Professional Documents
Culture Documents
Book of Audit
Book of Audit
SECTION I: BACKGROUND
1. The Internal Audit Manual has been prepared by the Ministry of Finance and
Economic Development and is issued under the authority of part two of the
Council of Ministers Financial Regulations (No. 17/1997). It gives the Ministry
of Finance and Economic Development the power to formulate and distribute
directives that detail the Government Financial Policies and to develop and
maintain appropriate standards of work and conduct of internal audit for
application throughout all public bodies.
2. The Manual applies to all public bodies. Public body means “any organ of the
Federal Government which is partly or wholly financed by Government
allocated budget” (Part One, article two of the Financial Administration
Proclamation of the Federal Government of Ethiopia – No 57/1996). In practice
this means that the manual applies to ministries and their departments and
subordinate offices, and other entities wholly funded by the budget.
3. The Manual provides guidelines as to how the Internal Audit Services of each
public body have to organize and mange their work. As internal audit should
adopt the continuous changes in public bodies and in Society, the Ministry of
Finance and Economic Development will modify the Manual as and when
necessary.
4. If public bodies have any questions or queries regarding this Manual they should
contact the Ministry of Finance and Economic Development.
Introduction
1. Audit is derived from a Latin word, meaning, “he hears”. In ancient times, the
accounts of an estate, domain or manor were checked by having them called out
to those in authority by those who had compiled them.
Types of audits
8. External auditors are auditors who are entirely independent of the audited entity.
Their duty is to report primarily to third parties (in the case of audit of limited
companies they report to shareholders; in the case of Government of Ethiopia the
external auditor is the Office of the Auditor-General which reports to parliament).
External auditors in undertaking an audit of financial statements will: -
9. Below are given the differences between the internal and external auditors : -
4 carries out his work according to 4 carries out his work according to
relative risk and management relative risk and the need to give an
responsibilities audit opinion on the financial
statements
10. Why does the head of the internal audit unit have a duty to work with external
auditors?
• Being ignored;
• Top managers who are engaged in avoiding controls to the detriment of the
entity.
• Wrong perception of the audit function and auditors by staff of the public body.
12. Auditing specially in government offices takes two forms, commonly referred to as
“preaudit” and “postaudit.” Preaudit is the examination of transactions before
payment. It is the more traditional audit function. Postaudit represents an after-the-
fact examination and is more recent in origin.
13. The preaudit, perhaps more accurately described as prepayment audit, is generally
an integral part of the central accounting and payment process. The basic
objectives of preaudit are to provide assurance that;
Limitations of preaudit
14. Preaudit tends to be clerical and routine in nature. Even the most effective preaudit
has significant limitations. For example preaudit procedures may provide adequate
assurance that prices shown on invoices for supplies are in accordance with contract
prices, but they cannot provide assurance that the supplies were actually needed and
efficiently utilized. Previously preaudit was considered as a significant element of
internal control. However, through time the internal auditor was considered as a
part of management in authorizing payments and as a result of which management
tended to rely on the internal auditor instead of discharging its own responsibilities.
15. Finally, regardless of the effectiveness of preaudit, it must be recognized that the
full implications of an Organization basic policy or procedure cannot be discovered
through the preaudit piecemeal examination of individual isolated invoices or
transactions. Comprehensive audit for financial accountability, efficient
performance, or effective program accomplishment must be done through the
postaudit process.
16. The scope of postaudit may be grouped into two general categories:
17. These categories tend to overlap, but they are useful in demonstrating the changing
concepts of auditing. The basic limitation of the postaudit is that it concentrates on
detection of irregularities rather than preventing their occurrence as in the case of
preaudit.
Introduction
1. This manual is primarily intended for the use of internal auditors of Public
Bodies. It is a source of ideas and gives them guidance on the principles and
practices of auditing. It does not seek to establish detailed mandatory rules. An
essential feature of auditing is that it must be adaptable to a particular situation of
the Public Body under audit.
2. The manual contains five parts dealing with different areas of internal audit
functions.
Part One
Part Two
Part Three
• It explains how working papers should be prepared and its ownership and
custody;
Part Four
6. Procedural guidances for financial and compliance audits are included in this part.
Each section of this part contains an introduction definition, audit objectives,
internal control system and the audit procedures to be carried out by the internal
auditors to discharge their responsibilities. Internal auditors should carry out
these activities by taking into account the basic concepts and principles explained
in Part Three. The audit procedures provided in this part should only be used as
guidance for the internal auditor to design an audit program, which specifically
meets the requirement of the public body under audit. The internal auditor should
select audit procedures, which are materially related to risk feasible to the audit
and likely to generate useful findings.
Part Five
8. The skill and experience of internal auditors of all public bodies is not at the same
level. Hence internal auditors of some public bodies may not be able to undertake
few of the tasks incorporated in this Manual. Therefore, Head of the Internal
Audit should evaluate the existing capacity of the internal auditor and develope a
suitable audit programme using the Manual as a source. In the meantime the
management should find ways to train the existing internal auditors or employ
qualified internal auditors who can undertake the audit in accordance with the
Manual.
9. If improving internal control is the aim, the Heads of the public bodies are the
prime means. They are responsible for introducing and maintaining effective
internal control systems in public bodies. The internal auditor is only
management’s adviser and cannot bring about changes directly. Improvements in
systems of internal control are the responsibility of the Head of the public body.
Therefore the Head including other management members must fully understand
their full responsibilities for improving internal control. Without full management
involvement, internal audit cannot be effective. The responsibility of the Head of
public body and the scope of internal audit functions is covered in this Part
Section IV and in the draft Internal Audit Standard of Public Bodies of
Government of Ethiopia in Part Two Section II. Internal control systems and
management’s responsibility for them are covered in Part Three, Section I of this
manual. These are the key sections of the manual for management. We advise
the management of public bodies to give particular attention to these Sections.
10. It is often wrongly assumed that internal control systems are solely the concern of
the Head of the public body. It is true that the Head of the public body establishes
these systems for the proper management of the public body. But in order for
them to be effective, staff co-operation is needed. Staffs need to know how the
systems work, who is required to take specific actions etc. and the nature of their
own responsibilities. If the internal audit is to make its full contribution, it has to
be strongly linked to other financial management processes. Such links are easily
achieved via internal audit, provided that both parties (internal auditors on the one
hand, and management and other support staffs (e.g. budget controllers,
accountants, and book-keepers) on the other, develop harmonious working
relationships and mutual respect.
External Auditors
11. To the extent that internal audit is of high quality and effective, and the internal
control systems of the public body are proved to be reliable, external auditors can
accept the work of internal auditors and adapt their audits accordingly. This is an
important advantage. It means that audits as a whole can be more intensive;
duplicative audit work is avoided and external auditors can extend their audits
into areas, which might not otherwise have received scrutiny. It all depends on
the quality of internal audit and the strength of the entity’s internal control
systems. This manual is intended to strengthen internal audit. Better internal
audit will help the Head of the public body to establish better and more effective
internal control systems. In other words the aim is to establish a virtuous circle
resulting in improved use and control of resources, and ultimately to better public
services at lower cost for the people of Ethiopia. We do not under-estimate the
difficulty of establishing such a virtuous circle.
Introduction
1. The Financial Regulations of the Council of Ministers (No 17/1997) and Article
68 of the Proclamation on Financial Administration (No. 57/1996) establish the
basis for internal audit and internal control of the Government of Ethiopia.
3. The council of Ministers Regulation (No. 17/1997) states that the Head of Public
Bodies should:
• Ensure that the system developed within the public body is functioning
well;
• Ensure that the internal audit system is appropriately staffed with trained
and qualified manpower and that internal audits are carried out efficiently,
effectively and economically;
• Ensure that the employees of the public body are performing their duties in
compliance with the Financial Administration Proclamation, Financial
Regulations and directives laid down in accordance with the Proclamation;
and that the internal audit is carried out timely.
Internal Audits
5. The focus of the above provisions is mostly on financial and compliance audits.
This focus is reflected in this audit manual.
6. Internal audit units are established in public bodies, for the purpose of carrying
out internal audits. In large public bodies there will be a Head of internal audit
and under that person, several members of staff (senior and junior internal
auditors). Smaller public bodies have smaller internal audit units. The
responsibility of the Head of internal audit is to:
• Consult with the management of the public body on internal audit and
internal control;
• Consult with internal auditors on audit programs, fieldwork and draft audit
findings;
• Advise on and approve the audit reports of internal auditors and ensure
that for each audit carried out there is a final audit report;
• Consult with the head of Internal Audit unit and respect the leadership on
all aspects of auditing;
• Carry out all aspects of auditing in accordance with the most appropriate
standards and guidelines (including those appearing in this manual);
• Ensure that the Head of internal audit conducts all final audit reports and
official dealings with management.
• Report audit findings clearly and present them in a way that leads
naturally to the necessary remedial actions;
SECTION ONE
INTRODUCTION
1. This part of the Manual includes draft Internal Audit Standards and Code of Ethics for
internal auditors of a Public Bodies of the Government of Ethiopia.
2. The Standards define the way in which the Internal Audit Service should be established
and undertake its functions. The Standards cover both the attributes and performance of
internal audit service in public bodies.
3. The Code of Ethics includes principles that are relevant to the professional and practice of
internal auditing and rules of conduct that describe behavioral norms expected from
internal auditors of the public bodies.
4. The current Standards and Code of Ethics of the Institute of Internal Auditors are
reflected in this part.
SECTION TWO
I ATTRIBUTE STANDARDS
200 Independence
II PERFORMANCE STANDARDS
1200 Reporting
I ATTRIBUTE STANDARDS
The Audit Committee is responsible for advising the head of public body
in respect of:
Internal audit should fulfill its duty by systematic review and evaluation
of risk management, control and governance which comprises the
policies, procedures and operations in place to:
• Safeguard the public body’s assets and interests from losses of all
kinds, including those arising from fraud, irregularity or
corruption;
Internal audit should devote particular attention to any aspects of the risk
management, control and governance affected by material changes to the
public body’s risk environment.
200 INDEPENDENCE
220.1 Internal audit should report directly to the Head of the Public Body and
Audit Committee of the Public Body. A copy of annual internal audit
report, which will be addressed to the head of the public body, should be
submitted to the Ministry of Finance and Economic Development for
follow up on reported audit findings and recommendations.
220.2 Their Audit Committee should advise the Heads of the Public Bodies on
the discharge of their responsibilities in respect of internal audit. The
Audit Committee should not obstruct the Head of Internal Audit’s direct
access to the Head of the Public Body.
220.3 The Heads of Public Bodies should make appropriate arrangements for the
routine supervision and management of the budget and resources of
internal audit (including staff appraisal arrangements) without prejudice to
the direct accountability of internal audit to the Head of Public Body.
220.4 The internal audit activity should be free from interference in determining
the scope of internal auditing, performing work, and communicating
results.
The Head of Internal Audit should be graded with sufficient status to facilitate
the effective discussion and negotiations of the results of internal audit work
with senior management in the organization. Evaluation tools used to grade the
post should give due weight to the influence of the Head of Internal Audit on the
risk management, control and governance of the organization.
250.1 Individual auditors should declare any conflicts of interest arising from
audit work assigned to them by the head of Internal Audit. Such potential
conflicts of interest include previous executive or consultancy
responsibilities and personal relationships with staff with current executive
responsibilities.
260.1 Proficiency
Internal auditors should possess the knowledge, skills, and other competencies
needed to perform their individual responsibilities. The internal audit activity
collectively should possess or obtain the knowledge, skills, and other
competencies needed to perform its responsibilities. The internal auditor should
have sufficient knowledge to identify the indicators of fraud but is not expected
to have the expertise of a person whose primary responsibility is detecting and
investigating fraud.
Internal auditors should apply the care and skill expected of a reasonably
prudent and competent internal auditor. Due professional care does not
imply infallibility. The internal auditor should exercise due professional care
by considering the:
• Extent of work needed to achieve the engagement's objectives.
• Relative complexity, materiality, or significance of matters to which
assurance procedures are applied.
• Adequacy and effectiveness of risk management, control, and
governance processes.
• Probability of significant errors, irregularities, or noncompliance.
• Cost of assurance in relation to potential benefits.
260.3 The internal auditor should be alert to the significant risks that might
affect objectives, operations, or resources. However, assurance
procedures alone, even when performed with due professional care, do
not guarantee that all significant risks will be identified.
320.2 Management and staff at all levels of the public body should have
complete confidence in the integrity, independence and capability
of internal audit. The relationship between internal auditors and
management is a privileged one, and information gained in the
course of audit assignment should remain confidential to those
with a legitimate interest within the public body.
340.1 Internal audit should seek to meet regularly with the external auditor to
consult on audit plans, discuss matters of mutual interest, discuss
common understanding of audit techniques, methods and terminology
and seek opportunities to rely on their work where appropriate, provided
this does not prejudice internal audit’s independence.
340.2 In any case of conflict with the External Auditor, the Head of Internal
Audit will consult with or refer the matter to the Head of Public Body.
II PERFORMANCE STANDARDS
510.1 The Head of Internal Audit should develop and maintain a strategy
for providing the Head of public body economically and efficiently,
with objective evaluation of and opinion on the effectiveness of the
public body’s risk management, control and governance
arrangements. The internal audit activity should evaluate risk
exposures relating to the public body's governance, operations, and
information systems regarding the:
• Reliability and integrity of financial and operational information.
• Safeguarding of assets.
510.2 The strategy should also aim to add value for the Heads of the public
bodies by providing them with audit analysis, findings and
recommendations. In addition, where internal audit unit judges it
appropriate, it could offer consultancy to support management in
implementing the recommendations.
510.3 The strategy should be developed to meet the audit needs of the
public body as assessed by the Head of Internal Audit, using the
public body’s objectives and risk assessment as a primary resource.
510.4 The strategy should include provision for the Head of Internal Audit
to consider, at least annually, the adequacy of the public body’s risk
assessment and, if necessary, make recommendations for its review.
510.6 The Head of Internal Audit should consider any risk, which he
thinks, may be material to the public body’s risk management,
control and governance, even if it is not included in management’s
risk priorities.
510.7 The strategy should establish the resources and skills required for its
delivery.
510.8 The strategy should describe the audit techniques selected as the
most effective for delivering the audit objectives.
510.9 The strategy should set out the relative allocation of audit resources
between assurance work and consultancy work. The exact allocation
will be determined in the periodic plans.
520.2 The periodic plans should set out details of the assignments to be
carried out in the period covered by the plans, providing sufficient
detail for the management of the public body to understand the
assignments’ purpose and scope. They should establish the resources
and skills required for each assignment, and should set relative
priorities for each assignment.
520.3 The periodic audit plans should be kept under review to identify any
amendment needed to reflect changing priorities and emerging audit
needs. They should make provision for an element of contingency to
accommodate audit assignments, which could not have been
reasonably foreseen.
530.1 For each audit assignment a detailed plan should be prepared and
discussed with the Head of the public body. These plans should
establish detailed objectives for the assignment, the level of
assurance that management wishes to derive from the opinion to
be delivered, resource requirements, audit outputs and target
dates. They should set out:
The internal auditors should assess and improve the public body’s risk
management, control, and governance processes.
540.1 The internal auditor should assist the public body in managing
risk by evaluating and identifying significant organizational risks,
assessing risk during the course of engagements, and improving
the risk management process.
540.2 The internal auditor should assist the public body in maintaining
effective controls by evaluating the public body’s controls to
determine their effectiveness and efficiency and by developing
recommendation for improvement.
540.3 The internal auditor should assist the public body in achieving its
goals by evaluating and improving the process through which
goals and values are established and communicated, the
accomplishment of goals is monitored, accountability is ensured,
and values are preserved.
The Internal Auditor should identify the different systems that exist in the
public body and the risk factors that are relevant to those systems and should
assess their relative significance. Risk refers to the possibility of a system
having so poor internal control that the public body does not achieve its
objectives effectively and efficiently. Risk assessment should enable the
Internal Auditor to assess the relative vulnerabilities of the systems and
those which are more riskier than others and should, therefore, be audited
sooner and more often.
The Internal Auditor should identify each system of the public body in
which resources (input) organized (processed) to provide results (out puts) in
accordance with predetermined purposes (objectives).
The Internal Auditor should use appropriate risk factors, which will be used
to assess the relative significance, and likelihood that conditions and/or
events may occur that could adversely affect the public body to achieve its
objective.
Audit working papers should be designed in such a way that they provide
the principal evidential support in the planning, performance and review
of audits and documents whether audit objectives were achieved. The
Internal Auditor should keep in mind that the content and arrangement of
the working papers reflect the degree of the Internal Auditors'
proficiency, experience and knowledge. Working papers should be
sufficiently complete and detailed to enable an experienced auditor,
having no previous connection with the audit to ascertain that the
necessary audit work was performed to support the audit conclusions.
The Internal Auditor should follow standardized policies for the types of
audit working paper files maintained, stationery used, indexing and other
related matters. Each working paper should show the name of the public
body being examined, the title or description of the contents or purposes of
the working papers, and the date or period covered by the audit. Each
working paper should be signed, dated and cross-referenced. Audit
verification symbols should be explained. The working papers should be
reviewed, signed and dated by the Head of the Internal Audit or by a Senior
Internal Auditor assigned by him.
Audit working papers are the property of the public body being examined.
Audit working papers should remain under the control of the Internal Audit
Department and the Head of the Public Body should approve request for
access to it by parties outside the public body.
The Internal Auditor should examine and evaluate the adequacy and
effectiveness of actions taken by management of the public body to deter
fraud, be able to identify indicators that fraud might have been
committed, investigate fraud and issue a written report at the conclusion
of the investigation phase.
When indicators suggest that fraud has been committed, the Internal
Auditor should perform extended procedures necessary to determine
whether the fraud, as suggested by the indicators, has been committed.
The extended procedures should include gathering sufficient evidential
matter about the specific details of a discovered fraud. The Internal
Auditor should:
• Assess the probable level and the extent of complexity in the fraud
within the public body. This can be critical to ensuring that the
internal auditor avoids providing information to or obtaining
misleading information from persons who may be involved;
A written report should be issued to the head of the public body at the
conclusion of the investigation phase. It should include all findings,
conclusions and recommendations for corrective action to be taken.
The Head of the public body is responsible for establishing the systems
designed to ensure compliance with such requirements as policies, plans,
procedures, applicable laws and regulations. The policies, plans and
procedures designed and implemented by the Head of the Public body
should be sufficient to reasonably ensure prevention and/or detection of
non-compliance with applicable laws and regulations. The Head of the
public body is also responsible for determining whether non-compliance
brought to his/her attention by auditors, or by discovery, may violate
laws or regulations and/or constitute illegal acts. In addition, the Head of
the public body is responsible for initiating such corrective actions
necessary to achieve compliance. This may require reporting by the
Head of the public body to the legal and/or regulatory authorities.
1200 REPORTING
Audit reports should present the purpose, scope and results of the audit
and where appropriate, reports should also contain an expression of the
auditor's opinion. Purpose statement should describe the audit objectives
and may, where necessary, inform the reader why the audit was
conducted and what it was expected to achieve. Scope statement should
identify the audited activities and should include, where appropriate,
supportive information such as time period audited. The nature and
extent of auditing performed should also be described. Results may
include findings, conclusions (opinion) and recommendations.
The Head of Internal Audit should develop escalation procedures for any
management responses, which are judged to be inadequate in relation to
the identified risk. These procedures should ensure that the risks of not
taking action have been understood and accepted at a sufficiently senior
management level.
SECTION THREE
CODE OF ETHICS
Introduction
The purpose of Code of Ethics is to promote an ethical culture in the profession of internal
auditing.
A code of ethics is necessary and appropriate for the profession of internal auditing, founded as
it is on the trust placed in its objective assurance about risk management, control, and
governance. The Code of Ethics extends beyond the definition of internal auditing to include
two essential components:
This Code of Ethics applies to both individuals and units that provide internal auditing services.
PRINCIPLES
Internal auditors are expected to apply and uphold the following principles:
Integrity
Integrity is the core valve of a Code of Ethics. Internal auditors have a duty to adhere to
a high standard of behavior (e.g. honesty and candidness) in the course of their work.
The relationship with fellow colleagues and external contacts should be one of honesty
and fairness. This establishes an environment of trust, which provides the basis for
reliance on all activities carried out by the internal audit team.
Integrity can be measured in terms of what is right and just. Integrity requires the
internal auditors to observe both the form and the spirit of auditing and ethical
standards.
