para
recommendations serve 32, ASOSAI PA
to add value by helping Guidelines Para
to improve the audited 4.39
entity’s functioning?
14. Where an audit report ASOSAI PA
names specific persons Guidelines Para
or organizations, were 6.19
comments sought from
those parties whose
reputations or interests
15. Was the audit report is ISSAI 3100 Para
prepared constructive 31, ASOSAI PA
and balanced by Guidelines Para
mentioning good 6.21
practices adopted by the
Audited entity?
314
16. Were all findings and ISSAI 3100 Para
conclusions included in 31, ASOSAI PA
the final report Guidelines Para
defensible, that is, 6.21
supported by competent,
relevant and sufficient
audit evidence?
17. Was the audit report ISSAI 3100 Para
issued in time? 31, ASOSAI PA
Guidelines Para
6.21,PAG 50.9
18. Does the audit report Appendix to
indicate that the audit ISSAI 3100 Para
been successful in 5.3 page 15
meeting its objectives
and providing useful
information to improve
public services?
E Follow-Up Stage
1. Is audited entity P A Guide 80.4.2
submitted written & 80.5
response on the findings
and recommendations
presented in office of
the auditor general's
preliminary report
within 35 days of its
submission?
2. If yes, is the Assistant P A Guide 80.4.2
Auditor General
designate a competent
officer to review the
management response
and to evaluate
additional evidence, if
any, and that officer
submitted review note to
AAG?
3. Has the Office of the P A Guide 80.4.3
Auditor General the
responsibility of
reviewing the actions
taken on the Public
Accounts Committee's
directives and
recommendations and
report progress to the
parliament?
315
4. Is the performance PAG 80.6 & 80.7
Audit Division has
selected sample cases to
provide judgement on
sufficiency of the action
taken and improvements
observed?
5. Were follow ups done Appendix to
only after considering ISSAI 3100, Para
whether the impact of 5.5, ASOSAI, PA
follow up was expected guideline, Para
to outweigh the costs of 7.7
follow up?
6. If it was considered ISSAI 3100 Para
appropriate to conduct a 37, ASOSAI, PA
follow up for the guideline, Para
particular performance 7.1
audit, did the follow up
focus on whether
audited entity’s actions
on the audit
recommendations
helped remedy the
underlying causes of the
problems?
7. Was sufficient time ISSAI 3100 Para
allowed to the audited 36
entity to implement
appropriate actions
before conducting the
follow up audit?
8. Were the results of the ISSAI 3100 Para
follow up reported to 37
provide feedback to the
legislature or/and other
relevant stakeholders?
9. Did the follow up report ISSAI 3100 Para
describe the impacts of 37
the corrective actions
taken by the audited
entity?
Part III: Overarching Quality Controls in the Performance Audit Process
F Supervision
316
1 Was the audit work of ISSAI 300, Para
the PA team properly 2.1, 2.2 & 2.3,
supervised at each stage ISSAI 3100 Para
of the audit process by 38, ASOSAI PA
the team leader, Audit Guidelines Para
Director and Assistant 8.42 P A Guide
Auditor General? 10.12
2 Did the Supervision
ensure that the:
• PA team members had

