Establishing an Audit Quality Management System

Establishing an Audit Quality Management System

[pic] THEME 1: ESTABLISHING AN AUDIT QUALITY MANAGEMENT SYSTEM WITHIN A SUPREME AUDIT INSTITUTION PRINCIPAL PAPER Prepared by: State Audit Office, Hungary (chair) European Court of Auditors National Audit Office, Malta National Audit Office, Denmark Accounts Chamber, Russian Federation February 2007 Table of Contents INTRODUCTION5 Achieving excellence in audit activity5 Glossary7 Chapter I: Leadership9 Leadership and Supreme Audit Institutions9 Leadership’s main factors for ensuring audit quality10 Chapter II: Strategy and Planning13 Strategic planning13 Operational planning14

Chapter III: Human Resource Management17 Human resource planning18 HRM policies and procedures18 Job descriptions18 Employee recruitment and selection18 Staff training and development19 Performance appraisals and recognition19 Employee remuneration and benefits20 Chapter IV: Building Quality into the Audit Process21 Audit standards21 Guidelines, procedures and methods21 Supervision and review22 Support22 Chapter V: External Relations25 Audited organisations25 Parliament and its committees26 Media and the general public27 International organisations and other SAIs27 Chapter VI: Continuous Development and Improvement29

Continuous review and monitoring29 Post-audit quality review30 Self-assessment of the organisation30 Other ways of continuous development and improvement within the organisation31 External opinions31 Concluding Remarks33 Reference Documents35 Collection of Questions37 Introduction 1. THE EUROSAI GOVERNING BOARD DECIDED TO DISCUSS AUDIT QUALITY DURING THE VII EUROSAI CONGRESS IN KRAKOW DUE TO BE HELD BETWEEN 2 AND 5 JUNE 2008. IT WAS ALSO AGREED UPON THAT THE SUBJECT OF THEME I OF THE CONGRESS WOULD BE ‘ESTABLISHING AN AUDIT QUALITY MANAGEMENT SYSTEM WITHIN A SUPREME AUDIT INSTITUTION’.

DISCUSSIONS ON THEME I WILL PROVIDE EUROSAI MEMBER INSTITUTIONS WITH INSIGHTS ON THE PRINCIPLES AND PRACTICES OF AN EFFECTIVE QUALITY MANAGEMENT SYSTEM. IN LINE WITH THIS OBJECTIVE, A GOOD PRACTICE GUIDE WILL BE DEVELOPED AND SUBMITTED TO THE VII EUROSAI CONGRESS FOR APPROVAL. 2. The purpose of this Principal Paper is to give an overview to EUROSAI members in the preparation of their respective country papers. EUROSAI member institutions should describe, in these papers, their individual audit quality management systems, including the key elements presented in this

Principal Paper. Achieving excellence in audit activity 3. The Lima Declaration of Guidelines on Auditing Precepts lists the following specific objectives of auditing as being necessary for the stability and the development of states: • the proper and effective use of public funds; • the development of sound financial management; • the proper execution of administrative activities; and • the communication of information to public authorities and the general public through the publication of objective reports.

From the point of view of stakeholders, the acceptance of the audit conclusions and recommendations depends on the trust in the Supreme Audit Institution (SAI) itself and the audit activities undertaken. Therefore, the SAI should seek to develop systems and methods to assure excellence in their work and outcomes. 4. The process of establishing, implementing and continuously developing a quality management system within an SAI can contribute to ensuring trust with stakeholders. The fundamental goal of setting up such a system is to guarantee consistent good quality of audit work and outcomes.

An effective quality management system also leads to the development and maintenance of a comprehensive framework that regulates those factors and conditions that have a direct impact on audit activity. 5. An SAI is in a better position to deliver quality results if it has a properly managed quality management system in place. For a quality management system to function effectively, it is of utmost importance that standards, procedures and guidelines are appropriately defined at all control levels of an SAI.

Furthermore, the characteristics that ensure excellence in audit work (namely significance, reliability, objectivity, relevance, timeliness, clarity, efficiency and effectiveness) must also be determined, monitored and ensured. Elements of the quality management system 6. The quality management system associated with the audit activity is composed of the following elements: • Leadership is the key factor in developing the mission, vision, values, ethics and culture of the organisation and acting as role models of excellence. Strategy and Planning define how the organisation implements its vision and mission. This is achieved through the SAI’s strategies, policies, plans, objectives, targets and processes. • Human resource management is one of the core components in the establishment of an integrated quality management system and is essential in the development of an internal culture based on quality, excellence and continuous improvement. • Building quality into the audit process is vital to improve the credibility and performance of the SAI. It comprises elements (e. g. tandards, guidelines, procedures, methods, support) that ensure effective implementation, supervision and review in all phases of the audit work. • External relations with stakeholders provide independent sources of information on audit quality, and form an objective basis for quality assessment of the audit activity of an SAI. • Continuous development and improvement is a management approach that consistently ensures the high quality of audit results and the satisfaction of stakeholders through appropriate measures, established procedures and methods.


The audit subject can be | | |significant from various aspects. For instance, the impact of the performance of the audited area, organisation, | | |activity or project can be considerable on the society or on major policy issues. | | |Reliability: Audit findings and conclusions should accurately reflect actual conditions of the audit being carried| | |out and are in compliance with established standards and procedures.