Objectives
Objectivity is a state of mind that has regard to all considerations relevant to the activity
or process being examined without being unduly influenced by personal interest or the
views of others. Members of the internal audit team should display appropriate
professional objectivity when gathering, evaluating, providing their opinions,
assessments and recommendations.
Confidentiality
Members of the internal audit team should safeguard the information they receive in
carrying out their duties. There should not be any unauthorized disclosure of
information unless there is a legal or professional requirement to do so. Confidential
information gained in the course of audit duties should not also be used to effect
personal gain.
Competency
Members of the internal audit team should apply the knowledge, skills and experience
needed in the performance of their duties. They should carry out their work according
to the standards set out in the Government Internal Audit Standard. They should not
accept or perform work that they are not competent to undertake unless they receive
adequate advice and support to competently carry out the work.
RULES OF CONDUCT
1. Integrity
Internal Auditors:
1.1 shall perform their work with honesty, diligence, and responsibility;
1.2 shall observe the law and make disclosures expected by the law and the
profession;
1.3 shall not knowingly be a party to any illegal activity, or engage in acts
that are discreditable to the profession of internal auditing or to the
organization;
1.4 shall respect and contribute to the legitimate and ethical objectives of the
organization.
2. Objectivity
Internal Auditors:
2.1 shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment. This participation includes
those activities or relationships that may be in conflict with the interests of
the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their
professional judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may
distort the reporting of the activities under review.
3. Confidentiality
Internal Auditors:
3.1 shall be prudent in the use and protection of information acquired in the
course of their duties.
3.2 Shall not use information for any personal gain or in any manner that
would be contrary to the law or detrimental to the legitimate and ethical
objectives of the organization.
4. Competency
Internal Auditors:
4.1 Shall engage only in those services for which they have the necessary
knowledge, skills and experience.
4.2 Shall perform internal auditing services in accordance with the Internal
Audit Standards of Public Bodies of Government of Ethiopia.
4.3 Shall continually improve their proficiency and the effectiveness and
quality of their services
Introduction
1. Internal control system includes all the policies and procedures adopted by the Head of the
public body to assist in achieving its objective and ensuring, as far as practicable, the orderly,
economical, efficient, and effective conduct of its operation, including adherence to internal
policies, government’s policies, rules and regulations, the safeguarding of assets, the
prevention and detection of fraud and error, the accuracy and completeness of the accounting
records, and the timely preparation of reliable financial and management information and
fairly disclosing that data in a timely report.
2. It is a responsibility of the Head of the public body to determine the internal control system,
which is appropriate to the public body. The nature and extent of controls will vary between
public bodies and also from one part of a public body to another. The controls used will
depend on the nature, size and volume of the activities, the degree of control which
management is able to exercise personally, geographical distribution, and many other factors.
The choice of controls may reflect a comparison of the cost of operating individual controls
against the benefits expected to be derived there from.
3. Internal control system comprises the control environment and control procedure. Control
environment means the overall attitude, awareness and actions of the management regarding
internal control and their importance in the public body. The control environment
encompasses the management style and culture, and values shared by all employees. It
provides the background against which the various controls are carried out. However, a strong
control environment does not, by itself, ensure the effectiveness of the overall internal control
system. Factors reflected in the environment include: -
• The public body’s organizational structure and methods of assigning authority and
responsibility (including segregation of duties and supervision controls); and
• The management’s method of imposing control, including the internal audit function,
personnel policies and procedures, in particular the competence and integrity of
internal auditors.
4. Control procedures are those policies and procedures in addition to the control environment,
which are established to achieve the public body’s specific objectives.
5. When describing internal controls by their role in the public body, they have often been
organized into two: financial controls, which are primarily concerned with legitimacy of
expenditure and the security of assets and income; and management controls, which are
created and maintained by management to ensure that an activity is relevant to the needs of a
public body and is carried out in the most effective manner. These categories are
interdependent, and should not be regarded in isolation, as both have an impact on the
performance of activities and their consequent cost and value to the public body.
Financial Control
6. Financial control is a series of actions which is considered to be part of the total internal
control system concerned with realizing the financial goals of the entity. This includes
compliance with accounting and financial policies and procedures, safeguarding the entity’s
resources and preparing reliable financial reports.
The main areas of financial control can be more closely defined as follows:-
• Budgetary Control: The public body should plan and control its expenditure and
income to meet its predetermined objectives.
• Security of Assets: Assets of the public body should be kept in proper custody and not
wrongly applied, either by error or intent.
Management Control
7. Management control is a series of actions, being an integral part of the internal control system,
concerned with administrative procedures needed to make managerial decisions in orders to
archive, the highest possible economic and administrative efficiency and ensure the
implementation of administrative policies, whether related to financial affairs or otherwise.
The nature of management controls will vary widely according to the type of activity, which is
under review. However, there are several basic control areas which could be applied
including:
• Objectives: The public body should regularly review its objectives relating to any
operational activity and determine the methods needed to achieve them. The Head of
public body has the responsibility for determining objectives, policies and plans, and
the internal auditor should not intervene in such processes. An audit may show
inadequate controls on the supply of information to management for decision making.
These aspects are legitimate areas of audit concern, and may well require comments on
the correctness of the decisions themselves, but the internal auditor should be wary of
basing comments purely on the advantages given by hindsight.
• Procedures: Staff at all levels need to be regularly informed both of their overall
objectives and the organizational procedures which are to be followed in order to
ensure the achievement of the operational activity.
Control Objectives
8. Control objectives can be defined as the purpose for which controls have been designed and in
a large organization doing many different things, these can vary substantially. Control
objectives have the following features: -
• Essentially, control objectives relate to the purpose to which the control relates i.e.
what it is designed to do in relation to the system under consideration.
• The purpose of setting control objectives is to ensure that it is not just the greatest
number of controls which are evaluated, but rather to identify those most efficient and
effective in achieving the objectives for the particular systems being evaluated.
• Because systems can serve so many different objectives, a complete list of control
objectives for all areas which are auditable is not practicable. However, control
objectives for many of the common systems used for planning purposes such as
payments, payroll, etc., can be standardized to a far greater degree. This is dealt with
further in part four.
9. The particular controls which are used to achieve these objectives generally fit in one of the
following categories: -
• detective – to detect and correct undesirable events that have occurred (for example, by
establishing standard to detect various irregularities)
• corrective –to correct errors that have been detected ( for example, by collecting an
over payment to a vendor)
10. In practice, the distinction among these categories and types is often difficult to recognize
because an effective internal control structure requires elements of each. Even the descriptions
of each category of control can vary among individuals. However, regardless of how internal
controls are organized or defined, they should not be thought of as alternatives to each other.
They should be complementary. Any one control has advantages and disadvantages, so an
effective internal control structure uses a mix of controls to compensate for the particular
disadvantages of individual controls.
11. Controls can also be identified at three levels: organizational arrangements, basic controls and
methods of supervising basic controls.
• organizational structure
• levels of authority
• competence of staff
• accounting records
• documentation
• management information
• internal audit
• Documentation: A public body must have written evidence of its internal control
structure, including its objectives and control procedures, and all pertinent aspects
of significant events and transactions. Also, the documentation must be available
and easily accessible for examination by appropriate personnel and the auditors.
Documentation of the internal control structure should include identification of an
organization’s structure and policies and its operating categories and related
objectives and control procedures. These should appear in documents such as
management directives, administrative policies, procedures manuals, and
accounting manuals. Documentation of transactions or significant events should be
complete and accurate and should enable each transaction or event (and related
information) to be traced from its inception, while it is in process, to after it is
completed.
• Verifying records with evidence from outside sources such as the regular
comparison of the cash book with the bank statement. This technique can ensure
the validity of transactions and the accuracy of the records.
• Checking the records by verifying the physical existence of the assets to which
they relate, such as continuous stocktaking, periodical surprise cash counts and
periodic inspection of the items recorded in the fixed asset register. Such checking
helps to ensure the validity of transactions and the accuracy of the records.
• Supervisory controls (final approvals by senior staff after detailed checking has
occurred)
• Segregation of duties (this ensures that no one individual handles a transaction from
beginning to end)
• Physical controls (these mostly concern the custody and protection of assets)
12. Primarily, the responsibility of internal audit is to examine systems of control. Nevertheless,
the auditor should look beyond controls to the relationship of expenditure to the objectives of
the organization, e.g. cost effectiveness, utilization of resources.
• They must be appropriate (that is, the right control in the right place and
commensurate to the risk involved).
• They must function consistently as planned throughout the period (that is, be
complied with carefully by all employees involved and not bypassed when key
personnel are away or the workload is heavy).
• They must be cost effective (that is, the cost of implementing the control should not
exceed the benefits derived).
Reasonable Assurance
14. Internal control structures are to provide reasonable assurance that the general objectives will
be accomplished. Reasonable assurance equates to a satisfactory level of confidence under
given considerations of costs, benefits, and risks. Determining how much assurance is
reasonable requires judgment. In exercising that judgment, managers should:-
• Identify the risks inherent in their operations and the acceptable levels of risk under
varying circumstances; and
15. Reasonable assurance recognizes that the cost of internal control should not exceed the benefit
derived. Cost refers to the financial measure of resources consumed in accomplishing a
specified purpose and the economic measure of a lost opportunity, such as a delay in
operations, a decline in service levels or productivity, or low employee morale. A benefit is
measured by the degree to which the risk of failing to achieve a stated objective is reduced.
Examples include increasing the probability of detecting fraud, waste, abuse, or error;
preventing an improper activity; or enhancing regulatory compliance.
16. Designing internal controls that are cost beneficial while reducing risk to an acceptable level
requires that managers clearly understand the overall objectives to be achieved. Government
managers may design systems with excessive controls in one area of their operations that
adversely affect other operations. For example, employees may try to circumvent burdensome
procedures, inefficient operations may cause delays, and diluted responsibilities may make it
difficult to identify accountable individuals. Thus, benefits derived from excessive controls in
one area may be outweighed by increased costs in other activities.
17. However well designed, internal control systems are still vulnerable. Thus the presence of
internal controls is no guarantee that their objectives will be fulfilled. Some of the obvious
risks are:-
• Collusion between two or more members of staff (thus negating the segregation of
duties)
• Fraud
To maintain an internal control structure that would eliminate the risk of loss is not realistic
and would probably cost more than is warranted by the benefit derived.
18. Because any internal control structure depends on the human factor, it is subject to flaws in
design, errors of judgment or interpretation, misunderstanding, carelessness, fatigue, or
distraction. While the competence and integrity of the personnel designing and operating the
system may be controlled by selection and training, these qualities may alter due to pressures
from within and outside the public body. Furthermore, no matter how competent the staff, the
control they operate may become ineffective if they do not correctly understand their function
in the control process or choose to ignore it.
Conclusion
19. Complying with instructions and regulations is an important part of maintaining internal
controls. But it is quite a small part of the picture. For healthy internal control systems the
active involvement of management is needed. The following are some of management’s major
responsibilities:
• Employing internal auditors to evaluate the status of controls and to report on their
adequacy.
• Taking rapid and decisive action against those found guilty of breaking internal
controls.
• Informing staff of the presence of controls, of instances of detected abuse and of the
penalties imposed, as a deterrent to further abuse.
20. The types of control which management can deploy as preventive control include: -
Planning
• Definition, wherever possible, of the outputs of a system and the criteria for
measuring them;
Organizing
• Finding the most efficient balance of duties between organizational groups: for
example, headquarters and operations; management and staff; specialists and
generalists;
20.3 In large organizations, delegation of authority is made from superior to lower levels
of management to permit improved decision-making. Delegation of authority has to
be clear and related to the organizational responsibilities of the persons concerned.
Delegations of authority are usually set according to the nature of activity delegated
and the types of decision, which the manager may make without referring the matter
upwards for permission from the immediate superior.
20.4 Levels of authorization are set to clarify the nature and limits of delegations of
authority. Key features are:
Segregation of Duties
20.5 Key duties and responsibilities in authorizing, processing, recording, and reviewing
transactions and events should be separated among individuals. To reduce the risk of
error, waste, or wrongful acts and the risk of not detecting such problems, no one
individual or section should control all key stages of a transaction or event. Rather,
duties and responsibilities should be assigned systematically to a number of
individuals to ensure that effective checks and balances exist. Key duties include
authorizing and recording transactions, issuing and receiving assets, making
payments, and reviewing or auditing transactions. Collusion, however, can reduce or
destroy the effectiveness of this internal control technique.
Staffing
20.6 Adequate staffing is essential for a system to function to its full capability.
Weakness in staffing can lead to mismanagement, error and abuse, which can negate
the effect of other controls. The major areas requiring attention are as follows: -
• Identification and review of the staffing needs: numbers, grades, experience and
expertise levels.
20.7 Management and employees are to have personal and professional integrity and are
to maintain a level of competence that allows them to understand the importance of
20.8 Management and their staff must maintain and demonstrate personal and professional
integrity and ethical values, a level of skill necessary to ensure effective and efficient
performance, and an understanding of internal controls sufficient to effectively
discharge their responsibilities.
20.9 Many elements influence the integrity of Heads of public bodies and their staff. The
tone at the top is important. Personnel should periodically be reminded of their
obligations under an operative code of conduct that comes from top management.
Counseling and performance appraisals are also important. Overall performance
appraisals are also important. Overall performance appraisals should be based on an
assessment of many critical factors, including the implementation and maintenance
of effective internal controls.
20.10 Access to resources and records is to be limited to authorized individuals who are
accountable for their custody or use. To ensure accountability, the resources are to
be periodically compared with the recorded amounts to determine whether the two
agree. The assets’ vulnerability should determine the frequency of the comparison.
20.11 Restricting access to resources reduces the risk of unauthorized use or loss to the
government and helps in achieving the public body's directives. The degree of
restriction depends on the vulnerability of the resource and the perceived risk of loss,
both of which should be periodically assessed. The major aspects are:-
Supervision of Operations
20.12 Supervision requires seniors to monitor the work done by their juniors. It covers
aspects such as conformity with instructions, timeliness, completeness, propriety of
actions, conformity with delegated authority, behavior etc. The scrutiny of work
done by subordinates helps to ensure its quality. It provides a check that staff is
performing according to the standards, needs and objectives of the public body.
20.13 Public bodies directives and procedures should be documented. Staff should be
aware of them and trained to ensure that they are followed. Written guidance and
procedural manuals should be clear, unambiguous and easy to refer to. They should
be accessible to all relevant staff. Management should check that they are read,
understood and implemented. Guidance documents should be reviewed regularly.
Changes should be brought to the attention of staff. Standards of documentation
should be established and enforced to ensure an adequate information base for
decisions. This enables management, auditors and other reviewers to follow the
course of operations and transactions and to identify errors or poor performance.
Introduction
1. Evaluating and reporting on internal controls for improvements is the internal auditor's
main responsibility. This involves:
• testing controls to check whether they operate effectively (meet the criteria,
achieve their purposes).
The aim is to provide the necessary assurance to management that controls are
adequate in principle and practice.
2. Criteria for evaluating controls are: relevance, cost of operation (both direct and
indirect), feasibility, effectiveness in meeting control objectives,
complexity/simplicity and adequacy.
3. The internal auditor can use questionnaires to evaluate the internal control system
of a public body. Internal control questionnaires and internal control evaluation
questionnaires will be discussed in this section.
4. Internal control questionnaires (ICQS) are used to ask whether controls exist which
meet specific control objectives. The major question which internal control
questionnaires are designed to answer is ‘How good is the system of controls?’
Where strengths are not identified, the auditors will perform work in the relevant
areas. If, however, weaknesses are discovered they should then ask what errors or
irregularities could be made possible by these weaknesses.
5. Although there are many different forms of ICQS in practice, they mainly comprise
a list of questions designed to determine whether effective controls are
implemented. Since it is the primary purpose of an ICQ to evaluate the system
rather than describe it, one of the most effective ways of designating the
questionnaire is to phrase the questions so that all the answers can be given as
‘YES’ or ‘NO’ and a ‘NO’ answer indicates a weakness in the system. Example of
ICQs are given in Annex XIX - XXVII.
6. One of the strengths of ICQs is that they facilitate the orderly evaluation of controls
present in a system. A weakness of ICQs is that they can promote a somewhat
standardized approach to evaluation. The answering of the question become an end
in itself, rather than the means to an end. The auditors are concerned whether the
controls do or do not prevent the possibility of material errors occurring. This is
not always easy to determine with an ICQ where the questions are notionally of
equal weight. In many systems a particular ‘No’ answer (Say, referring to a lack of
segregation of duties) may cancel the apparent value of a string of ‘Yes’ answers.
Each situation must be judged on its own merits and hence, although the ICQs are a
standard pre-printed pack, they should be used with imagination. As using ICQs is
a skilled and responsible task, the evaluation should be performed by a senior
member of the audit team.
• substantive tests (tests that check that the output of a system is correct e.g.
that the financial statements have been correctly compiled in relation to the
accounting records)
• compliance tests (tests that check whether observed actions conform with the
relevant regulations, requirements, instructions etc.)
External auditors are more concerned with the former because they need to express
an opinion on the reliability of the financial statements. Internal auditors are more
concerned with the latter because their job is to advise the Head of the public body
on the adequacy of internal controls.
10. This is probably the most important of all audit choices. The auditor must
understand the entity which is to be audited: its structure, locations, staffing,
methods of work, resources, responsibilities, objectives and controls. The auditor
must also understand that the resources available for carrying out the audit are
limited. Then the fact that a choice is needed (of what controls to check) becomes
more obvious.
11. The key to this choice is the ability to distinguish what is relevant and important,
from what is not. In deciding what is relevant and important the following may be
considered:
c. with the rest, the resources available for audit could be allocated in
similar proportions and this would lead to controls being checked
throughout the entity.)
• the amounts and types of asset held by the public body (for instance if the
public body holds large inventories or uses a large fleet of vehicles these may
be the focus of compliance tests).
• the areas of greatest risk (this is partly a reflection of the amounts of money
involved as already discussed, but the choice is also influenced by the
possible extent of losses. An indicator might be losses, frauds etc. uncovered
by previous audits or by other means. The auditor has to gain some idea of
the probability of loss and combine it with an idea of the amounts of
money/resources which may be vulnerable to loss).
• the areas where the management considers itself most vulnerable to loss,
abuse etc.
• procurement (this is inherently an area of high risk. The auditor must assess
the importance of procurement relative to other activities of the public body.
If procurement is important, the audit will have to reflect this).
12. Using criteria of this sort the auditor should be able to explain why particular
controls are to be checked intensively and why others are to be checked less
intensively and why the audit takes a particular shape.
13. The following are the major types of compliance check, the first being by far the
most prevalent and in the majority of cases, the most important:
14. One hundred per cent checking is impossible because of limited audit resources.
Selection is therefore necessary. The main selection criteria are:
• importance to management.
15. Let us assume that we employ only one of the above criteria (size of monetary
amount) and that the audit concerns physical controls on the acquisition of
materials to be used in construction contracts, the decision on compliance testing
might be as follows:
The result of this is that the intensity of compliance testing is related directly to the
amounts of money involved.
16. On the one hand more cases will give greater certainty about findings; on the other
the larger the number of cases examined the higher the cost. Take for example an
examination of vehicle log books. Ninety per cent of logbooks have been examined
and audit findings established. What will be the likely effect on audit findings, if
the final 10 % are checked? If the characteristics which are the subject of audit are
evenly distributed throughout the universe of logbooks, the likely effect will
approach zero. But if the logbooks in the final 10% of cases are quite different
from the other logbooks (e.g. they are the logbooks of vehicles allocated to
managers), the effect on audit findings could be considerable.
Audit sampling
18. The internal auditor can arrive at valid conclusion using audit sampling. 'Audit
sampling' means the application of audit procedures to less than 100% of the items
within an account balance or class of transactions to enable auditors to obtain and
evaluate audit evidence about some characteristics of the items selected in order to
form or assist in forming a conclusion concerning the population which makes up
the account balance or class of transactions.
19. It is important to recognize that certain testing procedures do not come within the
definition of sampling. Tests performed on 100% of the items within a population
do not involve sampling. Likewise applying audit procedures to all items within a
population which have a particular characteristic (for example all items over a
certain amount) does not qualify as audit sampling with respect to the portion of the
population examined, nor with regard to the population as a whole, since the items
were not selected from the total population on a basis that was expected to be
representative.
20. When designing the size and structure of an audit sample, auditors should consider
the specific internal control objective the nature of the population from which they
wish to sample, and the sampling and selection methods. When audit sampling is
appropriate, considerations or other characteristics relating to that evidence assists
internal auditors in defining what constitutes an error and what population to use for
procedures; auditors may be concerned with matters such as whether an invoice was
clerically checked and properly approved.