a clear and consistent
understanding of the
audit plan?
• Audit was carried out
in accordance with the
auditing standards and
practices of the SAI?
• Audit plan and action
steps specified in the
plan were followed
unless a variation was
authorised?
• Working papers
contain evidence
supporting all
findings, conclusions
and
recommendations?
• Audit team has
achieved the stated
audit objectives?
• Audit report includes
the audit conclusions
and recommendations,
as appropriate?
G Review
1 Was the audit work ISSAI 300, Para
reviewed by a member 2.1 & 2.4 P A
of the staff senior to the Guide 60.6
staff responsible for
supervising the audit?
317
H Monitoring
1 Did Team Leader and ISSAI 3000
Director regularly Appendix 4 page
monitor the progress of 119, ISSAI 3100
the audit to ensure both Para 38, ASOSAI
quality and achievement PA Guidelines
of milestones against Para 8.44 to 8.46
agreed timelines and
costs?
(For complex audits, the
SAI may consider
appointing a steering
committee to monitor
progress of audit)
2 Did the Team Leader ASOSAI PA
and Director regularly Guidelines Para
submit the monitoring 8.44
reports to the competent
higher authority?
I Professional Competence
1 Did all the audit team ISSAI 3100 Para
members understand the 38(a),PAG 30.5
audit questions, the
work assigned to each of
them, and the nature of
responsibilities required
of them by the auditing
standards?
2 If audit was conducted ASOSAI PA
in an IT environment, Guidelines
did the audit team Appendix A,
possess the competence
required for accessing
and analysing electronic
data?
3 If external expert ISSAI 3000 Para
conducted audit, is there 2.3 page 40
documentation to assure
that the expert is
independent, objective
and non conflict of
interest of activity?
318
4 If an external expert is ISSAI 200 Para
engaged, is there 2.43, ISSAI 3000
documentation to assure Para 2.3 page 40
that selection of external
expert is transparent
and qualified for the
particular performance
audit engagement?
5 In case an external ISSAI 200 Para
expert was engaged, was 2.45
appropriate procedures
applied to assure that the
expert exercised due
care, professional
behaviour and
judgement and complied
with relevant standards?
J Proper Documentation
Do the working paper ASOSAI PA
1 files contain all key Guidelines Para
documents such as audit 5.40,P A Guide
tool 1 to 12 of PA Guide Audit Tool 1 to
relating to each stage of 12
the audit process
(planning, conducting,
reporting and follow
up)?
Were all evidences, ISSAI 300 Paras
2 supporting information 2.3(d) & 5.5,
and findings ISSAI 3000,
documented? Appendix 3 Para
4, P A Guide
Audit Tool 1 to
12 & 60.5
Was the documentation ISSAI 300 Para
3 sufficiently complete 5.7, ASOSAI PA
and detailed to enable an Guidelines Paras
experienced auditor 5.41 & 5.45
having no previous
connection with the
audit to ascertain from
the documentation what
work was performed by
the PA team to support
their conclusions?
319
Were the working ASOSAI PA
4 papers prescribed by Guidelines Para
OAG and properly 5.46, 5.50,
organised with 5.51,PAG
appropriate indexing 60.3,60.4 & 60.6
and cross-referencing
Were the working ASOSAI PA
5 papers neat and legible Guidelines Para
so that they retain their 5.48
value as audit evidence?
Are the working papers ASOSAI PA
6 restricted to matters Guidelines Para
which are materially 5.49
important and useful in
relation to the audit
objectives
K Communications & Consultation with Audited entities
1 Did the file contains the ISSAI 3000
document that Team Appendix 4 page
Leader and Director 117
communicate to the
audited entity relevant
information about the
audit to be taken up,
such as audit objectives,
timing, duration, audited
entity offices to be
visited, names and
designations of the audit
team members?
Did the SAI hold an ASOSAI PA
2 entry and exit Guidelines Para
conference with the 8.9
audited entity’s
management to apprise
them of the audit, its
objectives, scope,
timing, and to meet with
key audited entity staff
and establish suitable
liaison arrangements?
Were discussions ASOSAI PA
3 conducted entry and exit Guidelines Para
conference with the 8.2
audited entity was
conducted to an
appropriate and
responsible level?
320
Did the audit file ASOSAI PA
4 contains the document Guidelines Para
that Team Leader and 8.3
Director maintain
regular contact with the
audited entity
management to ensure
that audit objectives and
issued are fully
appreciated by the
audited entity and to
obtain audited entity
management’s views on
high risk areas that audit
should cover?
Did the SAI or audit ASOSAI PA
5 team have given the Guidelines Para
audited entity 8.6
reasonable notice for
commencement the
audit and discussion at
each stage of the
auditing process?
321
Appendix 23
(Related to Chapter 5, paragraph 5.6.3)
QAR Recording Form
1. Part No Section name (from QARQ)
A. Good Practice
Recommendatio
Related Domain
Causal Factors
AAG/ Director
& Elements of
QARQ reference
Consequences
Consequences
OAGN QMS
Finding and
Framework
Comments
or Likely
ns
Partial Sample of a completed QARRF
Part II. Section name: Performance Audit Planning (Section B of QARQ)
322
(Items # B13: Did the audit plan and programme include complete information such as
background information about the audited entity, audit approach, key audit issues/lines of
enquiry, audit objectives, audit scope, audit criteria, audit techniques/procedures, required
resources and detail work schedule?)
(Items # B14: Was the audit plan approved by appropriate authority?)
A. Good practice
Audit team has documented audited entity business including the agency’s strategic plan,
legislation and legislative acts, ministerial statements, programme evaluation and identified
their objective and sub objectives are clear and rational. Audit objective and sub-objectives are
interrelated.

