international standards to be observed by public auditors concerning fraud and corruption, helena...

© OECD

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

The role of the Court of Accounts in

preventing and fighting fraud and corruption

International standards to be observed by public auditors concerning fraud and

corruption

Helena Abreu Lopes

Member of the Court of Auditors

Portugal

Algiers, 8-9 April 2015

ISSAI 10 The Mexico Declaration on SAI Independence

ISSAI 12 Values and benefits of SAIs

ISSAI 20 Principles of Transparency and Accountability

ISSAI 30 Code of Ethics

ISSAI 40 Quality Control for SAIs

ISSAI 1 The Lima Declaration

ISSAI 100 Public Sector Auditing

ISSAI 200 Financial auditing

ISSAI 300 Performance Auditing

ISSAI 400 Compliance Auditing

General auditing guidelines:

ISSAI 1000-2999 Financial Auditing Guidelines

ISSAI 3000-3999 Performance Audit Guidelines

ISSAI 4000-4999 Compliance Audit Guidelines

Specific guidelines:

ISSAI 5000-5099 International Institutions

ISSAI 5100-5199 Environmental Audit

ISSAI 5200-5299 Privatisation

ISSAI 5300-5399 IT-audit

ISSAI 5400-5499 Audit of Public Debt

ISSAI 5500-5599 Audit of Disaster-related Aid

ISSAI 5600-5699 Peer Reviews

ISSAI 5700-5799 Audit of Corruption Prevention

ISSAI 5800- 5899 Cooperative audits between SAIs

Level 2: Prerequisites for the

functioning of SAIs

Level 3: Fundamental Auditing

Principles

Level 4: Auditing guidelines

ISSAI FRAMEWORK

Level 1: Founding Principles

ISSAI 1240 – auditor’s responsibilities

relating to fraud

ISSAI 5530 – adapting audit procedures

to the increasing risk of fraud and

corruption

Draft ISSAI 5700 – audit of corruption

prevention

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAIs: references to fraud and corruption

Some tensions

• Public vs private audit (Practice Notes vs ISAs)

• ISSAI levels 1&2 vs levels 3&4

• Principal vs incidental approach

• Mandates and model of SAIs: Auditor Generals vs Courts of Accounts

2

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 100 & draft 5700

Public sector auditing contributes to good governance and to prevent fraud and corruption

3

• Provides independent, objective and reliable information on public

management

• Enhances transparency, accountability, improvement and

confidence in the use of public funds and assets

• Favours that public bodies and public servants act effectively,

efficiently, ethically and in accordance with laws and regulations

• Supports those bodies with monitoring and corrective functions

over public management

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAIs 200 & 1240

The primary responsibility for the prevention and detection of fraud lies with those charged

with governance and management of the audited body

4

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 1

SAIs

Reveal deviations from accepted standards and violations of legality (…) of financial management in order to:

• Promote that preventive and corrective actions are taken

• Call for responsibilities to be accepted

• Obtain compensations

(if necessary by approaching authorities responsible for taking the necessary measures)

5

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 10

• SAIs should respond appropriately, in accordance with their mandates, to the risks of financial impropriety, fraud and corruption, for example by promoting mechanisms to address them.

• SAIs’ communication should contribute to stakeholders’ awareness of the need for transparency and accountability in the public sector

6

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 100, 200 & 1240

Financial audit • Is the financial information presented according with the

applicable financial reporting and regulatory framework and free from material misstatement due to fraud or error?

• The management of the audited body is responsible to implement the internal controls needed to make sure that financial statements are free from misstatements due to fraud or error

• The auditor should assess the risks of material misstatements due to fraud, act appropriately to address them and obtain reasonable assurance that the statements are free from material misstatement due to fraud

7

• By mandate or to keep up with public expectations, objectives of a financial audit in the public sector are often broader and may include audit and reporting on findings of fraud or non-compliance with laws, regulations or other authorities

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 100, 400, 4000, 4100 & 4200

Compliance audit • Are activities/transactions/reports/information in

compliance with applicable rules, laws, regulations, budgetary resolutions, policy, codes, agreed terms and/or general principles?