21. To assist in the efficient and effective design of the sample, stratification may be
appropriate. Stratification is the process of dividing a population into sub-
populations, each of which is a group of sampling units, which have similar
characteristics (often monetary value). The strata are explicitly defined so that each
sampling unit can belong to only one stratum. This process can be used to reduce
the variability of the items within each stratum. Stratification therefore enables
auditors to direct audit effect towards the items which, for example, contain the
greatest.
Sample size
22. When determining sample sizes, internal auditors should consider sampling risk and
the extent to which they expect to find errors. Sampling risk arises from the
possibility that internal auditors' conclusion, based on a sample, may be different
from the conclusion that would be reached if the entire population were subjected to
the same audit test.
23. Sampling risk can be contrasted with non-sampling risk which arises when internal
auditors use any audit procedures. Non-sampling risk arises because, for example,
most audit evidence is persuasive rather than conclusive, or internal auditors might
use inappropriate procedures or might misinterpret evidence and thus fail to
recognize an error or irregularities. Internal auditors should attempt to reduce non-
sample risk to a negligible level by appropriate planning, direction, supervision and
review.
24. If internal auditors expect errors to be present in the population, a larger sample
than when no error is expected generally has to be examined. The size and
frequency of errors is important in assessing the sample size. Large sample sizes
arise, for the same overall error, if there are a few large errors compared to where
there are many small ones. Smaller sample sizes result when the population is
expected to be error free. If the expected error rate is high then sampling may not
be appropriate. In determining the expected error in a population, auditors consider
such matters as the size and frequency of errors identified in previous audits,
changes in the public body's procedures and evidence available from other
procedures.
25. Internal auditor should select sample items in such a way that the sample can be
expected to be representative of the population in respect of the characteristics
being tested. For a sample to be representative of the population, all items in the
population are required to have an equal or known probability of being selected.
26. While there are a number of selection methods, three methods commonly used are:
• random selection, which ensures that all items in the population have an
equal chance of selection, for example by use of random number tables;
27. It does not follow that internal control systems are ineffective, just because errors
have been detected in them. A judgment is needed on the significance of errors and
their frequency before any judgment can be made. For example, the signatures on
purchase orders have been wrong for several months because of absence and
temporary replacement of the concerned member of staff, without any change in
authorized signatories. There is certainly a control weakness (not updating
authorized signatories) but it may not be a serious weakness (for example if no
adverse consequences could be detected because other compensating controls were
working).
28. Internal auditors therefore need to understand fully the implications of errors
discovered. The common reaction to internal audit is that it is all about
faultfinding. Internal auditors are seen as petty policemen. This perception has to
be changed. One way to do this is to assess:
Introduction
3. The initial stage of audit was primarily based on the concept of vouching. This
approach involved the checking of entries in the accounting records with the
appropriate vouchers, i.e. the documentary evidence. It was very common for
the auditor to check in detail a substantial portion of all documentary evidences
before concluding the audit. For instance, audit programmes under the vouching
concept of audit would normally specify rigidly predetermined testing volumes
unrelated to the particular situation, such as “vouch three months purchase
invoices”.
4. Under the vouching concept of audit the apparently extensive coverage was
exceptionally shallow, being confined to one “horizontal plane” of entries all of
an identical nature. Tests at any particular stage were unrelated to any other
state. For example, auditors may vouch a vast number of day book entries
against supplier’s invoices (all tests being in the same “plane”, hence the term
“horizontal”), without considering the need to test these entries against purchase
orders or any other documents related “vertically”.
• the results of audit findings tell us how many transactions etc. were
found to be defective and the types of defect found, but tell us nothing
about the systems which were "responsible" for the errors.
6. With the mushrooming of large groups of companies and conglomerates and the
defects of the vouching approach, it soon become obvious that auditors would
have to adopt a far more scientific approach to their work if they were to justify
the relatively small number of audit tests carried out in relation to the enormous
growth in the volume of transactions. This led to the emergence of the systems
based approach to auditing.
7. The system based audit approach correctly incorporates the principle that the
nature and depth of audit tests should take into account the extent to which the
system of internal control in operation “audits itself”.
8. In the system based approach, the internal auditor examines and tests the public
body’s internal control systems to see whether they are appropriate and effective
for the public body to achieve its objective. The system of internal control in
force determines the nature, the extent and the timing of subsequent audit tests
to be executed.
9. Generally, in a system based approach a much smaller number of audit tests are
required to be carried out in relation to the enormous volume of transactions and
in contrast to the extensive coverage under the traditional vouching approach to
audit. The justification for the relatively smaller number of audit tests lies in the
auditor placing reliance on the control in the “system”.
10. The system based approach is a procedure whereby the internal auditors
identify, ascertain, record and confirm the system of a public body operations
and establish the objective of the control designed in the system and evaluate the
appropriateness and effectiveness of the control in achieving the objective of the
system.
11. A system is defined by the Institute of Internal Auditors as "an arrangement, set
or collection of concepts, parts, activities and/or people that are connected or
inter-related to achieve objectives and goals". A public body has systems for
managing personnel, recording and reporting financial data, acquiring inputs
from suppliers, etc. Each system is made up of a number of smaller components
(procedures, steps, checks, reviews, reports, decisions etc.). Clearly a system is
as good as its components, and will not achieve its objectives unless the
components are properly linked and controlled.
12. Systems vary in nature and purpose (systems for procurement, inventory,
recruitment, accounting, etc.). Systems are designed and their operations
monitored in order to enable the organization to meet its objectives. Resources
(inputs) are processed to provide results (outputs) in accordance with
predetermined purposes (objectives). Systems can be thought of as having five
basic components:
objectives
inputs
processes
outputs
controls
Objectives
13. Objectives are statements of what is to be achieved. Each system within the
public body has its own objective:
c) stores systems are to control their receipts and issuances, to make them
available in relation to need and to protect the items held.
14. Different systems should be coherent and mutually supportive (e.g. payroll and
accounting). However, where objectives are contradictory this may not be
possible (e.g. cost reduction may not be compatible with achieving maximum
impact). Managers of public bodies may need to think more about systems and
their objectives, as simply complying with regulations is only part of their job.
Inputs
15. Inputs are the resources used by the system (e.g. salaries are paid to secure the
services of staff). Inputs may include staff time, materials, services, supplies,
information and so on.
Process
16. Processing is the conversion of inputs to produce outputs. Public bodies have
numerous processes (e.g. authorization actions, purchasing supplies, issuing
inventory, controlling the quality of work etc.).
Outputs
17. Outputs are the products, effects and achievements of a system which result
from the processing of inputs. Some outputs are intermediate (e.g. invoices paid,
staff recruited, suppliers evaluated, stores items issued). Others are final (e.g.
services rendered to clients). Outputs are affected by quality factors such as
their timeliness, suitability and usefulness and the degree to which they are
adapted to the needs of clients.
Controls
19. Internal Auditors must fully understand the systems that they audit. They gain
the necessary understanding in four ways:
• by ascertaining the system. This is the step where the Internal Auditor
researches the system by examining various reference materials;
• by recording the system that they have ascertained. This involves using
suitable techniques, both written and diagrammatic, to assist the Internal
Auditors to understand the system as a whole and the elements within it;
20. The main components of systems have already been outlined. To ascertain
systems the internal auditor has a large range of sources (e.g. staff directive,
organization chart, financial regulation, budget document etc.). In practice, the
internal auditor should refer to all relevant and reliable sources as possible. The
following approach is recommended:
21. The objective of systems should be consistent with the aims and objectives of
the public body as a whole. In most cases, the internal auditor may have to
identify the system objective from scratch because of absence of written
instructions. Here are some commonly found systems with a description of their
objectives:
22. Interviewing managers and staff members helps the internal auditor to
understand how the systems work in practice. Interviews can be undertaken
formally or informally. However they are undertaken, they should be:
• planned in advance;
23. The internal auditor should record the system and how it works. There are two
principal ways of recording the system:
24. The Internal Auditor should have full understanding but should be wary of the
danger of drawing flowcharts which are not needed. The auditor's written
narrative should cover the system and its components. The notes can form the
basis for a flowchart. The notes should be clearly structured so that others can
understand them.
25. Flowcharting is the accepted method of recording systems and internal controls.
When the internal auditor prepares flowcharts, they should be based on narrative
notes. Well-written flowcharts are designed to leave no doubts as to the nature
of the system recorded. The main advantages of using flowcharts are:
26. At this stage the systems will probably have been recorded on the basis of a
verbal description provided by management. However, the tendency is to
describe the systems, as they should operate, rather than how they actually
operate in practice. It is only human nature to cut corners, but often this
weakens the controls, which have been built into systems.
27. To overcome this, it is necessary, having recorded the system, to select sample
of transactions and to conduct a "walk through test". A walk-through test
involves tracing one or more transactions through the accounting system and
observing the application of relevant aspects of the internal control system. In
this way any departures can be identified and recorded. Thus an accurate
picture can be obtained of how the systems work in practice.
28. The internal auditor should establish the objectives of the systems recorded to
ensure that the control objectives are appropriate. Control objectives should be
specific so that it is possible to evaluate whether or not they are being achieved.
Consequently, generalizations such as “to ensure that support services are
adequate” should be kept to a minimum. Control objectives should reveal the
purpose of the control, not the means used to carry it out or the control itself.
Internal controls and their evaluations are discussed more fully in the next two
sections.
30. Based on the result of the evaluation of internal control system the internal
auditor can reach to conclusions whether the current control system is efficient
and effective in achieving the public body's stated objectives. Furthermore, the
internal auditor should give recommendations on those internal control systems
areas where weaknesses are observed and improvement is needed.
31. Finally, the internal auditor is required to report the weaknesses in the internal
control, the conclusions reached and recommendations made for improvements.
32. It is axiomatic that controls in any organization should be commensurate with its
risks because, excessive controls result in unnecessary costs whereas inadequate
controls lead to unacceptable exposures. Excessive controls would lead to high
costs which may not be commensurate with the advantage accruing to the
Organization, namely, the prevention of possible loss arising from the operation
of the relevant control.
33. The evaluation of internal controls is a complex task calling for great skill.
Each Organization will have different internal control requirements and any
given control level may be achieved in a variety of ways. There appears to be
no definite standard against which to judge what is appropriate and effective
internal control.
35. There are inherent limitation on the effectiveness of any system of internal
control. No system of internal control, however elaborate, can by itself guarantee
efficient administration and completeness and accuracy of the records; nor can it
be proof against fraudulent collusion, especially on the part of those holding
positions of authority or trust. In particular, internal controls that depend on
segregation of duties can be avoided by collusion. The internal controls that
depend on authorization can be abused by the person in whom the authority is
vested.
36. Critics of the system based audit approach have pointed out that it is cold and
clinical and ignores what is generally referred to as “management style”. That the
application of this approach is common to all types of management; it does not
recognize the underlying philosophy and motivation of the management.
37. In recent years, a further evolution has taken place. The great wave of litigation
charges against external auditors coupled with soaring audit costs have led
individual audit firms to develop systems of quality control and also research into
new methods of auditing. Recognition of the need to improve the excellence of
audit together with emphasis on reduction in unproductive time spent on audit has
led to the emergency of risk based auditing.
38. The risk based systematic approach to auditing is the most effective of all the
other approaches. It requires the internal auditor to assess the relative
vulnerabilities of the systems and identify those systems which are more risky
than the others and should, therefore, be audited sooner and more often. This
approach includes identification of the system (which is covered under system
approach above), identification of relevant risk factors, and assessment of their
relative significance.
Risk
39. Risk refers to the possibility of a system having so poor internal control that the
public body does not achieve its objectives effectively and efficiently. The effect
of risk can involve:
Risk factors
40. Risk factors are the criteria used to identify the relative significance of, and
likelihood that, conditions and/or events may occur that could adversely affect the
public body. The risk factors utilized should be sufficient to provide a
comprehensive risk assessment.
42. The Head of Internal Audit may decide to weigh the risk factors to determine their
relative significance. The weighing of risk factors reflects the Head's judgment of
the relative impact that it may have on selecting a system for an audit. This
section is not intended to prescribe a rigid process that specifies how risk
assessment must be conducted. However, steps of risk assessment and example of
calculation of the Risk Index is provided in Annex I.
Risk assessment
43. Risk assessment is a systematic process for assessing and integrating professional
judgments of the probable adverse conditions and/or events. Risk assessment
process is crucial to the development of effective audit work schedule. In
developing an audit work schedule, the Head of Internal Audit should allocate the
resources of the Internal Audit department in a manner that gives appropriate
consideration to the various risks confronting the public body. The Head should
generally assign higher audit priorities to systems with higher risks.
44. The Head of Internal Audit can obtain information from a variety of sources for
the risk assessment process. Such sources include: -
45. Audit priorities determined through the risk assessment process may be reviewed
and updated continuously. There should be a periodic assessment of the effect of
any major changes of the system or related risk factor which have occurred since
the audit work schedule was prepared.
46. To summarize, internal auditors using the risk based systematic approach should:-
• Identify and record the objectives of the system, risks and controls;
• Evaluate the controls to decide whether or not they are appropriate and can
be reasonably relied upon to achieve their objectives;
• The systematic assessment of risk of the public body enables the internal
auditor to have a profound knowledge of the public body;
• The approach focuses the audit on the high risk areas which are material to
the public body;
• The approach tends to make the Head of the internal audit and senior
internal auditors much more involved in the planning stage of an audit
assignment.
48. To summarize, the development of auditing can be traced from the traditional
vouching approach to the system based approach and then to the risk based
approach each of which is not at the exclusion of the other. The system based
approach contains the concept of vouching, but in digestible portion, just as the
risk based approach contains one of the inputs of the system based approach, the
evaluation of the internal control system.
PLANNING
Introduction
1. Planning is an essential element in the audit process. This section deals with the
aspects of planning, the level of plans involved, their preparation and
characteristics in general. The responsibility of planning the audit lies with the
Head of the Internal Audit department. Audits require adequate planning for a
variety of reasons.
Strategic plan
4. The first level of planning is the preparation of the strategic plan, the duration of
which is set to be 5 years. The necessary criteria for the preparation of strategic
plan differ from one audit approach to the other. It therefore appears useful to
mention the basic criteria for the preparation of strategic plan at different audit
approach for internal auditors in order that they can apply them in line with their
stage of development. It follows that in the vouching (traditional) audit approach
the internal auditor intends to check all documentary evidences of an entity as far
as possible. In the system based audit approach the intention was changed to
evaluation of the internal control of all systems of the entity. In the emergence of
the risk based systematic audit approach the internal auditor commences to
prepare a strategic plan in which the risk materiality of the systems is ranked and
their scheduling together with the resource required is determined.
5. In the vouching (traditional) audit approach the internal auditor checks in detail a
substantial proportion of all documentary evidences before reaching his
conclusion. When it becomes impossible to check all documentary evidences
due to the volume of transactions, the internal auditor designs audit programmes
which normally specify rigidly predetermined testing volumes unrelated to the
particular situation such as "vouch three months of purchase invoices."
6. In the system based audit approach the internal auditor evaluates the internal
control systems of an entity by giving equal weight to all systems. In this
approach a much smaller number of tests are required to be carried out in
contrast to the extensive converge under the traditional vouching audit approach.
The level of testing under this approach would be primarily guided by two
determining factors which are the frequency with which a control is performed
and the type of tests. The more frequently the control is performed the more it
will need to be tested. Testing which requires re-performance would necessitate
substantially lower level of tests than testing which requires examination of
evidence.
7. The important characteristic of the strategic plans prepared under the risk based
systematic approach is that it should be made on the basis of risk and materiality
assessment with a view to systematically prioritize audit work. The strategic
plan prepared under all approaches has the following characteristics;
• It should be developed to meet the needs of the public body i.e. it should
be value adding;
• It should be flexible for subsequent improvements and reviews;
• It should establish long term resource and skill requirement and
allocation issues;
• It should describe major audit assignments and overall audit techniques
selected;
• It should provide basis for other levels of planning.
• Once the risk materiality is assessed and ranked, the next step is
determining audit and their scheduling over the strategy period (5
years). This involves determining which system to be audited, audit
objectives, their frequency, timing, type and nature of audits and audit
techniques to be followed, and other issues;
9. The strategic plan is then used as a basis to prepare periodic work plans. The
annual plan is prepared by the Head of the Internal Audit in consultation with
the audit staff by breaking the strategic plan into periods of audit i.e. usually a
year and is put forward to management of the public body for approval.
Performances Standard No. 520 of the Internal Audit Standard of Government of
Ethiopia deals with the developing of periodic audit plans. The objectives of this
plan is to implement the strategy by detailing it further within the period (a year).
It also puts emphasis on resource allocation. In translating the 5 year plan into
the annual plans, care should be taken as to whether the assumptions and
judgments that underpin the 5 years plan are still valid. The following points
thus have to be considered in this regard:
• Risk assessment and prioritization is still valid (for risk based systematic
approach);
• Any audit works brought forward (not carried out) in previous year;
10. Therefore the annual plan should be kept under review to identify and reflect
changing priorities, resource allocations, timing issues and other emerging audit
needs. The annual plan should sufficiently set out the details of the assignments
so that management understands the purpose and scope of the assignments. The
plan should establish resource and skill requirements and set relative priorities
for each assignment. It thus matches available resources and the audit
assignments.
• Assess the total time required for each audit assignment and the total
time available in the period;
• Review staff and other resources allocations over the period of audit
assignments taking into account:
12. After considering the above and other issues that could influence audit
assignments, the periodic/annual/audit plan is prepared and forwarded to
management or Audit Committee for approval. This process allows the
management or the Audit Committee to review the plan to place emphasis upon
areas that may be of particular interest. The next step in the planning process, is
the planning of each individual audit assignment based on the approved annual
audit plan.
13. For every audit assignment a detailed plan of work should be prepared. The plan
should establish detailed objectives of the assignment, resources requirement,
outputs, target dates and other issues. The plans have to be discussed with Head
of the public body or Audit Committee and agreed upon. This enables to take
into account any concerns of the Head of public body and Audit Committee over
policies, procedures and operations in the relevant audit area.
14. On the basis of the strategic plan and especially the annual plan the detailed
plan is prepared. It includes:
• The scope, objectives, extent and priority of audit work depending on risk
assessments;
• The schedule and timing (starting and finishing dates) and reporting issues
as well (when, how, to whom);
• Detailed staff and resource allocation for each aspect of the audit
assignment. This includes the number, experience level, knowledge and
skill level of staff;
• An audit program;
15.2 Other requirements of the audit, such as the audit period covered and
estimated completion dates, should be determined. The final audit
report format should be considered, since proper planning at this
stage facilitates writing the final audit report.
• Audit objectives and procedures should address the risks associated with
the system under audit. The risk based systematic approach to internal
audit is discussed in part two section one in detail.
• Set forth the scope and degree of testing required to achieve the
audit objectives in each phase of the audit.
18. Communicating with all who need to know about the audit
20. Internal audit have objectives, and to ensure that its objectives are achieved, the
work should be controlled at each level of the audit to ensure that a continuously
effective level of performance that comply with standards is being maintained.
This is the scope of quality assurance dealt with in Performance Standard No.
1100 of the Internal Audit Standard of Government of Ethiopia. It involves the
management of audit assignment in aspects of supervision and review to assure
the quality of the work.
• Ensuring that full and adequate working papers are maintained that
properly document the work carried out and the conclusions arrived at
along with recommendations are adequately supported by relevant
evidences.
• Ensuring that reports are accurate, objective, clear, concise and timely.
• Using audit completion check lists to ensure that important issues are
not overlooked.
of the staff engaged in the audit assignment and to provide guidance for future
audit assignments.
25. The reviews could be undertaken at three stages of the audit process:
• At the completion stage – to ensure that the audit has been satisfactorily
performed in all aspects.
26. These reviews should be documented and kept in working papers. See attached
review sheets under annex VI-VIII.
27. This review is undertaken by persons who are independent of the public body.
The review is carried out to assess the performance of Internal Audit
Department. As it is stated in the Internal Audit Standard of Public Bodies of
Government of Ethiopia such reviews should be conducted within a reasonable
period of time depending on various issues.
29. The audit program provides a means of monitoring the progress of audits. It is
not always possible to stick to each aspect of the audit program. Time estimates
may have been wrong, unforeseen events may occur, judgments and assumptions
may prove to be wrong, etc. All these would lead to amendment of audit
programs and respective audit works. Therefore, original audit programs as
amended due to subsequent events will be valid throughout the audit.
