international standards to be observed by public auditors concerning fraud and corruption, helena...
Upload: support-for-improvement-in-governance-and-management-sigma-oecd
Post on 19-Jul-2015
28 views
TRANSCRIPT
© OECD
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
The role of the Court of Accounts in
preventing and fighting fraud and corruption
International standards to be observed by public auditors concerning fraud and
corruption
Helena Abreu Lopes
Member of the Court of Auditors
Portugal
Algiers, 8-9 April 2015
ISSAI 10 The Mexico Declaration on SAI Independence
ISSAI 12 Values and benefits of SAIs
ISSAI 20 Principles of Transparency and Accountability
ISSAI 30 Code of Ethics
ISSAI 40 Quality Control for SAIs
ISSAI 1 The Lima Declaration
ISSAI 100 Public Sector Auditing
ISSAI 200 Financial auditing
ISSAI 300 Performance Auditing
ISSAI 400 Compliance Auditing
General auditing guidelines:
ISSAI 1000-2999 Financial Auditing Guidelines
ISSAI 3000-3999 Performance Audit Guidelines
ISSAI 4000-4999 Compliance Audit Guidelines
Specific guidelines:
ISSAI 5000-5099 International Institutions
ISSAI 5100-5199 Environmental Audit
ISSAI 5200-5299 Privatisation
ISSAI 5300-5399 IT-audit
ISSAI 5400-5499 Audit of Public Debt
ISSAI 5500-5599 Audit of Disaster-related Aid
ISSAI 5600-5699 Peer Reviews
ISSAI 5700-5799 Audit of Corruption Prevention
ISSAI 5800- 5899 Cooperative audits between SAIs
Level 2: Prerequisites for the
functioning of SAIs
Level 3: Fundamental Auditing
Principles
Level 4: Auditing guidelines
ISSAI FRAMEWORK
Level 1: Founding Principles
ISSAI 1240 – auditor’s responsibilities
relating to fraud
ISSAI 5530 – adapting audit procedures
to the increasing risk of fraud and
corruption
Draft ISSAI 5700 – audit of corruption
prevention
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAIs: references to fraud and corruption
Some tensions
• Public vs private audit (Practice Notes vs ISAs)
• ISSAI levels 1&2 vs levels 3&4
• Principal vs incidental approach
• Mandates and model of SAIs: Auditor Generals vs Courts of Accounts
2
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 100 & draft 5700
Public sector auditing contributes to good governance and to prevent fraud and corruption
3
• Provides independent, objective and reliable information on public
management
• Enhances transparency, accountability, improvement and
confidence in the use of public funds and assets
• Favours that public bodies and public servants act effectively,
efficiently, ethically and in accordance with laws and regulations
• Supports those bodies with monitoring and corrective functions
over public management
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAIs 200 & 1240
The primary responsibility for the prevention and detection of fraud lies with those charged
with governance and management of the audited body
4
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 1
SAIs
Reveal deviations from accepted standards and violations of legality (…) of financial management in order to:
• Promote that preventive and corrective actions are taken
• Call for responsibilities to be accepted
• Obtain compensations
(if necessary by approaching authorities responsible for taking the necessary measures)
5
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 10
• SAIs should respond appropriately, in accordance with their mandates, to the risks of financial impropriety, fraud and corruption, for example by promoting mechanisms to address them.
• SAIs’ communication should contribute to stakeholders’ awareness of the need for transparency and accountability in the public sector
6
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 100, 200 & 1240
Financial audit • Is the financial information presented according with the
applicable financial reporting and regulatory framework and free from material misstatement due to fraud or error?
• The management of the audited body is responsible to implement the internal controls needed to make sure that financial statements are free from misstatements due to fraud or error
• The auditor should assess the risks of material misstatements due to fraud, act appropriately to address them and obtain reasonable assurance that the statements are free from material misstatement due to fraud
7
• By mandate or to keep up with public expectations, objectives of a financial audit in the public sector are often broader and may include audit and reporting on findings of fraud or non-compliance with laws, regulations or other authorities
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 100, 400, 4000, 4100 & 4200
Compliance audit • Are activities/transactions/reports/information in
compliance with applicable rules, laws, regulations, budgetary resolutions, policy, codes, agreed terms and/or general principles?