All assertions included in the audit report | | |should be adequately supported by sufficient and appropriate audit evidence. | | |Objectivity: An audit should be performed in an impartial and fair manner without favour or prejudice. The | | |assessment and opinion of auditors should be based exclusively on facts and on sound analysis of, or comparison | | |with, requirements and criteria stipulated by legal regulations or defined in any other ways. | |Relevance: The audit plan / programme should properly address – in accordance with the audit objectives – all | | |elements needed for the successful completion of an audit. In the course of the execution of an audit, all | | |provisions of the audit plan / programme should be appropriately and completely implemented. | | |Timeliness: Audit results (audit reports and qualifying opinions) should be delivered at an appropriate time.

This| | |may involve meeting the deadline stipulated by legal regulations or – in a wider sense – it may mean that audit | | |results are delivered when they are needed for a policy decision or when they are the most useful in correcting | | |management weaknesses. | | |Clarity: Audit observations, findings, and conclusions included in the audit report should be presented in a clear| | |and concise manner. It also means that an audit report should be well arranged and logically structured.

Audit | | |findings, conclusions, and recommendations should be introduced in a way that is brief and easily understandable | | |for the users of the audit results, such as members of Parliament and other executives who may not be experts of | | |the audited subject but may need to act taking the content of the audit report into account. | | |Efficiency and effectiveness: Resources utilised during the audit should be proportional to the achieved results. | |Audit results should have appropriate impact in order to prevent and correct discrepancies and material errors, | | |enhance performance, and to improve management and regulation systems. | |Quality assurance |Policies, systems and procedures established by SAIs to maintain a high standard of audit activity. Quality | | |assurance is process-centric aiming at the future development of the quality of audit and at the elimination of | | |shortcomings.

It deals with all steps and techniques that auditors must follow to assure high audit quality and to| | |provide potential ways of strengthening or improving quality in the audit activity. | |Quality control |Requirements applicable to the day-to-day management of audit assignments. Quality control is product-centric in | | |the course of which an SAI intends to fulfil quality requirements. It attempts to make sure that the results of | | |audit are what were expected. |Quality Management |All activities of the overall management function that determine the quality policy, objectives and | | |responsibilities, as well as their implementation (through e. g. quality planning, quality control, quality | | |assurance and quality improvement) within the quality system of the SAI. | |Quality management |The planned activities of an organisation that are carried out in order to regulate and improve its processes for | |system |the better fulfilment of the needs of its stakeholders and to improve the efficiency of operations. |Quality policy |The overall intentions and direction of an organisation related to quality as formally expressed and documented by| | |the SAI. | |Review |There are two types of reviews: | | |Cold (ex post) reviews are the essence of the posteriori quality assurance function and are undertaken on a test | | |basis once audits have been closed. | | |Hot (real time) reviews are those procedures (e. g. upervision, working paper review) that are required by SAIs | | |for the implementation of the quality control process during the course of the audit. Responsibility for the | | |quality control starts with the individual auditor and then passes through the hierarchy. | |Stakeholders |Those who have an interest, whether financial or other, in the activities and decisions of the organisation, for | | |example, citizens, clients, employees, the general public, inspection agencies, the media, suppliers, etc.

The | | |Government represented by elected (or appointed) leaders and public organisations are also stakeholders. | |Vision |A statement that describes how the organisation expects to be in the future. This includes what an organisation | | |wants to do and where it wants to go. | Chapter I: Leadership 1. MANAGEMENT CONCEPTS IDENTIFY LEADERSHIP AS ONE OF THE KEY FACTORS FOR ENSURING QUALITY, IN PARTICULAR FOR ORIENTING THE ORGANISATION TOWARDS RESULTS AND FOR ACHIEVING COST-EFFECTIVENESS. . Leadership styles are well conceptualised and studied in the private sector domain. In the public sector, there is an increased interest in leadership and how it could contribute to increasing efficiency and accountability. Current prospects in public management models (e-government, PPP, etc. ) continue to stress the role of leadership in driving the modernisation of the public organisations. 3. Various internationally accepted documents highlight the importance of leadership: Principle 2 (Leadership) of ISO 9000:2000 Quality Management Principles states that: “Leaders establish unity of purpose and direction of the organisation. They should create and maintain the internal environment in which people can become fully involved in achieving the organisation’s objectives”. • The European Foundation for Quality Management (EFQM) Excellence Model, considers that “Excellence is visionary and inspirational leadership, completed with consistency of purpose. Excellent organisations have leaders who set and communicate a clear direction for their organisation”. The Common Assessment Framework (CAF) places leadership as one of the five ‘Enablers’ criteria which determine how an organisation performs. 4. The aim of this Chapter is to present how leadership has been considered in the context of SAIs, and to identify the main features of leadership that contribute to enhance audit quality. Leadership and Supreme Audit Institutions 5. SAIs have followed the general trend of reform of the public sector, although with some delays and with different degrees in the introduction of innovative measures.

This is due, in particular, to the constitutional position of such institutions and to the inherent characteristics of the audit function in the public sector. During this reform process within SAIs, they should have taken into account essential leadership features such as: independence, relationships with Parliament and government, ethics, communication, etc. These are already considered in the Lima Declaration of Guidelines on Auditing Precepts, as well as the INTOSAI Code of Ethics and Auditing Standards.

Some SAIs have recently undertaken self-assessment and peer-review exercises, within this context, in the course of which leadership has been the subject of detailed evaluation and concrete proposals for improvement. 6. According to the International Standards on Quality Control (ISQC-1) issued by the International Federation of Accountants (IFAC) in the Handbook of International Auditing, Assurance, and Ethics Pronouncements the quality control system of the SAI should include policies and procedures addressing (among other elements) leadership responsibilities for quality.

