Technical Articles

International Journal of Government Auditing – October 2012

INTOSAI’s New Fundamental Auditing Principles

Over the next year, INTOSAI will define a new set of fundamental auditing principles.

The XX INCOSAI in Johannesburg in 2010 launched the first full set of ISSAIs. The fundamental auditing principles (ISSAIs 100-999) comprise level 3 of the ISSAI framework. Through the South Africa declaration on ISSAIs, the congress encouraged all INTOSAI members to use the ISSAIs as a common frame of reference for public sector auditing, measure their performance against them, and implement them in accordance with national legislation. With these decisions, INTOSAI set a new and higher goal for its role as a standard setter. Furthermore, since the ISSAIs are a collection of documents developed by many different working groups and committees over a long period of time, INTOSAI also moved to address the outstanding challenge of harmonizing the ISSAIs and ensuring consistency in the ISSAI framework.

The planned launch of a new set of fundamental auditing principles in 2013 will be the first and most crucial step towards more consistent and credible standards. The new principles will provide the international SAI community with an updated common definition of public sector auditing and a common platform that SAIs can use to define their individual auditing approach in line with their legal mandates and national systems. The new principles will also provide the foundation for the full system of guidelines on different auditing tasks that INTOSAI will continue to provide through the ISSAI framework.

Tony Blair, the former British prime minister, is said to have told his staff, “There is nothing important that cannot be explained in 1 page.” Readers who share this preference will benefit from the “Spotlight on ISSAIs” column on page 15 of this issue, which summarizes current information on the new fundamental auditing principles. However, for those of us who can afford the luxury of taking a little more time—or who perhaps just lack the acumen of a prime minister and his staff —this article provides further explanation and background on why INTOSAI needs to revise the fundamental auditing principles.

Professionalism, Credibility, and Quality

The purpose of INTOSAI’s standard setting is to promote professionalism, credibility, and quality in public sector auditing. Establishing a new framework for professional standards was a key objective of goal 1 of INTOSAI’s strategic plan for 2004–2010. Therefore, between 2005 and 2007, the INTOSAI Professional Standards Committee (PSC) gathered all existing INTOSAI documents on auditing and related matters. These were classified and numbered according to a set of principles under two new names: International Standards of Supreme Audit Institutions (ISSAI) and INTOSAI Guidance for Good Governance (INTOSAI GOV). The text of the 1992 INTOSAI auditing standards was divided into four ISSAIs under the heading “fundamental auditing principles,” and it was foreseen that they would need to be revised in the future.

Today, INTOSAI has a comprehensive set of ISSAIs covering financial, performance, and compliance auditing and an established due process for INTOSAI professional standards that defines how ISSAIs are developed, maintained, revised, and withdrawn. We have mutually committed relationships with other standard setters, such as the International Federation of Accountants (IFAC) and the Institute of Internal Auditors (IIA), and have received support from international donors to develop and implement the standards. The next step—and a key PSC goal for the XXI INCOSAI in 2013—is to revise the auditing standards text from 1992, which has been surpassed by a range of newer ISSAIs. These include ISSAI 10: Mexico Declaration on SAI Independence (2007), ISSAI 20: Principles of Transparency and Accountability (2010), and ISSAI 40: Quality Control for SAIs (2010), as well as new guidelines on financial, compliance, and performance auditing. The new set of fundamental auditing principles will fill the gap between ISSAI 1: The Lima Declaration and the new ISSAI 1000-4999 auditing guidelines on financial, performance, and compliance auditing and reflect what public sector auditing is today.

Launching a new set of fundamental auditing principles is, therefore, a necessary step if INTOSAI wishes to maintain its role as a credible standard setter, and it will also strengthen the ISSAIs as a set of standards that SAIs can implement and refer to. There are four specific reasons why it is important for SAIs that INTOSAI have a credible standard setting process:

The ISSAIs safeguard and promote effective independent auditing: The ISSAIs provide an authoritative reference that works to safeguard and promote effective independent auditing in all countries, including those where independence cannot be taken for granted. The recognition of INTOSAI’s role reached a new level in December 2011 when the United Nations General Assembly adopted Resolution A/66/209, Promoting the efficiency, accountability, effectiveness and transparency of public administration by strengthening Supreme Audit Institutions, and referred to the Lima and Mexico Declarations. The ISSAIs reflect the fact that independence and other SAI privileges are not an end in themselves but rather prerequisites for effective auditing. In many countries, international standards increasingly shape the practices of the auditing profession, and SAIs are also increasingly expected to follow generally recognized standards and practices. INTOSAI’s standard setting enables us to define appropriate professional standards for public sector auditing that can influence stakeholder expectations and shape the future of our profession.

The ISSAIs provide professional identity and a common language: The SAI community includes different organizations composed of lawyers, economists, accountants, and many others who serve as magistrates, ministers, comptrollers general, auditors, civil servants, and other positions with equally distinguished titles within their specific national setting. Our standards provide a common frame of reference that expresses our core principles and shared values as an international profession. They also provide the common set of concepts that facilitate cooperation and mutual sharing of experiences within INTOSAI.

The ISSAIs provide credibility: SAIs work in environments where their conclusions are not always warmly received—even if they may be well founded. Conducting an audit in accordance with international standards adds credibility to the audit and reported conclusions. The ISSAIs may also provide a persuasive argument when the SAI’s competency or audit scope is questioned: The ISSAIs mean that, for example, economy, efficiency, and effectiveness are internationally recognized concepts in public sector audits.