• Great degree of international diversity in organising and reporting on compliance audit
• Although, due to the inherent limitations of an audit, there is an unavoidable risk that errors, irregularities and illegal acts may occur and not be detected, the audit should be designed to provide reasonable assurance that those situations don’t significantly affect the audit objectives
8
• SAI’s special compliance audit responsibilities may include activities related to suspected fraud and corruption
• Courts of Accounts are usually mandated to communicate compliance deviations to appropriate bodies or open processes leading to judgements, identifying responsible agents and offences
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 100 & 300
Performance audit
• Are interventions, programmes and/or institutions performing in accordance with the principles of economy, efficiency and effectiveness and is there room for improvement?
• SAIs may conduct combined audits incorporating financial, compliance and/or performance aspects
9
• When planning and conducting a performance audit, auditors should assess the risk of fraud and examine whether there are signs of irregularities that hamper performance
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 5530
Carrying out audits which take account of the risks of fraud and corruption depends on SAI’s
individual mandates
10
(Adapting audit procedures to take account of the increased risk of fraud
and corruption in the emergency phase following a disaster)
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAI 5530 SAIs can:
• Audit whether NIS (national integrity system) functions as it should to prevent
and deter fraud and corruption and point out the importance of strenghtening this system
• Examine and recommend development and improvement of anti-fraud and corruption strategies and controls(prevention, detection, response)
• Audit their country’s implementation of anti-corruption international agreements
• Conduct joint, coordinated or parallel audits with other SAIs
• Engage in participatory auditing
11
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
SAIs can:
• Ensure that adequate follow-up is given to their observations and recommendations on fraud and corruption so that preventive measures are rapidly adopted
• Work closely with civil society organisations , media and parliament to enhance due account of its audit findings and recommendations
• Encourage effective and culturally appropriate complaint mechanisms for staff and beneficiaries and adequate protection for whistle-blowers (hotlines, tip-offs)
• Set a good example to other areas of government by assessing the quality of their own integrity system, being transparent about the results of the assessment and making public the follow-up action
12
ISSAI 5530
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
• SAI of Norway: Audit of the internal control systems in the Defence procurement area, including the impartiality of staff
• Cc Belgium: Audit of the integrity policy in federal tax departments
• ECA: Audit of the management of the conflict of interest situations in EU agencies
• NAO Malta: Audit “Addressing Social Benefit Fraud”
• Netherlands CA: Audit of how effective investigation and prosecution of tax fraud, social security fraud and horizontal fraud is working
• UK NAO: Report on Making a Whistleblowing Policy Work
• OLACEFS: SAI’s Toolbox for Corruption Control
13
Some examples
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
Exposure Draft ISSAI 5700
• The role of SAIs in the fight against corruption
• Concept, causes and types of corruption
• Components of preventing and fighting corruption (organisation, risk assessment, delimitation of duties, job rotation, supervision, decision making, internal control, cooperation with anti-corruption agencies, and inspectors general, training, codes of conduct, monitoring, reporting)
14
Guideline for the audit of corruption prevention in government agencies
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
INTOSAI GOV 9100-9160
• Guidelines for internal control standards for the public sector
• Guidance for reporting on the effectiveness of internal controls
• Foundation for accountability in government
• Entity risk management
• Internal audit independence in the public sector
• Coordenation and cooperation between SAIs and internal auditors in the public sector
• Enhancing good governance for public assets (draft)
15
INTOSAI Guidance for Good Governance
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
INTOSAI WGEA
• Forms of fraud and corruption, examples
• Risk factors
• Risk assessments
• Suggested audit procedures
• Evidence, documentation and reporting
16
Addressing fraud and corruption issues when auditing environmental and natural resource
management: guidance for SAIs
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAIs 100, 200, 400, 1000, 1240, 4100, 4200 & 5530
While and even if detecting fraud or corruption is not the main objective of SAI’s audits, auditors should:
• Include fraud and corruption risk factors in their risk assessments
• Perform procedures to respond to the identified risks
• 0btain sufficient appropriate audit evidence
• Remain alert to indications of fraud and corruption throughout the whole audit process
17
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
ISSAIs 200, 1000, 4100, 4200 & 5530
• The auditor is expected to obtain reasonable assurance as to whether the financial statements, taken as a whole, are free from material misstatement, whether due to fraud or error
• But the auditor cannot be expected to detect all breaches of laws and regulations. There is an unavoidable risk that fraud, corruption or other unlawful acts may occur and not be detected by auditors, moreover because acts are designed to intentionally conceal existence.