30. Audit program helps to plan and budget time available with the objective of
setting a framework of control in which planned and actual time is compared. In
addition, audit programs provide the starting point for discussions between the
head of internal audit and the auditors carrying out the audits. The auditor in
charge can indicate how the audit is progressing, whether it is on track, whether
unexpected problems have arisen and the likely chances of completing the
program as planned. The reviewers can keep abreast of progress, observe quality
of work, obtain an interim understanding of the audit findings and take corrective
actions (eg. Allocating more time to particular aspects; adjust the location and
intensity of compliance checks in relation to interim review findings, etc.). In
particular, it will be possible for reviewers to assess whether tests conducted
provide sufficient evidence for the development of reliable audit findings.
1. Internal audit is a systematic process, which must be carried out with due care and
attention. Audit findings must be supported by sufficient evidences. Consequently,
record keeping is very important indeed. It provides a trail of verifiable evidence.
2. Documenting is made possible through the use of working papers. Working papers
are the records kept by the auditor of the procedures applied or followed, the tests
performed, the information obtained and the pertinent conclusions reached.
3. As per the Performance Standard No.710 of the Internal Audit Standard of the
Government of Ethiopia, the internal auditor should prepare working papers, which
provide the principal evidential support for the audit report and demonstrate the
internal auditors’ compliance with the internal audit standards and support for audit
conclusions reached.
• Identifies audit objectives and methods chosen as a basis for planning future
audits and for review purposes.
• Provides support for audit findings and evidence of compliance with the internal
audit standards.
Principles of Documentation
When carrying out audits internal auditors should use consistent reporting
methods. Consistency is achieved by using the standard formats
appearing in this manual. Completing the recommended formats will
make documentation easier to understand and review. For instance if an
auditor takes over a work that has been started by another auditor, the use
of standardized formats will promote continuity. However, practical
experience may dictate the need for amendment of standard formats.
Moreover, the auditor could use additional formats as necessary.
Documentation should accurately reflect the tests planned, the tests carried
out and the result of these tests. There should also be documents that
show the timing of the work carried out.
The aim is to provide working papers that will make it easy to understand
the way the audit was carried out. For this the working papers should be
well organized and cross-referenced with clear and concise language and
structure. The information recorded should be sufficient for the purposes
of subsequent review by someone other than the responsible auditor.
5.4 Completeness
The audit papers should be complete in the sense of covering the whole
audit; the tests carried out, the meetings held, the queries raised,
management responses and the draft conclusions reached.
Audit papers should reveal who carried out each piece of work. In
addition, working papers should be reviewed. Information regarding the
identity of reviewers and their instructions/advice should be documented.
5.6 Confidentiality
Audit papers are in principle confidential. The Head of the Internal Audit
unit may decide to share audit papers, only if there is good reason. If the
external auditor or the Ministry of Finance and Economic Development
requests access, this is good reason in itself. If, in the case of fraud, the
police or a court of law requests information, the Head of internal audit
will comply. When access is requested, the circumstances, reasons,
persons with whom information was shared and the information shared
should be recorded in permanent files. It should be noted that principle of
confidentiality prevents the sharing of audit information with third parties
(e.g. suppliers). In general, internal auditors should be very wary about
sharing audit information, because of possible conflicts of interest. As
audit papers are confidential, measures should be taken to restrict access
to them.
• Planning;
• Review;
• Reporting;
• Follow-up; and
Permanent File
7.1 Permanent file is used for retaining key information of continuing audit
relevance, which changes little from year to year. It contains data of
historical or continuing nature pertinent to the audit. The permanent file
typically include:
• Extracts or copies of the public body document that deal with the
organizational aspects. It includes organization structure (chart);
organizational history detailing authority and duty;
• Correspondence with the Head of the Public Body, audit committee and
outside parties concerning various issues. Note that a separate file could
be maintained for all correspondence depending on the size, frequency and
necessity.
Current Files
7.2 The current files include all working papers applicable to the year under
audit. They contain relevant information of the audit for the current year.
Their contents include:
8.1 Each working paper should be properly identified with such information
as:
8.2 Each working paper should be signed (or initialed) by the preparer and the
reviewer.
8.4 Each working paper should include sufficient information to fulfill the
objectives for which it was designed.
8.5 Completed working papers must clearly indicate the audit work performed
including sampling methods and samples selected. This is accomplished
in three ways:
8.6 The conclusions that were reached along with the respective
recommendations about the segment of the audit under consideration
should be plainly stated.
Introduction
1. The Internal Audit Standard of Government of Ethiopia requires that after the audit
examination is completed, the Internal Auditor should discuss conclusions and
recommendations at appropriate level of management and issue a signed, objective,
clear, concise, constructive and timely written report with appropriate format
(content).
Audit findings
2. Internal auditors report their findings and recommendations in a formal way. Audit
findings are the outcome of the audit. The value of auditing can be judged by the
quality, relevance, timeliness and reliability of audit findings and the deterrent effect
that audit creates. Here, we are concerned only with audit findings and the way they
are reported.
3. Audit findings are much more than simple opinions. The audit process is a
meticulous process for building up very specific information. It is meticulous
because it must result in reliable and relevant information, sufficient to support robust
conclusions. A robust conclusion is one which is objective and fully supported by the
evidence. An auditor using the same audit methodology could repeat the audit and
arrive at the same conclusion.
4. Audit findings emerge by a process of comparing "what should be" with "what is".
Whether or not there is a difference, the internal auditor has a foundation on which to
build the report. When conditions meet the criteria, acknowledgement in the audit
report of satisfactory performance may be appropriate. Findings should be based on
the following attributes:-
• Condition - The factual evidence which the internal auditor found in the course
of the examination (what does exist).
If there is a difference between the expected and actual conditions, then:
• Cause - The reason for the difference between the expected and actual
conditions (why the difference exists).
• Effect - The risk or exposure the auditee organization and/or others encounter
because the condition is not the same as the criteria (the impact of the
difference).
5. The Head of Internal Audit is employed for his/her expertise and experience. A
critical element of this is judging the adequacy of information gathered through the
audit process as a basis for arriving at conclusions.
6. A process is needed for developing conclusions and testing their robustness before
they are embodied in audit findings. This may involve:-
• busy people who have to read many reports on a lot of subjects and who do
not want to plough through a lot of detail before reaching key conclusions.
8. These presumed characteristics are the key to writing effective audit reports. An
effective audit report is one which is objective, clear, concise, constructive and
timely.
• Objective reports are factual, unbiased, and free from distortion. Findings,
conclusions, and recommendations should be included without prejudice.
• Clear reports are easily understood and logical. Clarity can be improved by
avoiding unnecessary technical language and providing sufficient supportive
information.
• Concise reports are to the point and avoid unnecessary detail. They express
findings completely in the fewest possible words.
• Constructive reports are those which, as a result of their content and tone, help
the organization to make the necessary improvements where needed.
• Timely reports are those which are issued without undue delay and enable
prompt and effective action to be taken.
9. Although audit report formats and content may vary, they should at least contain the
purpose, scope, and results of the audit.
• Purpose statements should describe the audit objectives and may, where
necessary, inform the reader why the audit was conducted and what it was
expected to achieve.
• Scope statements should identify the audit activities and include, where
appropriate, supportive information such as time period audited. Related
activities not audited should be identified, if necessary, to delineate the
boundaries of the audit. The nature and extent of auditing performed should
also be described.
• Findings are pertinent statements of fact. Those findings which are necessary
to support or prevent misunderstanding of the internal auditor's conclusions
and recommendations should be included in the final audit report. Less
significant information or findings may be communicated orally or through
informal correspondence.
10. One of the conspicuous weaknesses of auditors all over the world is their inability to
write effective audit reports, so this aspect requires attention and effort. When
writing their reports, internal auditors should bear in mind that there is no report that
cannot be improved, however many times it may have to be rewritten.
11. It is the responsibility of the Head of internal audit to ensure that audit reports reach
high standards of relevance and readability. The Head should examine all draft audit
conclusions for relevance, robustness, economy of language, clarity, tactfulness,
helpfulness and positive tone. The last three are important, as effective audit reports
should not alienate the reader. The reader should be treated as a friend rather than an
enemy. After all, if the ultimate usefulness of audit is effective remedial action, it is
wise to treat those responsible for such actions with respect. The idea is to help them,
not to embarrass or anger them.
12. Writing audit reports entail drafting, redrafting, discussing, eliminating redundant
information, and so on. It requires patience and care. But this process is worthwhile
at the end of the day as it guarantees that internal audit reports will be read and
understood.
• draft report of audit findings submitted by the Head of internal audit to the
Head of the public body for discussion(interim).
• final report of audit findings formally submitted to the Head of the public
body.
14. The internal auditor should held exit conference to discuss conclusions and report
recommendations at appropriate level of management before issuing the final report.
The discussion will help to ensure that there have been no misunderstandings or
misinterpretations of facts by providing the opportunity for the auditee to clarify
specific items and to express views of the findings, conclusions, and
recommendations. Although the level of participants in the discussion may vary by
public body and by the nature of the report, they will generally include those
individuals who are knowledgeable of detailed operations and those who can
authorize the implementation of corrective action.
• for every completed audit, a final audit report is submitted to the Head of
public body in a timely manner.
• for every year there is a brief annual report showing the audits carried out
during the year, the auditor's general opinions on the status of internal control
systems and the manner in which management has followed up on audit
findings.
The annual report is submitted to the Head of the public body with copies to the
Audit Committee and the Ministry of Finance and Economic Development.
16. Formal audit reports are not the only way (and certainly not the most effective way)
of reporting audit results to management. Auditors should think of additional ways of
bringing their work to the attention of management. Material can be presented orally
in seminars, workshops, meetings, briefings and one-to-one sessions in a variety of
formats ranging from presentations on what management needs to know,
management tools, principles and concepts, advice on best practice, recommendations
and actual audit findings.
17. Internal audit reports are sent to the management of the public body for the following
reasons:-
• to prevent the Head of the public body from keeping audit findings secret
from his management team.
SECTION I - INTRODUCTION
This part of the Manual includes procedural guidance for financial and compliance audits. Each
section of this part contains an introduction definition, audit objectives, internal control system
and the audit procedures to be carried out by the internal auditors to discharge their
responsibilities. Internal auditors should carry out these activities by taking into account the
basic concepts and principles explained in Part Three. The audit procedures provided in this part
should only be used as guidance for the internal auditor to design an audit program, which
specifically meets the requirement of the public body under audit. The internal auditor should
select audit procedures, which are materially related to risk, feasible to the audit and likely to
generate useful findings.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
104
INTERNAL AUDIT MANUAL PART FOUR
SECTION II
Introduction
1. Of all assets, cash is the most susceptible to misappropriation, theft and loss. It follows
that the control mechanism established, for the proper monitoring and custody of cash,
has to be carefully designed. The implementation and follow-up of control procedures is
the responsibility of all eligible staff of the public body. The internal auditor should
frequently check the extent of compliance with established policies and procedures for
proper use of cash and bank accounts. The audit of cash and bank balances is commenced
by a surprise cash count. The accuracy of the cash balance is determined by examining
records and supporting documents kept by the public body for the collection of receipts,
effecting of payments and banking of money. The audit of cash and bank balances
verifies cash and bank balances at a specific date. In this section, the definition, audit
objectives, internal control system and audit procedures for cash and bank balances are
briefly presented.
Definition
2. Cash is the balance of money, which is found in the hands of cash collectors and main
and assistant cashiers, and in bank, at a specific date and time. Cash includes paper notes,
coins, bank notes, e.g. certified payment orders (CPOs), cheques, bank balances, etc.
3. The overall internal control system for the management and control of cash and other
liquid assets are the responsibility of the Head of the public body. The system should
include:
• Having adequately trained and qualified staff in charge of all aspects of the
management and control of cash and other liquid assets.
• Establishing adequate formal procedures for all aspects (e.g. authorizing actions;
making entries in accounting records; ensuring the accuracy of accounting records;
safeguarding cash and other valuables; specifying limits and ceilings for insurance
for the issue of cheques and payment by petty cash; keeping of records and
supporting documents; etc.).
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
105
INTERNAL AUDIT MANUAL PART FOUR
• Specifying clear lines of responsibility for all actions regarding cash management
and banking including the responsibility for authorizing actions and transactions.
• Carrying out checks to ensure that the procedures established by management are
working as intended.
• Making sure that when failures in management and control have occurred,
appropriate remedial actions are taken to prevent their recurrence.
• Establishing a system whereby the normal duty of one person is checked by another.
• Rotating duties between staff in as much as time, necessary skill and staff
availability permits.
4. The internal auditor should evaluate the internal control system of the public body with a
view to assessing whether proper procedures exist for managing and controlling cash,
suspense vouchers and bank accounts and whether the procedures operate as intended. In
addition to the overall control environment listed above, the detailed internal control
system for controlling cash and bank balances includes the following:
• Cash collected and other receipts should be deposited intact into bank,
on a daily basis wherever possible.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
106
INTERNAL AUDIT MANUAL PART FOUR
• Cash kept in safe should be counted and checked against the balance
of cash shown in the accounting records of the public body at specific
time intervals.
• The cash in hand should be insured against risks of theft and burglary
(fidelity guarantee insurance should also be acquired).
• The petty cash fund should be maintained using the imprest system by
which a petty cash float is established and replenishments are made
upon presentation of payments made with their supporting documents.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
107
INTERNAL AUDIT MANUAL PART FOUR
• At specific time intervals the correctness of the petty cash book, petty cash
vouchers and supporting documents must be checked in order to prove
that the balance of cash in hand is correct.
• Bank accounts should be opened and closed only by the order of the Ministry
of Finance and Economic Development.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
108
INTERNAL AUDIT MANUAL PART FOUR
• The date at which the reconciliation is carried out and the amounts of closing
balances taken from the cash book and bank statement.
• A list of all payments appearing in the cash book which have not yet passed
through the bank account (usually unpaid cheques).
• A list of all receipts appearing in the cash book which have not yet passed
through the bank account (usually cheques received and other bank credits
not yet credited by bank).
• A list of items appearing in the bank statements but not in the cash book and
an explanation of how these items have been treated (i.e. the adjustment
entries made in order for the cash book to reflect the correct information).
• A reconciliation statement proving the difference between the cash book and
bank statement balances, signed by the preparer and by senior staff.
Audit Objectives
5. The objectives of an audit of cash and bank balances include, but are not limited to:
• Ensuring that collection and payment of cash are made on legal receipt and payment
vouchers, respectively.
• Ascertaining that cash collected by the public body is deposited intact into bank in a
timely manner.
• Ensuring that payments above a certain level specified by the head of the public
body are effected by cheque.
• Ascertaining that every cash and bank transaction is properly registered in the books
of account.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
109
INTERNAL AUDIT MANUAL PART FOUR
• Verifying that bank accounts opened for particular purposes are used for those
purposes and that no unauthorized bank accounts exist.
• Verifying that the public body deposits money in excess of its requirements in an
appropriate bank account, making sure that if no bank branch is conveniently
located, the money is transferred to the treasury department of the Ministry of
Finance and Economic Development.
• Ensuring that proper actions are taken with regard to safeguarding of cash.
Audit Procedures
6. The following are the audit procedures to be followed in order to ensure the adequacy of
control over cash and bank balances.
6.1.2 Ensure proper safeguarding of cash is made by verifying the existence of:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
110
INTERNAL AUDIT MANUAL PART FOUR
6.2.1 Ascertain the location of cash safes and identify suspense account
documents with money value.
6.2.2 Verify the existence of prenumbered official receipt vouchers.
6.2.3 Ensure that cash and cheque collection summaries are maintained and
check the summaries against cash receipts and cheques on sample
basis.
6.2.4 Verify that the cash and cheque collection summaries are checked by a
person other than the preparer as part of one’s duty.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
111
INTERNAL AUDIT MANUAL PART FOUR
6.2.5 Ascertain that daily receipts are deposited into bank on time and intact.
6.2.6 Check that updated records exist (when undertaking count), i.e. cash
book, transactions register, cash ledger. Record any unrecorded receipts
and expenditures.
6.2.7 Check the accuracy of cash book (rows, columns, balances).
6.2.8 Perform the cash count procedure on regular basis (e.g. monthly) and a
surprise count on irregular basis.
• Ensure the presence of the cashier and the chief accountant until the end
of the count of cash and cash equivalents.
• Having listed all relevant documents and valuables found in the safe,
seal the safe. The cashier and the chief accountant should sign the list.
• Similarly the cashier and the chief accountant should sign on the last
used page of the cash book (register of receipt and payment) and other
books of account and last used receipt to establish cutoff point used for
the audit.
• Administer safe – opening questionnaire and ask the cashier and senior
finance officer to sign it.
• Take care to prevent double counting of cash, cheques and stamps, etc..
• Count and record the amount of cash, suspense account and other
documents which have money value kept in the safe.
• Sign along with the cashier and chief accountant on the count form.
• Compare the cash counted against the record balance (cash book).
• Make the cashier and chief accountant sign the cash balance comparison
form.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
112
INTERNAL AUDIT MANUAL PART FOUR
• Count the cash found in safe and cash boxes of petty cashiers and
register details of payment vouchers not replenished. The count sheet
should be signed by the petty cashier and the chief accountant.
• Verify that payments made are consistent with the rules of the petty
cash fund which should stipulate the types and maximum amounts of
permitted expenditure.
• Ask petty cashiers and the chief accountant to sign the petty cash
balance comparison record form.
• Ensure that the designated official, the cashier, the chief accountant and
the receiver have signed all documents giving rise to suspense account
payments.
• Verify with care all suspense account expenditures made in the name of
the cashier, the chief accountant or the head of the public body.
• Ask the cashier and the chief accountant to sign the suspense account
count sheet.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
113
INTERNAL AUDIT MANUAL PART FOUR
• Check the age of suspense accounts (the period from issue to the date of
audit). Identify overdue suspense accounts and investigate the reason
for their outstanding.
• Identify all bank accounts held in the name of the public body.
• Check bank balances with the bank by making several visits to the bank
during the month. Checking bank balances only after receiving bank
statements is not advisable.
6.5.5 Ascertain there are no cheques outstanding for more than six months.
6.5.6 If there are long outstanding cheques, ask accounting staff to make the
necessary adjustments in respect of them (for instance make write-back entries
in cash book to cancel the overdue cheques).
6.5.7 Ascertain that the cashier does not present “bounced” cheques during the cash
count in order to prevent means of covering defalcation.
6.5.8 Ascertain the inclusion in the following month’s bank statement of deposits in
transit shown in the cash book in the previous month (by checking their
accuracy against bank deposit slips) to prevent their use for covering
misappropriation.
6.5.9 Make further investigation when uncommon and high value adjustments appear
in the bank reconciliation. Check also unusual high value withdrawals
appearing in the bank statement.
6.5.11 Ensure that errors made by bank are notified to the bank as soon as possible.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
114
INTERNAL AUDIT MANUAL PART FOUR
SECTION III
Introduction
1. Money collected by way of taxes, custom duties and other revenues enables the
Government to carry out its social and economic programs. The methods used for
ensuring collection are, therefore, critical to the government’s ability to deliver public
services. While taxation and customs provide the largest sources of revenue, most
government entities collect smaller sums of revenue arising from fees, licenses and other
charges. Consequently, all government entities require adequate collection and revenue
management systems, to ensure that sums due to the State are properly collected and paid
into government bank accounts. Revenues, particularly when collected in cash, are
vulnerable to diversion and loss. Moreover, some government staff may be tempted to
forgive debts due to the state, for personal gains. Therefore, the internal control
measures put in place by management to control and safeguard receipts and debtors, need
to be proportionate to the risks involved.
Definition
2. Government receipts include collections received in cash and kind. These can be divided
into five major parts:
• Tax Revenue
• Non-Tax Revenue
• Grants
• Proceeds of loans from both domestic and foreign sources
• Capital Revenue
3. These guidelines apply to all government revenues. However, it is realized that taxation,
customs and excise may require more specific treatment than is stated here.
4. Over all internal control systems for the management and control of receipts and
receivables are the responsibility of the Head of the public body concerned. They
include:
• Having adequately trained and qualified staff in charge of all aspects of revenue
management and control.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
115
INTERNAL AUDIT MANUAL PART FOUR
• Establishing adequate official procedures for all aspects of revenue and debt
management (e.g. authorizing actions; making entries in accounting records;
ensuring the accuracy of accounting records; safeguarding cash and other
valuables; ensuring that cash received is quickly banked and accounted for;
keeping adequate records and supporting documents; etc.).