The ISSAIs support quality: The ISSAIs are a tool to ensure audit quality. They provide professional guidance that SAIs can use to develop their audit approach and a benchmark that the SAI can be measured against in peer reviews. They may also be used as the basis for audit manuals or for internal evaluation and control of audit quality.

Why Fundamental Auditing Principles?

Between 2005 and 2009, the PSC Steering Committee discussed the levels and function of the ISSAI framework. A survey in 2007 showed that three-quarters of the SAIs used INTOSAI’s standards. The standards were generally used in combination with other international, regional, or national standards. This highlighted the proliferation of standards and guidelines from different sources that the SAI community is facing. It is therefore the ambition of the PSC to contribute to international harmonization and work to clarify similarities and differences between private and public sector auditing.

Only about half of the SAIs that reported the use of international standards (either INTOSAI or other standards) referred to them in their audit reports. For other SAIs, the international standards had a range of additional functions important to the credibility and quality of audits, including development of methodology, educational purposes, development of national standards, and relations with stakeholders.

To meet the different needs within the INTOSAI community, the ISSAIs provide auditing guidance on two levels: the fundamental auditing principles (ISSAIs 100-999), which express the essence of public sector auditing, and the auditing guidelines (ISSAIs 1000-5999), which translate the fundamental auditing principles into more specific, detailed, and operational guidance. These guidelines draw on guidance from other standard setters; most notably—as a result of INTOSAI Governing Board decisions in 2002–2004—the financial audit guidelines include the IFAC International Standards on Auditing.

The PSC Steering Committee considers it highly important that the new revised principles support all INTOSAI members and acknowledge the different ways in which SAIs work. Consequently, in 2009–2010, we mapped the legal mandates of 37 selected SAIs to see how legal provisions defined their audits. PSC members representing INTOSAI’s regional groups did the mapping, and the SAIs were selected to represent the existing diversity in SAI models, systems, size, and functions. The results of the mapping indicated that almost all mandated audit tasks fall into the three general categories of financial, performance, and compliance auditing. However, the SAI mandates defined, combined, and further specified these categories in many different ways. ISSAI 100 will, therefore, provide the most general principles and concepts relevant to all public sector audits. The more specific principles for financial, performance, and compliance auditing in ISSAIs 200, 300, and 400 will supplement those in ISSAI 100 in a way that recognizes that these principles may not be equally relevant for all SAIs or all audits.

The new fundamental auditing principles will be aimed at auditors but also be accessible to a wider external audience. Even though they will not fully satisfy Tony Blair’s 1-page requirement mentioned above, they will still be very brief and readable in comparison to the approximately 1000 pages of auditing guidelines. This will increase the ISSAIs’ value as an authoritative source in SAI stakeholder dialogue with ministries, parliamentary committees, or others to whom the SAI leadership may wish to explain international definitions of public sector auditing.

The Proposed Text of the New ISSAI 100

Since the XX INCOSAI, the members of the ISSAI Harmonization Project Group have worked hard to develop the text of the new principles. In addition to the chair (Denmark), the project group includes members from the PSC’s Financial Audit Subcommittee (Sweden, the U.K., and the United States), the Performance Audit Subcommittee (Brazil, Sweden, and Austria) and the Compliance Audit Subcommittee (Norway, the European Court of Auditors, and Slovakia), as well as the chair (South Africa) and vice chair (China) of INTOSAI’s Governing Board and the chairs of the Knowledge Sharing Committee (India) and the Task Force on SAI’s Information Database (Mexico).

As announced in this issue’s “Spotlight on ISSAIs,” the draft of the new ISSAI 100 (along with that of ISSAI 300) has been posted on the ISSAI website ( All INTOSAI members and others who wish to are invited to comment on these drafts until February 15, 2013.

The new ISSAI 100 will be the principal entry point to ISSAI auditing guidance and a hub for the rest of the ISSAI framework. The ISSAI states that public sector auditing is essential to providing independent, objective, and reliable information to legislatures, oversight bodies, those charged with governance, and the public. It notes that public sector auditing contributes to improved public sector administration in many ways.

The document also (1) details information on the objectives of public sector audits, confidence and assurance, and the types of public sector auditing (financial, performance, and compliance) and (2) provides the principles to be applied in audits.

The principles recognize that SAIs conduct their audits according to different national, regional, or international auditing standards that may be issued by the SAI or adopted from another source or may be the ISSAI 1000-4999 financial, performance, and compliance auditing guidelines. Therefore, the ISSAIs can be referred to in two principal ways: audit reports may state either that the audit was conducted in accordance with a national standard based on ISSAI fundamental auditing principles or that the audit was conducted in accordance with the ISSAIs. In the latter case, the auditing guidelines for financial, performance, or compliance auditing are applied as the authoritative standard.

In this way, the project group and the PSC Steering Committee have ensured a high degree of flexibility whereby each SAI can define its own approach and use the standards relevant within its context. At the same time, the new principles ensure transparency for the users of SAI reports. Perhaps most importantly, the new ISSAI 100 recognizes that in spite of all the differences in systems, mandates, and auditing approaches, certain fundamental principles of public sector auditing unite all of INTOSAI.

For additional information, contact the author at