These policies and procedures should be designed to promote an internal culture based on the recognition that quality is essential in performing engagements; and to require the Head of the SAI or, if appropriate, the decision-making board of the SAI, to assume ultimate responsibility for the quality control system. The internal culture is promoted by setting example, communication, recognition and rewards of quality and by ensuring that responsibility is assigned to persons who have an appropriate experience, ability and authority. . A document on Audit Quality issued by the Audit and Assurance Faculty of the Institute of Chartered Accountants in England & Wales, identifies leadership as one of the major factors driving audit quality. Leaders need to support audit quality and promote a quality culture throughout the organisation. They have to ensure that they communicate the importance they attach to the issue to their staff and their stakeholders.

The key aspects of good leadership are setting the strategies and objectives; recognising the commonality of commercial and professional approaches; ensuring the organisation will deliver the required quality; setting the right tone at the top; and ensuring that quality is consistently communicated. 8. The Guidelines on Audit Quality, adopted in December 2004 by the EU Contact Committee, refer to the need to develop leadership and management skills and proficiencies in connection to human resources.

Leadership’s main factors for ensuring audit quality 9. Although there are different types of SAIs, it is possible to identify some common factors determining how leadership within an SAI is designed and exerted for ensuring audit quality and excellence. These factors are as follows: • Give a direction to the organisation: develop and communicate vision, mission and values.

This involves, among others, translating the SAIs’ mandate into vision and mission statements; establishing a value framework and codes of conduct; setting strategic and operational objectives and actions; involving stakeholders in these processes; adjusting to changes in the external environment; and communicate to employees and stakeholders. • Develop and implement a system for managing the organisation.

This embraces developing organisational structures and processes in accordance with the institutional status of the SAI, with the tasks of the organisation and with the expectations of the stakeholders; defining appropriate management levels, functions, responsibilities and autonomy; developing and agreeing on measurable objectives and goals for all levels of the organisation; giving direction on output and outcome targets; developing a system of operational targeting or performance measuring in the organisation. • Motivate and support the people in the organisation and act as a role model.

This factor includes: leading by example; demonstrating personal willingness to change by accepting constructive feedback and suggestions; acting in accordance with established objectives and values; keeping employees informed about significant issues; supporting employees to help them attain their plans and objectives in support of organisational objectives; stimulating and encouraging the delegation of responsibilities; encouraging and supporting employees to make suggestions for innovation and improvement and to be proactive in their daily work; encouraging mutual trust and respect; stimulating training and improvement activities; recognizing and rewarding the efforts. • Manage the relations with politicians and other stakeholders with due regard to the SAI`s independence.

This will involve: maintaining proactive and regular relations with the political authorities of the executive and legislative areas; developing partnerships and networks with important stakeholders; seeking public awareness, reputation and recognition of the SAI; developing the concept of marketing (product and service targeted); taking part in the activities of professional associations and representative organisations and interest groups. 10. Good leadership must be exerted by every person in the organisation who has assumed responsibilities and has a manager position. Enduring characteristics of leaders include honesty, integrity, enthusiasm, confidence, tolerance, professional competence. They should also be forward-looking, proactive to change, and committed to excellence.

They should integrate these characteristics into the day-by-day practice of the organisation: from setting strategy plans and work programmes to reporting results; from directing and supervising to reviewing. 11. How leadership is defined and exerted is a determinant for assuring the benefits, and thus for ensuring audit quality in SAIs. Benefits of good leadership are: • clarity of purpose and direction within the organisation; • clear identity for and within, the organisation; • a shared set of values and ethics; • consistent and role model behaviour throughout the organisation; • a committed, motivated and efficient workforce; and • confidence in, and within, the organisation, even in turbulent and changing times. QUESTIONS 1.

Has the activity of leaders been assessed (either internally or externally)? Which are the main difficulties encountered, lessons learned and main benefits identified for the institution? Which are the concrete measures undertaken to improve leadership? Have you identified tangible improvements in the audit quality in this area? 2. Has the activity of the management of the SAI to motivate staff and to encourage mutual trust and respect been satisfactory? Have you identified tangible improvements in the audit quality in this area? Which are the main difficulties encountered, lessons learned and main benefits identified for the institution? Chapter II: Strategy and Planning 1.

AN SAI SHOULD FOCUS ITS ACTIVITIES ON RESPONDING TO CHALLENGES OF THE CHANGING ENVIRONMENT AND ON WEIGHING DUTIES TO BE ABLE TO FULFIL ITS MANDATE IN A RELIABLE AND SUCCESSFUL MANNER BY EFFICIENTLY UTILISING ITS RESOURCES, WHILE MEETING QUALITY REQUIREMENTS. THE STRATEGY OF AN SAI IS AN ACTION PLAN COVERING SEVERAL YEARS TO ACHIEVE THE OVERALL OBJECTIVE OF THE ORGANISATION. 2. This Chapter sets out how an SAI should implement its mission and vision, and how it is supported by its strategy, relevant policies, plans, objectives, targets and processes. 3. References are made to the importance of strategy and planning in the international literature on auditing. The INTOSAI Code of Ethics and Auditing Standards provide general guidelines stating that the SAI needs freedom to set priorities and programme its work in accordance with its andate; and the SAI should give priority to any audit tasks which must be undertaken by law and assess priorities for discretionary areas within the SAI’s mandate. 4. The Guidelines on Audit Quality adopted in December 2004 by the EU Contact Committee give further guidance on the structure of planning. They suggest different levels of planning, such as mission and vision statements, corporate plans, strategic plans and operational plans. 5. According to the Common Assessment Framework (CAF) strategy and planning is one of the main aspects requiring consideration in organisational analysis. Within strategy and planning a list of criteria is provided identifying the main issues that need to be taken into account during the assessment process. Strategic planning 6.