Element(s) of OAGN
Finding and related
Recommendations
QMS Framework
QARQ reference
Causal Factors
AAG/ Director
consequences)
Domain and
Comments
(Likely
Effects
B13 Audit programme did During the Team performed Appropriate The observation
not contain complete planning period, their work steps may be is noted and we
information. the team was under inefficiently and taken to ensure make all the
pressure to finalise it may affect adequate necessary effort
another audit quality of audit supervision and to prepare
Audit standards, report and a new review. detailed audit
methodology and team member programme and
Performance: Audit prepared the audit document them
Planning programme. Team on file.
leader and audit
manager did not
supervise and
review properly.
B14 The audit plan though There was no The audit plan Audit However, we
reviewed by the policy in place at could be changed Methodology were not
Division Chief, the time of this to suit the Division should granted
Department Head audit. auditors’ needs modernise approval
and convenience Performance Division chief,
and the Auditor
as there is no Audit standards Department
General, did not get
documented based on ISSAI head reviewed
signed approval
approval to 200 and the team the audit. We
authenticate any should obtain the will follow our
subsequent approval of the standards in
Audit Standards,
323
Methodology and changes made in audit plan as future.
Performance: the audit plan. outlined in
Standards International
best practices
(ISSAI 200 Para
1.24).
Part II. Section name: Performance Audit Reporting (Section D of QARQ)
(Items # D17: Was the audit report issued in time?)
A. Good practice
The audit was conducted in accordance with the OAGN Performance Audit guidelines and the practices
of OAGN. The report was constructive and balanced. The report was appropriately presented with
graphics and statistics and the issues were clear, logical, and reader friendly.
Finding and related
Recommendations
QARQ reference
Causal Factors
AAG/ Director
consequences)
Element(s) of
OAGN QMS
Domain and
Framework
Comments
(Likely
Effects
D17 As per the initial plan Other ad-hoc The The audit plan The Performance
the report was and pressing recommendation should be realistic Audit Division
supposed to be issued assignment may not add and the report have agreed to
in February 2009. from value in the case should be issued observation and
However, the review management. that the agencies on time. The audit agreed to
team discovered that have already team should as far
the report was issued Implement the
framed their as possible reduce
in April 2009. recommendations.
the burden of ad-
Policy.
hoc assignments
for timely
Results (Output and
completion of the
impact)
audit. If
unavoidable
circumstances
arise, not all the
audit team should
be involved.
Signed by ……………………
Date …………….
324
Directives to prepare Quality Assurance Review Recording Form
Quality Assurance Review Questionnaire reference: The Quality Assurance Review
Questionnaire (QARQ) reference has a combined reference consisting of:
i) The reference number allocated to the relevant section of the completed QARQ, and
ii) The different items checked on the QARQ. For example, if the reference allocated to the
completed questionnaire is ‘B’ and question ‘Did the audit team identify the scope of the audit?’
(item #6 of section B in the QARQ sample) on file was observed during the review, the reference
which should be recorded on the Quality Assurance Review Recording Form isB.6.
a) Positive observation: Acknowledge the good practices of the audit team. A summary of the
positive responses provided in the checklist should be given at the beginning of the report.
b) Negative observations: Record all material negative observations precisely, including the nature
and extent of the finding. The observation evolves from the reviewer’s results against appropriate
evaluation criteria, based on the requirements of quality standards defined in the checklist and
using professional judgment based on the Reviewer’s experience.
c) Effect (Likely Consequences): The reviewer must also answer the question “What risk does the
weakness expose?” The real or potential impact of both positive and negative observations is
identified. Its significance can be judged in relation to the extent of risks that the OAGN may be
exposed to as a result of compromising on quality and continuing with the current negative
practice.
d) Clearing of findings:
i. Comments by the AAG/Director/ Audit Officer: The reviewer obtains from the audit team or
audit management through fact-finding interviews and discussions, comments on the
observations raised on the Quality Assurance Review Form. As far as possible, the comments
should include the position title of the OAGN staff with whom the discussions were held.
ii. Causal factors: The answer to the question “Why is there a deviation from requirements?”
should be investigated. Through discussions with the Audit team / Management, the Reviewer
would identify the underlying reasons for the satisfactory or unsatisfactory conditions or
observations. The identification of the causal factors assists the reviewer in determining
corrective action and may form the basis for the recommendations for needed action by the audit
team or other organisation in the OAGN. All pertinent discussions and comments by the staff
member of the Office must be recorded on the Quality Assurance Recording Review Form.
e) Recommendations: The reviewer must then arrive at a conclusion as to “What should be done?”
The recommendation flows from the cause previously identified in the finding. The reviewer
should come up with appropriate and practical recommendations and record them on the Quality
Assurance Review Recording Form.
The relationship among the recommendations, underlying observation and causal factors must be
clear and logical. The recommendation must state what needs to be changed or rectified.
f) Name of reviewer: The name of the reviewer who conducted the review and made the
recommendation must be stated.
g) Signature and date: The review team leader must ensure that all observations are completed,
correctly stated, signed off and dated on the Form(s).
325
Appendix 24
(Related to chapter 5 paragraph 5.7.1)
QAR REPORT ON PERFORMANCE AUDIT
BACKGROUND INFORMATION OF THE REVIEW

Please insert the background information of the Topic
OBJECTIVES AND SCOPES
Please insert the review work objectives and scopes
Please insert the main data gathering techniques
Limitations, if any, of the approach
OBSERVATIONS
1. Performance Audit Methodology

Criteria: what should be? PAG, ISSAI, ASOSAI AQMS and ASOSAI PAG
Condition (Findings): what is?
Causes: What are the main causes of findings?
Effects:
Element of OAGN QMS Framework:
Recommendation and Responsibility: Related to Causes

Audit Team/Management Response:
2. As in QARQ 1 above, write for other QARQ accordingly.

OVERALL CONCLUSION
QAR Team:
326
Sample QAR Report
1. BACKGROUND INFORMATION
The OAGN contributes to promoting transparency, accountability and good governance in the
public sector The OAG’s mission is “To carry out high quality audit in a professional manner
and to submit report to the Parliament that will help promote good governance in the public
sector”. Among the various strategies to achieve its mission, the Auditor General has established
a quality assurance function to carry out regular quality assurance reviews.
2. OBJECTIVES OF QAR
The objective of quality assurance review was to assess compliance of Performance Audit Guide
(PAG) and PAD instructions while carrying out PA of project in different stages of the audit
planning, executing or conducting, reporting and follow up stage to identify the gaps between
intended and actual audit performance in order to suggest for full compliance of PAG and
instructions. Likewise current PA practice of OAG/N was compared with best international
practices particularly performance audit methodology, ethical requirements of auditors, strategic
performance audit planning and overarching quality controls in the performance audit process as
envisaged in draft Quality Assurance Handbook on Performance Audit.
3. APPROACH AND METHODOLOGY OF QAR
The Quality Assurance Review was mainly conducted by reviewing the documents collected in
the process of audit exercise which were maintained in the permanent and current audit files.
This documentation review was based on Quality Assurance Review Questionnaire given in draft
Quality Assurance Handbook on Performance Audit which is suggested for individual
performance audit. Likewise, meeting and discussions were held with audit team member,
Directors, Assistant Auditor General of Performance Audit Division and top management of
OAG/N in different stages of review to get information and clarification.
OBSERVATIONS
OAG/N has PAG in place for implementation which has been developed on the basis of
international good practices. OAG/N has selected the audit topics or issues on the basis of
selection criteria and matrix as mentioned in the P A G and final list has been approved
through the decision of Central Co-ordination Unit chaired by Auditor General. In the
process of audit, audit team has prepared Overview report on the topic audited and audit plan
in suggested format. The audit team has to a large extent followed the due process of
conducting audit activities and prepared audit report in accordance with the approach and
methodologies envisaged in the Guide.