• Providing a procedural manual and/or official instructions (in the case of public
bodies with large revenues) and giving training to ensure that staff know official
procedures and how to comply with them.
• Specifying clear lines of responsibility for all actions regarding revenue collection
and management of debtors including the responsibility for authorizing actions
and transactions.
• Ensuring that a system of reporting to the Head of the public body is in place and
that it is appropriate to his/her needs.
• Carrying out checks to ensure that the procedures established by the Head of the
public body are working as intended.
• Making sure that when failures in management and control have occurred,
appropriate remedial actions are taken to prevent their recurrence.
• Making sure that there is segregation of duties of those who are in custody of
assets, those who keep records and those who determine, assess and adjust
revenues.
• Rotating the duties of staff in as much as time, skill and staff availability allows.
5. The internal auditor should evaluate the internal control system of the public body
with a view to assessing whether proper procedures exist for managing and
controlling receipts and receivables and whether the procedures operate as
intended. The internal control system for controlling receipts and receivables
includes the following:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
116
INTERNAL AUDIT MANUAL PART FOUR
5.1. Income From Budget Transfers (Recurrent and Capital Budget), Disposal Of
Property And Sundry Accounts
The cashier must issue official cash receipt vouchers for collections from all
sources including those from the budget, resulting from disposal of property and
sundry accounts. Sufficient control mechanisms should be established to ensure
that only appropriate income is collected. Such collections should be properly
recorded in the books of accounts. The above procedures apply to:
• A control mechanism is needed to ensure that taxes and custom duties are
properly assessed and adjusted in accordance with existing law and tariffs,
and that sums due are efficiently recorded and collected.
• For all taxes and customs duties there should be complete separation of
responsibility between assessment and adjustment, and between
responsibility for recording sums due and the actual collection of those
sums. There should be an effective "firewall" between assessment and
collection.
• The income collected from sale of goods and services rendered by the
public body must be in accordance with rates set by the government.
• The determination of fees and charges and the preparation, collection and
recording of receipts should be done by different staffs of the public body.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
117
INTERNAL AUDIT MANUAL PART FOUR
• There should be a system of control that ensure the compliance with the
grant or credit agreement.
Audit Objectives
• ascertaining that all receipts are deposited to central treasury account regularly.
• making sure that all receipts are recorded properly and that the books of account
show the correct receipts for the specific financial period.
• ascertaining that all deductions withheld are properly recorded and accounted for.
• ensuring that financial reports are in accordance with the books of accounts.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
118
INTERNAL AUDIT MANUAL PART FOUR
Audit Procedures
7. The following audit procedures are to be followed to verify the existence and operation
of appropriate controls.
8.2 Check that proper supporting schedules exist that support financial statement or
reported figures.
8.3 Ascertain that items stated in financial statement or reports agree with ledger
balances.
8.4 Compare the current years revenue with that of last year and that of the budget.
Secure necessary justifications for major variations.
9. Receivables
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
119
INTERNAL AUDIT MANUAL PART FOUR
9.3 Ascertaining that proper and up-dated general (control) and subsidiary ledger
cards are maintained. Ensure also that the total subsidiary ledger balances agree
with that of the control ledger balance.
9.5 Ascertaining that there is a proper register of sums charged, money received in
settlement and amounts outstanding.
9.6 Ensuring that all necessary measures are taken to collect debts.
9.7 Seeing that there is a strong follow up mechanism for collecting from overdue
debtors in particular regarding delinquent cases already reported to court.
9.8 Ensuring that debts which cannot be collected after repeated attempts, are written
off in accordance with official procedures and that the write-off of debts is
properly controlled and authorized.
9.9 Ascertaining that the cash collected from debtors is properly accounted for and
recorded in individual ledger cards corresponding to each debtor.
9.10 Ascertaining whether statement of accounts of receivable balances are exchanged
with major debtors.
9.11 Sending request of confirmation for major receivable balances, depending on
materiality and risk involved. Review responses received.
9.12 Ascertaining compliance with directives in respect to both short and long term
loans to staff.
10 Income From Budget Transfers (Recurrent and Capital Budget), Disposal of Property
And Sundry Accounts
10.1 Ascertain that official vouchers are used for recording collection of all types of
receipts, including receipts from budget transfers, disposal of property, sundry
accounts, etc.
10.2 Check that all recurrent and capital budgets transferred to bank from Ministry of
Finance and Economic Development or collected directly from Treasury
Department in cash, are in line with the authorized and allocated budget.
10.3 Ascertain that all personal income taxes, fines and pension contributions are
properly computed and deducted from employees' salaries.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
120
INTERNAL AUDIT MANUAL PART FOUR
10.4 Ensure that there are receipt vouchers for all deductions withheld and that the
amounts are properly calculated and recorded in the accounts.
10.5 Ascertain that all public bodies which make charges for services rendered do so in
accordance with the relevant proclamations and regulations.
10.6 Ensure that receipts resulting from services rendered, the disposal of assets,
charges, fines, donation, etc. are properly transferred to central treasury account.
10.7 Ascertain that disposals of assets are conducted as per the Financial
Administration Proclamation, regulation and directives.
10.8 Ascertain that the collection of money from other sources are in accordance with
the relevant agreements and Financial Administration Regulations, adequately
supported by documents where appropriate and that they are reported to the
Ministry of Finance and Economic Development in a timely manner.
10.9 Examine receipts to ensure that they have been properly classified, summarized
and recorded in the books of accounts.
11.1.1 Ensure that official cash receipt vouchers are used to collect all taxes.
11.1.2 Ensure that ledger cards and tax file are maintained for taxpayers and that
relevant and detailed documents are kept in the tax files.
11.1.3 Ensure that the names, addresses, identification numbers and other details
are recorded in an appropriate register or tax file.
11.1.4 To ensure the adequacy of control over collection and recording process:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
121
INTERNAL AUDIT MANUAL PART FOUR
• Ensure that taxes are collected within the period prescribed in the
relevant tax regulation.
• Check that the fines imposed on those who fail to pay their taxes in
time, are in accordance with relevant tax regulations.
11.1.5 To ensure that taxes are assessed in accordance with the relevant tax
regulations:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
122
INTERNAL AUDIT MANUAL PART FOUR
11.1.6 Verify that the duties and responsibilities of tax assessment, collection of
cash and record keeping are effectively segregated and carried out by
different staffs.
11.1.7 To ensure that all taxpayers are identified with an objective of ascertaining
completeness of income:
• Review the files for tax assessment and payment by the taxpayer.
11.1.8 Where tax relief is granted ensure that it is given as per directives,
regulation, official letters of approval, etc.
11.1.9 Ensure the existence of a system of internal check whereby the work of
one employee is checked by another.
11.2.1 Ascertain that customs duties are properly assessed and collected.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
123
INTERNAL AUDIT MANUAL PART FOUR
11.2.2 Identify variations between the estimated and actual collection from
customs duties and when significant verify their causes.
11.2.3 Ensure that all exported and imported goods are properly taxed in
accordance with relevant regulations.
11.2.4 Ascertain that all rent, transit charges, income from the sale of customs
declaration forms, and license fees are collected in accordance with the
customs duty regulations,
11.2.5 Ascertain that goods left in customs warehouses for more than six months
and smuggled goods are disposed of according to the requirements of
official regulations, including recording and storing procedures.
11.2.6 Ensure that appropriate receipt vouchers are raised for foreign currency
and valuables confiscated because of illegal transfer and that they are
properly recorded.
11.2.7 Ensure that cash collected from disposal of confiscated assets is deposited
intact to the central treasury account.
11.2.8 Ascertain that separate individuals have carried out duties of confiscation,
issuing of appropriate receipt vouchers, recording and disposal.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
124
INTERNAL AUDIT MANUAL PART FOUR
12.1 Ensuring that all incomes are properly classified and recorded in the books of
account.
12.2 Ascertaining that the rates used for the calculation of charges are in accordance
with the relevant regulations.
12.3 Ascertaining that all receipts have been properly determined and that no income
has escaped control or recording to ensure completeness.
12.4 Verifying that all used and unused receipt vouchers are properly kept.
12.5 Ensuring that all cash receipt vouchers are sequentially numbered and are used
accordingly.
12.6 Ensuring that all the daily collections are forthwith deposited to bank or handed
over to the main cashier.
12.7 Ascertaining that all money collected is deposited intact to the central treasury
account.
12.8 Ensuring that the duties of collection and recording are carried out by separate
individuals.
12.9 In cases where the public body uses a part or the whole of sums collected,
ensuring that the sums so used are properly authorized by Ministry of Finance and
Economic Development and/or by appropriate regulation and that they are
adequately controlled.
13.1 Secure all lists of grant and loans. Ensure that all are approved by Ministry of
Finance and Economic Development (MOFED)
13.2 Ensuring that all separate bank accounts are notified to MOFED.
13.3 Select major grants/loans agreement and receipts and perform procedures
mentioned below.
13.4 Secure and review the grant/loan agreement.
13.5 Check compliance with the grant/loan agreement, its conditions and requirement
concerning collection.
13.6 Ensure that official receipts are issued along with acknowledgement letters (if
required) concerning cash receipts.
13.7 Ascertain that cash collected are recorded in the books of account (registers,
ledgers).
13.8 Where appropriate review the adequacy of supporting documents that support
cash collections.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
125
INTERNAL AUDIT MANUAL PART FOUR
13.9 For donation in kind, ensure that proper goods receiving note is issued.
13.10 Ascertain that receipt of the goods is completely and properly recorded in:
• Stock cards;
• Books of accounts.
13.11 Check valuation of aid in kind is carried out as per the Financial Administration
Regulation and Directives. Review the adequacy and relevance of supporting
documents.
13.12 Review receipts against budget.
14 Common Procedures for all Receipts
The following procedures are common to all receipts of the public body. Although some
of them are included in specific income procedure dealt above, they are repeated here to
emphasize their importance.
14.1 Ensure that adequate control is maintained over used and unused receipt
vouchers:
• Check that stock cards and bin cards are maintained that show receipts,
issues and the unused balances.
• Check that cancelled receipts are kept undetached with the pad being
marked “VOID”;
14.3 Ascertain that the collection summaries are checked by an employee other than
the one who has prepared it.
14.4 Ensure that collections are deposited intact and on time to central treasury
account.
14.5 Check that approval is secured where the collections are used (after they are
deposited to bank intact) to finance the budget of the public body.
14.6 Check that an independent person oversee (review) that all collections are
deposited intact and on time.
14.7 Ensure that receipts are properly recorded to books of account (ledgers,
registers).
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
126
NTERNAL AUDIT MANUAL PART FOUR
SECTION IV
STOCKS
Introduction
1. As many stock items are portable, easily exchangeable and readily convertible to
cash, they are susceptible to theft, loss and misappropriation. It follows that a
strong internal control system should be established and followed in order to
safeguard such items. The internal auditors of public bodies should, therefore,
thoroughly review the existing internal control system in this area, comment on
its weaknesses and recommend what should be done to improve it. In this
section, the definition, audit objectives, internal control system and audit
procedures for stock items are briefly presented.
Definition
2. Stock items are part of current assets, which are normally purchased, but may also
be produced by the entity. They are held as stock, and used and replaced during
the year. At the year-end there are normally stock items which are carried
forward for use in future periods. Items which make up the stock of a public body
vary from case to case. In general, stock items include, but are not limited to, the
following categories:-
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
127
NTERNAL AUDIT MANUAL PART FOUR
3. Internal control systems for stock items are the responsibility of the senior
managers of the public sector body. They include:-
• Having adequately trained and qualified staff in charge of all aspects of the
storage, receipt, issue and management of stock.
• Preventing the purchase of items which are not needed and the build-up of
excessive stock.
• Making sure that when failures in management and control have occurred,
appropriate remedial actions are taken to prevent their recurrence.
4. The audit section should evaluate the internal control system of the public body
with a view to assessing whether proper procedures exist for managing and
controlling stock and whether the procedures operate as intended. The internal
control system for managing and controlling stock includes the following:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
128
NTERNAL AUDIT MANUAL PART FOUR
• When stock items are issued, they should be listed on a goods issue
note which is signed by the receiver.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
129
NTERNAL AUDIT MANUAL PART FOUR
• The store shall be built and organized in such a way that stock items
are safely kept, and damaged, defective or obsolete stock items can be
easily identified.
• No stock items should enter or be issued from the store without the
raising of goods receiving and goods issuance notes, respectively.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
130
NTERNAL AUDIT MANUAL PART FOUR
• The physical count for each item should be compared with the balance
appearing on the stock card. Significant differences between the count
and the amount recorded on the card should be properly investigated
and appropriate action taken.
Audit Objectives
5. The objectives of audit of stock items include but are not limited to:
• Ascertaining that there are appropriate stock receiving notes and stock
issue vouchers.
• Ascertaining that all issues from stores are on the basis of approved
stock requisition forms.
• Ensuring that there are bin cards/stock cards for recording the quantity
and value of stock items. Bin cards contain quantity movements only.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
131
NTERNAL AUDIT MANUAL PART FOUR
Audit Procedures
6. The ensuing are audit procedures to be followed in order to assess the adequacy
of control of stock items:-
• Ensure that goods receiving notes are issued for all stock items
received and that they are properly recorded in stock records.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
132
NTERNAL AUDIT MANUAL PART FOUR
6.2 Activities To Be Carried Out Before The Physical Count Of Stock Items
• Mark the cut off date on the last used page of the stock register
books, stock cards, goods receiving notes and goods issuance notes
and ask the responsible persons to sign them.
• The internal auditor should ensure that the physical count is taken
in accordance with the stock count instruction provided by the head
of the public body and that the instruction has been properly
followed.
• The auditor should take note of any variations that come outside the
physical count instruction.
6.4 Activities To Be Carried Out After The Physical Count Of Stock Items
• The auditor should ascertain that all the goods receiving notes,
goods issuance notes, stock cards and bin cards are marked and
signed as of the cut off date.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
133
NTERNAL AUDIT MANUAL PART FOUR
• The auditor should also check that the physical count sheet is in
agreement with bin cards and stock cards balances so that there are
no differences between the physical count and the records.
• If the auditor suspects that the physical count of stock items has not
been taken properly the head of the public body should be
informed.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
134
NTERNAL AUDIT MANUAL PART FOUR
SECTION V
FIXED ASSETS
Introduction
2. General
Ensure that there are procedures and policies established by Management which
are not easily over ridden.
3. Acquisition
• Ensure that acquisition of fixed assets is well planned and that alternative
means have also been equally considered;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
135
NTERNAL AUDIT MANUAL PART FOUR
4. Registration
• Set up a system to correctly and fully record fixed assets owned by a public
body and projects financed by donors in separate fixed asset registers;
• Ensure that fixed asset registers provide all necessary information as required
by the applicable directive of the government;
• Identification number should be given to each fixed asset and the number
should be recorded as reference in the register of fixed asset;
• Ensure that the register is immediately updated when fixed assets are moved
from one location to another.
5. Protection/safeguarding/
• Servicing regularly.
6. Physical verification
• Establish a policy to conduct inventory of fixed assets at least once a year and
to compare the results with the records;
• Identify phased out projects of donors and ensure that all fixed assets of the
projects are handed over to the concerned authority as per the agreement.
7. Disposal
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
136
NTERNAL AUDIT MANUAL PART FOUR
• Ensure that list of disposable assets has been prepared and reviewed and
commented by an appropriate technically qualified persons;
• Ensure that disposal whether through sales or other means should be authorized
by designated official;
• Institute a system of reporting the reasons for and result of the disposal to senior
management.
8. Audit Objectives
• To examine accounts and fixed assets register, with a view to assuring that all
acquisitions and disposals are accurately and fully recorded.
9. Audit Procedures
• Acquisition is authorized;
• That issued fixed assets are immediately recorded on fixed assets register.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
137
NTERNAL AUDIT MANUAL PART FOUR
• Ascertain that all registered assets are given identification numbers (fixed with
tag number);
• Carry out physical inspection of fixed assets periodically and/or annually and
compare this against fixed assets register;
• Where there are various agents and/or projects which are located far from the
Head Office, inspection visits should be made on a sample basis in such a way
that the sampling would enable you to visit all numbers of the group at least
within five year plan of government;
• Observe and note the condition of fixed assets held by public body (for being
scrap, obsolescence, damage, excess etc.) and compare with the report of
management.
Obtain schedule for fixed assets disposed of and written off during the year and
ensure that:
• Senior management has approved the disposal and the writing off;
• The procedure applied in disposing of and writing off fixed assets is consistent
with the directives and regulations of the government.
Select large and unusual amounts (debit or credit) out of current year movements
in general ledger account of fixed assets and :-
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
138
NTERNAL AUDIT MANUAL PART FOUR
• Ascertain that all entries in general ledger account are approved by designated
persons;
• Ensure that there is segregation of duties between custody of fixed assets and
recording on registers and ledger accounts;
• Identify adjustments and ensure that they are substantiated by genuine and
properly approved documents.
• Ensure that the public body acquires and disposes vehicles on the basis of
relevant directives of the Government.
• Ascertain that there is a chief of transport (or other designated senior manager)
who controls all aspects of vehicle management;
• Ascertain that the vehicles of the public body are only driven by the drivers and
eligible officials of the public body;
• Make sure that all eligible officials and drivers are using government vehicles
properly and with due care as per relevant guidlines;
• Ascertain the reporting procedures in principle and in practice when drivers and
eligible officials are involved in accidents causing damage to government
vehicles;
• Make sure that drivers and eligible officials who damage government vehicles
as a result of their own carelessness or negligence, are held responsible for the
cost of repairs;
• Ensure that vehicles of the public body receive maintenance at regular intervals;
• Ensure that those who receive transport allowances do not at the same time
utilize a vehicle of the public body.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
139
NTERNAL AUDIT MANUAL PART FOUR
SECTION VI
PAYROLL
Introduction
1. As Government sets aside substantial amounts for salaries and allowances, the
systematic and proper management of the same should be ascertained by the audit of
salaries and allowances.
2. In this section, the objectives, internal controls and audit procedures for salaries and
allowances are briefly stated.
3. All public bodies should maintain an appropriate internal control system with regard
to controlling salaries and allowances including the following: -
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
140
NTERNAL AUDIT MANUAL PART FOUR
• checking that gross pay, deductions, allowances and unclaimed salary have
been computed accurately and on the basis of current scales and eligibility;
• checking that collections from salary deductions are paid to the concerned
public bodies and other beneficiaries in full and in a timely manner.
• Checking that any changes to staff salaries, arising from such factors as the
employment of new staff, promotion, dismissal, fine or court judgment, are
communicated to the payroll section before the preparation of the payroll
sheet;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
141
NTERNAL AUDIT MANUAL PART FOUR
• Ascertaining that the payroll sheet prepared for effecting the payment of
wages to daily laborers is supported by contracts of employment and a
signed attendance sheet;
• Confirming that the different duties in the payroll section ranging from
initiation of payroll calculations to delivering the payroll sheet for the
effecting of salary payment are carried out by different persons;
• Checking that the various staff members who are engaged in preparing,
reviewing and approving the payroll sign in their respective places on the
payroll sheet;
• Ascertaining that the accuracy of details in the payroll sheet such as names,
working hours, over time, salary scale and the computation of deductibles, is
verified by a staff member who is entirely independent of those who have
prepared the payroll sheet;
• Ensuring that the total salary payment for each month is compared with the
payment made in the previous month and that the causes of any difference
are identified and explained.
Audit objectives
4. The objectives of the audit of salaries and allowances include but are not limited to the
following:
• to ascertain that there is a strong internal control system to prevent theft and
fraudulent acts during the preparation of payroll sheet, recording and effecting of
salary payment;
• to ascertain that deductions from salaries are made in accordance with the existing
proclamation and other relevant legislation;
• to ascertain that the salary payment being effected is for services rendered by
employees and to ensure that the persons who receive salaries actually exist, and
are in fact entitled to the payment of salary;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
142
NTERNAL AUDIT MANUAL PART FOUR
• to ensure that the arrangements made with respect to unclaimed salary are in
accordance with regulations and that the unpaid sums are correctly retained and
properly recorded;
5. Audit procedures
• The following audit procedures should be followed in order to ensure the proper
control of salaries and wages: -
• See whether the personnel section holds employees’ personal files, which
contain information such as letter of engagement, letter of resignation,
notification letter of salary scale, documents related to special deductible
items, and other relevant information;
• Check that documents kept in employees’ personal files have been signed
by officials who are not involved in payroll preparation;
• Ascertain that employees personal files are kept in the custody of a staff
member who is not part of the accounts division or payroll section.