An SAI should formally express its overall intention and direction related to quality, i. e. quality policy. The top management of an SAI should ensure that the quality policy of the organisation is in line with the mission and vision of the SAI. The quality policy should also reflect the SAI’s top management commitment to quality and how they intend to demonstrate their utmost to ensure the excellence and continual development of the audit work and outcomes. 7. The strategy of the SAI should identify and analyse the main trends, set out objectives of the organisation, define specific areas of particular focus and underlying reasons, as well as provide a framework for the management and allocation of resources.

It should address internal culture, structure and operations (in both the short and the long term) taking account of the priorities, direction and needs of the various stakeholders. The strategy should also reflect the SAI’s approach to implementing modernisation and change management processes. 8. The top management of an SAI is responsible for implementing the strategy, ensuring necessary conditions and defining tasks, relevant schedule and competences. It should also monitor and evaluate the implementation of objectives and tasks, and make the necessary decisions. 9. Strategic planning also includes risk assessment since there are several factors constituting threat to the excellence of the audit work and outcomes.

An SAI should consistently strive to identify and evaluate these factors in order to develop proper tools, procedures, and activities for managing and minimising risks. The credibility of an SAI could be undermined without identifying, assessing and managing risks. 10. The top management of an SAI develops and applies audit standards, approaches and procedures for the management of risks in order to ensure that • audit activity is carried out in compliance with legal regulations; • effective and efficient utilisation of resources are considered; • tasks and competences are clearly defined in all working processes; and • the various needs of stakeholders are taken into account. 11. In order to ensure the high quality of strategic planning a database including information relevant to audit tasks should be established and maintained; • criteria to select and prioritise audit tasks should be set and followed; • methods to measure the performance of the organisation at all levels should be developed and applied; and • the strategy should be reviewed and updated on a regular basis by assessing risks associated with changes in the external and internal environment and identifying critical factors for success. Operational planning 12. The relationship between strategic and operational planning should be created by audit directives. Concentrating on essential and timely problems, and the fields bearing the greatest risks, the directives promote the implementation of the strategy. 13.

The SAI should ensure through its operational planning activities that • its mandate is fulfilled; • the audit work focuses on high risk and significant areas, institutions, operations or projects; • available resources are effectively utilised; and • the audit work is performed satisfying quality requirements. 14. Priorities set in the strategy, the result of materiality and risk assessments, the expected output and outcome, as well as available resources should be considered during the operational planning process. In the course of assessing risk, emphasis should be put on examining the complexity, costs, contradictory opinions relevant to the individual audit task.

Expected impacts of the given audit, experiences of previous audits carried out in this field, and the auditability of the audit subject should be also taken into account during the selection of individual audit tasks. 15. The process of operational planning should be periodically reviewed and evaluated for the purposes ensuring the high quality of the audit work. This activity should be carried out on the basis of uniform approaches and methods. 16. It should be examined whether the planning has been based on valid professional judgements and covers all significant matters. It also should be considered whether the planning activity has been carried out by the competent personnel; deadlines have been met; and the audit work has been appropriately documented. QUESTIONS 1.

How is risk assessment undertaken to ensure appropriate strategic decision-making? Are these processes documented? 2. What are the methods, techniques, tools and procedures available within your SAI to ensure the implementation of its strategy? 3. What kind of document(s) does your SAI prepare in the course of the operational planning process? Please, provide a short description of this/these document(s). Chapter III: Human Resource Management 1. KEY TO THE ACHIEVEMENT OF AUDITS OF HIGH QUALITY IS THE ABILITY OF AN SAI TO ATTRACT, DEVELOP, UTILISE, REWARD AND RETAIN THE REQUIRED NUMBER OF STAFF AND THE RIGHT ‘MIX’ OF COMPETENCIES, EXPERIENCE AND SKILLS.

HUMAN RESOURCE MANAGEMENT (HRM) IS A CORE COMPONENT IN THE ESTABLISHMENT OF AN INTEGRATED QUALITY MANAGEMENT SYSTEM AND IS ESSENTIAL IN THE DEVELOPMENT OF AN INTERNAL CULTURE BASED ON QUALITY, EXCELLENCE AND CONTINUOUS IMPROVEMENT. 2. The purpose of this Chapter is to outline the significance of HRM and to provide a list of related measures that should be in place to achieve high standards of quality and excellence throughout the audit process. 3. The importance of HRM in creating an environment conducive of high quality, the attainment of ethical standards and continuous improvement within the SAI is highlighted in the principal international guidelines and standards applied to government auditing and audit quality: Lima Declaration of Guidelines on Auditing Precepts and INTOSAI Code of Ethics and Auditing Standards; • International Standards on Quality Control (ISQC-1) issued by the International Federation of Accountants (IFAC) in the Handbook of International Auditing, Assurance, and Ethics Pronouncements; and • Guidelines on Audit Quality adopted in December 2004 by the EU Contact Committee. 4. These documents underscore the need for establishing policies and procedures for the recruitment of employees with suitable knowledge and experience, and to define the basis for the advancement staff. They also stress that employees should be trained and developed to perform their tasks effectively. 5.

As part of its overall management system, an SAI should therefore have a professional human resource function to ensure a well-trained, motivated and experienced personnel that can support the achievement of the organisation’s vision, core values and strategic goals. 6. Overall, HRM is concerned with the management of human capital, people, and culture within an organisation. The following are some of the major sub-elements of the human resource function: a) The formulation and implementation of human resource strategies and plans that are aligned with the SAI’s overall strategy. These should be integrated into the organisation’s operational framework and the quality management system; b) The establishment of HRM policies and procedures; ) Job descriptions and the determination of the resources and competencies required to match current and future organisational requirements; d) Recruitment and selection of personnel; e) Staff training and continuous development; f) Performance appraisals and recognition; g) Employee remuneration, allowances and benefits; and h) The systematic monitoring and review of all HRM activities to ensure effectiveness, transparency, coherence and consistency in their implementation across the organisation, as well as to continually identify and develop opportunities for improvement. Human resource planning 7. A fundamental role of the HRM function is human resource planning.