18
• While private sector auditors are not responsible for preventing non-compliance, public sector auditors may have addittional responsibilities related to compliance with laws and regulations
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
19
CONDUCTING THE AUDIT
REPORTING
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
1. Conduct risk assessment by: (ISSAIs 100.47, 1240, 1315 & 5530)
• Discussing where and how the increased risks of fraud and corruption may be manifested and how they can be relevant to the audit objectives
• Consulting relevant information from permanent files and databases (reported fraud, media reports, complaints, stakeholder feedback, information from regulators, prosecutors, investigative agencies, complaint officers, whistle blowers, other auditors, outcomes of investigations or audits)
• Considering information obtained in prior periods and changes introduced
20
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
1. Conduct risk assessment by: (ISSAIs 100.47, 1240 & 1315)
• Inquiring management, internal audit, oversight bodies and others about knowledge of any actual, suspected or alleged fraud affecting the entity
• Analysing information in sensitive areas, v.g. f revenue recognition, procurement or payment of grants, to identify unusual or unexpected transactions, events or relationships
21
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
1. Conduct risk assessment by: (ISSAIs 100.47, 1240, 1315 & 5530)
• Listing type of fraud and corruption risks identified, their potential significance, the likelyhood of their occurence and how they are perceived
• Inquiring management on their assessment, identification and response to risks of fraud (relevant internal controls)
• Analysing oversight exercised over management
• Evaluating preventive and detective controls, mechanisms for dealing with cases of suspected fraud or corruption and arrangements for complaints and whistleblowing
• Reviewing ethics management practices in the audited body (culture of honesty and ethical behaviour)
22
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
2. Conduct risk assessment by: (ISSAIs 100.47, 1240, 1315 & 5530)
• Assessing the fraud and corruption risks listed against the operation of the internal controls identified and the quality of the anti-fraud environment
• Determining which risks are addressed by the controls in place and which and to what extent the other risks remain exposed.
23
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
3. Identify potential high risk areas and evaluate fraud risk factors (ISSAIs 100.47, 1240, 1315, 4100, 4200 & 5530)
• Identify events or conditions that indicate incentive, pressure, opportunity or rationale to commit fraud or corruption. Exs:
- Privatisations, grants and benefits to 3rd parties, procurement, PPP
- Budget reductions
- Hierarquical structures
- Political ties and loyalties
- Exercise of public officials’ power
- Deficiencies in internal control
- Weak IT systems
- Unrecording of assets
- Low salaries
24
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
3. Evaluate fraud risk factors (ISSAIs 100.47, 1240, 1315, 4100, 4200 & 5530)
• Auditors should analyse the nature and type of risk factors and understand where key viulnerabilities to fraud and corruption lie
• Red Flags: indicators of increased risk of fraud and corruption due to circumstances that are unusual in nature or vary from normal activity. It is a signal that something is out of the ordinary and may need to be investigated further
25
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
3. Examine red flags in high risk areas
• Appendixes to ISSAI 1240
• Appendixes to ISSAIs 4100 & 4200
• Part 3 of ISSAI 5530 (Risks and red flags)
• EU CC PPWG checklist for financial and compliance audit of public procurement
• Addressing Fraud and Corruption Issues when Auditing Environmental and Natural Resource Management: Guidance for Supreme Audit Institutions
26
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
AUDIT PLANNING
3. Evaluate fraud risk factors (ISSAI 5530)
• List the red flags relevant for the concrete audit, to be used and updated during planning and conducting the audit
• Examine whether they are valid indicators of risk for the case and whether they are adressed by controls in operation
• Where there is doubt, the risk remains high and audit procedures should be adapted accordingly
27
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330 & 5530)
Design audit procedures adequate to the risks identified
Assign specialised staff (forensic, IT, engineering)