• Ensure that the accuracy of attendance sheets (or similar documents for
those under contract) have been approved by appropriate officials not
involved in the preparation of payroll;
• Ascertain that staff members who are responsible for ensuring the accuracy
of attendance sheets are not involved in the preparation of payroll;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
143
NTERNAL AUDIT MANUAL PART FOUR
• Ascertain that the payroll clerk does not have direct access to employees’
personal files;
• Ensure that the computation of gross pay and deductibles have been made in
compliance with the present scales of pay and eligibility;
• Check that the staff member who verifies the accuracy of the computation of
payroll, has no involvement in payroll preparation.
• See that a separate column is maintained in the payroll sheet for deductibles
of a repetitive nature such as income tax, pension, repayment of loan and the
like;
• Check deductions other than those authorized by law (such as deduction for
edir contribution, resettlement bank loan, family allowance, and the like) to
ensure that the deduction is in accordance with an approved written
application from the employee (or other official document) and that such
documentary evidence is kept in the personal file of the employee;
• Ascertain that collections from deductibles have been paid to the correct
beneficiary account in full and in a timely manner.
• Ensure that contracts and properly signed attendance sheets support the
payroll sheet for daily laborers;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
144
NTERNAL AUDIT MANUAL PART FOUR
• Ascertain that the accuracy of details shown in the payroll sheet such as
names, gross salary, working hours, over time and the computation of
deductibles has been verified by an official with no involvement in payroll
sheet preparation;
• Ascertain that the payroll sheets have been signed by the payroll clerk, the
staff member responsible for checking and finally by the designated official
who authorizes the payment;
• Verify that the salary payment for each month has been compared with the
payment for the previous month and that the causes of any differences are
identified and reconciled;
• Check that every employee on the payroll signs on the payroll sheet to
acknowledge the receipt of the net pay;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
145
NTERNAL AUDIT MANUAL PART FOUR
SECTION VII
EXPENDITURES
Introduction
1. Public bodies should manage their expenditures to ensure that payments are made
in accordance with financial regulations and directives. Management should
closely follow-up payments not to be made beyond the budget allotted to that
particular type of expenditure.
2. Auditing is carried out to examine compliance with laws & regulations and whether
payments have been made properly and whether complete and relevant evidence
has been available for every payment made during the year.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
146
NTERNAL AUDIT MANUAL PART FOUR
6.1 General
• Specifying clear lines of responsibility and their limit of authority for all
actions regarding expenditures.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
147
NTERNAL AUDIT MANUAL PART FOUR
• Cancelled cheques should always be marked with the word "Void" and kept
in the pad.
Audit objectives
7. Whether the expenditure is capital or recurrent the objectives of the audit of
expenditure deal with the two aspects.
• To substantiate payments by checking that they are made for actual goods and
services received and whether there are pertinent supporting documents.
Audit procedures
• Determine the number of replenishments made during the whole year under
review.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
148
NTERNAL AUDIT MANUAL PART FOUR
• cashier, financial officer and designated official have signed on all petty cash
vouchers.
• the word "Paid" is marked on all documents attached with the petty cash
voucher.
• petty cash vouchers are properly coded and posted to proper ledger card.
• Determine the total population of payment vouchers used during the whole year
under review.
• procedures required above for petty cash are also valid for check payments,
as appropriate.
• cheque stubs are signed by cheque signatories and date, amount and purpose
of payment are filled there on.
• Select certain subsidiary ledger balances from both recurrent and capital
expenditure.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
149
NTERNAL AUDIT MANUAL PART FOUR
SECTION VIII
PROCUREMENT
Introduction
2. In order to serve the best interests of a public body, management should be able to
adopt a sound procurement system which should be guided, at all times, by the
following principles:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
150
NTERNAL AUDIT MANUAL PART FOUR
4. General
Purchase Requisition
Selecting of Bidders
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
151
NTERNAL AUDIT MANUAL PART FOUR
Delivery of Goods
• There are adequate storage facilities before bulk items are received;
• Items are delivered in accordance with the purchase agreement/order;
• All items received by the stores are evidenced by pre-numbered receiving
vouchers with sufficient number of copies;
• Any discrepancy in quantity and quality of items delivered should be
immediately reported to senior management for appropriate action.
Payments of Invoices
9. Control over payments must provide all practicable and reasonable assurance that:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
152
NTERNAL AUDIT MANUAL PART FOUR
• To check that all goods received are as per contracts and conditions
stipulated in the purchase order and properly safe guarded and fully
recorded in the accounts.
Audit Procedures
11. Generally, the internal auditor should be concerned with ensuring the
reasonableness and appropriateness of management’s action and overall
effectiveness of the procurement process. In each state, however, it is expected to
apply at least the following procedures:
Select a sample from the purchase orders issued during the year under
review and check:
• that purchase requisitions have been made from user departments and
they are always approved by authorized persons;
• that all delivered goods are within the time specified on purchase
orders;
• that quantity and quality of goods ordered are the same with those
recorded on goods receiving vouchers.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
153
NTERNAL AUDIT MANUAL PART FOUR
11.2 Obtain a list of goods returned during the year under review because of
damage or excess delivery and a list of goods received but not ordered and
ensure that the existing procedure for such incidences is adequate in:
• Obtain minutes of bid committee for the whole year and review:
• Check that purchase orders and goods receiving vouchers are issued
from the store in sequential order;
• Undertake sequence tests and ensure that both purchase orders and
goods receiving vouchers are issued sequentially;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
154
NTERNAL AUDIT MANUAL PART FOUR
• Check that all goods have been received as agreed (purchase order,
invoice, packing list and GRN);
• Ensure that margins paid for cancelled letter of credit are refunded in
time.
12. According to the public procurement proclamation, suppliers are invited and
selected by one of the four preferred methods of procurement listed below:-
• Open tender
• Restricted bid
• Requesting Quotation
• Direct procurement
13. In most cases, goods and services are procured by open tendering method.
Sometimes, however, processing tendering documents may become onerous or
inappropriate to apply. It is, therefore, not uncommon to follow one of the other
procurement procedures that fit to the given circumstance.
14. The auditor should ascertain whether the requirements in the procurement
proclamation and directive have been strictly complied with by designing an audit
procedure for each method.
Select sample of procurement made by open bid method and ensure (in each
case) that:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
155
NTERNAL AUDIT MANUAL PART FOUR
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
156
NTERNAL AUDIT MANUAL PART FOUR
• Whether tender security has been required and that was deposited
accordingly.
• Every supplier has offered one price only and with no amendment
subsequently;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
157
NTERNAL AUDIT MANUAL PART FOUR
• Purchase prices which are between Birr 3,000 and Birr 30,000 were
approved by bid committee;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
158
INTERNAL AUDIT MANUAL PART FIVE
SECTION - I
FRAUD AND INVESTIGATION
Introduction
1. Fraud is a significant and sensitive management concern. This concern has grown in recent
years owing to a substantial increase in the number and the size of the fraud disclosed. The
tremendous expansion in the use of computers and the size of and publicity accorded to
computer related fraud intensify this concern.
2. The internal auditors responsibilities for deterring, detecting, investigating and reporting of
fraud have been a matter of controversy. Some of the controversy can be attributed to the
differences in internal auditing charters from country to country and from organization to
organization. Another cause of the controversy may be unrealistic expectations of the
internal auditor's ability to deter and detect fraud.
3. The information and procedures which the internal auditor uses as a result of fraud
investigation could be used in a court law. Therefore, the internal auditor should be
required to be sure about any conclusions and recommendations she/he makes.
4. The objectives of the subsequent sections is to clarify the procedures that the internal
auditor should follow during detection, investigation and reporting of fraud.
Definition
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
159
INTERNAL AUDIT MANUAL PART FIVE
6. Fraud may involve the falsification of accounting records which is also a criminal offence
and theft. It must be appreciated that there is no general definition of fraud in law and that
it is ultimately the courts' decision as to whether an illegal fraud has been committed. The
auditor is usually dealing with a suspected rather than a proven fraud. The definition will
encompass acts that are not necessarily illegal.
Audit objective
7. The main objectives of fraud investigation include the following:-
• To collect sufficient audit evidence to substantiate fraud investigation.
• To introduce a new or strengthen the existing internal control system for preventing
further fraud.
Causes of fraud
8. The main causes of fraud include the following:-
• Poor internal control:- If the public bodies have not implemented a strong
internal control, there will be high possibilities for occurrences of fraud.
• The environment which the public bodies work for:- Some types of working
environments are likely to be more conducive to fraud.
Characteristics of fraud
9. Fraud encompasses an array of irregularities and illegal acts characterized by intentional
deception. It can be:-
10. Internal fraud designed to benefit the organization or its employees generally produces
such benefit by exploiting an unfair or dishonest advantage that also may deceive an
outside party. Perpetrators of such frauds benefit directly or indirectly. Personal benefit
may accrue when the organization is aided by the act.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
160
INTERNAL AUDIT MANUAL PART FIVE
• Tax fraud.
11. External fraud perpetrated to the detriment of the organization generally is for the direct or
indirect benefit outside individual or another firm. Some examples are:-
• Inform staff members of their responsibility to report suspected fraudulent acts and
ensure that they know who to inform, and how to do so.
• Pursue cases of alleged fraud and ensure that when fraud has been established the
perpetrators surrender the benefits derived and receive suitable punishment.
• Create general awareness that fraud will not be tolerated and will be punished. This
provides a deterrent effect.
• To advise the Head of the public body on necessary remedial steps which will strengthen
internal controls and make them proof against fraud.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
161
INTERNAL AUDIT MANUAL PART FIVE
• Establishing system of internal control, monitoring affectivity and evaluating the system
to identify and to correct weaknesses.
15. With respect to preventing fraud, internal auditors are required to ascertain whether the Head
of a public body has taken reasonable steps such as setting up an adequate internal control
system to provide segregation of duties, proper authorization procedures and an effective
internal audit function.
16. Experts agree that it is easier to prevent fraud than to detect it. Fraud detection is more a
matter of mind set than of routine methodology. It involves being aware of how fraud can
occur, in particular when, where, and how it is most likely. It also involves understanding
people and their motives. In contrast, managing examinations of suspected fraud or other
illegal activity involves careful attention to rules for the collection and maintenance of
evidence that may later be needed for administrative or judicial proceedings.
17. Deterrence consists of those actions taken to discourage the perpetration of fraud and limit
the exposure if fraud does occur. The principal mechanism for deterring fraud is control.
Primarily, responsibility for establishing and maintaining control rests with the Head of
public body.
18. Internal auditing is responsible for assisting in the deterrence of fraud by examining and
evaluating the adequacy and the effectiveness of control, commensurate with the extent of
the potential exposure/risk in the various systems of an entity's operations. In carrying out
this responsibility the internal auditor should, for example, determine whether:-
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
162
INTERNAL AUDIT MANUAL PART FIVE
• Written government policies (Example, code of conduct exist that describe prohibited
activities and the action required wherever violation is discovered.
• Policies, practices, procedures, reports and other mechanisms are developed to monitor
activities and safeguard assets, particularly in high-risk area.
19. Experience has shown that fraud is usually not discovered in the course of conducting an
audit using standard audit procedures. To detect fraud the internal auditor must be aware and
keep in mind that fraud exists. This does not mean that the auditor should conduct audits
assuming that management or employees are dishonest. Rather, the internal auditor should
be aware of the risk factors that increase the possibility of fraud. Internal auditors are
expected to be aware of the possibility of fraud and the factors that increase the possibility
rather than waiting for suspicions to arise in the course of normal auditing.
21. The responsibilities of internal auditor with respect to detection of fraud are:-
• Having sufficient knowledge of fraud, be able to identify indicators that fraud might
have been committed. This knowledge includes the need to know the characteristics of
fraud, the techniques used to commit fraud, and the types associated with the activities
audited.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
163
INTERNAL AUDIT MANUAL PART FIVE
• Evaluate the indicators that fraud might have been committed and decide whether any
further action is necessary or whether an investigation should be recommended.
• Notify the appropriate authorities within the public body if a determination is made that
there are sufficient indicators of the commission of a fraud to recommend an
investigation.
22. Internal auditors are not expected to have knowledge equivalent to that of a person whose
primary responsibility is detecting and investigating fraud. Also, audit procedures alone,
even when carried out with due professional care, do not guarantee that fraud will be
detected.
23. A fraud investigation requires specialized knowledge and techniques, and needs to be
handled with extreme care. Any mismanagement of a potential fraud could have far-
reaching consequences.
25. There are two main ways that the internal auditor can become alert to the possibility of
fraud:-
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
164
INTERNAL AUDIT MANUAL PART FIVE
26. The internal auditor should have sufficient understanding of the areas of possible fraud when
he is auditing a system to be able to identify when there is a possibility of fraud occurring
and when there are symptoms that it has occurred.
27. There are a number of symptoms which possibly lead to suspect fraud, Of these:-
• Making improper contract with suppliers for generating hidden benefit, ect.
28. When fraud is suspected, either by somebody or on his/her work, intelligent information
gathering becomes crucial. Internal auditors must make sure that their focus is not biased by
assumptions about people or events or by inside information provided by interested parties.
The auditor must remain independent and objective, and consider all possible interpretations
of events.
• Identifying and summarizing the evidence indicating that a fraud may have been
committed.
• Demonstrating the control exercised by the suspect on the accounting and management
control system.
• Considering the positions of the other people in the public body and the possibility of
collusion.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
165
INTERNAL AUDIT MANUAL PART FIVE
30. When conducting fraud investigation, internal auditor should follow the following
procedures:-
• Assess the probable level and the extent of complicity in the fraud within the public
body. This can be critical to ensuring that the internal auditor avoids providing
information to or obtaining misleading information from persons who may be involved.
• Determine the knowledge, skills, and disciplines needed to effectively carry out the
investigation. Assess the qualification and the skills of the internal auditor and of the
specialists available to participate in investigation to ensure that it is conducted by
individuals having the appropriate type and level of technical expertise. This should
include assurance on such matters as professional certifications, license, reputation, and
that there is no relationship to those being investigated or to any of the employees or
management of the public body.
• Design procedures to follow in attempting to identify the perpetrators, extent of the fraud,
techniques used, and causes of the fraud.
• Co-ordinate activities with management personnel, legal counsel, and other specialists as
appropriate throughout the course of investigation.
• Be cognizant of the rights of alleged perpetrators and personnel within the scope of the
investigation and the reputation of the public body itself.
.
31. Internal auditors should have different types of evidence to facilitate decisions on whether
and how to proceed with further examinations, referral to investigative agencies and possible
introduction in court.
33. The documentation of testimonial evidence should identify persons who can testify about
things, people and events they have seen or heared first-hand, and the interview records of
what they have said. Moreover, written evidences should be photocopied and filed in the
working paper in order to substantiate fraud investigation. In addition, the location and the
departmental official responsible for the original documents should be noted.
34. Once a fraud investigation is concluded, internal audit should assess the facts known in
order to:-
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
166
INTERNAL AUDIT MANUAL PART FIVE
• Design audit tests that help to disclose the existence of similar frauds in the future.
• Help the internal auditor to maintain sufficient knowledge of fraud and thereby be able to
identify future indicators of fraud.
35. The objective of internal auditor during fraud investigation is to obtain sufficient evidence
which enables him to draw reasonable conclusions and recommendations and to report to the
Head of public body whether fraud has occurred or not. The internal auditor should use the
guidance for writing a report in Part Three Section VI in this manual.
36. It is important that reports on fraud investigation are clearly written, have conclusions and
recommendations that are justified by the evidence used. The structure that should be used is
similar to that for normal audit report, except the following points.
• The reasons for investigation:- The investigation will either be the result of other
routine work of the internal auditor or due to an allegation made by an individual inside
or outside of the public body.
• The work carried out:- Documents scrutinized, locations visited, timing and staffing,
interviews held and other relevant documents which were inspected.
38. Finally, a draft of a proposed report on fraud should be submitted to legal departments for
review in order to obtain opinion in respect of legal matters and to take further necessary
action.
39. Moreover, the auditor should follow whether appropriate action has been taken on findings
she/he reported on the perpetrator of fraud. If such action has not been taken it should be
reported to the next higher public body till it reaches the Ministry of Finance and Economic
Development. In addition, the internal auditor could pass the report to external auditors like
Auditor General, if it is necessary to do so.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
167
INTERNAL AUDIT MANUAL PART FIVE
SECTION II
Introduction
2. Measuring the performance of people and activities can have a number of different
objectives. The result may be used for all or some of the following:-
• Determining that the benefits and impact looked for are being obtained.
The subsequent section of this part is discussing audit objectives, procedures, circumstances and
overall review of performance (value for money) audit.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
168
INTERNAL AUDIT MANUAL PART FIVE
Definition
"A forward looking and evaluation of operations by internal auditors to identify areas in
which economy, efficiency and effectiveness (the three E's) may be improved or to
evaluate compliance with and the adequacy of operational policies, plans and
procedures"
Economy
4. Judging economy in itself implies forming an opinion on the resources deployed (human,
financial and material). The central question is whether - given the political and social
context - resources have been acquired, upheld and used economically. Do the
means chosen represent the most - or at least a reasonable - economical use of public
funds? Economy can be measured only if there is a reasonable criterion - or good
arguments - for doing so.
Audit of whether the government entities have used their resources economically and
kept their costs low.
Efficiency
6. Efficiency is related to economy. Here, too, the central issue is about the resources
deployed. The main question is whether these resources have been put to optimal or
satisfactory use or whether the same or similar results in terms or quality and turn-around
time could have been achieved with fewer resources. Are we getting the most output - it
terms of quantity and quality - from inputs and actions? The question refers to the
relationship between the quality and quantity of goods and services provided and the
activities and cost of resources used to produce them in order to achieve results.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
169
INTERNAL AUDIT MANUAL PART FIVE
Effectiveness
9. Effectiveness actually consists of two parts: the question of whether the policy
objectives have been achieved, and the question of whether the desired events, which
have occurred, can be attributed to the policy pursued. In order to judge to what
extent the objectives have been achieved, they need to be formulated in a way that
makes an assessment of this type possible. This cannot be done with vague or
abstract objectives. In order to judge to what extent observed events could be traced
back to the policy, a comparison will be needed. Ideally, this consists of a
measurement before and after the introduction of the policy and a measurement
involving a control group, which has not been subject to the policy.
• Assess whether the objectives of and the means provided (legal, financial, etc)
for a new - or ongoing - government programme are proper, consistent,
suitable or relevant;
• Assess whether the observed direct or indirect social and economic impacts of
policy are due to the policy are due to the policy or to other causes;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
170
INTERNAL AUDIT MANUAL PART FIVE
11. Three major differences exist between performance and financial auditing: Purpose of
the audit, distribution of the reports and inclusion of non-financial areas in performance
auditing.
The major distinction between financial and performance (VFM) auditing is the
purpose of the tests. Financial auditing emphasized whether historical
information was correctly recorded whereas performance auditing emphasized the
three E's (Efficiency, Effectiveness and Economy).
Audit Objectives
12. The internal auditors' performance (VFM) evaluation in the accomplishment established
objectives and goals may be carried out with respect to an entire operation or programme
or only a portion of it. Audit objectives may include the following:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
171
INTERNAL AUDIT MANUAL PART FIVE
12.1 To ensure that the public body has strong control to achieve value for money.
12.2 To ascertain the resources are utilized Economically, Efficiently and Effectively.
12.4 To ensure that the objectives and goals established by management for a
proposed, new or existing operation or programme are adequate and have been
effectively articulated and communicated.
12.6 To ensure that the objectives of the operation or programme have achieved the
desired level of interim or final results.
12.7 To report on the intended and unintended direct or indirect programme impact
whether and to what extent, stated objectives have been met or why they have not
been met (by verifying and analyze indications or problems of Economy,
Efficiency and Effectiveness).
Audit Procedures
13. The following are the audit procedures that should be followed during value for money
(VFM)/Performance Audit.
13.1 Review the previous years audit working papers to see if there are useful points
noted about value for money audit (VFM).
13.2 Fill internal control questionnaire for value for money (ref. Internal control ?
Questionnaire for Value for Money as Annex in this Section).
13.3 Examine books, documents. letters, minutes, audit reports and other relevant
documents that have relation with VFM audit.
13.4 Ascertain that the administrative controls are in accordance with the relevant
regulations and laws.
13.6 Evaluate that each department within the public body has fulfilled the aims and
objectives of the public body with the existing physical, financial and human
resources.