This is the process by which an SAI attempts to ensure that it has the right number of qualified people in the right place at the right time. This is done by reviewing and comparing the present supply of employees and skills with the organisation’s projected demand for human resources and competencies. The outcome is the design of appropriate short-term and long-term initiatives and programmes that aim to ensure that the forecasted human resource requirements are met. Effective human resource planning generally also leads to a more effective and efficient use of staff, and more satisfied and better trained employees. HRM policies and procedures 8.

HRM policies are general statements which serve to guide decision-making. Normally these policies are put in writing and communicated to all management and staff. Their purpose is to reassure employees that they will be treated fairly and objectively. They also help managers to resolve problems and take quick, defensible and consistent decisions. 9. HRM procedures are written documents that describe, in greater detail, the routine procedures to be followed for a specific operation or activity. Consistent application of an approved HRM procedure ensures conformance to and consistency with the SAI’s established practices and improves credibility and defensibility.

Documented procedures also serve as resources for training and for easy reference to established practices. 10. To ensure high standards of quality management, an SAI should create and maintain policies and procedures concerning, e. g. the recruitment and selection of staff, the system for the promotion and the advancement of employees, the maintenance of personnel records, the organisation of training, staff development, as well as performance appraisals. Job descriptions 11. A job description defines a job in terms of specific duties and responsibilities. It also identifies the competencies and qualifications required to perform the role professionally. 12.

The carrying out of job analysis, as well as the creation and maintenance of job descriptions is critical for determining which duties and responsibilities should be grouped together, as well as for matching staffing requirements. Ultimately, this ensures the delivery of high quality audits. Employee recruitment and selection 13. The recruitment and selection process is one of the important elements of successful HRM and should be transparent and fair. Effective recruitment and selection practices can have significant positive impacts on the SAI; whereas poorly designed and executed practices will have both short-term and long-term negative impacts. • Recruitment incorporates the various efforts and activities undertaken to seek and attract a sufficient pool of top quality candidates.

A job vacancy can be filled from within or from outside the SAI. Methods include internal calls for applications and external advertising in the media. • An effective recruitment process will bring an adequate supply of top quality prospects, an effective selection system involves a systematic chain of activities that lead to a quality selection decision. Key to the selection process is the clear definition of the criteria that identifies those candidates that are most likely to perform successfully in the job. Methods that can be used to screen candidates include tests, job simulations, interviews, medical examinations and probationary periods. 14.

As audit is a profession that relies on the competencies and personal qualities of employees, candidates should be thoroughly screened and tested for key attributes such as integrity, objectivity, rigour, scepticism, perseverance and robustness. 15. Moreover, if work is outsourced or external experts are engaged, due care should be exercised to ensure of their competencies for the job and that there are no conflicts of interests. Staff training and development 16. The development of a quality management system also requires an organisational culture that is receptive to ongoing learning. Changes, such as those in technology or in audit techniques, mean that an organisation is continually faced with situations that require continuous learning.

SAIs should have appropriate training plans and staff development systems in place to help employees to substantially enhance their knowledge and skills, as well as learn how to improve their performance. 17. The methods of training programmes are various. These include: induction courses; on-the-job training; continued professional development (CPD), external courses and international seminars. In addition, in-house training in, for example, the technical aspects of audit, the government environment or in the requirements of the audit methodology should also be undertaken. The management of training incorporates training needs assessments, the design of training programmes and learning materials, training budgets, coordination and delivery, as well as the systematic review and evaluation of training. 18.

Staff and career development programmes involve matching employees’ interests and career aspirations with the present and future needs of the SAI. These programmes can be used to increase motivation, prepare employees for more senior positions and encourage staff retention. Moreover, employees should have access to counselling and guidance. 19. Apart from being well-trained and technically competent, it is also vital to ensure that employees perform their duties honestly, and that the audits are free from any conflicts of interest or other impediments to a fair and objective appraisal. A code of ethics and measures to ensure conformity should be established by the SAI. Reference to the INTOSAI Code of Ethics should also be considered.

Performance appraisals and recognition 20. Besides informal day-to-day monitoring and guidance, management can use a formal and structured performance appraisal system to: • define clear and measurable performance targets for each employee; • systematically document individual employee performance and technical skills; • determine how well individual employees are doing their jobs, including identifying their respective constraints, as well as their strengths and opportunities for improvement; • communicate constructive feedback in a timely, accurate and clear manner; and • agree on individual development plans for performance improvement. 21.

The information generated by the performance appraisal process can be used for: awarding bonuses; for identifying mentoring and training needs; and for making decisions related to promotions or terminations. 22. A well designed and implemented performance appraisal system is a powerful tool for influencing employee behaviour and can be effectively used to develop a quality-driven culture. For this to occur, the performance appraisal must be a constructive and dynamic process. Employee remuneration and benefits 23. Employee remuneration and benefits refer to the base salary, bonus, incentive payments and allowances. Remuneration can be effectively used to attract and keep the desired quality and mix of employees, as well as to enhance job satisfaction and to motivate employees to improve the quality of their outputs. 24.