Incorporate unpredictability in the selection of the nature, timing and extent of audit procedures (surprise factor)
Include physical observation or inspection of certain assets or activities
Use computer assisted audit techniques to extend testing and gather more evidence
Test the integrity of computer-produced records and transactions
28
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330, 4100 & 5530)
Inquire individuals involved about inappropriate or unusual activities and investigate their resourcing
Obtain additional (external and internal) corroborative information
Select and test risky operations
Test controls
Adapt the timing and extent of substantive procedures
Increase sample sizes
Perform analytical procedures at a more detailed or disaggregated level
29
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330, 4100 & 5530)
Reevaluate/review potentially biased management estimates (use experts)
Evaluate the rationale and process of unusual transactions (real-estate, land swaps, PPP, privatisation of public services, debt operations, guarantees)
Review budget process and budget adjustments
Confirm contract terms and look for side agreements
Obtain evidence that contracts are being carried out in accordance with their terms
Review travel and expense reports
30
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330, 4100 & 5530)
Review excessive or unusual amounts of overtime
Perform substantive testing of payroll accounts
Review hiring procedures and controls
Investigate inconsistencies
Investigate further about documents that may not be authentic or that may have been modified (confirm, use experts)
Obtain written representation from management
31
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
2. Evaluate the audit evidence (ISSAIs 1200, 1240, 1315, 1330, 4100, 4200 & 5530)
Be attentive to previously unrecognised risks
Evaluate whether a misstatement is indicative of fraud
An instance of fraud is unlikely to be an isolated occurence
Evaluate possible involvement of management and collusion involving employees, management or third parties
Reevaluate risks and audit procedures if needed
32
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
2. Evaluate the audit evidence (ISSAIs 1200, 1240, 1315, 1330, 4100, 4200 & 5530)
Identify circumstances that indicate the possibility of fraud:
– Abnormal budget processes
– Discrepancies in the accounting records
– Unauthorised transactions
– Significant transfer of transactions between funds and/or programs
– Significant non-delivery
– Unjustified access to systems and records
– Unauthorised use of assets
– Equipment or assets subject or susceptible to personal use
– Loss of materials used in confidential government processes
33
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
2. Evaluate the audit evidence (ISSAIs 400, 1200, 1240, 1315, 1330, 4100, 4200 & 5530)
Identify circumstances that indicate the possibility of fraud:
– Abuse of public authority
– Misreporting on compliance issues
– Complaints about alleged fraud
– Missing or altered documents
– Unexplained items on reconciliations
– Inconsistent, vague or implausible responses
– Unusual discrepancies
– Missing or non-existant cancelled checks
– Grants not reaching the originally intended recipient
– Revolving doors
34
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
3. Apply materiality (ISSAIs 200, 1000, 1450, 4100 & 4200)
Uncorrected misstatements should be evaluated for materiality, individually or in aggregate, to determine what effect they may have on the opinion to be given in the auditor’s report
The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below quantitative materiality. That is the case of fraud and corruption
Public sector auditors’s responsibilities may not be limited to the risk of material misstatements due to fraud and may include aspects of non-compliance and control deviation
35
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT 4. Audit documentation and evidence: (ISSAIs 1240, 1230, 1315, 1330 & 5530)
Discussions on fraud risks
Identified and assessed fraud risks
Reasons for not addressing risks
Nature, timing and extent of audit procedures and their link to risks
Results of audit procedures (incl. witnesses, physical evidences, observations)
All documents presented by staff in support of recorded transactions, internal auditor reports, interviews, inspections and observations, questionnaires, documents from external sources, results of analytical reviews and expert opinions
Communications about fraud to management, those charged with governance and others
