Presentation made by Alastair Swarbrick, Senior Advisor at SIGMA, during the Roundtable "The Role of Supreme Audit Institutions in Combatting Fraud and Corruption"

1. © OECD
AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
The role of the SAIs in the fighting fraud and
corruption
The ISSAIs: The responsibilities of SAIs in
relation to fraud and corruption
Alastair Swarbrick
Senior Advisor, SIGMA
Tirana, Albania
14 June 2017

2. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Introduction
• ISSAIs Levels 1 and 2
 Founding principles
 Prerequisites for the functioning of SAIs
• ISSAIs Levels 3 and 4
 Fundamental Auditing Principles
 Auditing Guidelines ISSAIs 1240, 3000, 4000, 5700
• Summary
1

3. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
ISSAIs Levels 1 and 2
• ISSAI 1 – Purpose of audit
 reveal deviations from accepted standards and
violations legality (…) of financial management in
order to
• take corrective action in individual cases
• make those accountable accept responsibility,
• obtain compensation, or to take steps to prevent such
breaches
• ISSAI 10 – SAI independence
 Broad mandate
 Reporting
2

4. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
ISSAIs Levels 1 and 2
• ISSAI 12 – SAIs should
 respond appropriately to the risks of financial
impropriety, fraud and corruption
 evaluate changing and emerging risks in the audit
environment and respond to these in a timely manner,
 contribute to stakeholders’ awareness of the need for
transparency and accountability in the public sector
• SAIs lead by example
 ISSAI 12
 ISSAI 20
 ISSAI 30
3

5. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
ISSAI 100
• Public-sector auditing contributes to good
governance
 provides independent, objective and reliable
information on public entities and resources
 Enhances transparency, accountability,
improvement and confidence in the use of public
funds and assets
 Supports those bodies with monitoring and
corrective functions over public management
 Creates incentives for change through knowledge,
analysis and recommendations for improvement
4

6. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
ISSAI 100
• Auditors should
 identify and assess the risks of fraud relevant to
the audit objectives
 make enquiries and perform procedures to identify
and respond to the risks of fraud relevant to the
audit objectives.
 maintain an attitude of professional scepticism and
be alert to the possibility of fraud throughout the
audit process.
5

7. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Financial Audit - ISSAIs 200 &
1240
• The purpose of an audit of financial
statements is to enhance the degree of
confidence of intended users in the financial
statements
 Is the financial information presented according
with the applicable financial reporting and
regulatory framework and free from material
misstatement due to fraud or error?
6

8. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Financial Audit - ISSAIs 200 &
1240 - Responsibilities
• Audit Body
 The primary responsibility for the prevention and
detection of fraud
• The auditor responsibility is to:
 Identify/assess the risks of material misstatement
in the financial statements due to fraud,
 obtain sufficient appropriate audit evidence
 respond appropriately to fraud or suspected fraud
 determine whether they report the occurrence or
suspicion of fraud to regulatory or law
enforcement entities 7

9. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Financial Audit - ISSAIs 200 &
1240
• Objectives of financial audit often wider in
public sector. May include responsibilities to
report on
 Non-compliance with laws and regulations
 Effectiveness of internal control
• General expectation that public sector auditors
will report on these
 Influence the consideration of risks,
 Procedures
 reporting on indications etc.
8

10. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Compliance audit ISSAI 400,
4000
• Objective of compliance audit to assess
whether:
 activities, transactions and information
comply, in all material respects,
 with the authorities which govern the audited
entity
 Not normally designed to detect fraud
• The primary responsibility for the
prevention and detection of fraud lies with
the audited entity. 9

11. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Compliance audit ISSAI 400,
4000
• Identify and assess the risks of non-compliance
• Identify and assess the risk of fraud
 Consider throughout the audit process
 Design and implement appropriate responses to
risk
 Obtain sufficient and appropriate audit evidence
regarding the assessed risks
• When fraud identified respond appropriately
according to the SAIs mandate and the
particular circumstances
10

12. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Compliance audit ISSAI 400,
4000
• Great degree of international diversity in
organising and reporting on compliance audit
• SAI’s compliance audit responsibilities may
include specific activities related to suspected
fraud and corruption
• Courts of Accounts are usually mandated to
communicate compliance deviations to
appropriate bodies or open processes leading to
judgements, identifying responsible agents and
offences
11

13. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Performance Audit - ISSAI 300 &
3000
• Audit Objective
 Are interventions, programmes and/or institutions
performing in accordance with the principles of
economy, efficiency and effectiveness and is there
room for improvement
• Auditors responsibility
 assess the risk of fraud and examine whether there are
signs of irregularities that hamper performance
• Audit Topic
 ISSAI 5700 – Guideline for the audit of corruption
prevention in government agencies
12

14. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Summary
• Promote good governance, accountability and
transparency
• Specifically auditors should:
 Identify and assess the risks of fraud/corruption
 Perform audit procedures to respond to the
identified risks
 Obtain sufficient appropriate audit evidence
 Remain alert to indications of fraud and corruption
throughout the whole audit process
 Respond appropriately to indictions or suspicions
of fraud/corruption
13

15. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
• Mandate
 Broader responisbilities to consider fraud and
corrutpion for example
• Internal control
• Integrity systems, audit of corruption prevention
• Whistle blowing arrangements
• Investigations
 Broader responsibilities to report on
• Indications of fraud and corruption
• Suspected instancies of fraud and corruption
 Auditor Generals vs Courts of Accounts
• Expectations of stakeholders
• Clear about responsibilities and how discharged
14

16. 15
Initial Detection of Occupational Frauds