13.7 Evaluate the work of projects or programmes from the start to their end state.
13.8 Collect relevant internal and external confirmation from the users of services and
measure their level of satisfaction and compare with the yard stick/bench mark.
13.9 Make physical observation to ensure the information flow and workflow are in
compliance with the prescribed directives and manuals.
13.10 Prepare temporary file to keep the relevant working paper for the audit work
carried out.
13.11 Prepare or up-date permanent file to keep basic documents for the audit.
14. Value for money (performance) audit undertaken by the internal auditor involves three
basic phases:
• Planning
• Examination
• Reporting
15. The precise timing and depth of procedures may vary from one audit to the next, but all
VFM audits have the three basic phases.
15.1 Planning
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
173
INTERNAL AUDIT MANUAL PART FIVE
15.1.1 The first step in a VFM audit is planning. The purpose of this phase is
to provide focus and direction for the detailed examination phase by
identifying what the audit objectives will be and the procedures
required to be performed to achieve the stated objectives. This focus
is based on having an appropriate understanding of the areas in which
VFM is to be conducted.
15.1.2 The planning phase in a VFM audit features two distinct stages; the
overview and the survey stages. The key to planning a VFM audit is
to have a good understanding of the areas in which VFM is to be
conducted. The overview stage is the first stage in the planning phase
and its primary purpose is to obtain the crucial understanding on the
areas to be audited.
15.1.3 The second stage of the planning phase is the survey stage. The
purpose of the survey stage is to explore, in an efficient manner, lines
of audit inquiry identified during the overview stage and to expand
and improve the initial understanding of the lines of audit inquiry that
are potentially significant and should be pursued in the next phase, the
examination phase.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
174
INTERNAL AUDIT MANUAL PART FIVE
The reporting phase is the last phase of VFM audit process. The purpose of this
phase is to communicate to management findings, conclusions and
recommendations. Reporting audit finding is discussed in Part Three - Section
VI of the manual in depth.
16. Internal auditors of public bodies are expected to spend most of their time and efforts
on the financial and compliance issues to ensure:
• The Head of the Internal Audit is confident that relevant audit skills
exist to carry our the audit;
• The proposed VFM audit topic(s) are feasible provided that audit
resources are available;
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
175
INTERNAL AUDIT MANUAL PART FIVE
19. The effect of the above approaches is to give priority to financial and compliance audits
and to make them reasonably comprehensive. Value for money (VFM) audit is treated
as a special activity to be conducted selectively on the basis of available resources.
20. The objective of internal auditors during value for money audit is to obtain sufficient
audit evidence to evaluate the accomplishment of established objectives and goals and
to report any findings and recommendations.
21. The audit report should be well structured and well written. The report should be
reader based and the language should not be suggestive and ambiguous. Performance
audit reports should be objective and fair in their presentations. This might for instance
require that:
22. Published reports arising from performance audits often include the following elements:
• The objectives for those activities, a description of the activities and analysis
of the prospects for achieving economy, efficiency and effectiveness, leading
to a statement of the objectives of the audit;
• An explanation of the criteria used (to verify the hypothesis or to interpret and
assess the findings);
• The audit findings and all arguments that are considered material; and
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
176
INTERNAL AUDIT MANUAL PART FIVE
SECTION III
Introduction
1. Donations and loans are resources secured by the Government or the public body for the
support of projects as per agreements with donors or lenders. The proceeds from the
loans and donations are used by the implementing agency (public body) as per relevant
agreements in undertaking various activities within the recurrent and capital expenditure
budgets as well as other special socio-economic projects of the government. Counter part
funds are created by means of payments into a special account of the equivalent value in
local currency from the proceeds of the sale of commodities or foreign currencies that
were provided by grants or loans. They are recorded in the budgetary accounts as
receipts and are used to finance capital projects and recurrent budget as well. A public
body has now also incorporated additional function, i.e. it acts as a disbursing agent
(implementing agent) for the loans obtained from lenders (like World Bank, IDA, ADB)
for the health and education sectors.
Audit objectives
2. The audit objectives with respect to the counter part funds in particular and donor funds in
general are as follows:
• To assure the proper receipt and use of funds designated for a specific purpose and
to ensure satisfactory compliance with relevant agreement,
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
177
INTERNAL AUDIT MANUAL PART FIVE
• To verify that disbursements are made for the purposes designated and are in
agreement with the budget.
Audit procedures
3. Though it is difficult to stipulate detailed procedures with regard to each agreement, some
generalized issues can be raised.
• Check the details of the agreement and make sure that the points raised are
adhered to. This is concerning general and specific responsibilities,
requirements, conditions, covenants, etc.
3.2 Collection
• Check that official cash receipts are issued for collections of cash of the
grant/loan from donors/lenders.
• Check whether stock cards are used to record receipts and issues of
commodities by the public body.
• Ascertain that the collections are properly registered and recorded in the
books of account.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
178
INTERNAL AUDIT MANUAL PART FIVE
• Ensure that official receipt vouchers are issued when collecting cash.
• Ascertain that stock issue vouchers are used when issuing commodities.
3.3 Payments
• Check interest rate computations and loan status (for credit agreements).
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
179
INTERNAL AUDIT MANUAL PART FIVE
• Other relevant procedures mentioned in the 'Cash and Bank Account' section can
be applied.
• Ensure that proper and timely work program (Narrative) and financial reports are
produced and submitted to users.
• Check that performance reports compare achievements with goals set, with
justifications for variances especially for under performance.
B. CONTRACT AUDIT
Introduction
4. public authorities spend large sums of money each year on capital expenditure. The process
is long and complex commencing with the formulation of a project and conducting with the
final account and post-contract review. In the past and even today in some public bodies
the internal auditors have been deeply involved in the final account stage. However, whilst
this stage is important, so are the others, and it is vital that the auditor is involved in
reviewing and testing systems throughout the whole capital project process.
Definition
"Contract audit is an audit which is intended to ascertain that the construction of buildings,
roads, dams drilling water wells and other types of constructions are executed in
accordance with the relevant laws and regulations of the government and the agreements
entered between the contractor and public body".
Audit objectives
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
180
INTERNAL AUDIT MANUAL PART FIVE
6. Although the audit approach for construction and engineering contracts varies from
organization to organization the overall audit objectives should be universal and should
include the following:
• Assessing and reporting on the adequacy of the public body's standing orders relating to
contracts and associated financial regulations.
• Reviewing and reporting on the extent to which procedures comply with policies and
procedural rules of the public body.
• Reviewing the adequacy of systems for controlling the operation of the contracts workers
from the initial planning stage to post completion assessment.
• Appraisal of the system for controlling and recording the utilization of resources,
including staff.
• Reviewing the use of consultants and agency services provided by other organizations.
• Monitoring the arrangements for the security of the public body's assets and for
recovering the cost of rechargeable works.
• Identification of losses due to waste, inefficiency etc., and recovery where appropriate.
Audit procedures
7. To attain the audit objectives stated above it will be necessary for the internal auditor to
observe the following audit procedures:
7.1 Take a sample of contracts and establish whether the rules for using approved supplier
lists have been observed.
7.2 Take a sample of recently prepared bid documents and assess them for clarity and
completeness.
7.3 Take a sample of recently advertised tenders (invitation for tender) and ensure that
tenders are issued:
• In the newspapers, where suppliers would normally look for such invitation.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
181
INTERNAL AUDIT MANUAL PART FIVE
7.4 Take a sample of bids received for contracts and check that:
• There exists adequate completion among bidders in terms of the number of bids
received and the price quoted.
• There are not evidences of contracts being awarded without adequate completions.
• The evaluation given for the bid document is reasonable as per the documents in the
respective files and minutes of the tender committee.
7.5 Take a sample of recent contract awards of the tender committee and compare them
with:
7.6 Examine a sample of contract files and tender committee minutes to identify any of
the following:
If such cases exist and seem significant, interview relevant staff members and ask for
further explanations from management.
7.7 When the contractor claims payment for work completed ensure that:
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
182
INTERNAL AUDIT MANUAL PART FIVE
• The public body retains money from the contractor's claim in accordance with the
terms of the contract.
SECTION IV
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
183
INTERNAL AUDIT MANUAL PART FIVE
COMPUTER AUDITING
Introduction
1. Internal auditor, even in a smallest public body, will have to come into contact with
computers in the course of his/her work and it is almost certain that in the future basic
computer knowledge required of the auditor is mandatory.
2. Computerization of a public body system does not affect the general principles and
objectives of the audit, especially the need to obtain adequate audit evidence and evaluate
internal control system. However, the computer does change audit approach that is audit
structure needs to take into account the particular features of each public body's
computerized system. Thus, the planning stage of the audit has great importance to this
end in that internal auditor should appreciate the extent to which the nature of the audit
work changes when computerized systems are in operation owing to combination of three
important factors: loss of available visible records, shift in emphasis from manual/clerical
check to programmed application controls, and programmed generation of data which
prevent a simple input/output check.
Definition
6. A few years ago it was widely considered that auditors could discharge their
duties as auditors of an entity with computer-based systems without having deep
knowledge of such systems. The auditors would commonly audit 'round the
computer' by ignoring the procedures which take place within the computer
programs and concerning solely on the input and corresponding output. Audit
procedures would include checking authorization, coding and control totals of
input and checking the output with source documents and clerical control totals.
7. This view is changed and it is now recognized that one of the principal problems
facing the auditors is that of acquiring an understanding of the workings of the
electronic data processing department and of the computer itself. It is now
customary for auditors to audit 'through the computer' to determine whether the
controls in the system are adequate to ensure complete and correct processing of
all data.
8. One of the major reasons why the 'round computer' audit approach is no longer
considered adequate is that as the complexity of computer systems has increased
there has been a corresponding loss of audit trail. An audit trail is the means by
which a transaction can be traced sequentially through the system from source to
completion, and its loss will mean that normal audit techniques will bread down.
9. The original concept of an audit trail was to print out data at all stages of
processing so that an auditor could follow transactions stage-by-stage through the
system to ensure that they had been processed correctly. Computer auditing
methods have now cut out much of this laborious, time-consuming stage-by-stage
working, and make use of:
• Audit packages.
10. An audit trail should ideally be provided so that every transaction in a file contains a
unique reference back to the original source of the input. For instance (a sales transaction
records include a reference numbers of the customer order, delivery note and invoice.
Where master file records are updated several times, or from several sources, the
provision of a satisfactory audit trail is more difficult, but some attempt should
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
185
INTERNAL AUDIT MANUAL PART FIVE
nevertheless be made to provide one. Typical audit problems that arise as audit trails
more further away from the hard copy trail include.
11. If internal auditor intends to place reliance upon internal control system he must
ascertain, record and evaluate the system via use of compliance test.
12. Internal control system in a computerized system that is implemented and applied in a
public body may be categorized in the following three headings.
• Feasibility studies should be carried out for new proposals and some of the
proposed amendments, subject to materiality limit.
• System and program testing involving end users be carried out before
operationalising of new system or program, using test data on parallel running
or reprocessed 'live' data.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
186
INTERNAL AUDIT MANUAL PART FIVE
Application controls are related to the transactions and standing files pertaining to
each computer based system and are, therefore, specific to each application.
Objectives of application controls are to ensure the completeness and accuracy of
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
187
INTERNAL AUDIT MANUAL PART FIVE
the records and the validity of the entries made therein resulting from both manual
and programmed processing and with specific objectives.
• Input data should accurately reflect that of the prime source documents.
• Errors and rejected items must be acted upon to correct swiftly and
properly.
• Output reports should reach the designated recipient and dealt with in an
appropriate way.
Audit objectives
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
188
INTERNAL AUDIT MANUAL PART FIVE
Audit Procedures
14. In order to perform quality audit, internal auditor should follow but not be limited to the
following procedures:
• control procedures
• program listing
• operating instructions
• procedural manuals.
14.2 Ascertain that the system is adequately tested by means of processing test data,
pilot running, parallel running, and involving the clerical and control procedures
in all users concerned with the system.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
189
INTERNAL AUDIT MANUAL PART FIVE
14.4 Ensure that content of master file is checked before a system becomes operational.
14.5 Ensure that completed work is reviewed and approved and further progress
authorized by responsible officials at completion stages of system specification,
programs and systems testing and accepting new system into operational use.
14.6 Ensure that all changes to system and program are authorized, documented and
tested in the same manner as new system and program, subject to significance
level.
14.7 Ensure that system development, data preparation, computer operating, file library
functions are carried out by different persons.
• computer operator and file librarian do not have other duties within the system
and program development function.
• computer specialist does not initiate transactions and change to master files.
14.9 Review that work of computer operators controlled by the use of administrative
procedure manuals, work schedules, operating instructions, computer usage
reports and rotation of duties.
14.10 Ensure that copies of master and important files are kept at places outside
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
190
INTERNAL AUDIT MANUAL PART FIVE
14.12 Ensure that there are adequate fire precautions, stand-by arrangements for
processing in case of hardware or software failure.
14.13 Make sure that controls for complete and accurate processing of
data establishment are practiced before documents are forwarded to input by
using clerical totals or sequence checks.
14.15 Check that input data is authorized before transcription into computer.
14.16 Ensure that computer inputs are authorized and their conversion
independently verified.
14.17 Review the existence of list of reasons for which input data should be rejected.
14.18 Review the procedures for investigating, correcting and resubmitting the rejected
data.
14.19 Review how the system ensures that all rejections are promptly reprocessed.
14.20 Ascertain that output contains sufficient information to trace source documents,
verify computer generated calculations and totals.
14.21 Ensure that totals and detail output are checked with controls established prior to
processing of input data.
14.22 Ensure that addition and amendment to standing data is authorized by a person
independent of computer operating and programming function.
14.23 Ensure that all amendments are documented and controlled by retention
of copies.
15. Nature of computer based systems give opportunities to use computer to assist
internal auditor in the performance of his audit work. Computer assisted audit
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
191
INTERNAL AUDIT MANUAL PART FIVE
techniques are used to carry out this work. They may vary in nature from
techniques used to record control systems (Computerized Internal Control
Evaluation and Flowcharting Programs) to specially written computer software
which selects, tests and evaluates transactions for substantive testing purposes or
which carries out analytical review procedures.
16. There are two principal categories of computer assisted audit techniques, test data
and audit software. Audit test data consists of data submitted by the auditor for
processing by the public bodies. For example, an application control to ensure
the completeness of input may consist of programmed agreement of batch totals.
The internal auditor may choose to test this control by submitting test data with
correct and incorrect batch totals.
17. Audit software comprises computer programs used by the internal auditor to
examine the public body's computer files. It may consist package programs or
utility programs which are usually run independently of the public body's
computer-based accounting system. Package programs consists of prepared
generalized programs for which the auditor will specify his detected requirements
by means of parameters, and sometimes by supplementary program code. Utility
programs consists of programs available for performing simple functions, such as
sorting and printing data files.
• Internal auditors can use computers for very basic administrative functions,
such as time records, work processing and basic mathematical tasks.
SECTION V
SOCIAL AND ENVIRONMENTAL AUDIT
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
192
INTERNAL AUDIT MANUAL PART FIVE
Introduction
1. An environmental audit is an audit which confirms the degree of compliance with both
internally and externally determined emission and pollution standards. The results of an
environmental audit have implications for the external financial auditor since financial
liabilities for causing environmental damage are rapidly increasing.
2. There is widespread recognition that the costs of ignoring environmental issues are
potentially high although a key element of such costs can not be easily quantified because
it relates to public relation and corporate image.
3. For those public bodies which do not adopt environmentally conscious policies, the
immediate effect is usually unfavorable public relation. These public bodies should
realize that it is becoming increasingly difficult to conceal their behavior and
performance from the increasingly vigilant public.
4. Some public organizations may have no legal obligation in some instances but a moral
obligation will be just as serious. Therefore, most public bodies operating in situations
where environmental issues are of particular concern are investing more and more in
research to monitor their performance and the way in which they are perceived by the
public in the key areas of public relations and corporate image.
5. The following sections of this part focus on audit objectives, impacts of relevant laws and
regulations and measuring environmental effects.
Definition
6.1 "A management tool comprising a systematic, documented, periodic and objective
evaluation of how well organizations management and equipment are performing,
with the aim of contributing to safeguarding the environment by facilitating
management control of environmental practices and assessing compliance with the
organization policies, which would include meeting regulatory requirements and
standards applicable".
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
193
INTERNAL AUDIT MANUAL PART FIVE
Audit objectives
7. The audit objective is to compare actual record emission and discharges of all
environmentally sensitive materials against such predetermined limits. The internal
auditor should be aware of any national environmental laws and regulations for their
compliance. In addition to this, the internal auditor should ensure the compliances of any
International Environmental Conventions, which were ratified by the Government of
Ethiopia since non-compliance may entail legal action and bad images on the national
and international level.
Audit procedures
8. When an internal auditor realizes that his/her organization may have environmental
issues which could have an impact on the financial statements, the following steps are
appropriate:-
• Evaluate whether there is any possible risks in the public body as a result of
environmental issue.
• [Please refer annex XXXI of this part for nine International environmental
accords which were ratified by the Government of Ethiopia].
• [During writing of this manual, the national environmental law is at the Council
of Ministers in the form of draft for approval].
• Assess and obtain possible future changes in activities or the process of operation
involved.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
194
INTERNAL AUDIT MANUAL PART FIVE
9. Environmental laws and regulations can have considerable impact on some public bodies.
Possible problems associated with environmental laws and regulations include:-
• Contingent liabilities. These may be claims against the public bodies for
environmental offence including, for example, nuisance or watercourse
contamination of damage to health;
• Asset values may be affected. Stocks may be subject to environmental concern and
may need to be modified or replaced. Land may be contaminated and require clean
up. Plant and machinery may be replaced because it pollutes or otherwise fails to
meet modern environmental standards;
• provision for future improvements in the plant required to enable the process to
continue operating within stricken.
10. Measuring the effect of environmental matters presents particular problems for an
organization and its auditor. This includes the following:-
• There is often a long delay between an activity that caused an environmental problem
and its identification by the entity or by regulators;
• Accounting estimates may not have an established historical pattern or may have
wide ranges or reasonable values because of the number and nature of assumptions
underlying the determination of those estimates;
• Liabilities may arise other than as a result of legal or contractual obligations. They
may arise from the perceived moral obligation of the organization.
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
158
INTERNAL AUDIT MANUAL PART FIVE
__________________________________________________________________________________
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
195
Annex I
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
This Annex gives a worked example of the calculation of the Risk Index for a system. The process
has been broken down into 5 distinct steps.
Step 2 For each risk factor chosen, Internal auditors should chose a scale of
measurement that will be used to compare each system.
Example - Classify the transaction into five groups depending on
their volume
Step 3 Identify the points rating for each one of the scale of measure. Internal
Auditors should use points rating of between 1 and 5 for each element.
Example - give 1 for the group with the smallest volume
Step 4 Internal auditors should select a weighing factor for each risk factor. This
allows the Internal Auditor to place emphasis upon elements that are more
important to the risk assessment.
Step 5 Internal Auditors then should take the appropriate scale of measurement
for each one of the systems to be assessed. This will give points rating to
be multiplied by the weighing factor and summed for each of the
elements.
196
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Internal Auditors should select the risk factors for the risk assessment
Risk factor
Value of transactions
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex II
EXAMPLE OF RISK ASSESMENT
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex II
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex III
Sch. Ref.
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
PRIOR YEARS AUDIT REPORTS
1. Have you reviewed with the in-charge auditor (Senior
Auditor), re:-
• Changes in presentation of disclosure?
• Points to which special attention should be paid?
• Improvements to the content and style of the audit
findings and recommendations report?
Annex III
Sch. Ref.
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
AUDIT PROGRAMMES
5. Are you satisfied that the audit programmes fit the particular
circumstances and that the scope and extent of the tests
adequately cover the implications of systems and control
weaknesses disclosed by the narrative system notes/flow
charts and ICEQs?
TIME BUDGET
6. Have you reviewed and approved the time budget ensuring
that total time is within the limit for the type of audit to be
carried out?
STAFF ASSIGNMENTS
PLANNING MEETING
8. Have you held a planning meeting with the staff assigned to
discuss all aspects of the audit work to be undertaken?
203
Annex IV
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
WORKING PAPERS
Annex IV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
12. Has adequate disclosure of all pertinent and material facts
been made in the report?
13. Have any subsequent events, of which you are aware, and
which may have significant effect on the report, been
properly disclosed?