1. Ethical requirements of the Auditors
Observation:
Criteria : International Standards on Supreme Audit Institution (ISSAI) 200 Para 2.28 and
2.31 has mentioned that there should be documentation to assure that none of the PA team
members have any conflict of interest between the auditor and the entity under audit and PA
team members close affiliations with the management of audited entity..
327
Condition: The audit file does not contain any sort of document related to declaration made
on the part of audit team and condition of conflict of interest between the auditor and the
entity under audit and close affiliations with management of audited entity.
Causal Factors: OAG/N has not made mandatory to declare and document the condition of
conflict of interest and affiliations with management of audited entity.
Effects: Audit team may be impaired the independence of their work and creditability of
OAG/N.
Element of OAGN QMS Framework: Leadership and Internal Governance.
Recommendation: Office of the Auditor General should make mandatory to declare and
document condition of conflict of interest and affiliations with management of audited
entity.
Management Response: The suggestion will be taken into consideration and policy will be
formulated.
2. Strategic Performance Audit Planning
Observation: 1
Criteria: ISSAI 3000 Para 3.2 and ASOSAI PA Guidelines Para 1.22 mentioned that SAI
should approve strategic plan for Performance Audit.
Condition: OAG/N has not formulated strategic plan for Performance Audit.
Causal Factors: Existing PAG has not made specific provision to formulate strategic plan.
Effects: In the absence of strategic plan for PA topics are selected on yearly basis. Due to
this reason OAG/N is facing difficulties in determining number and topics to be audited in
subsequent years including resources required to carry out performance audit.
Recommendation: P A G should be updated and provisions should be made to develop
strategic plan for P A.
Management Response: The strategic plan on Performance Audit will be formulated in
future.
Observation 2:
Criteria: Central Co-ordination Unit need to decide which selected topic or issues for P A
will be carried out by SAI personnel or outsourced expert if SAI has shortage of qualified
personnel. Unit should also set monitoring framework to evaluate all selected topic or issues
to be audited to ensure those are reported in time.
Condition: Central Co-ordination Unit has neither practiced of separating the audit topic
which are to be audited by SAI personnel or outsourced nor developed monitoring
framework to ensure that all selected topic/issues are audited and reported in time.
Causal Factors: The roles and responsibilities of Central Co-ordination Unit is not clearly
mentioned in P A G.
328
Effects: Out of the 25 topics selected by Central Co-ordination Unit in 2009/10 only 16
topics were completed. It created difficulty in determining resources needed correctly for
carrying out P A.
Recommendation: The role and responsibility of Central Co-ordination Unit need to be
mentioned in P A G. Monitoring framework should be established while selecting topics or
issues and OAG/N personnel PA capabilities should be assessed.
Management Response: Once the strategic plan is developed, it will be addressed.
3. Planning stage
Observation 1
Criteria: ISSAI 3000 Para 1.4(a) mention that P A team should document to establish that
the audit team performed proper risk assessment of the selected topic or issues. P A G also
suggests the risk assessment process to be followed while conducting P A.
Condition: P A team has not assessed and categorized risk as mentioned in P A G.
Causal Factors: Appropriate training was not provided to the auditors on risk assessment
process.
Effects: Proper risk faced by entity may not be identified by audit and risky areas might be
left out.
Element of OAGN QMS Framework: Results.
Recommendation: Training on risk assessment and categorization should be given to audit
team.
Management Response: Separate form has been developed and used which helps in
indentifying the risk of the audit topic. But the risk assessment form provided to the audited
entities for the purpose of gathering information are not properly filled by the audited entity
with required data and information which effects risk assessment process. Appropriate
training will be provided to the auditors.
Observation 2
Criteria: ISSAI 3100 Para 18 mentions that audit topic, objectives, scope, criteria and
methodology should be communicated to the audited entity.
Condition: OAG/N has communicated audit topics/issues to concern chief accounting
officer through formal letter. Audit team organised entry meeting with audited entity and
discussed on objectives, scope, criteria and methodology of P A but these were not formally
Causal Factors: The practice of formally communicating audit objectives, scope and criteria
is not adopted but practice of brief discussion on these aspects in entry meeting has been
done.
Effects: Project cannot get appropriate knowledge about audit coverage so that they may not
provide appropriate information.
329
Element of OAGN QMS Framework: External Stakeholder Relations.
Recommendation: Audit objectives, scope, criteria and methodology should be formally
communicated to project.
Management Response: Among different methods of communications, organising an entry
meeting is also one method. The meeting was held formally and minute. The suggestion will
be taken into consideration.
Observation 3
Criteria: ISSAI 300 Para 1.3 & 1.4, ASOSAI PAG Para 4.28 to 4.30, PAG Para 32.10
mentions that Performance Audit plan should be prepared and approved in prescribed
format.
Condition: Audit team has not prepared audit plan in prescribed format.
Causal Factors: Detailed audit program has prepared and documented in audit file which
covered almost all information of audit plan so they felt plan is not necessary.
Effects: Audit file does not provide information regarding audit objectives for each MOPS,
audit criteria to be used for each audit objectives, approach to audit with details, manpower
engaged, estimated working man days and detailed time and work schedule.
Element of SAI QMS Framework: Audit Standards, Methodology, and Audit Performance
Recommendation: Audit plan should to be prepared in prescribed format and documented
in audit file.
Management Response: Detailed audit program is prepared which covered matters of plan.
Audit plan will be prepared in future audit as suggested in the PAG.
4. Conducting Stage
Observation 1
Criteria: PAG Para 40.5 mentions that Performance Audit program should be prepared and
approved in prescribed format.
Condition: Audit team has not been prepared Audit program in prescribed format.
Causal Factors: Detailed audit plan has prepared and documented in audit file but due to
time limitation audit program may not be prepared.
Effects: Audit file does not provide information regarding field work, supervision,
delegation of work, activities completed while conducting audit.
Element of OAGN QMS Framework: Audit Standards, Methodology, and Audit
Performance
Recommendation: Audit program needs to be prepared in prescribed format and
documented in audit file.
Management Response: Prescribed format of audit program as suggested in the PAG will
be used in future audit.
330
Observation 2
Criteria: PAG Para 40.6 and 40.10 states that techniques applied for gathering Audit
evidence and audit test procedures used should be documented in working papers.
Condition: Audit team has not documented techniques applied for gathering audit evidence
and audit test procedures used in the available working papers.
Causal Factors: Detail audit plan has specified the audit techniques and methods applied for
gathering information; however detail guidance to documentation techniques and test
procedure to be applied is not mentioned in PAG.