An SAI should deal with the issue of offering and maintaining a competitive remuneration package that will enable the SAI to attract, retain and motivate a capable staff, as well as with the issue of equality, which means all employees should be remunerated in proportion to their efforts and responsibilities. Both issues should be carefully managed as strong employee motivation is vital to the success of a quality management system. QUESTIONS 1. Has your SAI developed documented HRM policies and procedures, including a Code of Ethics? If yes, list the main areas covered by these documents. 2. Has your SAI developed and maintained an annual training plan? If yes, outline the training methods used by your SAI to develop employees. How do you evaluate completed training events? 3. Do you have a performance appraisal system in place? Describe how the system is used to enhance performance. Chapter IV: Building Quality into the Audit Process 1.


In order to ensure high quality, the SAI should develop its own standards in compliance with internationally recognised standards, as well as guidelines, procedures and methods that serve as a basis of reference when carrying out supervision and review during the audit process. Moreover, the SAI should facilitate that the auditors use these instruments, and provide them with sufficient support. 3. The aim of this Chapter is to outline the significance and describe the key elements of building quality into the audit process. Audit standards 4. The SAI should ensure audit quality by using the INTOSAI or other international standards (e. g. IFAC) in all matters that are deemed material. When applying these standards, the SAI should also take account of the national legal framework and other circumstances given in its own country. 5.

The SAI should strive to elaborate its own standards in compliance with international standards. The SAI should ensure that its standards are up-dated on a regular basis taking into consideration the developments in the field of the international audit profession, as well as its own audit experiences. Guidelines, procedures and methods 6. Guidelines, procedures, and methods should be developed to guide the auditor in carrying out audits of high quality. These will ensure that the audit activity is compliant with standards. The SAI should assure that these instruments are integrated into all phases of the audit process (i. e. planning, execution, reporting and follow-up). 7.

In addition, the auditor should plan the audit in a manner which ensures that an audit of high quality is carried out in an economic, efficient and effective way and timely manner. During the execution of the audit, a key challenge is to establish a common understanding among auditors on the methods to be used, as well as the data and information that constitute relevant, sufficient and reliable audit evidence. Criteria should also be set by the SAI for audit reports. These criteria should be complete, accurate, objective, clear, and concise. At follow-up stage, the auditor should take appropriate steps to determine what action, if any, the audited organisation has taken to resolve the problems disclosed in the audit report, what effect such action(s) may have had and how planning of future audits is effected.

In order to fulfil the mentioned objectives, guidelines, procedures and methods should be available to encourage actions leading to high quality and discourage or prevent actions that might impair quality. 8. An important step is the establishment of systems to assure that the appropriate quality controls are actually implemented. 9. The development of reliable guidelines, procedures and methods can be centralised in an independent methodology unit staffed by specialised staff members. Consideration should also be taken to involve auditors in developing and updating guidelines, procedures and methods through e. g. an electronic method toolbox. These toolboxes might contain a list of the various methods, their strengths and weaknesses along with examples of how the methods can be applied in the different types of audit tasks. 10.

It can be useful if qualified staff members are designated as experts to each of the guidelines, procedures and methods in order to assist auditors in application. This might ensure that the selection of guidelines, procedures and methods is adjusted to the needs of the auditors. Supervision and review 11. To ensure that quality is built in to the audit process, the work of the audit staff at each level and audit phase should be properly supervised. Documented work should also be reviewed by the management or a senior auditor. 12. Supervision is essential to ensure the fulfilment of audit objectives and the maintenance of the quality of the audit work.

Supervision is closely related to the management of audit staff to whom work is delegated and is carried out by senior managers or auditors. Supervision should also cover the methodologies used and the outcomes of the audits. Supervision should ensure that: • the audit is carried out in accordance with the auditing standards and practices of the SAI; • the audit plan and action steps specified in this plan are followed; • working papers contain evidence adequately supporting all findings, conclusions and recommendations; and • the auditor achieves the defined audit objectives. 13. Review should be carried out prior to the formulation of conclusions and the completion of the report. Review should ensure that: all evaluations and conclusions are soundly based and supported by competent, relevant and reasonable audit evidence; • all material errors, deficiencies and unusual matters have been properly identified and documented; and • changes and improvements necessary to the conduct of future audits are identified, recorded and taken into account in later audit plans and in staff development activities. Support 14. Audit staff may need different kinds of support to perform their tasks in order to ensure audits of high quality. An SAI may make various support functions available to the staff, e. g. access to internal and external experts, supplementary training or electronic support systems. 15. The use of internal and external experts is one way of supporting the staff in their work. An auditor may be in a situation where specialist support within a specific area is required, for instance legislation, economy or statistics.

To ensure the high quality of work, the SAI may provide the auditor with access to a special department, office or individuals holding the requested expertise. 16. The auditor may also be in a situation where the specialist support required is not available within the SAI. In such cases, the SAI can seek support from external specialists with due care being taken to ensuring the quality of performance. Obtaining advice from an external expert does not relieve the SAI’s responsibility for the quality of audit opinions or conclusions. 17. The SAI may also make use of support concerning specific audit areas provided by auditors employed by other SAIs. 18.

Another important way of ensuring high quality in the audit process is to keep the knowledge and skills of staff updated at all times. An SAI should make sure that auditors are offered the opportunity of supplementary training. The supplementary training may consist of introductory programmes, technical and managerial training. 19. Introductory programmes are designed to help newly recruited auditors adapt to the working methods of the SAI. These programmes are typically provided within the organisation. 20. Technical training is intended to equip the auditor with the methodological knowledge and skills needed to plan, execute and report an audit on a high quality level. 21.