14. Does the Audit Findings and Recommendations Report
include sufficient factual evidence and clear
recommendations upon which the head of public body can
take sound and appropriate decisions and actions?
15. Has adequate consideration been given to recommendations
in previous reports and the extent of compliance therewith?
16. Are you satisfied that all material points, findings, and
recommendations noted during the audit, and which should
be included in the report, are actually included?
17. Are you satisfied that no additional audit work of
outstanding items are pending before the working papers
and draft report are submitted for final review to the
Head of Internal Audit Service?
18. Have you reviewed the completed audit review checklist of
the in-charge auditor (Senior auditor) and are you satisfied
that his representations as to facts and work done are
adequately supported by the working papers?
JOB ADMINISTRATION
19. Are major variations of actual time from budget
satisfactorily explained?
20. Have you checked agreement of time taken per time control
forms with time ledger and completed time control form?
21. Are you satisfied that the staff have accounted for their time
on the audit work properly and accurately?
22. Have you discussed with the in-charge auditor and the other
members of the team any weaknesses they should overcome
to improve their audit skills, efficiency, and work habits?
205
Annex V
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex VI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Comments
207
Annex VII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Are the systems notes fully written up Additional junior Internal Auditor
from the interviews with management? N is required for 1 week to fully write
up system notes
“ “
“ “
208
Annex VIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Has the internal audit report been drafted N Paragraphs should be redrafted by
the
based clearly on the conclusions reached internal auditor for inclusion in the
from the internal audit work? Internal Audit report. These should
be based on the conclusions of the
internal audit work.
“ “
“ “
209
Annex IX
INTERIM AUDIT REPORT
Purpose Statement
1. Based on our periodic audit plan we conducted an audit of fixed assets of the public body to
ascertain the existence of effective internal control exercised thereon.
Scope Statement
2. Accordingly, we have verified the fixed asset register and the physical existence of fixed
assets to ascertain that all fixed assets of the public body were registered and also to check
the existence of all registered fixed assets.
Findings
3. We noted that the fixed asset register was not complete with respect to property
identification number, location, date of purchase and other relevant information. We further
noted that the fixed assets were not given identification numbers.
4.
5.
6.
7.
Conclusion
8. We were therefore unable to check the physical existence of the fixed assets which implies
that there is a weakness in the overall control exercised thereon.
Recommendation
9. We recommend that all relevant details such as property identification number, location and
other relevant information be recorded on the fixed asset register and identification number
be given to all fixed assets of the public body.
Signature
Annex X
PF - 1 Organizational Information
PF-3.1 Directives
PF-3.2 Rules, Regulations
PF-3.3 Internal Instructions
PF-3.4 Official Rates (Price lists)
PF - 5 Important Memorandum
PF-5.1 Contracts - Project Agreements, Other Contracts etc.
PF-5.2 Committee members
PF-5.3 Key Personnel: Signatories, Authority Limit etc.
PF-5.4 Bank Accounts number
211
PF - 6 Correspondence
CURRENT FILE
Section 1 Audit Reports
AR - 1 Final Audit Reports
AR-1.1 Report on Internal Control
AR-1.2 Report on Performance Audit
AR-1.3 Report on Fraud Investigation
AR-1.4 Reports on Project Audit
AR-1.5 Ad-hoc Reports
AR-1.6 Interim Reports
AR - 2 Draft Reports
Annex X
B Receivables
B1 Lead Schedule
B2 Summary of Findings
B3 Support Schedules
B3-.1 Support Sheets
B4 Queries/notes
Annex X
E Net Assets/Equity
E1 Lead Schedule
E2 Summary of Findings
E3 Support Schedules
E3.1 Support Sheets
E4 Queries/notes
F Revenue
F1 Lead Schedule
F2 Summary of Findings
F3 Support Schedules
F3.1 Support Sheets
F4 Queries/Notes
TC 2 Disbursements
TC 2.1 Summary of Findings
TC 2.2 Support Schedules
TC 2.2.1 Support Sheets
TC 2.3 Queries/notes
214
Annex X
TC 3 Procurement
TC 3.1 Summary of Findings
TC 3.2 Support Schedules
TC 3.2.1 Support Sheets
TC 3.3 Queries/notes
TC 4 Payroll
TC 4.1 Summary of Findings
TC 4.2 Support Schedules
TC 4.2.1 Support Sheets
TC 4.3 Queries/notes
TC 5 Stock/Inventory
TC 5.1 Summary of Findings
TC 5.2 Support Schedules
TC 5.2.1 Support Sheets
TC 5.3 Queries/notes
TC 6 Fixed Assets
TC 6.1 Summary of Findings
TC 6.2 Support Schedules
TC 6.2.1 Support Sheets
TC 6.3 Queries/notes
TC 7 Computer Audit
TC 7.1 Summary of Findings
TC 7.2 Support Schedules
TC 7.2.1 Support Sheets
TC 7.3 Queries/notes
Section 5 Performance Audit
PA1 Summary of Findings
PA2 Support Schedules
PA2.1 Support Sheets
PA3 Queries/notes
215
Annex X
Annex XI - 1
Initials Date
Prepared by
Reviewed by
• Audit objective
2.
3.
217
Annex XI – 2
AUDIT FINDINGS
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Comments (Disposal)
2.
3.
•
•
•
Annex XII
FINANCIAL STATEMENTS
REF. BIRR
CASH A1 1,500
TRIAL BALANCE TB
Debit Credit
BIRR BIRR
CASH 1,500
SCHEDULE
REFER. BIRR BIRR
A2 A3 A4
TO A1 TO A1 TO A1
219
Annex XIII
Supporting Schedules
on which detail Cross Referencing
work(such as bank
reconciliation, cash count)
is done.
C Confirmation sent
Balance agree with ledger Explanation of audit steps
Footed Performed or work done
Conclusion
Annex XIV
AUDIT PROGRAMME
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area __________________________
Budget Year ________________
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________
1.
2.
3.
General Procedures
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Objectives
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
• Fixed assets
• Acquisition 200 -
• Recording of fixed assets
• Acquisition 80 60
• Disposal (Sales, issue, write-offs) 80 60
• Physical verification 120 110
• Payroll
• Payroll sheet 60 95
• Attendance sheet 10 60
• Personal files 40 -
• Expenditures
• Cash payments 100 180
• Check payments 235 240
• Procurement
• Purchase requisition 60 -
• Selecting of bidders 70 -
• Delivery of goods 80 100
• Payment of invoices 60 30
• Finalizing each audit assignments
• Report writing 100 -
• Exit conference 30 -
• Contingency (for special assignments) 100 100
2,000 1,975
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
NB. The Head of the Internal Audit should discuss about the additional time needed with the
Head of the Public Body and find ways to make the deficit good.
233
Annex XVII-1
CASH COUNT FORM
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
1. LOCAL CURRENCY
1.1 Cheques
Cheque No. Date of Issuance Payee Amount
Total of checques
2. FOREIGN CURRENCY
I, Ato/W/ro/W/t. ____________________________ the cashier of the ______________________ (name of the public body) confirm that
the cash amounting to Birr ________________ (in words) and the foreign currency as detailed above were counted in my presence and
returned to me intact.
Annex XVII-2
SUSPENSE ACCOUNT - COUNT SHEET
S
c Initials Date
Prepared by h
Reviewed by .
Ref.
Suspense
Payment Name of Authorized Name of Person AMOUNT OF MONEY
Voucher Date of Person who Who received Salary Recurrent Capital
No. Payment Allowed the Payment The payments Reason for payments Advance Expenditure Expenditure TOTAL
TOTAL
I (Ato, W/ro./W/t.) ______________________, cashier of __________________ confirm that the suspense account vouchers amounting to Birr _______________
(in words). Were counted in my presence and returned to me intact.
Annex XVIII
BANK RECONCILIATION
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Birr
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Evaluation
Not And
No. Questionnaire Yes No Applicable Comments
1. Does the public body have bank accounts?
If so how many?
2. Is the Ministry of Finance informed of the
bank accounts along with signatories?
3. What are the job positions of the
signatories?
4. Is there approval limit? Co-signatories? If
so how much and how many respectively?
5. Are bank reconciliations done monthly?
6. Are they checked and approved?
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget year___________________
No. Question Yes No N/A Comments
1 Are different staff members engaged in the purchase of
fixed assets, keeping custody of fixed assets before
being issued for use, and recording their movements?
Annex XXII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Review Objective :
To determine the extent to which the public body has
developed appropriate, effective and efficient mechanisms
and policies for the handling of suspected fraud situations
from first alert to final conclusion of a matter.
Question Yes/No Conclusion
1 Determine by research and discussion the extent to which
actual practice may vary from formal policy with respect
to preliminary assessments, full investigation, police
notification, depending perhaps on factors such as :
• The specific nature of the allegation or offence
(i.e. various types or categories of fraud).
• The type or level of the individual or persons
involved.
• The number of persons involved.
• The monetary amount or financial impact
involved.
2. Are designated or specialist officers responsible for
conducting any internal investigations completely clear
as to when and how to proceed in any given fraud
situation?
256
Annex XXV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Annex XXIX
• Consider the significance and the needs of potential users of the audit
report as well as other interested parties.
• Define the problems to be studied, the entity to be audited and the audit
objectives, i.e. the expected effect of the audit.
• Determine the audit evidence that will answer the audit question - the
relevance, reliability and sufficiency of any data available within the
audited entities should be evaluated. The possibility of collecting the
required evidence (data_ should also be tested.
• Consider the need of help from experts (consultants, other auditors) and
how to secure quality in the audit. It is important to evaluate the
professional knowledge and skills required by the audit team to carry
out the audit.
279
Annex XXIX
• Provide sufficient staff and other resources to do the audit and prepare a
written plan. A budget for the resources needed to carry out the
examination and the timetable is needed.
Annex XXX
Annex XXXI
Objectives:
To control and reduce trans boundary movements of wastes subject to the Convention
to a minimum consistent with there environmentally sound management.
Objectives:
Annex XXXI
3. International Convention for the Prevention of Pollution from Ships, 1973, as modified
by the Protocol of 1978 (MARPOL 73/78)
Objectives:
- To improve further the prevention and control of marine pollution from ships,
particularly oil tankers.
Objectives:
The conservation and wise use of wetlands by national action and international co-
operation as a means to achieving sustainable development throughout the world.
Objectives:
Annex XXXI
Objectives:
To ensure the conservation of biological diversity and the sustainable use of its
components; and to promote a fair and equitable sharing of the benefits arising out of
the utilization of genetic resources, including by appropriate access to genetic resources
and by appropriate transfer of relevant technologies (taking into account all rights over
those resources and to technologies)
Objectives:
Objectives:
Annex XXXI
9. Vienna Convention for Protection of the Ozone Layer (1985), including the Montreal
Protocol on Substances that Deplete the Ozone Layer (1987)
- To protect human health and the environment against adverse effects resulting
or likely to result from human activities which modify or are likely to modify
the ozone layer.
To protect the ozone layer by taking measures leading to total elimination of global
emissions of ozone-depleting substances (ODS) on the basis of developments in
scientific knowledge, taking into account technical and economic considerations and
the needs of developing countries.
285
GLOSSARY OF TERMS
ADD VALUE Organizations exist to create value or benefit to their owners, other stakeholders,
customers, and clients. This concept provides purpose for their existence. Value is
provided through their development of products and services and their use of resources
to promote those products and services. In the process of gathering data to understand
and assess risk, internal auditors develop significant insight into operations and
opportunities for improvement that can be extremely beneficial to their organization.
This valuable information can be in the form of consultation advice, written
communications, or through other means all of which should be properly communicated
to the appropriate management or operating personnel.
ASSURANCE SERVICES An objective examination of evidence for the purpose of providing an independent
assessment on risk management, control or governance processes for the organization.
Examples may include financial, performance, compliance, system security, and due
diligence engagements.
AUDITEE The entity, which is subject to audit, including its managers and staff.
AUDIT FINDINGS The written conclusions of the auditor based on a comparison between what is and what
ought to be.
AUDIT OBJECTIVES Statements developed by internal auditors that define intended audit accomplishments.
AUDIT PROCEDURES Tasks the internal auditor undertakes for collecting analyzing, interpreting and
documenting information during an audit. They are means to attain audit objectives.
AUDIT PROGRAM Document which lists audit objectives and procedures to be followed during an audit.
CODE OF ETHICS Standards of conduct required of internal auditors in discharging their responsibilities. In
addition, they are guideline on personal behavior designed to alert the reader to types of
behavior which are incompatible with official duties.
COMPLIANCE AUDIT An audit whose objective is to evaluate the extent of conformity with laws, regulations
and instructions.
CONFLICT OF INTEREST Any relationship that is not, or does not appear to be, in the best interest of the
organization. A conflict of interest would prejudice an individual’s ability to carry out
this duties and responsibilities objectively.
CONSULTING SERVICES The range of services, beyond internal audit’s assurance services, provided to assist
management in meeting its objectives. The nature and scope of work are specified by an
agreement between the internal auditor and the management. Examples may include
facilitation, process design, training, and advisory services.
286
GLOSSARY
CONTROL Any action taken by management to enhance the likehood that established objectives and
goals will be achieved. Management plans, organizes, and directs the performance of
sufficient actions to provide reasonable assurance that objectives and goals will be
achieved. Thus, control is the result of proper planning, organizing, and directing by
management.
CONTROL ENVIRONMENT The attitude and actions of the board and management regarding the significance of
control within the organization. The control environment provides the discipline and
structure for the achievement of the primary objectives of the system of internal control.
The control environment includes the following elements: integrity and ethical values,
management’s philosophy and operating style, organizational structure, assignment of
authority and responsibility, human resource policies and practice, and competence of
personnel.
CONTROL PROCESS The policies, procedures and activities, that are part of a control framework, designed to
ensure that risks are contained within the risk tolerance established by the risk
management process.
DETERRENT EFFECT The reduced preparedness of staff members and others to contemplate and be involved in
illegal behaviour such as fraud and corruption because of the impact of internal control
system, possibility of detection and likelihood of penalty.
DUE PROFESSIONAL The standard of skill, competence and diligence expected of a reasonably prudent internal
CARE auditor
ECONOMY Acquiring inputs at the most favourable cost in relation to quality and usefulness.
EFFECTIVENESS The extent to which objectives are achieved and the relationship between intended and
actual impact (related to the concept of “outcome”)
EFFICIENCY The relationship between outputs (in terms of goods, services or other results) and (inputs)
the resources used to produce them.
EXTERNAL AUDIT An audit conducted by auditors who are independent of the audited entity and who report
to third parties.
An audit of the type carried out by external auditors where the objective is to evaluate the
FINANCIAL AUDIT reliability of financial statements (and the accounting records on which they are based)
and their conformity with relevant norms. The objective of a financial audit is attestation:
giving of an auditor’s opinion on the adequacy and reliability of the financial statements.
FOLLOW - UP A process to determine the adequacy, effectiveness, and timeliness of actions taken by
management on reported findings and recommendations by internal and external auditors,
including relevant findings made by external auditors and others.
287
GLOSSARY
FRAUD Intentional, deceptive action(s) of a dishonest nature designed to enrich the perpetrator by
giving illegal access to assets, influence or privilege.
GOVERANCE PROCESSES Deal with the procedures utilized by the representatives of the organization’s stakeholders
to provide insight of risk and control processes administered by management.
IFAC International Federation of accountants (its Public Section Committee issues International
Public Sector Accounting Standards).
INDEPENDENCE As applied to internal auditors, the ability to carry out their work freely and objectively,
and not being involved in the activities which they audit.
INSTITUTE OF Body established for instance in USA, UK which provides authoritative standards and
INTERNAL AUDITORS guidance on internal auditing.
INTERNAL AUDITING A department, division, or other group of internal audit practitioners who perform the
ACTIVITY internal audit function for an organization.
IRREGULARITY The intentional misstatement or omission of significant information from the accounting
records, financial statements, other reports, documents, or records. Irregularities include
fraudulent financial reporting, which renders financial statements misleading and
misappropriation of assets. Irregularities involve falsification or alternation of accounting
or other records and supporting documents; intentional misapplication of accounting
principles; or misrepresentation or intentional omission of events, transactions, or other
significant information.
INTERNAL CONTROL The plan of the organization and all the coordinated methods and measures adopted by
management to safeguard assets, ensure the timeliness, accuracy and reliability of
accounting data, promote operational efficiency and maintain adherence to regulations
and directives.
INTOSAI The International Organization of Supreme Audit Institutions (the umbrella body for
external auditors of government which publishes Government Auditing Standards)
OBJECTIVITY An independent mental attitude that requires internal auditors to perform engagements in
such a manner that they have an honest belief in their work product and that no significant
quality compromises are made. Objectivity requires internal auditors not to subordinate
their judgment on audit matters to that of others.
OPINION An expression of the internal auditor’s assessment or judgment about the overall internal
controls related to an assurance engagement.
OUTCOME The impact achieved by a government activity or program e.g. an increase in farm
production (see “Effectiveness”).
288
GLOSSARY
OUTPUT The immediate services produced by a government activity or program (see “Efficiency”).
PREVENTIVE Actions taken by management to deter the occurrence of expected adverse events such as
CONTROLS error, fraud, irregularity, inefficiency.
PUBLIC BODY Any organ of the Federal Government of Ethiopia which is wholly or partly funded by the
government budget (typically refers to administrative bodies not to public enterprises).
RISK The probability of an event or action which will adversely affect the entity.
RISK ASSESSMENT A systematic process for evaluating risk which takes into account both probability of
occurrence and the relative significance of risky events (i.e. it considers whether risky events
are likely to occur and concentrates on those likely to do most damage)
RISK MANAGEMENT Put in place by management to identify, evaluate, and respond to potential risks that may
PROCESSES impact the achievement of the organization’s objectives.
SCOPE LIMITATION A limitation placed on internal audit (often by management) preventing it from
accomplishing objectives and plans
SIGNIFICANCE Sometimes termed materiality, refers to the relative importance of items, transactions,
findings, etc. Items of larger monetary amount tend to be more significant than smaller ones.
SUPPLIERS’ LISTS Lists established by Ministry of Finance and Economic Development and other authorized
public bodies which set out the names and addresses of suppliers from whom public bodies
may solicit bids.
SYSTEM Defined by the Institute of Internal Auditors as an arrangement, set or collection of concepts,
parts, activities, and/or people that are connected or inter-related to achieve objectives or
goals.
SYSTEM OF INTERNAL The arrangement of procedures, instructions, activities and people chosen by management to
CONTROL comply with government laws etc. and to achieve its own internal control objectives. For a
definition of internal control see above.
‘THE THREE Es” Economy, Efficiency and Effectiveness.
VALUE FOR MONEY An audit concerned with economy, efficiency and effectiveness, sometimes known as a
AUDIT performance audit.
WALK-THROUGH TEST Test based on preliminary understanding of a system to confirm that the system works as
expected.
WORKING PAPERS Documents prepared by auditors to record the information obtained, analyses made and
conclusions reached during an audit (on which audit findings and recommendations are
based)
ANNEXES
ANNEX PAGE
I Example of Calculation of Risk Index 192
II Risk Index 193
III Internal Audit Planning Checklist 194
IV Internal Audit Monitoring Checklist 196
V Internal Audit Planning Review Sheet 198
VI Internal Audit Completion Checklist 199
VII Interim Audit Review Sheet 200
VIII Internal Audit Completion Review Sheet 201
IX Internal Audit Report 202
X Organization of Working Papers 203
XI - 1 Schedule of Summary of Findings 209
XI - 2 Audit Findings 210
XII Relationship of Working Papers to Financial Statements 211
XIII Working Paper – Typical Schedule 212
XIV Audit Programme 213
XV Audit Programme – Cash and Bank Balances 214
XVI Annual Plan 223
XVII - 1 Cash Count Form 226
XVII - 2 Suspense Account – Count Sheet 227
XVIII Bank Reconciliation 228
XIX Internal Control Questioner – Cash and Bank Balances 229
XX Internal Control Questioner – Receipts and Receivables 233
XXI Internal Control Questioner – Stocks 236
XXII Internal Control Questioner – Fixed Assets 240
XXIII Internal Control Questioner – Payroll 242
XXIV Internal Control Questioner – Expenditures and procurement 244
XXV Fraud Investigation Standards 248
XXVI Internal Audit Questioner – Value for Money 250
XXVII Internal Control Questioner in A Computerized System 253
XXVIII Internal Control Evaluation Questionnaire 264
XXIX Rules and Principles When Planning Performance Audit 271
XXX Rules and Principles When Conducting Performance Audit 273
XXXI Nine Global Accords 275