Effects: Audit file need to provide information about techniques used for gathering audit
evidence and audit test procedures used.
Element of OAGN QMS Framework: Audit Standards, Methodology, and Audit
Performance
Recommendation: Checklist should be developed for gathering audit evidence and audit
test procedures used needs to be documented in working papers.
Management Response: Checklist will be developed in future audit. Practice of developing
audit programme will be also solving this issue.
5. Reporting Stage
Observation
Criteria: ISSAI 3000, appendix 4, ISSAI 3100 Para 34, ASOSAI P A G Para 6.12 and 8.12
provides that audit team should discuss preliminary audit findings with audited entity's
management to obtain their comments and audit report should prepared considering audited
entity's response.
Condition: Audit team has not discussed on preliminary audit findings with project
management to obtain their comments. Audit report was prepared without taking response
from project management.
Causal Factors: Project office is located 500 km away from OAG/N and due to time
constraints of submitting annual report exit conference could not be organised.
Effects: Comments of audited entity on audit findings was not incorporated in audit report,
the audited entity may disagree on contents of audit report resulting inappropriate findings
and recommendation.
Element of OAGN QMS Framework: External Stakeholder Relations
Recommendation: Audit team should discuss on preliminary audit findings with audited
entity's management to obtain their comments and audit report should be prepared by taking
audited entity's response.
Management Response: Due to time limitation and distance of OAG/N and project office
which compelled to deliver the draft report without seeking comments of project
management however the preliminary report was finalised after receiving written comments
on findings of financial audit from the audited entity.
331
6. Follow Up Stage
Observation:
Criteria: Financial Procedure Act, 2055 Section 19 and PAG Para 80.4.2 stipulates that
auditor should give 35 days' period to audited entity's to provide response on auditor's
findings. On the basis of audited entity's response on auditor's findings Assistant Auditor
general designate to review response.
Condition: Audit team has given 15 days period to project management for their response.
Causal Factors: To meet the dateline for submission of Auditor General's annual report
2010 the audit team could not provide required time to the audited entity.
Effects: Project management was not availed sufficient time to respond on audit report.
Element of OAGN QMS Framework: External Stakeholder Relations.
Recommendation: OAG/N should give time as specified in the legislation to audited entity
for their response on auditor's findings and on the basis of audited entity's response Assistant
Auditor General designate to review the responses.
Management Response: The recommendation will be implemented in future audit.
7. Overarching Quality Controls in the Performance Audit process
Observation:1
Criteria: ISSAI 300 Para 2.1,2.2,2.3,2.4,ISSAI 3100 Para, and ASOSAI P A G Para
8.42,8.44,8.45,8.46 and P A G Para 10.12,60.6 has mentioned that audit work of the P A
team should properly supervised, reviewed, monitored and submitted the monitoring report
to higher authority.
Condition: The audit file does not contain the documents related to monitoring of audit team
and supervision of field work.
Causal Factors: Questionnaire technique was used and reviewed by supervisor. OAG/N
has not deputed supervisor to supervise audit field work.
Effects: Audit work at field level was completely depending upon audit team engaged.
Recommendation: Documentation of monitoring and supervision should be managed and
reported to higher authority.
Management Response: Supervision and monitoring of audit work carried out will be
documented in future assignments.
Observation:2
Criteria : ASOSAI P A G Para 5.40 and P A Guide states that audit working paper files
should contain all key documents such as audit tools 1 to 12 which are related to different
stage of the audit process.
332
Condition: Audit team has not documented following audit tool in working files:
Audit Name of Document Audit Name of Document
Tool Tool
1 Performance Audit Progress Record Form 4 Information Collection Form
5 Process Analysis Template 6 Risk Assessment Process
7 Work Programme 8 Audit finding Form
9 Audit file Documentation 10 Audit Review Form
11 Performance Audit Peer Review Form 12 Annual Report, Response &
Decision of the Public Accounts
Committee
Causal Factors: Performance Audit Division has not made compulsory to use these forms.
Training to the auditor on the use of these formats was not given to the auditor.
Effects: Documents and evidences could not be collected and recorded. Absence of use of
the prescribed tools have hampered performing audit in structured and prescribed manner.
Recommendation: Audit working paper files should contain all key documents such as
audit tool 1 to 12 to each stage of the audit process and senior staff should monitor.
Management Response: P A D has customized the forms which are mentioned in the PAG
and used as per requirements. Some forms are found inappropriate to use and few of them
have been replaced. Forms will be reviewed and used as per requirements in future audit and
while updating PAG.
Observation 3
Criteria: ISSAI 3000 Appendix 3 Para 4, and ASOSAI P A G Para 5.46,5.50,5.51,5.48
provides that working papers prescribed by OAG/N should be used and all evidence,
supporting information and findings should be documented and properly organised with
appropriate indexing and cross-referencing.
Condition: Audit team has not used working paper prescribed by OAG/N although they
collected adequate supporting documents. The collected documents are not properly indexed
and cross-referenced.
Causal Factors: Absence of the proper monitoring and supervision of documentation
process of the audit performance by the senior staff.
Effects: Supporting document could not be compared with audit findings due to lack of
proper cross-referencing with each other which impacted review process.
Recommendation: Audit team should use and maintain working papers as prescribed by
OAG/N and all evidence, supporting information and findings are to be documented and
properly organised with appropriate indexing and cross-referencing. Senior staff should
timely supervise the documentation process.
Management Response: Recommendation will be taken into considered for improvement in
documentation process.
333
OVERALL CONCLUSION
OAG/N has PAG in place to carry out performance audits and most of the staffs deployed in
PAD are trained in related audit domain. The Quality Assurance Review team observed that
PAD has complied with the PAG in conducting performance audits to a large extent.
However, some major areas need to be improved to prepare the meaningful report. Presently
OAG/N has no strategic plan for PA which to some extent hampered the selection process of
audit topic and determining the resources needed for conducting such audit. Some others
areas such as documentation of audit process e.g. documentation of preliminary survey,
communication with project management during the audit, development of audit program
with task allocation of each team member, holding exit conference which need to be
improved. These documents are to be properly organised and cross referenced in the audit file
to support the audit results. Similarly monitoring and supervision of the audit team to from
the stakeholders. OAG/N has to update PAG in line with ISSAI, ASOSAI PAG and ASOSAI
AQMS and train its staffs to meet the expectation of the stakeholders. On the discussion with
audit team and senior staffs of PAD accepted the issues rose by review team and agreed to
implement recommendations in subsequent year audit.
QUALITY ASSURANCE REVIEW TEAM