36
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
CONDUCTING THE AUDIT
4. Audit documentation and evidence: (ISSAIs 200, 4100, 4200 & 5530)
• In cases where SAI mandates require auditors to stop audit work and hand the details over to the appropriate investigate or prosecuting authorities when there is suspicion of fraud or corruption, the audit evidence should be carefully collected together and clearly presented to those authorities
• Some SAIs have the option of putting together teams including both auditors and investigators
• In Courts of Accounts there may be specific requirements to follow precise procedures related to rules of evidence
37
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 400, 1000, 1240, 4100 & 5530)
• The way in which the audit results are presented depend on the mandate of the SAI, the audit objectives and the approach used
• Whether or not individual cases of suspected fraud and corruption are detected, SAIs’ mandates include the requirement to report on the increased risks of fraud and corruption and to recommend improvements
38
• In situations where the auditors are convinced that fraud or corruption has occurred, but can find no evidence of that, they can indicate the existence of opportunities for fraud or corruption and suggest ways in which corrective action can be taken to minimise or diminish them
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 400, 1000, 1240, 4100 & 5530)
• By mandate, requirements or public expectations, public sector
auditors may have responsibilities :
– To report all instances of non-compliance, even where inconsequencial
– To report on all identified internal control deficiencies
– To order that any instances of non-compliance be corrected
– To follow-up that appropriate action has been taken
– To take actions when offences are discovered
39
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 1000, 1240, 4100 & 5530)
• Public sector auditors do not normallly have the option to withdraw from an audit engagement . In case of suspected or confirmed fraud in financial audit they must consider the impact on the audit opinion (ISSAIs 1450 & 1700) – material unlawful acts normally result in a modified audit conclusion
40
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 1000, 1240, 4100 & 5530)
• According to circumstances, identified or suspected fraud may be communicated to management, those charged with governance and/or legislature
• There may be a duty to refer indications of fraud and criminal offenses to jurisdictional or investigative bodies (prosecutors, police) and even cooperate with them to determine if fraud, abuse or crime has ocurred. The public auditor’s legal responsibilities to report the occurence or suspicion of fraud to supervisory, regulatory and/or enforcement authorities may override the duty of confidentiality
41
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 400, 1240, 4100 & 5530)
• Some SAIs can extend their own work or initiate a special investigation alongside the statutory audit
• SAIs with jurisdictional powers pronounce judgements and sanctions on those responsible for financial offences (reimbursements, fines or other penalties)
• An instruction phase to gather enough judicial evidence can be a part of the audit or an autonomous process
42
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 200, 400, 1240, 4100 & 5530)
SAI’s jurisdictional responsibilities may give rise to additional considerations:
– Identify the individuals to be held responsible for acts
– Consider periods relevant for personal liability
– Clearly identify criteria and amounts involved
– Gather additional and preferably written evidence
– Comply with relevant rules of evidence
– Liaise with prosecutors
– Follow due process of law
– Public hearing and disclosure
43
A j
oin
t i
nit
iati
ve o
f th
e O
EC
D a
nd
th
e E
uro
pe
an
Un
ion
,
pri
nc
ipall
y f
ina
nced
by t
he
EU
REPORTING (ISSAIs 400, 1240, 4100 & 5530)
• Making cases of fraud and corruption public may have an important deterrent effect
• But caution is needed with unconfirmed cases, which usually need a court of law decision, and auditors must also take care to avoid interfering with any future legal proceedings or investigations
• There may be requirements for separate, classified or restricted reports
• Auditors must be familiar with applicable laws and regulations on reporting, communicating and documenting indications or suspicions of fraud
• They should consider the need to obtain legal advice in issues regarding indications and communication of fraud
44