Managerial training is intended to enable the auditor to manage and supervise an audit team. Technical training and managerial training may either be provided within the organisation or by external professional organisations. 22. Supplementary training can also take the form of job rotation for a limited time period or an opportunity to participate in other types of audit work. 23. A computerised support system has the potential to increase the elements that provide more value to the audit process (e. g. quality, productivity, structure). It should also decrease the elements that provide less value (e. g. electronically filed working papers in replacement of paper files).

This is based on the assumption that the computerised support system is designed and customised to the needs of the SAI. The system should enable the auditor to improve audit planning as it facilitates the assessment of risk and materiality. The computerised system should also contribute to ensure that each audit is carried out in accordance with updated standards, guidelines and good practice. This is achieved by making these documents easily available and by enhancing knowledge sharing (e. g. risk analysis, good practice) amongst audit staff. 24. It is also important to stress the fact that a computerised support system is beneficial only if it is tailored to the SAI and the staff is offered appropriate training in the use of the system.

In addition to this, the benefit of the system depends on the users’ acceptance and actual use of the system. The acquisition and implementation of an electronic system is likely to be costly at first. In order to lower the cost the SAI is advised to use the experience achieved by other SAIs. QUESTIONS 1. How do you ensure that your own standards comply with INTOSAI or other international standards? ;;; 2. What kind of quality control tools have you integrated in the various stages of the audit process? 3. Does your SAI have written procedures to ensure that adequate support is provided to auditors? Briefly explain the type of support that is provided. Chapter V: External Relations 1.

EXTERNAL RELATIONS PLAY AN IMPORTANT ROLE IN THE AUDIT QUALITY MANAGEMENT SYSTEM. AN SAI KEEPS REGULAR CONTACTS WITH STAKEHOLDERS THROUGH THE PUBLICATION OF AUDIT CONCLUSIONS AND RECOMMENDATIONS. STAKEHOLDERS ALSO EXPRESS THEIR OPINION ON THE SIGNIFICANCE AND QUALITY OF CONDUCTED AUDITS. 2. External relations are an important independent source of information on audit quality. They can also provide an objective basis for quality assessment of SAIs’ audit activity. 3. External relations are an important element of the audit quality management system of an SAI and play a significant role in improving audit activity. The aim of this Chapter is to define the framework and characteristics of these relations. 4.

The importance of external relations are underlined in the following international documents: • According to the Common Assessment Framework, public organisations are required to manage complex relationships with other organisations in public and private sectors as well as the general public. The successful management of these relationships may be crucial to success in achieving organisational goals. • Principle 8 (Mutually beneficial supplier relationships) of ISO 9000:2000 Quality Management Principles refers to the mutually beneficial relationship of an organisation and its suppliers (i. e. stakeholders) that enhance the ability to create value for both parties. The Guidelines on Audit Quality adopted in December 2004 by the EU Contact Committee proposes that SAIs should devote time and attention to strengthening external relations with their stakeholders in order to enhance overall effectiveness. 5. Stakeholders who provide feedback to SAIs are: • audited organisations; • Parliament and its committees; • media and the general public; and • scientific institutions and other professional organisations, institutions of higher education, and private audit companies. 6. The SAI should establish and maintain continuous, positive and constructive relationships with the users of its audit reports and other stakeholders.

Relations with the users of audit reports provide SAIs with the opportunity to evaluate the impact on the audited activity and to determine whether the SAI’s audit work is efficient and effective. 7. Constructive feedback from stakeholders can also provide strong justification to improve audit quality and promote continuous development of the professional activity of the SAI. Audited organisations 8. The SAI can obtain external feedback on its audits from audited organisations by undertaking surveys on issues such as the quality of conducted audits, their usefulness for the audited organisation and the relevance of the SAI’s recommendations. 9. Surveys can be carried out on completion of particular audits and on approval of the audit reports. These can also be undertaken at regular intervals on a series of audits. 10.

It is better to conduct surveys in a standard form, e. g. by using questionnaires. Questionnaire responses provide a beneficial insight of the opinions of stakeholders on the auditors’ performance, as well as on audit quality. In addition, stakeholders’ views should be considered an important source of information, together with the data collected from internal units, when assessing audit quality. 11. A good practice is to prepare a report based on the results of the surveys carried out. These reports are summary of external assessments on the quality of the SAI’s work. 12. The SAI should obtain information about the impact that audit results had on the activities of audited organisations.

This can be done by checking the measures undertaken in response to the recommendations. 13. Reviews on the implementation of recommendations encourage the mutual feedback between the SAI and the audited organisations on the development of public management. This also enhances the efficient utilisation of public funds. These reviews are particularly useful to assess the efficiency of the SAI’s work. 14. Information about the impact of the SAI’s recommendations on the efficiency of the audited organisation’s activity can also serve as a basis for the assessment of the SAI’s performance. 15. These assessments can be measured by using qualitative or quantitative indicators. 16.

SAI recommendations can have an impact on the auditees’ activities through e. g. : the enhancement of the efficient and cost-effective utilisation of public funds, the improvement of the quality of the audited organisations’ activities, the improvement of the operation of the system of public finances, etc. Parliament and its committees 17. The Head of SAI might communicate with the members of Parliament on a permanent basis, as well as conduct meetings in order to discuss their point of view on different aspects of the SAI’s activities. This should be undertaken with due regard to the SAI`s independence. 18. The relationship of the SAI with Parliament can have the following forms: participation of the SAI during sessions of Parliament and its committees; • response to requests or proposals from Parliament to conduct audits; • joint meetings with the relevant parliamentary committees to discuss audit reports; • participation in special parliamentary hearings, during which resolutions and recommendations can be adopted to curtail revealed shortcomings; and • provide replies to enquires of members of Parliament on the results of completed audits. Media and the general public 19. Relationship with the media and the general public can be implemented in several ways, e. g. by publishing audit reports or annual activity reports, holding press conferences and posting information on the SAI’s website. 20. The media should also be monitored to obtain external information on the quality of audits and the overall activity of the SAI.

Stakeholders use these channels of communication to express their views and opinions. Scientific institutions, and other professional organisations, institutions of higher education, and private audit companies 21. External experts of scientific institutions, other professional organisations, institutions of higher education as well as private audit companies can provide feedback on how SAIs can achieve excellence. 22. The relationship of SAIs with scientific institutions and institutions of higher education should be carried out on the basis of agreements. 23. External quality assessments of audit activities carried out by external experts (i. e. eer reviews) can be conducted periodically or on a regular basis. Such assessments should be agreed upon with the SAI. 24. During audits, SAIs can collaborate with private audit companies. In such cases, it is important to highlight major benefits and shortcomings. International organisations and other SAIs 25. In order to keep abreast with new audit methodology and techniques on a regular basis, an SAI can conduct bilateral and multilateral cooperation with professional international organisations, as well as with SAIs of other countries. 26. Comparative analyses of the activities of various SAIs could serve as a good basis for improving the quality of the SAI’s own audit work. 27.

A peer review carried out by another SAI can also be a form of assessing the quality of the SAI’s audit activity. The partner institution should analyse the SAI’s structure and methods of work. The review should propose measures aimed at increasing the efficiency of the audit activity of the SAI. 28. Active participation in the activities of committees and working groups of INTOSAI and EUROSAI can also help the SAI to develop professionally. 29. Moreover, joint audits with other SAIs can contribute to the development of audit approaches, methods and techniques. Such collaboration can ultimately lead to the improvement of audit quality and the harmonisation of audit methodology. QUESTIONS 1. Who are the direct users of the audit reports of your SAI?

Indicate external sources from which you obtain information on audit quality and the overall audit activity of your SAI (with special regard to the forms of communication with the Parliament). How do you use these pieces of information in evaluating the quality of your audit activity? 2. Does your SAI perform monitoring of external opinion on audit quality? If yes, what are the methods applied for collecting data? How are the results of data analysis used? 1. Does your SAI use any forms of feedback from the audited organisations with regard to the audit results? If yes, indicate them and give concrete examples of the impact of such feedbacks on the audit quality of your SAI. 2. Chapter VI: Continuous Development and Improvement 1.

CONTINUOUS DEVELOPMENT AND IMPROVEMENT IS A MANAGEMENT APPROACH THAT INVOLVES CONSTANTLY SEARCHING FOR WAYS TO IMPROVE AND ENHANCE PROCESSES, PRODUCTS AND SERVICES OF AN ORGANISATION. IT ALSO COMPRISES THE REVIEW OF PERFORMANCE ON A REGULAR BASIS TO ENSURE THE ONGOING SUCCESS OF THE ORGANISATION. 2. The objective of the continuous development and improvement of the quality management system is to consistently ensure the high quality of audit results, as well as the satisfaction of the stakeholders. In order to achieve this, the top management of an SAI should ensure the adoption of international development trends and good practices, and should take appropriate measures for their appropriate implementation. 3.

This Chapter aims at introducing various procedures and methods that can be applied to follow up and evaluate the audit work, the quality of the audit results, and the operation of the quality management system. 4. The concept of continuous development and improvement is referred to in internationally recognised literature, such as: • ISO 9000:2000 Quality Management Principles, Principle 6 of which considers that continual improvement of the overall performance of the organisation should be a permanent objective; and • EFQM Excellence Model, according to which excellent organisations continuously learn, and the staff of such organisations constantly challenge the status quo and seek opportunities for continuous innovation and improvements that add value. Continuous review and monitoring 5.

SAIs should set up and operate an effective and efficient monitoring system to ensure the continuous development and improvement of the audit work, the quality of the audit results, and the quality management system. For the proper operation of the monitoring system, factors to be examined, data and information to be collected, as well as evaluation procedures and methods should be defined. 6. SAIs should also follow-up and evaluate whether: • quality controls built in the audit process operate continuously, effectively, and in accordance with standards, guidelines and internal regulations; • quality requirements are consistently met; and • the stakeholders and users of the audit results are satisfied. 7. There should be sufficiently detailed indices and indicators applied for setting up and operating the monitoring system (e. g. lanned and actual expenditures, planned and actual working time inputted in each work phase). Furthermore, it should be ensured that complete documentation and precise records regarding the examined and evaluated factors are available. 8. The monitoring system should also be easily manageable and accessible to management. It should also be based on information technology tools and applications related to the key audit functions. Documented and recorded data and information should provide a good basis for carrying out evaluations to make well-founded decisions. They should also be used when carrying out self-assessments at organisational level on a regular basis.

Post-audit quality review 9. The quality of the audit work and the outcomes should be evaluated by carrying out post-audit quality reviews. The reviews should focus on whether the audits were compliant with internal procedures, professional standards, and the recommended methodology. The objective is to enhance the efficiency of auditing and the operation of the quality control system, as well as to support methodological developments. 10. Experienced auditors working in different organisational units that have not participated in a particular audit can carry out the post-audit quality review within the framework of so-called ‘cross-reviews’. 11.

An expedient solution can be to delegate the post-audit quality review function to an organisational unit independent from the execution of audits. This unit can be under the direct responsibility of the Head of the SAI or part of a section responsible for the SAI’s methodologies. 12. The post-audit quality review can also be used to ask for the opinion of another SAI or a team of experienced auditors of various SAIs (a form of peer review). 13. The post-audit quality