Quality Assurance team express thanks to PAD staffs, senior management of OAG/N and audit
team members for cooperating us in completing the assignment successfully and wishes
cooperation in future.
S.N. Name Position
1. Team Leader
2. Team Member
3. Team Member
Date of Review Report:
334
References
1. Achieving High Quality in the Work of Supreme Audit Institutions, SIGMA Paper
No. 34, 2004
2. Audit Quality Management System Guidelines, ASOSAI, 2006
3. Capacity Building Needs Assessment (CBNA) Guidance, INTOSAI Development
Initiative (IDI), 2009
4. Handbook of International Auditing, Assurance, and Ethics Pronouncements,
International Federation of Accountants, March 2008
5. International Standard on Quality Control (ISQC)1, International Federation of
Accountants (IFAC)
6. International Standards for Supreme Audit Institutions (100, 200, 300, 400, 3000,
3100-, Appendix to ISSAI 3100) (www.issai.org)
7. Performance Auditing Guidelines, October 2000, ASOSAI
8. Public Financial Management Performance Measurement Framework, World Bank,

June 2005
9. Quality Assurance in Financial Auditing, A Handbook, IDI-ASOSAI, 2009
10. Handbook on Quality Assurance in Performance Auditing, IDI-ASOSAI, 2011
11. Quality Assurance Handbook, IDI-AFROSAI-E, 2007
12. Auditing Standards, Guide issued by Office of the Auditor General, Nepal
13. Strategic Plan 2010-2012, Office of the Auditor General
335
Glossary of terms
Terms Definitions
An international and independent body which aims at promoting the
ASOSAI exchange of ideas and experience between Asian Audit Institutions in
the sphere of public auditing.
Accounting A series of actions which is considered to be part of the total internal
Control System control system concerned with realising the accounting goals of the
entity. This includes compliance with accounting and financial policies
and procedures, safeguarding the entity's resources and preparing
reliable financial reports.
Administrative A series of actions, being an integral part of the internal control system,
Control System concerned with administrative procedures needed to make managerial
decisions, realise the highest possible economic and administrative
efficiency and ensure the implementation of administrative policies,
whether related to financial affairs or otherwise.
Audited Entity The organisation, agency, program, activity, area or function subject to
audit by the Supreme Audit Institution (SAI).
Audit Evidence Information that forms the foundation which supports the auditor's or
SAI's opinions, conclusions or reports.
Audit Mandate The auditing responsibilities, powers, discretions and duties conferred
on a SAI under the constitution or other lawful authority of a country.
Audit Methodology is how SAI codifies its standards and practices that are to
Methodology be followed by auditors in carrying out their works.
Audit Objective A precise statement of what the audit intends to accomplish and/or the
question the audit will answer. This may include financial, regularity or
performance issues.
Audit Planning Defining the objectives, setting policies and determining the nature,
scope, extent and timing of the procedures and tests needed to achieve
the objectives.
Audit Procedures Tests, instructions and details included in the audit program to be
carried out systematically and reasonably.
Audit Program Audit requirements and procedures necessary to implement the audit
objectives and to make assessments against audit criteria.
Audit risk The converse of assurance is audit risk. This is the risk that the auditor
will reach the wrong conclusion regarding the financial statements
being examined - i.e. that the auditor fails to express a reservation on
financial statements that are in fact materially misstated.
Audit Sampling Statistically based techniques that extrapolate from specific cases to
make assertions about the population as a whole and are used when it is
not feasible to analyse entire population e.g. invoices/vouchers,
elements of internal control systems, agency units, etc.
Audit Scope The framework or limits and subjects of the audit.
Auditing Auditing standards provide minimum guidance for the auditor that
Standards helps determine the extent of audit steps and procedures that should be
applied to fulfil the audit objective. They are the criteria or yardsticks
against which the quality of the audit results is evaluated.
336
CAATTs Computer Assisted Audit Techniques and Tools are computer-based
tools and techniques which permit auditors to increase their
productivity as well as that of the audit function in gathering audit
evidence by exploiting the power and speed of computer.
Client The term client refers to the public entity or entities subject to audit or
other work by the SAI (e.g. the audited organisation).
Due Care The appropriate element of care and skill which a trained auditor would
be expected to apply having regard to the complexity of the audit task,
including careful attention to planning, gathering and evaluating
evidence, and forming opinions, conclusions and making
recommendations.
Economy Minimising the cost of resources used for an activity, having regard to
the appropriate quality.
Effectiveness The extent to which objectives are achieved and the relationship
between the intended impact and the actual impact of an activity.
Efficiency The relationship between the output, in terms of goods, services or
other results, and the resources used to produce them.
Engagement The term engagement refers to the work carried out in exercising the
functions of the SAI (for example, a financial audit under the relevant
jurisdiction of each SAI).
Engagement The term engagement partner refers to the employee, chartered
partner accountant or other suitably qualified person who is responsible for the
works, and for the report that is issued on behalf of the Head of the SAI,
in accordance with the policies and procedures of the SAI.
Financial Systems The procedures for preparing, recording and reporting reliable
information concerning financial transactions.
Findings, Findings are the specific evidence gathered by the auditor to satisfy the
Conclusions and audit objectives; conclusions are statements deduced by the auditor
Recommendations from those findings; recommendations are courses of action suggested
by the auditor relating to the audit objectives.
Firm The term firm refers to the SAI as a whole. Where the Head of the SAI
appoints an employee, a chartered accountant or auditing partnership, or
other suitably qualified person to carry out audits or other works, the
firm refers to the combination of the Head of the SAI, the person
appointed to carry out the audits or other work and, if applicable, the
