Guidelines on Audit Quality
This article discusses newly developed guidelines on audit quality that set out specific measures that an SAI should take to ensure high quality in its audit work. These guidelines are applicable to all types of SAIs and all types of audits.
Recently, concerns have arisen about the reliability of audit activity in the private sector. Since an SAI’s work is, in many ways, comparable to that of a private firm, the heads of the former network of SAIs of Central and Eastern European countries, Cyprus, Malta, Turkey, and the European Court of Auditors (ECA)1 agreed, at their annual meeting in Limassol, Cyprus, in 2001, that quality in the audit process should be discussed, studied, and reported upon.
The liaison officers of Hungary, Malta, and Poland (authors of this article) were appointed as an expert group for an initial study to
The expert group circulated a questionnaire in 2002 to obtain information about the state of quality management systems in participant countries and other advanced SAIs. Based on an analysis of replies, a report was completed and presented to the heads of SAIs at their Bucharest meeting in December 2002.
After discussing the report, the heads of SAIs extended the mandate of the expert group and requested that it prepare comprehensive and detailed guidelines on audit quality. Representatives of the French Court of Accounts—Anne-Marie Boutin and Christophe Perron—joined the expert group and contributed to the elaboration of the guidelines during 2003-2004.
SIGMA2 (http://www.sigmaweb.org) was asked to provide technical support during both the preparation of the report and the elaboration of the guidelines. In particular, Nick Treen, SIGMA’s Senior Advisor for Audit and Financial Control (Nicolasjohn.firstname.lastname@example.org), made a valuable contribution as coordinator of the cooperation.
The guidelines on audit quality were presented at the last meeting of the heads of the former network of SAIs in Riga, Latvia, in April 2004. This body approved the document and recommended that it be forwarded to the Contact Committee of European Union (EU) SAIs and to the INTOSAI and EUROSAI general secretariats for their information and consideration. The Contact Committee of EU SAIs approved a slightly amended version of the guidelines during the annual meeting in Luxembourg in December 2004.
Overview of the Guidelines
The guidelines contain four sections:
The guidelines are intended to apply to all SAIs, both courts and offices, and to all audits, both regularity and performance. However, the authors are well aware that wide variations exist within these categories of SAIs and audits.
Each guideline is accompanied by explanatory text to help the reader understand why that guideline is needed and what it seeks to accomplish.
Quality Control–“Hot Review”
Quality control is a process through which an SAI seeks to ensure that all phases of an audit (planning, execution, reporting, and follow-up) are carried out in compliance with the SAI’s rules, practices, and procedures.
A quality control system should ensure that audits are timely, comprehensive, adequately documented, and performed and reviewed by qualified staff. In this context, quality takes account of the following factors, among others:
Direction, supervision, and review must be present in each phase of an audit to ensure quality. The qualifications and experience of the audit team should be considered in deciding the type and extent of direction, supervision, or review.
The selection and timing of audits may depend on
The guidelines then set forth recommended procedures to be followed in audit planning, audit execution, audit reporting, and audit follow-up. Key points includethe following:
Quality Assurance–“Cold Review”
Quality assurance is an assessment process focusing on the operation of the quality control system. It is a review completed after the audit by persons who are independent of the audit under review.
Quality assurance necessarily involves the examination of specific audits. However, the purpose of the review is not to criticize specific audits. Rather, it is to determine what controls were intended to be applied to those audits, how those controls were implemented, any gaps in the controls, and other ways of improving the audit quality system.
There are four main types of quality assurance:
One approach to internal review is establishing a separate office, independent from the audit units, reporting directly to either the president in an audit office or the relevant collegium in a court of audit. Another possible approach is having staff members from
different structural units, independent from the audit being reviewed, conducting reviews. In either case, the reviewer selects a sample of audits, examines them in detail, and reports the results along with recommendations for improvement.
In external review, a private audit firm might be asked to review a sample of attestation audits. A management consulting firm or academic experts could be asked to review selected performance audits.
Peer review assesses the extent to which an SAI meets international standards. Such a review generally involves experienced auditors from other SAIs. SIGMA has organized peer reviews of the SAIs in new EU member states and in candidate countries. Other peer reviews have resulted from agreements between particular SAIs or groups of SAIs.
The guidelines include checklists to facilitate internal, external, or peer reviews and to help ensure the comparability of assessments.
Feedback from auditees can help the SAI understand auditees’ needs and expectations.
The guidelines recommend an annual quality assurance report for each SAI to sum up general findings and recommendations for improvement.
The SAI’s management is responsible for establishing, operating, maintaining, and improving the quality management system to ensure that the SAI is competently organized to deliver high-quality work, irrespective of the type of SAI and the type of audit it performs. It is also responsible for creating an environment conducive to consistent high quality and continuous improvement, requiring it to give high priority to
Individual auditors and managers play key roles in the performance of audits. SAIs should spend time, energy, and budgetary resources on managing their human resources. An essential element is a strategy for recruiting and selecting new staff members. The SAI should seek excellence in the people it employs, anticipate its future needs, and recruit staff to fill those needs.
SAIs should also provide effective training, including
An SAI should also give attention to the career development of its personnel through effective performance appraisal systems and individual development plans.
SAI management should allocate resources to minimize institutional risks. Not all audits are equally difficult and risky. Inappropriate management of those risks can undermine the SAI’s credibility. The SAI’s management should establish a procedure for assessing institutional risks that considers
To maximize its effectiveness, an SAI should establish good contacts and cooperate with Parliament and its committees, the Ministry of Finance and other line ministries, the media, and private sector auditors, among others. This requires a clear strategy in each case.
The annexes include a list of reference documents received from international and national organizations. Also included is information on quality control for regularity audits by the International Federation of Accountants and for performance audits by INTOSAI, as well as the audit quality checklists noted previously.
Audit quality is an increasingly important issue and should be a useful area of exchange of national experiences. The authors hope that the guidelines on audit quality will facilitate future discussions of this issue. For example, the 7th ASOSAI Research Project, Audit Quality Management System, which started in 2004 (see the ASOSAI Web page for details).