• Great degree of international diversity in organising and reporting on compliance audit

• Although, due to the inherent limitations of an audit, there is an unavoidable risk that errors, irregularities and illegal acts may occur and not be detected, the audit should be designed to provide reasonable assurance that those situations don’t significantly affect the audit objectives

8

• SAI’s special compliance audit responsibilities may include activities related to suspected fraud and corruption

• Courts of Accounts are usually mandated to communicate compliance deviations to appropriate bodies or open processes leading to judgements, identifying responsible agents and offences

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 100 & 300

Performance audit

• Are interventions, programmes and/or institutions performing in accordance with the principles of economy, efficiency and effectiveness and is there room for improvement?

• SAIs may conduct combined audits incorporating financial, compliance and/or performance aspects

9

• When planning and conducting a performance audit, auditors should assess the risk of fraud and examine whether there are signs of irregularities that hamper performance

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 5530

Carrying out audits which take account of the risks of fraud and corruption depends on SAI’s

individual mandates

10

(Adapting audit procedures to take account of the increased risk of fraud

and corruption in the emergency phase following a disaster)

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAI 5530 SAIs can:

• Audit whether NIS (national integrity system) functions as it should to prevent

and deter fraud and corruption and point out the importance of strenghtening this system

• Examine and recommend development and improvement of anti-fraud and corruption strategies and controls(prevention, detection, response)

• Audit their country’s implementation of anti-corruption international agreements

• Conduct joint, coordinated or parallel audits with other SAIs

• Engage in participatory auditing

11

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

SAIs can:

• Ensure that adequate follow-up is given to their observations and recommendations on fraud and corruption so that preventive measures are rapidly adopted

• Work closely with civil society organisations , media and parliament to enhance due account of its audit findings and recommendations

• Encourage effective and culturally appropriate complaint mechanisms for staff and beneficiaries and adequate protection for whistle-blowers (hotlines, tip-offs)

• Set a good example to other areas of government by assessing the quality of their own integrity system, being transparent about the results of the assessment and making public the follow-up action

12

ISSAI 5530

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

• SAI of Norway: Audit of the internal control systems in the Defence procurement area, including the impartiality of staff

• Cc Belgium: Audit of the integrity policy in federal tax departments

• ECA: Audit of the management of the conflict of interest situations in EU agencies

• NAO Malta: Audit “Addressing Social Benefit Fraud”

• Netherlands CA: Audit of how effective investigation and prosecution of tax fraud, social security fraud and horizontal fraud is working

• UK NAO: Report on Making a Whistleblowing Policy Work

• OLACEFS: SAI’s Toolbox for Corruption Control

13

Some examples

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

Exposure Draft ISSAI 5700

• The role of SAIs in the fight against corruption

• Concept, causes and types of corruption

• Components of preventing and fighting corruption (organisation, risk assessment, delimitation of duties, job rotation, supervision, decision making, internal control, cooperation with anti-corruption agencies, and inspectors general, training, codes of conduct, monitoring, reporting)

14

Guideline for the audit of corruption prevention in government agencies

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

INTOSAI GOV 9100-9160

• Guidelines for internal control standards for the public sector

• Guidance for reporting on the effectiveness of internal controls

• Foundation for accountability in government

• Entity risk management

• Internal audit independence in the public sector

• Coordenation and cooperation between SAIs and internal auditors in the public sector

• Enhancing good governance for public assets (draft)

15

INTOSAI Guidance for Good Governance

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

INTOSAI WGEA

• Forms of fraud and corruption, examples

• Risk factors

• Risk assessments

• Suggested audit procedures

• Evidence, documentation and reporting

16

Addressing fraud and corruption issues when auditing environmental and natural resource

management: guidance for SAIs

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAIs 100, 200, 400, 1000, 1240, 4100, 4200 & 5530

While and even if detecting fraud or corruption is not the main objective of SAI’s audits, auditors should:

• Include fraud and corruption risk factors in their risk assessments

• Perform procedures to respond to the identified risks

• 0btain sufficient appropriate audit evidence

• Remain alert to indications of fraud and corruption throughout the whole audit process

17

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

ISSAIs 200, 1000, 4100, 4200 & 5530

• The auditor is expected to obtain reasonable assurance as to whether the financial statements, taken as a whole, are free from material misstatement, whether due to fraud or error

• But the auditor cannot be expected to detect all breaches of laws and regulations. There is an unavoidable risk that fraud, corruption or other unlawful acts may occur and not be detected by auditors, moreover because acts are designed to intentionally conceal existence.

18

• While private sector auditors are not responsible for preventing non-compliance, public sector auditors may have addittional responsibilities related to compliance with laws and regulations

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

19

CONDUCTING THE AUDIT

REPORTING

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

1. Conduct risk assessment by: (ISSAIs 100.47, 1240, 1315 & 5530)

• Discussing where and how the increased risks of fraud and corruption may be manifested and how they can be relevant to the audit objectives

• Consulting relevant information from permanent files and databases (reported fraud, media reports, complaints, stakeholder feedback, information from regulators, prosecutors, investigative agencies, complaint officers, whistle blowers, other auditors, outcomes of investigations or audits)

• Considering information obtained in prior periods and changes introduced

20

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

1. Conduct risk assessment by: (ISSAIs 100.47, 1240 & 1315)

• Inquiring management, internal audit, oversight bodies and others about knowledge of any actual, suspected or alleged fraud affecting the entity

• Analysing information in sensitive areas, v.g. f revenue recognition, procurement or payment of grants, to identify unusual or unexpected transactions, events or relationships

21

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING


• Listing type of fraud and corruption risks identified, their potential significance, the likelyhood of their occurence and how they are perceived

• Inquiring management on their assessment, identification and response to risks of fraud (relevant internal controls)

• Analysing oversight exercised over management

• Evaluating preventive and detective controls, mechanisms for dealing with cases of suspected fraud or corruption and arrangements for complaints and whistleblowing

• Reviewing ethics management practices in the audited body (culture of honesty and ethical behaviour)

22

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING


• Assessing the fraud and corruption risks listed against the operation of the internal controls identified and the quality of the anti-fraud environment

• Determining which risks are addressed by the controls in place and which and to what extent the other risks remain exposed.

23

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

3. Identify potential high risk areas and evaluate fraud risk factors (ISSAIs 100.47, 1240, 1315, 4100, 4200 & 5530)

• Identify events or conditions that indicate incentive, pressure, opportunity or rationale to commit fraud or corruption. Exs:

- Privatisations, grants and benefits to 3rd parties, procurement, PPP

- Budget reductions

- Hierarquical structures

- Political ties and loyalties

- Exercise of public officials’ power

- Deficiencies in internal control

- Weak IT systems

- Unrecording of assets

- Low salaries

24

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

3. Evaluate fraud risk factors (ISSAIs 100.47, 1240, 1315, 4100, 4200 & 5530)

• Auditors should analyse the nature and type of risk factors and understand where key viulnerabilities to fraud and corruption lie

• Red Flags: indicators of increased risk of fraud and corruption due to circumstances that are unusual in nature or vary from normal activity. It is a signal that something is out of the ordinary and may need to be investigated further

25

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

3. Examine red flags in high risk areas

• Appendixes to ISSAI 1240

• Appendixes to ISSAIs 4100 & 4200

• Part 3 of ISSAI 5530 (Risks and red flags)

• EU CC PPWG checklist for financial and compliance audit of public procurement

• Addressing Fraud and Corruption Issues when Auditing Environmental and Natural Resource Management: Guidance for Supreme Audit Institutions

26

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

AUDIT PLANNING

3. Evaluate fraud risk factors (ISSAI 5530)

• List the red flags relevant for the concrete audit, to be used and updated during planning and conducting the audit

• Examine whether they are valid indicators of risk for the case and whether they are adressed by controls in operation

• Where there is doubt, the risk remains high and audit procedures should be adapted accordingly

27

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330 & 5530)

Design audit procedures adequate to the risks identified

Assign specialised staff (forensic, IT, engineering)

Incorporate unpredictability in the selection of the nature, timing and extent of audit procedures (surprise factor)

Include physical observation or inspection of certain assets or activities

Use computer assisted audit techniques to extend testing and gather more evidence

Test the integrity of computer-produced records and transactions

28

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


1. Audit procedures: address the assessed risks and gather audit evidence (ISSAIs 100.47, 1240, 1315, 1330, 4100 & 5530)

Inquire individuals involved about inappropriate or unusual activities and investigate their resourcing

Obtain additional (external and internal) corroborative information

Select and test risky operations

Test controls

Adapt the timing and extent of substantive procedures

Increase sample sizes

Perform analytical procedures at a more detailed or disaggregated level

29

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU



Reevaluate/review potentially biased management estimates (use experts)

Evaluate the rationale and process of unusual transactions (real-estate, land swaps, PPP, privatisation of public services, debt operations, guarantees)

Review budget process and budget adjustments

Confirm contract terms and look for side agreements

Obtain evidence that contracts are being carried out in accordance with their terms

Review travel and expense reports

30

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU



Review excessive or unusual amounts of overtime

Perform substantive testing of payroll accounts

Review hiring procedures and controls

Investigate inconsistencies

Investigate further about documents that may not be authentic or that may have been modified (confirm, use experts)

Obtain written representation from management

31

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


2. Evaluate the audit evidence (ISSAIs 1200, 1240, 1315, 1330, 4100, 4200 & 5530)

Be attentive to previously unrecognised risks

Evaluate whether a misstatement is indicative of fraud

An instance of fraud is unlikely to be an isolated occurence

Evaluate possible involvement of management and collusion involving employees, management or third parties

Reevaluate risks and audit procedures if needed

32

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


2. Evaluate the audit evidence (ISSAIs 1200, 1240, 1315, 1330, 4100, 4200 & 5530)

Identify circumstances that indicate the possibility of fraud:

– Abnormal budget processes

– Discrepancies in the accounting records

– Unauthorised transactions

– Significant transfer of transactions between funds and/or programs

– Significant non-delivery

– Unjustified access to systems and records

– Unauthorised use of assets

– Equipment or assets subject or susceptible to personal use

– Loss of materials used in confidential government processes

33

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


2. Evaluate the audit evidence (ISSAIs 400, 1200, 1240, 1315, 1330, 4100, 4200 & 5530)

Identify circumstances that indicate the possibility of fraud:

– Abuse of public authority

– Misreporting on compliance issues

– Complaints about alleged fraud

– Missing or altered documents

– Unexplained items on reconciliations

– Inconsistent, vague or implausible responses

– Unusual discrepancies

– Missing or non-existant cancelled checks

– Grants not reaching the originally intended recipient

– Revolving doors

34

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


3. Apply materiality (ISSAIs 200, 1000, 1450, 4100 & 4200)

Uncorrected misstatements should be evaluated for materiality, individually or in aggregate, to determine what effect they may have on the opinion to be given in the auditor’s report

The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below quantitative materiality. That is the case of fraud and corruption

Public sector auditors’s responsibilities may not be limited to the risk of material misstatements due to fraud and may include aspects of non-compliance and control deviation

35

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

CONDUCTING THE AUDIT 4. Audit documentation and evidence: (ISSAIs 1240, 1230, 1315, 1330 & 5530)

Discussions on fraud risks

Identified and assessed fraud risks

Reasons for not addressing risks

Nature, timing and extent of audit procedures and their link to risks

Results of audit procedures (incl. witnesses, physical evidences, observations)

All documents presented by staff in support of recorded transactions, internal auditor reports, interviews, inspections and observations, questionnaires, documents from external sources, results of analytical reviews and expert opinions

Communications about fraud to management, those charged with governance and others

36

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


4. Audit documentation and evidence: (ISSAIs 200, 4100, 4200 & 5530)

• In cases where SAI mandates require auditors to stop audit work and hand the details over to the appropriate investigate or prosecuting authorities when there is suspicion of fraud or corruption, the audit evidence should be carefully collected together and clearly presented to those authorities

• Some SAIs have the option of putting together teams including both auditors and investigators

• In Courts of Accounts there may be specific requirements to follow precise procedures related to rules of evidence

37

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

REPORTING (ISSAIs 200, 400, 1000, 1240, 4100 & 5530)

• The way in which the audit results are presented depend on the mandate of the SAI, the audit objectives and the approach used

• Whether or not individual cases of suspected fraud and corruption are detected, SAIs’ mandates include the requirement to report on the increased risks of fraud and corruption and to recommend improvements

38

• In situations where the auditors are convinced that fraud or corruption has occurred, but can find no evidence of that, they can indicate the existence of opportunities for fraud or corruption and suggest ways in which corrective action can be taken to minimise or diminish them

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

REPORTING (ISSAIs 200, 400, 1000, 1240, 4100 & 5530)

• By mandate, requirements or public expectations, public sector

auditors may have responsibilities :

– To report all instances of non-compliance, even where inconsequencial

– To report on all identified internal control deficiencies

– To order that any instances of non-compliance be corrected

– To follow-up that appropriate action has been taken

– To take actions when offences are discovered

39

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

REPORTING (ISSAIs 200, 1000, 1240, 4100 & 5530)

• Public sector auditors do not normallly have the option to withdraw from an audit engagement . In case of suspected or confirmed fraud in financial audit they must consider the impact on the audit opinion (ISSAIs 1450 & 1700) – material unlawful acts normally result in a modified audit conclusion

40

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


• According to circumstances, identified or suspected fraud may be communicated to management, those charged with governance and/or legislature

• There may be a duty to refer indications of fraud and criminal offenses to jurisdictional or investigative bodies (prosecutors, police) and even cooperate with them to determine if fraud, abuse or crime has ocurred. The public auditor’s legal responsibilities to report the occurence or suspicion of fraud to supervisory, regulatory and/or enforcement authorities may override the duty of confidentiality

41

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


• Some SAIs can extend their own work or initiate a special investigation alongside the statutory audit

• SAIs with jurisdictional powers pronounce judgements and sanctions on those responsible for financial offences (reimbursements, fines or other penalties)

• An instruction phase to gather enough judicial evidence can be a part of the audit or an autonomous process

42

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU


SAI’s jurisdictional responsibilities may give rise to additional considerations:

– Identify the individuals to be held responsible for acts

– Consider periods relevant for personal liability

– Clearly identify criteria and amounts involved

– Gather additional and preferably written evidence

– Comply with relevant rules of evidence

– Liaise with prosecutors

– Follow due process of law

– Public hearing and disclosure

43

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

REPORTING (ISSAIs 400, 1240, 4100 & 5530)

• Making cases of fraud and corruption public may have an important deterrent effect

• But caution is needed with unconfirmed cases, which usually need a court of law decision, and auditors must also take care to avoid interfering with any future legal proceedings or investigations

• There may be requirements for separate, classified or restricted reports

• Auditors must be familiar with applicable laws and regulations on reporting, communicating and documenting indications or suspicions of fraud

• They should consider the need to obtain legal advice in issues regarding indications and communication of fraud

44

international standards to be observed by public auditors concerning fraud and corruption, helena...

Government & Nonprofit

fraud issai

principles issai

accountability issai

privatisation issai

financial auditing issai

performance auditing

environmental audit

public sector auditing