firm of which the person appointed is a partner, member or employee.
Independence The freedom of the SAI in auditing matters to act in accordance with its
audit mandate without external direction or interference of any kind.
Internal Audit The functional means by which the managers of an entity receive an
assurance from internal sources that the processes for which they are
accountable are operating in a manner which will minimise the
probability of the occurrence of fraud, error or inefficient and
uneconomic practices. It has many of the characteristics of external
audit but may properly carry out the directions of the level of
management to which it reports.
337
Internal Control The whole system of financial and other controls, including the
organizational structure, methods, procedures and internal audit,
established by management within its corporate goals, to assist in
conducting the business of the audited entity in a regular economic,
efficient and effective manner; ensuring adherence to management
policies; safeguarding assets and resources; securing the accuracy and
completeness of accounting records; and producing timely and reliable
financial and management information.
INTOSAI An international and independent body which aims at promoting the
exchange of ideas and experience between Supreme Audit in the sphere
of public financial control.
Legal Authority Legal Authority means laws, regulations, orders, directives, circulars, or
other documents having the force of law.
Materiality and In general terms, a matter may be judged material if knowledge of it
Significance would be likely to influence the user of the financial statements or the
(Material) performance audit report. Materiality is often considered in terms of
value but the inherent nature or characteristics of an item or group of
items may also render a matter material--for example, where the law or
some other regulation requires it to be disclosed separately regardless of
the amount involved. In addition to materiality by value and by nature,
a matter may be material because of the context in which it occurs. For
example, considering an item in relation to the overall view given by
the accounts; the total of which it forms a part; associated terms; the
corresponding amount in previous years. Audit evidence plays an
important part in the auditor's decision concerning the selection of
issues and areas for audit and the nature, timing and extent of audit tests
and procedures.
Opinion The auditor's written conclusions on a set of financial statements as the
result of a financial or regularity audit.
Peer Peers are trusted individuals who are senior and experienced in their
own organizations and whose recommendations carry authority. Peers
come from a range of SAIs to provide a range of viewpoints.
Peer Review Peer reviews are systematic reviews to assess the extent to which an
SAI is achieving its goals and the standards it has adopted to meet
these. Peer reviews may encompass one part of an SAI s activities, for
example, its regularity audits, or range more widely across the whole of
its functions, such as strategic planning, human resource management
and internal and external communications. They can play a useful role
in identifying areas where further development is needed.
Performance An audit of the economy, efficiency and effectiveness with which the
Audit audited entity uses its resources in carrying out its responsibilities.
Public The obligations of persons or entities, including public enterprises and
Accountability corporations, entrusted with public resources to be answerable for the
fiscal, managerial and program responsibilities that have been conferred
on them, and to report to those that have conferred these responsibilities
on them.
338
Quality Quality assurance is an assessment process focusing on the operation of
Assurance the quality control system. It is a review completed after the audit by
persons who are independent of the audit under review. Quality
assurance necessarily involves the examination of specific audits.
However, the purpose of the review is not to criticize specific audits.
Rather, it is to determine what controls were intended to be applied to
those audits, how those controls were implemented, any gaps in the
controls, and other ways of improving the audit quality system.
Quality Quality management is concerned with all activities of the overall
Management management function that determine the quality policy, objectives and
responsibilities and implement them by means such as quality planning,
quality control, quality assurance and quality improvement within the
quality system of the SAI.
Quality Control Quality control is a process through which an SAI seeks to ensure that
all phases of an audit (planning, execution, reporting, and follow-up)
are carried out in compliance with the SAI's rules, practices, and
procedures. A quality control system should ensure that audits are
timely, comprehensive, adequately documented, and performed and
reviewed by
qualified staff.
Reciprocal Peer If one SAI performs a peer review at a partner SAI to be reviewed by
Review this SAI in return this mutual exercise is called a reciprocal peer review.
Regularity Audit Attestation of financial accountability of accountable entities, involving
examination and evaluation of financial records and expression of
opinions on financial statements; attestation of financial accountability
of the government administration as a whole; audit of financial systems
and transactions, including an evaluation of compliance with applicable
statutes and regulations; audit of internal control and internal audit
functions; audit of the probity and propriety of administrative decisions
taken within the audited entity; and reporting of any other matters
arising from or relating to the audit that the SAI considers should be
disclosed.
Report The auditor's written opinion and other remarks on a set of financial
statements as the result of a financial or regularity audit or the auditor's
findings on completion of a performance audit.
Stakeholder Parties that are affected by the entity, such as shareholders, the
communities in which the entity operates, employees, customers and
suppliers.
Supervision An essential requirement in auditing which entails proper leadership,
direction and control at all stages to ensure a competent, effective link
between the activities, procedures and tests that are carried out and the
aims to be achieved.
SAI The public body of a State which, however designated, constituted or
organised, exercises by virtue of law the highest public auditing
function of that State.
339

Review Quality Assurance PDF

Uploaded by

Copyright:

Available Formats

Review Quality Assurance PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Review Quality Assurance PDF

Uploaded by

Copyright:

Available Formats

Quality Assurance Review Handbook, 2012 Office of the Auditor General, Nepal

Purpose and Overview

1.4 Quality Assurance Review

1.5 Quality Assurance Review versus Quality Control

1.6 Benefits of the QAR

1.7 Quality Standards and Guidelines

1.7.2 International Standards of Supreme Audit Institutions (ISSAIs)

1.7.3 ASOSAI Guidelines

1.8.1 Independence, objectivity and impartiality

An external review is performed by an independent entity to evaluate whether OAGN’s

Feedback from the audited entity and/or other external stakeholders

1.9.5 Pre-issuance QAR

While pre-issuance QARs may be conducted on all audits, it is more common to

1.9.6 Post audit QAR

1.10.1 Planning Phase

Understand Identify key areas Decide

Define roles and Estimate Prepare QAR plan

Figure 1: Planning of QAR

1.10.2 Conducting Phase

Figure 2: Conducting of QAR

Figure 3: Reporting of QAR

Figure 4: Follow up of QAR

3 Documentation review is reading records or documents either visually or

2.4.2 Creating Awareness among Staff on QA

2.6.3 Team Members

2.7 Skills and Competencies of QA Staffs

2.7.2 Team Leader

• QA Follow-up Action Plan

Approved Date: 31th December 2012

3.1 Purpose and Overview

Quality Controls for SAIs (ISSAI 40)

An SAI should establish policies and procedures designed to promote an

(b) Elements 2: Relevant ethical requirements

Application guidance for SAIs:

(d) Element 4: Human resources

• Peer Review Guideline (ISSAI 5600)

Peer Review Guideline (ISSAI 5600)

Selection of partner SAIs

Peer review agreement (MoU)

Scope and contents of the peer review

Files and other documents

Timing of communication and discussions

Support of the peer review

3.3.2 SAI-QMS Framework suggested by IDI

WIDER SAI ENVIRONMENT

(Results: Outputs &

LEADERSHIP & INTERNAL GOVERNANCE

SAI INDEPENDENCE & LEGAL FRAMEWORK

SAI INDEPENDENCE & LEGAL

WIDER SAI ENVIRONMENT

Domain of Desired Condition Good International Practices

External The SAI should establish and Sustain effective working

Diagram 1: SAI-QMS framework with its elements

The above structure is explained below:

Figure 7: Human Resource domain with its key elements

The above structure is explained below:

Figure 8: Domain of Audit Standards, Methodology and Audit Performance

The above structure is explained below:

The above structure is explained below: