Book of Audit

INTERNAL AUDIT STANDARDS AND CODE OF ETHICS
FOR INTERNAL AUDITORS AND INTERNAL AUDIT

PROCEDURAL MANUAL
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMEN

TABLE OF CONTENTS
Section Page
Part - One Introduction

I Background 1
II Basic Concepts of Auditing 2
III Advice to Users of the Manual 8
IV Scope and Responsibility 12
Part Two – Internal Audit Standards and Code of Ethics

I Introduction 16
II Internal Audit Standards of Public Bodies of Government
of Ethiopia 17
III Code of Ethics 37
Part Three - Basic Concepts and Principles of Internal

Audit
I Internal Control System 44
II Evaluating Internal Control System 57
III Audit Approaches 66
IV Planning and Controlling Internal Audit 78
V Documenting Internal Audit 89
VI Reporting Audit Findings 97
Part Four - Procedural Guidance on Financial Audits

I Introduction 103
II Cash and Bank Balances 104
III Receipts and Receivables 114
IV Stocks 126
V Fixed Assets 134
VI Payroll 139
VII Expenditures 145
VIII Procurements 149
Part Five - Procedural Guidance on Special Audits

I Fraud and Investigation 158
II Value for Money 167
III Project and Contract Audit 180
IV Computer Auditing 183
V Social and Environmental Audit 192
195
Annexes
Glossary of Terms 281
1
INTERNAL AUDIT MANUAL PART ONE
SECTION I: BACKGROUND
1. The Internal Audit Manual has been prepared by the Ministry of Finance and
Economic Development and is issued under the authority of part two of the
Council of Ministers Financial Regulations (No. 17/1997). It gives the Ministry
of Finance and Economic Development the power to formulate and distribute
directives that detail the Government Financial Policies and to develop and
maintain appropriate standards of work and conduct of internal audit for
application throughout all public bodies.
2. The Manual applies to all public bodies. Public body means “any organ of the
Federal Government which is partly or wholly financed by Government
allocated budget” (Part One, article two of the Financial Administration
Proclamation of the Federal Government of Ethiopia – No 57/1996). In practice
this means that the manual applies to ministries and their departments and
subordinate offices, and other entities wholly funded by the budget.
3. The Manual provides guidelines as to how the Internal Audit Services of each
public body have to organize and mange their work. As internal audit should
adopt the continuous changes in public bodies and in Society, the Ministry of
Finance and Economic Development will modify the Manual as and when
necessary.
4. If public bodies have any questions or queries regarding this Manual they should
contact the Ministry of Finance and Economic Development.
MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

2
SECTION II : BASIC CONCEPTS OF AUDITING
Introduction
1. Audit is derived from a Latin word, meaning, “he hears”. In ancient times, the
accounts of an estate, domain or manor were checked by having them called out
to those in authority by those who had compiled them.
2. Currently, auditing can be defined as the process by which a competent,

independent person, accumulates and evaluates evidence about quantifiable
information related to a specific economic entity for the purpose of determining
and reporting on the degree of correspondence between the quantifiable
information and established criteria.
Types of audits
Auditing can be mainly grouped into four types:-
3. Financial audit: involves verification of financial data to express opinion on their

validity and reliability
4. Compliance audit: involves verifying adherence to policies, plans, procedures,

laws and regulations
5. Value for money (performance) audit: is a forward looking evaluation of

operations to identify areas in which economy, efficiency and effectiveness (the
three E’s) may be improved or to evaluate compliance with and the adequacy of
operational policies, plans and procedures. It involves evaluation of inputs,
process and outputs. Other names used to describe this type of audit include
Operational, Management and Three E audit.
6. Environmental audit : is an audit which confirms the degree of compliance with

both internally and externally determined emission and pollution standards.
Types of auditor [Internal and External Auditors]
7. Internal auditors are auditors employed by the organization to carry out an

independent appraisal within the organization, which operate as a service to the
Organization by measuring and evaluating the effectiveness of internal control
system. Internal auditors of public bodies are auditors employed to: -

3
• Provide an independent and objective opinion to the Head of public body

on risk management, control and governance, by measuring and
evaluating their effectiveness in achieving the public body’s agreed
objectives. Risk management, control and governance comprise the
policies, procedures and operations established to ensure the
achievement of objectives, the appropriate assessment of risk, the
reliability of internal and external reporting and accountability processes,
compliance with applicable laws and regulations and compliance with
the behavioral and ethical standards set for the public body.
• Provide an independent and objective consultancy service specifically to

help management improve the public body’s risk management, control
and governance. Internal audit applies professional skills through a
systematic and disciplined evaluation of the policies, procedures and
operations that management put in place to ensure the achievement of
the public body’s objectives, and through recommendations for
improvement. Such consultancy work contributes to the opinion which
internal audit provides on risk management, control and governance.
8. External auditors are auditors who are entirely independent of the audited entity.
Their duty is to report primarily to third parties (in the case of audit of limited
companies they report to shareholders; in the case of Government of Ethiopia the
external auditor is the Office of the Auditor-General which reports to parliament).
External auditors in undertaking an audit of financial statements will: -
• Carry out procedures designed to obtain sufficient and appropriate audit

evidence, in accordance with Generally Accepted Auditing Standards to
determine with reasonable confidence whether the financial statements are
free from material misstatement;
• Evaluate the overall presentation of the financial statements, in order to

ascertain whether they have been prepared in accordance with relevant
legislation and accounting standards;
• Issue a report containing a clear expression of their opinion on the financial

statements.

4
9. Below are given the differences between the internal and external auditors : -
Internal auditor External auditor
1 is an employee of the 1 is not an employee of the

organization which is being audited organization which is being audited
2 reports to the management 2 reports to third parties
3 reviews the internal controls primarily 3 reviews the internal controls

to improve compliance and primarily to determine whether
develop improved controls reliance can be placed upon them
in carrying out the audit
4 carries out his work according to 4 carries out his work according to
relative risk and management relative risk and the need to give an
responsibilities audit opinion on the financial
statements
5 is directly concerned with the 5 is incidentally concerned with the

detection and prevention of fraud detection and prevention of fraud
6 is independent of the financial 6 is independent of the entity

function of the entity
7 audits the organization throughout the 7 audits the organization periodically,

year usually once or at most twice a year

5
10. Why does the head of the internal audit unit have a duty to work with external
auditors?
Government financial management is an integrated process, which works best when

each component (budgeting, financial control, accounting, reporting, auditing) is
working well, and all are well coordinated. Because there are at least two types of
government auditors (external and internal), government auditing has to be
coordinated in order to avoid duplication or omission of audit work. Too many
uncoordinated audits would be a burden and an unnecessary waste of resources.
Since internal auditors are employees of the entity, they cannot have as much
independence as external auditors. Sometimes they will identify significant risks,
which managers do not address, or their audit findings may be ignored.
Management may have also steered them away from certain audits or put obstacles
in the way of collecting certain types of information. Having a duty to make
findings and papers available to the external auditor is a necessary safety valve.
11. What are the major risks/dangers facing internal auditors?
• Lack of expertise, leading to trivial audit findings and lack of management

respect;
• Lack of opportunity for professional development;
• Domination by dishonest management and staff members, leading to the neglect

of sensitive areas where controls are weak and encourage abuses;
• Repetitive audit routines which staff members can predict;
• Being assigned to tasks such as accounting and pre-control of expenditures

which the internal auditor will subsequently have to audit (conflict of interest);
• Inability to insist on getting significant information because of fears of losing

promotion opportunities and job security (lack of independence);
• Being ignored;
• Top managers who are engaged in avoiding controls to the detriment of the
entity.
• Management and employees do not maintain and demonstrate a positive and

supportive attitude toward internal controls;
• Wrong perception of the audit function and auditors by staff of the public body.

6
Preaudits and Postaudits
12. Auditing specially in government offices takes two forms, commonly referred to as
“preaudit” and “postaudit.” Preaudit is the examination of transactions before
payment. It is the more traditional audit function. Postaudit represents an after-the-
fact examination and is more recent in origin.
Scope and concept of preaudit
13. The preaudit, perhaps more accurately described as prepayment audit, is generally
an integral part of the central accounting and payment process. The basic
objectives of preaudit are to provide assurance that;
• expenditures are not unreasonable or extravagant;
• sufficient funds are available to enable payment of the invoice; and
• there has been compliance with government proclamations, regulations,

directives, procedural and budgetary requirements. It may include an
examination of contracts prior to approval and encumbrance, scrutiny of all
invoices, and all payrolls before payment.
Limitations of preaudit
14. Preaudit tends to be clerical and routine in nature. Even the most effective preaudit
has significant limitations. For example preaudit procedures may provide adequate
assurance that prices shown on invoices for supplies are in accordance with contract
prices, but they cannot provide assurance that the supplies were actually needed and
efficiently utilized. Previously preaudit was considered as a significant element of
internal control. However, through time the internal auditor was considered as a
part of management in authorizing payments and as a result of which management
tended to rely on the internal auditor instead of discharging its own responsibilities.
15. Finally, regardless of the effectiveness of preaudit, it must be recognized that the
full implications of an Organization basic policy or procedure cannot be discovered
through the preaudit piecemeal examination of individual isolated invoices or
transactions. Comprehensive audit for financial accountability, efficient
performance, or effective program accomplishment must be done through the
postaudit process.

7
Scope and concept of postaudit
16. The scope of postaudit may be grouped into two general categories:
• Financial accountability and legality – the verification of accounting records

and review of internal controls;
• Value for money – the examination of the efficiency, effectiveness and

economy of operations which includes the broad examination of the extent to
which objectives are accomplished.
17. These categories tend to overlap, but they are useful in demonstrating the changing
concepts of auditing. The basic limitation of the postaudit is that it concentrates on
detection of irregularities rather than preventing their occurrence as in the case of
preaudit.

8
SECTION III: ADVICE TO USERS OF THIS MANUAL
Introduction
1. This manual is primarily intended for the use of internal auditors of Public
Bodies. It is a source of ideas and gives them guidance on the principles and
practices of auditing. It does not seek to establish detailed mandatory rules. An
essential feature of auditing is that it must be adaptable to a particular situation of
the Public Body under audit.
Contents of the Manual
2. The manual contains five parts dealing with different areas of internal audit
functions.
Part One
3. This is an introduction which provides the basic concept of auditing, including

types of audit and types of auditors and the relationship of these auditors. The last
section of the Introduction part describes the scope and responsibilities of the
Ministry of Finance and Economic Development, Head of public bodies, Head of
Internal Audit and internal auditors from the current Government Regulations and
Directives point of view.
Part Two
4. The draft Internal Audit Standard of Public Bodies of Government of Ethiopia

and Code of ethics are provided in this part of the manual. All internal auditors
should ensure that their performance and behavior adhere to the Standard and
Code of Ethics.
Part Three
5. This part contains the following:-
• It presents the main concepts and principles of internal audit function;
• It describes different areas of the internal control system of a public body

including types of Internal Control Systems, feature of effective internal
control system and their limitations;

9
• It explains how the internal auditor evaluates the effectiveness of the

internal control system using different auditing techniques;
• It elaborates the three types of audit approaches and describes as to how

the Internal Auditor can carry out the audit assignment using these
approach;
• It deals with the planning of audit assignment and provides explanations

on different stages of planning which will give practical advice to the
Internal Auditor for planning the audit assignment effectively;
• It discusses controlling the audit assignment audit procedures such as

internal review, peer review and external review;
• It discusses the principles of the documenting of internal audit including

content and organization of working papers;
• It explains how working papers should be prepared and its ownership and
custody;
• It describes the characteristics, content and format of effective audit

reports.
Part Four
6. Procedural guidances for financial and compliance audits are included in this part.
Each section of this part contains an introduction definition, audit objectives,
internal control system and the audit procedures to be carried out by the internal
auditors to discharge their responsibilities. Internal auditors should carry out
these activities by taking into account the basic concepts and principles explained
in Part Three. The audit procedures provided in this part should only be used as
guidance for the internal auditor to design an audit program, which specifically
meets the requirement of the public body under audit. The internal auditor should
select audit procedures, which are materially related to risk feasible to the audit
and likely to generate useful findings.
Part Five
7. Procedural guidances on special audits of investigation of fraud, value for money,

computer auditing, contract audit social and environmental audit are provided in
this part. The internal auditor should adopt these procedures to particular special
audit assignments.

10
8. The skill and experience of internal auditors of all public bodies is not at the same
level. Hence internal auditors of some public bodies may not be able to undertake
few of the tasks incorporated in this Manual. Therefore, Head of the Internal
Audit should evaluate the existing capacity of the internal auditor and develope a
suitable audit programme using the Manual as a source. In the meantime the
management should find ways to train the existing internal auditors or employ
qualified internal auditors who can undertake the audit in accordance with the
Manual.
Other Users of this Manual
Head of Public Bodies
9. If improving internal control is the aim, the Heads of the public bodies are the
prime means. They are responsible for introducing and maintaining effective
internal control systems in public bodies. The internal auditor is only
management’s adviser and cannot bring about changes directly. Improvements in
systems of internal control are the responsibility of the Head of the public body.
Therefore the Head including other management members must fully understand
their full responsibilities for improving internal control. Without full management
involvement, internal audit cannot be effective. The responsibility of the Head of
public body and the scope of internal audit functions is covered in this Part
Section IV and in the draft Internal Audit Standard of Public Bodies of
Government of Ethiopia in Part Two Section II. Internal control systems and
management’s responsibility for them are covered in Part Three, Section I of this
manual. These are the key sections of the manual for management. We advise
the management of public bodies to give particular attention to these Sections.
Staff of Public Bodies
10. It is often wrongly assumed that internal control systems are solely the concern of
the Head of the public body. It is true that the Head of the public body establishes
these systems for the proper management of the public body. But in order for
them to be effective, staff co-operation is needed. Staffs need to know how the
systems work, who is required to take specific actions etc. and the nature of their
own responsibilities. If the internal audit is to make its full contribution, it has to
be strongly linked to other financial management processes. Such links are easily
achieved via internal audit, provided that both parties (internal auditors on the one
hand, and management and other support staffs (e.g. budget controllers,
accountants, and book-keepers) on the other, develop harmonious working
relationships and mutual respect.

11
External Auditors
11. To the extent that internal audit is of high quality and effective, and the internal
control systems of the public body are proved to be reliable, external auditors can
accept the work of internal auditors and adapt their audits accordingly. This is an
important advantage. It means that audits as a whole can be more intensive;
duplicative audit work is avoided and external auditors can extend their audits
into areas, which might not otherwise have received scrutiny. It all depends on
the quality of internal audit and the strength of the entity’s internal control
systems. This manual is intended to strengthen internal audit. Better internal
audit will help the Head of the public body to establish better and more effective
internal control systems. In other words the aim is to establish a virtuous circle
resulting in improved use and control of resources, and ultimately to better public
services at lower cost for the people of Ethiopia. We do not under-estimate the
difficulty of establishing such a virtuous circle.

12
SECTION IV: SCOPE AND RESPONSIBILITY – FROM CURRENT

GOVERNMENT
REGULATIONS AND DIRECTIVES PERSPECTIVE
Introduction
1. The Financial Regulations of the Council of Ministers (No 17/1997) and Article
68 of the Proclamation on Financial Administration (No. 57/1996) establish the
basis for internal audit and internal control of the Government of Ethiopia.
Ministry of Finance and Economic Development
2. Ministry of Finance and Economic Development is responsible to:-
• Formulate and distribute Directives that details the Governments Financial

policies in all areas of the Government finances;
• Develop and maintain appropriate standards of work and conduct for

application throughout all public bodies internal audit functions.
3. The council of Ministers Regulation (No. 17/1997) states that the Head of Public
Bodies should:
• Ensure that the system developed within the public body is functioning
well;
• Issue delegations of authority to subordinates;
• Establish signing authorities for all employees involved in the processes of

receiving and disbursing public money and in procurement;
• Ensure that the internal audit system is appropriately staffed with trained
and qualified manpower and that internal audits are carried out efficiently,
effectively and economically;
• Ensure that sufficient numbers of appropriately trained employees are

assigned to perform discrete function so that proper separation is
maintained in the internal control system;

13
• Develop internal directives and procedures which complement the Financial

Administration Proclamation, Financial Regulations and any financial
directives of the Ministry of Finance, which are unique to the particular
public body;
• Ensure that timely, relevant and reliable financial information analysis is

prepared and disseminated;
• Ensure that the employees of the public body are performing their duties in
compliance with the Financial Administration Proclamation, Financial
Regulations and directives laid down in accordance with the Proclamation;
and that the internal audit is carried out timely.
Internal Audits
4. The same regulation defines internal audit as a systematic, independent appraisal

of all operations including administrative activities for the purpose of advising on
management practices and controls. The responsibilities of internal auditors are
to:
• Conduct internal audits at specific time intervals to ascertain that public

money and property are used for intended purposes;
• Develop audit programs and audit procedures which are specifically

designed to meet the requirements of the public body;
• Develop a monitoring system which will at regular intervals test and

report to management on the public body’s compliance with applicable
internal and external directives and procedures;
• Advise management at regular intervals on its internal practices and

controls and on whether they are efficient, effective and economical;
• Submit audit reports to the head of the public body.
5. The focus of the above provisions is mostly on financial and compliance audits.
This focus is reflected in this audit manual.
6. Internal audit units are established in public bodies, for the purpose of carrying
out internal audits. In large public bodies there will be a Head of internal audit
and under that person, several members of staff (senior and junior internal
auditors). Smaller public bodies have smaller internal audit units. The
responsibility of the Head of internal audit is to:

14
• Respect the Internal Audit Standards of Government of Ethiopia including

the Code of Ethics;
• Supervise and lead the internal audit unit;
• Monitor, counsel and advise internal audit staff;
• Consult with the management of the public body on internal audit and
internal control;
• Advise on and approve audit topics proposed by internal auditors;
• Propose internal audit topics and summary programs to management;
• Consult with internal auditors on audit programs, fieldwork and draft audit
findings;
• Advise on and approve the audit reports of internal auditors and ensure
that for each audit carried out there is a final audit report;
• Provide quality control on all aspects of internal auditing;
• Report audit findings to management and monitor management’s follow-

up of findings;
• Respond to the enquiries and requests for information of external auditors

and send copy of responses given to management.
7. The duties of internal auditors are to:
• Respect the Internal Audit Standards of Government of Ethiopia

including the Code of Ethics;
• Consult with the head of Internal Audit unit and respect the leadership on
all aspects of auditing;
• Propose audit topics and draft audit programs;
• Carry out all aspects of auditing in accordance with the most appropriate
standards and guidelines (including those appearing in this manual);
• Ensure that the Head of internal audit conducts all final audit reports and
official dealings with management.

15
8. For internal audit to be successful it must fully respond to management needs.

Internal auditors are therefore expected to:
• Make efforts to understand management’s needs;
• Work in a spirit of cooperation rather than confrontation;
• Choose topics leading to audit findings which will be relevant and

significant and which will help management to improve the relevance and
integrity of its controls;
• Report audit findings clearly and present them in a way that leads
naturally to the necessary remedial actions;
• Explain clearly what is to be done in response to adverse audit findings

and how it might be done, and ensuring that auditors are not directly
involved in taking the necessary remedial actions which are the sole
responsibility of management;
• Explain audit findings and recommendations orally as well as in writing to

enable management to “own” the findings.
9. At the same time Internal auditors have to maintain a degree of independence

by:
• Not accepting assignments which would result in carrying out audits of

procedures and systems that they themselves have designed or maintained;
• Declaring conflicts of interest (or declining to accept assignments) where

they are not fully independent of the activities which they audit;
• Presenting objective and reliable findings to management;
• Responding objective and reliable findings to management;
• Responding to external auditors when they request access to findings and

working papers;
• Management of the public body has to be informed when formal

communications occur; the Head of internal audit should make such
communications.

16
INTERNAL AUDIT MANUAL PART TWO
SECTION ONE
INTRODUCTION
1. This part of the Manual includes draft Internal Audit Standards and Code of Ethics for
internal auditors of a Public Bodies of the Government of Ethiopia.
2. The Standards define the way in which the Internal Audit Service should be established
and undertake its functions. The Standards cover both the attributes and performance of
internal audit service in public bodies.
3. The Code of Ethics includes principles that are relevant to the professional and practice of
internal auditing and rules of conduct that describe behavioral norms expected from
internal auditors of the public bodies.
4. The current Standards and Code of Ethics of the Institute of Internal Auditors are
reflected in this part.

17
SECTION TWO
DRAFT INTERNAL AUDIT STANDARDS OF PUBLIC BODIES OF GOVERNMENT

OF ETHIOPIA
I ATTRIBUTE STANDARDS
100 Responsibilities and scope of work
200 Independence
300 Relationships with management and other auditors
400 Staffing, training and development
II PERFORMANCE STANDARDS
500 Audit strategy and planning
600 Risk assessment
700 Audit working paper
800 Audit evidences
900 Deterrence, detection, investigation and

reporting of fraud
1000 Auditing compliance with policies, plans,

procedures, laws and regulations
1100 Quality assurance
1200 Reporting
1300 Follow-up on reported audit findings

and recommendations

18
I ATTRIBUTE STANDARDS
100 RESPONSIBILITIES AND SCOPE OF WORK
110 Responsibility Of Head Of Public Body
The Head of Public Body is responsible for establishing policies,

procedures and operations for appropriate management of risk, the
reliability of internal and external reporting and accountability processes,
compliance with applicable laws and regulations, and compliance with
the behavioral and ethical standards set for the public body in order to
ensure the achievement of its objectives.
120 Responsibility Of Audit Committees
Audit committees should be formed constituting employees of the Public

Body who have an appropriate knowledge of its day to day operations
and can assist the Internal Audit in discharging its responsibilities.
The Audit Committee is responsible for advising the head of public body
in respect of:
• The terms of reference for internal audit;

• The effectiveness of the internal audit strategy and periodic plan
in addressing the public body’s risks;
• The resourcing of internal audit;
• The periodic work plans of internal audit, and material changes to
these plans and the implications arising from internal auditor’s
findings and opinion;
• The arrangements for and the results of quality assurance
process;
• The adequacy of management response to internal audit advice
and recommendations;
• The arrangements made for co-operation between internal audit,
external audit and other review bodies.
130 Responsibility Of Internal Audit
The Internal Audit is responsible for an independent, objective assurance

and consulting activity designed to add value and improve the public
body’s operations. It helps the public body accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance processes.

19
140 Scope Of Work For Internal Audit
Internal audit should fulfill its duty by systematic review and evaluation
of risk management, control and governance which comprises the
policies, procedures and operations in place to:
• Establish, and monitor the achievement of the public body’s

objectives;
• Identify, assess and manage the risks in achieving the public

body’s objectives;
• Ensure the economical, effective and efficient use of resources;
• Ensure compliance with established policies (including

behavioral and ethical expectations), procedures, laws and
regulations;
• Safeguard the public body’s assets and interests from losses of all
kinds, including those arising from fraud, irregularity or
corruption;
• Ensure the integrity and reliability of information, accounts and

data, including internal and external reporting and accountability
processes.
Internal audit should devote particular attention to any aspects of the risk
management, control and governance affected by material changes to the
public body’s risk environment.
200 INDEPENDENCE
210 The Principles of Independence
210.1 Internal audit should be sufficiently independent of the activities,

which it audits to enable auditors to perform their duties in a
manner, which facilitates impartial and effective professional
judgments and recommendations. It should have no executive
responsibilities.

20
210.2 Accountability for responses to the advice and recommendations

of internal audit lies with the line managers who either accept and
implement the advice or formally reject it. Audit advice and
recommendations are without prejudice to the right of internal
audit to review the relevant policies, procedures and operations at
a later date.
220 Organizational Independence
220.1 Internal audit should report directly to the Head of the Public Body and
Audit Committee of the Public Body. A copy of annual internal audit
report, which will be addressed to the head of the public body, should be
submitted to the Ministry of Finance and Economic Development for
follow up on reported audit findings and recommendations.
220.2 Their Audit Committee should advise the Heads of the Public Bodies on
the discharge of their responsibilities in respect of internal audit. The
Audit Committee should not obstruct the Head of Internal Audit’s direct
access to the Head of the Public Body.
220.3 The Heads of Public Bodies should make appropriate arrangements for the
routine supervision and management of the budget and resources of
internal audit (including staff appraisal arrangements) without prejudice to
the direct accountability of internal audit to the Head of Public Body.
220.4 The internal audit activity should be free from interference in determining
the scope of internal auditing, performing work, and communicating
results.
230 Status Of The Head Of Internal Audit
The Head of Internal Audit should be graded with sufficient status to facilitate
the effective discussion and negotiations of the results of internal audit work
with senior management in the organization. Evaluation tools used to grade the
post should give due weight to the influence of the Head of Internal Audit on the
risk management, control and governance of the organization.

21
240 Independence Of Individual Auditors
240.1 Individual auditors should have an impartial, unbiased attitude,

characterized by integrity and an objective approach to work, and should
avoid conflicts of interest. They should not allow external factors to
compromise their professional judgment.
240.2 Objectivity is presumed to be impaired when individual auditors review

any activity in which they have previously had executive responsibility, or
in which they have provided consultancy advice. Auditors should not be
assigned to assurance work where they have had an executive or other
involvement, and where the Head of Internal Audit deems that this may
impair their objectivity, until a suitable period has elapsed. The Head of
Internal Audit should develop appropriate guidelines for determining the
duration of such periods.
240.3 Long-term responsibility for the audit of a particular aspect of a public

body can also affect independence; assignment of ongoing audit
responsibilities should be rotated from time to time.
250 Declaration Of Conflict Of Interest (Impairments to Independence or

Objectivity)
250.1 Individual auditors should declare any conflicts of interest arising from
audit work assigned to them by the head of Internal Audit. Such potential
conflicts of interest include previous executive or consultancy
responsibilities and personal relationships with staff with current executive
responsibilities.
260 Proficiency and Due Professional Care
260.1 Proficiency
Internal auditors should possess the knowledge, skills, and other competencies
needed to perform their individual responsibilities. The internal audit activity
collectively should possess or obtain the knowledge, skills, and other
competencies needed to perform its responsibilities. The internal auditor should
have sufficient knowledge to identify the indicators of fraud but is not expected
to have the expertise of a person whose primary responsibility is detecting and
investigating fraud.

22
260.2 Due Professional Care
Internal auditors should apply the care and skill expected of a reasonably
prudent and competent internal auditor. Due professional care does not
imply infallibility. The internal auditor should exercise due professional care
by considering the:
• Extent of work needed to achieve the engagement's objectives.
• Relative complexity, materiality, or significance of matters to which
assurance procedures are applied.
• Adequacy and effectiveness of risk management, control, and
governance processes.
• Probability of significant errors, irregularities, or noncompliance.
• Cost of assurance in relation to potential benefits.
260.3 The internal auditor should be alert to the significant risks that might
affect objectives, operations, or resources. However, assurance
procedures alone, even when performed with due professional care, do
not guarantee that all significant risks will be identified.
300 RELATIONSHIPS WITH MANAGEMENT AND OTHER AUDITORS
310 Principles of Good Relationships
Heads of Internal Audit should co-ordinate internal audit plans and

activities with the management, other internal auditors, external auditors,
and other review agencies to ensure the most effective audit coverage is
achieved and duplication of effort is minimized.
320 Relationships with Management
320.1 Internal Audit provides a service to management. Its strategy,

planning and delivery should aim to maximize the value added
for management without jeopardizing internal audit’s
responsibilities to the management.
320.2 Management and staff at all levels of the public body should have
complete confidence in the integrity, independence and capability
of internal audit. The relationship between internal auditors and
management is a privileged one, and information gained in the
course of audit assignment should remain confidential to those
with a legitimate interest within the public body.

23
320.3 Co-operative relationships with management enhance the ability of

internal audit to achieve its objectives effectively. Audit assignment
should be planned in conjunction with management as far as possible,
particularly in respect of the timing of the assignment (except where
unannounced visits are essential to the achievement of the audit
objectives).
320.4 When fraud is suspected or detected, decisions to involve external

agencies such as the police should be taken by management. If internal
audit does not consider that management at all levels of public body has
made appropriate decisions in this respect, this should be reported to the
Ministry of Finance and Economic Development.
330 Relationships with Other Internal Auditors
Where Internal Auditors need to work with Internal Auditors of another

organization, the roles and responsibilities of each party should be agreed and
endorsed by the Head of each Public Body. Whenever possible agreement to
joint working or to placing professional reliance on work carried out by one
party should be sought.
340 Relationship with External Auditors
340.1 Internal audit should seek to meet regularly with the external auditor to
consult on audit plans, discuss matters of mutual interest, discuss
common understanding of audit techniques, methods and terminology
and seek opportunities to rely on their work where appropriate, provided
this does not prejudice internal audit’s independence.
340.2 In any case of conflict with the External Auditor, the Head of Internal
Audit will consult with or refer the matter to the Head of Public Body.
400 STAFFING, TRAINING AND DEVELOPMENT
410 Principles of Staffing, Training and Development
Internal audit should be appropriately staffed in terms of numbers,

grades, qualification levels and experience, having regard to its
objectives and to these standards. Internal auditors should be properly
trained to fulfill their responsibilities and should maintain their
professional competence through an appropriate ongoing development
programme.

24
420 Qualification of Internal Auditors
Ministry of Finance and Economic Development defines the minimum

level of skill, knowledge and experience required of an internal auditor
and the Head of Internal Audit. The Head of Internal Audit should be
qualified and have a wide experience of management.
430 Staffing the Internal Audit Unit
430.1 The Ministry of Finance and Economic Development is

responsible for ensuring that they have access to the full range of
knowledge, skills, qualifications and experience to meet the
unit’s audit objectives and these standards. In addition to internal
audit skills, the Ministry of Finance and Economic Development
should specify any other professional skills, which may be
needed by the internal audit unit. It should also make provision
for appropriate administrative support.
430.2 The Ministry of Finance and Economic Development should set

criteria for the appointment of the more senior staff in the internal
audit unit based on training and experience of the Internal
Auditor.
440 Continuing Professional Development
440.1 All Internal Auditors should undertake a programme of

continuing professional development to maintain and develop
their skills.
440.2 Heads of Internal Audit should ensure that appropriate provision

is made for maintaining and developing the competence of audit
staff. They should monitor the ongoing training activity of all
staff in their internal audit unit.

25
II PERFORMANCE STANDARDS
500 AUDIT STRATEGIES AND PLANNING
510 Developing the Internal Audit Strategy
510.1 The Head of Internal Audit should develop and maintain a strategy
for providing the Head of public body economically and efficiently,
with objective evaluation of and opinion on the effectiveness of the
public body’s risk management, control and governance
arrangements. The internal audit activity should evaluate risk
exposures relating to the public body's governance, operations, and
information systems regarding the:
• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of operations.
• Safeguarding of assets.
• Compliance with laws, regulations, and contracts.
510.2 The strategy should also aim to add value for the Heads of the public
bodies by providing them with audit analysis, findings and
recommendations. In addition, where internal audit unit judges it
appropriate, it could offer consultancy to support management in
implementing the recommendations.
510.3 The strategy should be developed to meet the audit needs of the
public body as assessed by the Head of Internal Audit, using the
public body’s objectives and risk assessment as a primary resource.
510.4 The strategy should include provision for the Head of Internal Audit
to consider, at least annually, the adequacy of the public body’s risk
assessment and, if necessary, make recommendations for its review.
510.5 The strategy should include a systematic and prioritized review of

how effectively the public body’s risks are managed by its policies,
procedures and operations.

26
510.6 The Head of Internal Audit should consider any risk, which he
thinks, may be material to the public body’s risk management,
control and governance, even if it is not included in management’s
risk priorities.
510.7 The strategy should establish the resources and skills required for its
delivery.
510.8 The strategy should describe the audit techniques selected as the
most effective for delivering the audit objectives.
510.9 The strategy should set out the relative allocation of audit resources
between assurance work and consultancy work. The exact allocation
will be determined in the periodic plans.
510.10 The Strategy should include acceptance of risks or other areas of

potential audit coverage, which cannot be resourced, and
identification of consequent residual risk exposure.
520 Developing the Periodic Audit Plans
520.1 Internal audit should prepare periodic work plans, designed to

implement the audit strategy for approval by the Head of the Public
Body.
520.2 The periodic plans should set out details of the assignments to be
carried out in the period covered by the plans, providing sufficient
detail for the management of the public body to understand the
assignments’ purpose and scope. They should establish the resources
and skills required for each assignment, and should set relative
priorities for each assignment.
520.3 The periodic audit plans should be kept under review to identify any
amendment needed to reflect changing priorities and emerging audit
needs. They should make provision for an element of contingency to
accommodate audit assignments, which could not have been
reasonably foreseen.

27
530 Planning Audit Assignments
530.1 For each audit assignment a detailed plan should be prepared and
discussed with the Head of the public body. These plans should
establish detailed objectives for the assignment, the level of
assurance that management wishes to derive from the opinion to
be delivered, resource requirements, audit outputs and target
dates. They should set out:
• The scope and objectives and timing of the work to be

done, allocating internal audit resources and establishing
their targets;
• If internal auditors develop reservations about the scope

during the engagement, these reservations should be
discussed with the client to determine whether to continue
with the engagement.
• Any requirements for participation by the management of

the public body;
• The schedule and timing of the assignment;
• To whom the assignment findings will be disclosed;
• The resources necessary to perform the audit assignment

should be determined in the planning process. The number
and experience level of the internal auditing staff required
should be based on an evaluation of the nature and
complexity of the audit assignment, time constraints and
available resources.
530.2 Assignment plans should be agreed with the management before

work is done, and the agreement recorded. They should take
account of any concerns of the management about aspects of the
policies, procedures and operations within the area to be audited.

28
540 Nature of Work
The internal auditors should assess and improve the public body’s risk
management, control, and governance processes.
540.1 The internal auditor should assist the public body in managing
risk by evaluating and identifying significant organizational risks,
assessing risk during the course of engagements, and improving
the risk management process.
540.2 The internal auditor should assist the public body in maintaining
effective controls by evaluating the public body’s controls to
determine their effectiveness and efficiency and by developing
recommendation for improvement.
540.3 The internal auditor should assist the public body in achieving its
goals by evaluating and improving the process through which
goals and values are established and communicated, the
accomplishment of goals is monitored, accountability is ensured,
and values are preserved.
540.4 Internal auditors should ascertain the extent to which operating

and program goals and objectives have been established and
conform to those of the public body.
540.5 Internal auditors should review operations and programs to

ascertain the extent to which results are consistent with
established goals and objectives to determine whether operations
and programs are being implemented or performed as intended.
540.6 Internal auditors should ascertain the extent to which

management has established adequate criteria to determine
whether objectives and goals have been accomplished. If
adequate, internal auditors should use such criteria in their
evaluation.
540.7 During consulting engagements, internal auditors should address

controls consistent with the engagement’s objectives and be alert
to the existence of any significant control weaknesses.

29
540.8 Internal auditors should incorporate knowledge of controls

gained from consulting engagements into the process of
identifying and evaluating significant risk exposures of the
organization. The internal audit activity should assess and make
appropriate recommendations for improving the governance
process in its accomplishment of the following objectives:
Promoting appropriate ethics and values within the organization.
• Ensuring effective organizational performance management

and accountability.
• Effectively communicating risk and control information to

appropriate areas of the organization.
• Effectively coordinating the activities of and communicating

information among the board, external and internal auditors
and management.
International Standards for the Professional Practice of Internal Auditing
540.9 The internal audit activity should evaluate the design,

implementation, and effectiveness of the organization’s ethics
elated objectives, programs and activities.
550 Audit Programme
To achieve audit objective of each assignment, it is essential to develop

an audit programme, which provides a means of monitoring the progress
and completion of the audit. The audit programme should state the
objective of the audit assignment and document Internal Auditors'
procedure for collecting, analysing, interpreting and documenting
information during the audit. The audit programme should also include
the following:
• It should state the scope and degree of testing required to

achieve the audit objective in each phase of the audit.
• It should identify the system and transaction which should be

examined.
• It should be prepared prior to the commencement of audit

work and modified during the course of the audit, if
necessary.

30
600 RISK ASSESSMENT
610 Principles of Risk Assessment
The Internal Auditor should identify the different systems that exist in the
public body and the risk factors that are relevant to those systems and should
assess their relative significance. Risk refers to the possibility of a system
having so poor internal control that the public body does not achieve its
objectives effectively and efficiently. Risk assessment should enable the
Internal Auditor to assess the relative vulnerabilities of the systems and
those which are more riskier than others and should, therefore, be audited
sooner and more often.
620 Identification of System
The Internal Auditor should identify each system of the public body in
which resources (input) organized (processed) to provide results (out puts) in
accordance with predetermined purposes (objectives).
630 Risk Factors
The Internal Auditor should use appropriate risk factors, which will be used
to assess the relative significance, and likelihood that conditions and/or
events may occur that could adversely affect the public body to achieve its
objective.
640 Risk Assessment
The Internal Auditor should systematically assess and integrate professional

judgment about probable adverse conditions and/or events. The risk
assessments process should provide a means of organizing and integrating
professional judgment for development of a prioritized audit work schedule.
The Internal Auditor should:
• identify and record the objectives of the system, risks and

controls;
• establish the congruence of the objectives with higher-level

corporate objectives;
• evaluate management's risk analysis, taking account of their

acceptance of specific risks;

31
• evaluate the controls in principle to decide whether or not they

are appropriate and can be reasonably relied upon to achieve
their purpose;
• identify any instances of over-control;
• determine an appropriate strategy to test the effectiveness of
risk management and controls;
• arrive at conclusions and report, making recommendations, as
necessary, and providing an opinion on the effectiveness of risk
management and control in the audited area.
700 AUDIT WORKING PAPERS

710 Principles of Audit Working Papers
The Internal Auditor should prepare working papers, which provide the
principal evidential supports for the audit report, and demonstrate the
Internal Auditors' compliance with standard of Internal Auditors and support
for audit conclusion reached.
720 Content of Audit Working Papers
The Internal Auditor should document in the working papers the following
aspects of the audit process of:
• planning, examination and evaluation of the effectiveness of
risk management;
• control and governance process;
• the auditing procedures performed and the conclusion reached,

review, reporting and follow-up.
Audit working papers should be designed in such a way that they provide
the principal evidential support in the planning, performance and review
of audits and documents whether audit objectives were achieved. The
Internal Auditor should keep in mind that the content and arrangement of
the working papers reflect the degree of the Internal Auditors'
proficiency, experience and knowledge. Working papers should be
sufficiently complete and detailed to enable an experienced auditor,
having no previous connection with the audit to ascertain that the
necessary audit work was performed to support the audit conclusions.

32
730 Preparation of Working Paper
The Internal Auditor should follow standardized policies for the types of
audit working paper files maintained, stationery used, indexing and other
related matters. Each working paper should show the name of the public
body being examined, the title or description of the contents or purposes of
the working papers, and the date or period covered by the audit. Each
working paper should be signed, dated and cross-referenced. Audit
verification symbols should be explained. The working papers should be
reviewed, signed and dated by the Head of the Internal Audit or by a Senior
Internal Auditor assigned by him.
740 Ownership and Custody of Audit Working Papers
Audit working papers are the property of the public body being examined.
Audit working papers should remain under the control of the Internal Audit
Department and the Head of the Public Body should approve request for
access to it by parties outside the public body.
800 AUDIT EVIDENCES
810 Principles of Audit Evidences
The Internal Auditor should obtain sufficient and appropriate audit

evidences to be able to draw reasonable conclusions and
recommendations regarding the risk management, control and
governance of the public body. The internal auditor should adequately
document the audit evidences in the working papers, including the basis
and extent of planning, work performed and the findings of the audit.
820 Sufficient Appropriate Audit Evidences
The Internal Auditor should use his professional judgment to assess

whether he obtained sufficient and appropriate audit evidence. Sufficient
is the measure of the quantity of audit evidence whereas appropriate is
the measure of the quality or reliability of audit evidence and its
relevance to a particular audit conclusion and recommendations.

33
830 Procedures for Obtaining Audit Evidence
The Internal Auditor should have a sound understanding of the

techniques and procedures such as inspection, enquiry and confirmation,
to collect audit evidences. The Internal Auditor should ensure that the
procedures employed are sufficient to reasonably detect all material
errors and irregularities. The Internal Auditor should also give
consideration to the quality of evidences in choosing the techniques and
procedures to be employed.
900 DETERRENCE, DETECTION, INVESTIGATION AND

REPORTING OF FRAUD
910 Principles of Deterrence, Detection, Investigation and Reporting of

Fraud
The Internal Auditor should examine and evaluate the adequacy and
effectiveness of actions taken by management of the public body to deter
fraud, be able to identify indicators that fraud might have been
committed, investigate fraud and issue a written report at the conclusion
of the investigation phase.
920 Deterrence of Fraud
The Internal Auditor is responsible for assisting in the deterrence of

fraud, by examining and evaluating the adequacy and effectiveness of
control, commensurate with the extent of the potential exposure in the
various segments of the public body's operation. The Internal Auditor
should determine:
• The public body's environment foster control consciousness;
• Realistic goals and objectives are set;
• Appropriate authorization policies for transaction are established

and maintained;
• Policies, practices, procedures, reports and other mechanisms are

developed to monitor activities and safeguard assets, particularly
in high -risk areas;
• Recommendations needed to be made for the establishment or

enhancement of cost-effective control to help deter fraud.

34
930 Detection of Fraud
The Internal Auditor should identify indicators of fraud sufficient to

warrant recommending an investigation. These indicators may arise as a
result of controls established by management, tests conducted by
auditors and other sources both within and outside the public body.
The Internal Auditor should:
• Have sufficient knowledge of fraud to be able to identify

indicators that fraud might have been committed. This
knowledge includes the need to know the characteristics of
fraud, the techniques used to commit fraud, and the types of
fraud associated with the activities audited.
• Be alert to opportunities, such as control weaknesses, that could

allow fraud. If significant control weaknesses are detected,
additional tests conducted by Internal Auditors should include
tests directed towards identification of other indicators of fraud.
• Evaluate the indicator that fraud might have been committed

and decide whether any further action is necessary or whether
an investigation should be recommended.
• Notify the head of the public body if a determination is made

that there are sufficient indicators of the commission of a fraud
to recommend an investigation.
940 Investigation of Fraud
When indicators suggest that fraud has been committed, the Internal
Auditor should perform extended procedures necessary to determine
whether the fraud, as suggested by the indicators, has been committed.
The extended procedures should include gathering sufficient evidential
matter about the specific details of a discovered fraud. The Internal
Auditor should:
• Assess the probable level and the extent of complexity in the fraud
within the public body. This can be critical to ensuring that the
internal auditor avoids providing information to or obtaining
misleading information from persons who may be involved;

35
• Determine the knowledge, skills, and disciplines needed to

effectively carry out the investigation. The Internal Auditor should
ensure that the investigation is conducted by individuals having the
appropriate type and level of technical expertise and competence.
• Design the procedures to be followed in attempting to identify the
perpetrators, extent of the fraud, techniques used and cause of
fraud.
950 Reporting of Fraud
A written report should be issued to the head of the public body at the
conclusion of the investigation phase. It should include all findings,
conclusions and recommendations for corrective action to be taken.
1000 AUDITING COMPLIANCE WITH POLICIES, PLANS, PROCEDURES,

LAWS AND REGULATIONS
1010 Principles Of Auditing Compliance with Policies, Plans, Procedures,

Laws and Regulations
Internal Auditors should review the systems established to ensure

compliance with applicable policies, plans, procedures, laws and
regulations and should determine whether the public body is in
compliance.
1020 Responsibility of Head of the Public Body
The Head of the public body is responsible for establishing the systems
designed to ensure compliance with such requirements as policies, plans,
procedures, applicable laws and regulations. The policies, plans and
procedures designed and implemented by the Head of the Public body
should be sufficient to reasonably ensure prevention and/or detection of
non-compliance with applicable laws and regulations. The Head of the
public body is also responsible for determining whether non-compliance
brought to his/her attention by auditors, or by discovery, may violate
laws or regulations and/or constitute illegal acts. In addition, the Head of
the public body is responsible for initiating such corrective actions
necessary to achieve compliance. This may require reporting by the
Head of the public body to the legal and/or regulatory authorities.

36
1030 Responsibility of Internal Auditors
Internal Auditors are responsible for establishing objectives that include

planning and performing a scope of work which provides a reasonable
basis for reporting on the extent of public body compliance with policies,
plans, procedures, laws and regulations. Internal Auditors should
perform additional procedures which provide insight as to the existence
and impact of exposure to significant instances of non-compliance. The
Internal Auditor should promptly inform management of all relevant
facts when information gathered from performance of internal auditing
procedures indicate the existence of significant non-compliance or an
unreasonable exposure to significant instances of non-compliance.
1100 QUALITY ASSURANCE
1110 Principles of Quality Assurance
The Head of Internal Audit should design a quality assurance programme

to provide reasonable assurance that audit assignments conform to all
applicable standards and guidelines. Internal audit assignments should
be supervised and objectively reviewed for overall effectiveness and
compliance with relevant policies and standards. Supervision, internal
and external review should be carried out to maintain the internal
auditing department's capability to perform its functions in an efficient
and effective manner.
1120 Supervision of Internal Audit Assignments

Supervision of internal audit works should be carried out continually to
ensure conformance with internal auditing standards, public body
directives and audit programmes. Supervision should include adequate
planning and provision of suitable instructions to subordinates and
determination that the audit programme has been properly carried out
and documented. Supervision should be performed throughout the
planning, examination, evaluation, reporting and follow-up process.
Supervision should include ensuring that audits are conducted as planned

or that variations are approved; appropriate audit techniques are used and
audit findings, conclusions and recommendations are adequately
supported by relevant and sufficient evidence. Supervision should also
ensure that reports are accurate, objective, clear, concise and timely.
It should also extend to training and employee performance evaluation.

37
1130 Internal Review of Audit Assignments
Internal reviews should be performed periodically by experienced

members of the internal auditing staff to appraise the quality of the audit
assignment performed. These reviews should indicate the degree of
compliance with the Internal Audit Standards and guidelines and level of
the effectiveness and efficiency of the audit assignment. The review
should provide recommendations for improvement to be addressed to the
Head of the Internal Audit.
1140 External Review of Audit Assignments
Ministry of Finance and Economic Development should coordinate an

external review of the internal auditing department by persons who are
independent of the public body to appraise the quality of the audit
assignment. Experienced internal auditor of other public body may carry
out external review as a peer-review. These reviews should be
conducted within reasonable period of time depending upon the
significance of internal review, monitoring and in depth reviews by
independent external auditors, and provide recommendations for
improvement. The external review should appraise the independence
and objectivity of internal audit, the efficiency and effectiveness of the
approach to formulating the audit strategy and plans, the quality of
supervision and achievement of performance standard. . A copy of the
review report, which will be addressed to the head of the public body,
should be submitted to the Ministry of Finance and Economic
Development for follow up on the review findings and recommendations
1200 REPORTING
1210 Principles of Reporting
After the audit examination is completed, the Internal Auditor should

discuss conclusions and recommendations at appropriate levels of
management and issue a signed, objective, clear, concise, constructive
and timely written report with appropriate format (content). The report
should be addressed to the Head of the Public Body and should not be
issued to third parties without his knowledge.

38
1220 Objective, Clear, Concise, Constructive and Timely Reports
Internal audit reports should be objective. Objective reports are factual,

unbiased and free from distortion. Findings, conclusions and
recommendations should be included in the report without prejudice.
Internal audit reports should be clear, which can be easily understood
and logical. The Internal Auditor should avoid unnecessary technical
language and provide sufficient supportive information. Internal audit
reports should be concise and to the point and avoid unnecessary detail.
The reports should also be constructive which, as a result of their content
and tone, help the public body to achieve its objective effectively and
efficiently and lead to improvement where needed. The Internal
Auditors should issue their report timely without undue delay to enable
prompt effective action.
1230 Content and Format of Audit Reports
Audit reports should present the purpose, scope and results of the audit
and where appropriate, reports should also contain an expression of the
auditor's opinion. Purpose statement should describe the audit objectives
and may, where necessary, inform the reader why the audit was
conducted and what it was expected to achieve. Scope statement should
identify the audited activities and should include, where appropriate,
supportive information such as time period audited. The nature and
extent of auditing performed should also be described. Results may
include findings, conclusions (opinion) and recommendations.
1300 FOLLOW-UP ON REPORTED AUDIT FINDINGS AND

RECOMMENDATIONS
1310 Principles of Follow-up on Reported Audit Findings

The Internal Auditor should determine the adequacy, effectiveness and
timeliness of action taken by management of the public body on reported
findings.
1320 Nature, Timing and Extent of Follow-up
The Internal Auditor should determine appropriate follow-up procedures

depending upon the significance of the reported findings; risks that may
occur should the corrective action fail and the complexity of the
corrective action. The Internal Auditor should also consider the degree
of effort, the time period involved and the cost needed to correct the
reported condition.

39
1330 Techniques and Procedures of Follow-up
The Internal Auditor should establish a time frame within which

management's response to the audit findings is required and evaluate the
response received. The responses should include sufficient information
for the Internal Auditor to evaluate the adequacy and timeliness of
corrective action.
The Internal Auditor should receive periodic updates from management

in order to evaluate the status of management's efforts to correct
previously reported conditions.
The Head of Internal Audit should develop escalation procedures for any
management responses, which are judged to be inadequate in relation to
the identified risk. These procedures should ensure that the risks of not
taking action have been understood and accepted at a sufficiently senior
management level.

40
SECTION THREE
CODE OF ETHICS
Introduction
The purpose of Code of Ethics is to promote an ethical culture in the profession of internal
auditing.
Internal auditing is an independent, objective assurance and consulting activity designed

to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.
A code of ethics is necessary and appropriate for the profession of internal auditing, founded as
it is on the trust placed in its objective assurance about risk management, control, and
governance. The Code of Ethics extends beyond the definition of internal auditing to include
two essential components:
1. Principles that are relevant to the profession and practice of internal

auditing;
2. Rules of Conduct that describe behavior norms expected of internal auditors.

These rules are an aid to interpreting the Principles into practical
applications and are intended to guide the ethical conduct of internal
auditors.
APPLICABILITY AND ENFORCEMENT
This Code of Ethics applies to both individuals and units that provide internal auditing services.

41
PRINCIPLES
Internal auditors are expected to apply and uphold the following principles:
Integrity
Integrity is the core valve of a Code of Ethics. Internal auditors have a duty to adhere to
a high standard of behavior (e.g. honesty and candidness) in the course of their work.
The relationship with fellow colleagues and external contacts should be one of honesty
and fairness. This establishes an environment of trust, which provides the basis for
reliance on all activities carried out by the internal audit team.
Integrity can be measured in terms of what is right and just. Integrity requires the
internal auditors to observe both the form and the spirit of auditing and ethical
standards.
Objectives
Objectivity is a state of mind that has regard to all considerations relevant to the activity
or process being examined without being unduly influenced by personal interest or the
views of others. Members of the internal audit team should display appropriate
professional objectivity when gathering, evaluating, providing their opinions,
assessments and recommendations.
Confidentiality
Members of the internal audit team should safeguard the information they receive in
carrying out their duties. There should not be any unauthorized disclosure of
information unless there is a legal or professional requirement to do so. Confidential
information gained in the course of audit duties should not also be used to effect
personal gain.
Competency
Members of the internal audit team should apply the knowledge, skills and experience
needed in the performance of their duties. They should carry out their work according
to the standards set out in the Government Internal Audit Standard. They should not
accept or perform work that they are not competent to undertake unless they receive
adequate advice and support to competently carry out the work.

42
RULES OF CONDUCT
1. Integrity
Internal Auditors:
1.1 shall perform their work with honesty, diligence, and responsibility;
1.2 shall observe the law and make disclosures expected by the law and the
profession;
1.3 shall not knowingly be a party to any illegal activity, or engage in acts
that are discreditable to the profession of internal auditing or to the
organization;
1.4 shall respect and contribute to the legitimate and ethical objectives of the
organization.
2. Objectivity
Internal Auditors:
2.1 shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment. This participation includes
those activities or relationships that may be in conflict with the interests of
the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their
professional judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may
distort the reporting of the activities under review.
3. Confidentiality
Internal Auditors:
3.1 shall be prudent in the use and protection of information acquired in the
course of their duties.
3.2 Shall not use information for any personal gain or in any manner that
would be contrary to the law or detrimental to the legitimate and ethical
objectives of the organization.

43
4. Competency
Internal Auditors:
4.1 Shall engage only in those services for which they have the necessary
knowledge, skills and experience.
4.2 Shall perform internal auditing services in accordance with the Internal
Audit Standards of Public Bodies of Government of Ethiopia.
4.3 Shall continually improve their proficiency and the effectiveness and
quality of their services

44
INTERNAL AUDIT MANUAL PART THREE
SECTION I : INTERNAL CONTROL SYSTEM
Introduction
1. Internal control system includes all the policies and procedures adopted by the Head of the
public body to assist in achieving its objective and ensuring, as far as practicable, the orderly,
economical, efficient, and effective conduct of its operation, including adherence to internal
policies, government’s policies, rules and regulations, the safeguarding of assets, the
prevention and detection of fraud and error, the accuracy and completeness of the accounting
records, and the timely preparation of reliable financial and management information and
fairly disclosing that data in a timely report.
2. It is a responsibility of the Head of the public body to determine the internal control system,
which is appropriate to the public body. The nature and extent of controls will vary between
public bodies and also from one part of a public body to another. The controls used will
depend on the nature, size and volume of the activities, the degree of control which
management is able to exercise personally, geographical distribution, and many other factors.
The choice of controls may reflect a comparison of the cost of operating individual controls
against the benefits expected to be derived there from.
3. Internal control system comprises the control environment and control procedure. Control
environment means the overall attitude, awareness and actions of the management regarding
internal control and their importance in the public body. The control environment
encompasses the management style and culture, and values shared by all employees. It
provides the background against which the various controls are carried out. However, a strong
control environment does not, by itself, ensure the effectiveness of the overall internal control
system. Factors reflected in the environment include: -
• The philosophy and operating style of the management;
• The public body’s organizational structure and methods of assigning authority and
responsibility (including segregation of duties and supervision controls); and
• The management’s method of imposing control, including the internal audit function,
personnel policies and procedures, in particular the competence and integrity of
internal auditors.
4. Control procedures are those policies and procedures in addition to the control environment,
which are established to achieve the public body’s specific objectives.

45
Types of Internal Control.
5. When describing internal controls by their role in the public body, they have often been
organized into two: financial controls, which are primarily concerned with legitimacy of
expenditure and the security of assets and income; and management controls, which are
created and maintained by management to ensure that an activity is relevant to the needs of a
public body and is carried out in the most effective manner. These categories are
interdependent, and should not be regarded in isolation, as both have an impact on the
performance of activities and their consequent cost and value to the public body.
Financial Control
6. Financial control is a series of actions which is considered to be part of the total internal
control system concerned with realizing the financial goals of the entity. This includes
compliance with accounting and financial policies and procedures, safeguarding the entity’s
resources and preparing reliable financial reports.
The main areas of financial control can be more closely defined as follows:-
• Budgetary Control: The public body should plan and control its expenditure and
income to meet its predetermined objectives.
• Legitimacy of Income and Expenditure: All income and expenditure should be in

accordance with the policies of the public body, should be properly authorized and
should be within the law.
• Security of Assets: Assets of the public body should be kept in proper custody and not
wrongly applied, either by error or intent.
• Accounting Controls: All transactions should be correctly recorded and accurately

processed, and control accounts maintained
Management Control
7. Management control is a series of actions, being an integral part of the internal control system,
concerned with administrative procedures needed to make managerial decisions in orders to
archive, the highest possible economic and administrative efficiency and ensure the
implementation of administrative policies, whether related to financial affairs or otherwise.
The nature of management controls will vary widely according to the type of activity, which is
under review. However, there are several basic control areas which could be applied
including:

46
• Objectives: The public body should regularly review its objectives relating to any
operational activity and determine the methods needed to achieve them. The Head of
public body has the responsibility for determining objectives, policies and plans, and
the internal auditor should not intervene in such processes. An audit may show
inadequate controls on the supply of information to management for decision making.
These aspects are legitimate areas of audit concern, and may well require comments on
the correctness of the decisions themselves, but the internal auditor should be wary of
basing comments purely on the advantages given by hindsight.
• Procedures: Staff at all levels need to be regularly informed both of their overall
objectives and the organizational procedures which are to be followed in order to
ensure the achievement of the operational activity.
• Organization: The organizational structure should be clearly defined and adequate to

ensure that staffs appreciate their role, responsibilities and obligations.
Control Objectives
8. Control objectives can be defined as the purpose for which controls have been designed and in
a large organization doing many different things, these can vary substantially. Control
objectives have the following features: -
• Essentially, control objectives relate to the purpose to which the control relates i.e.
what it is designed to do in relation to the system under consideration.
• The purpose of setting control objectives is to ensure that it is not just the greatest
number of controls which are evaluated, but rather to identify those most efficient and
effective in achieving the objectives for the particular systems being evaluated.
• Because systems can serve so many different objectives, a complete list of control
objectives for all areas which are auditable is not practicable. However, control
objectives for many of the common systems used for planning purposes such as
payments, payroll, etc., can be standardized to a far greater degree. This is dealt with
further in part four.
• Management Information: Management needs to be continually informed with relevant

and up-to-date information, of the financial and operational performance of any activity
under its control.
• Supervision: Systems of supervision and internal check e.g.. division of duties,

independent checking of work, quality of control etc., should be maintained to ensure
that breakdowns, including irregularities and fraud, or weaknesses within the operation
are revealed at an early stage.

47
• Reviews of Operational Effectiveness: management should regularly review the

effectiveness and efficiency of operations under its control, and consider their
continued relevance in the light of changing circumstances.
9. The particular controls which are used to achieve these objectives generally fit in one of the
following categories: -
• directive - to cause or encourage a desirable event to occur (for example, by

establishing procedure for an operation)
• preventive – to deter undesirable event (for example, by segregation of duties and

authorization requirements)
• detective – to detect and correct undesirable events that have occurred (for example, by
establishing standard to detect various irregularities)
• corrective –to correct errors that have been detected ( for example, by collecting an
over payment to a vendor)
10. In practice, the distinction among these categories and types is often difficult to recognize
because an effective internal control structure requires elements of each. Even the descriptions
of each category of control can vary among individuals. However, regardless of how internal
controls are organized or defined, they should not be thought of as alternatives to each other.
They should be complementary. Any one control has advantages and disadvantages, so an
effective internal control structure uses a mix of controls to compensate for the particular
disadvantages of individual controls.
11. Controls can also be identified at three levels: organizational arrangements, basic controls and
methods of supervising basic controls.
11.1 Organizational arrangements include:
• organizational structure
• levels of authority
• competence of staff
• accounting records
• documentation
• management information
• internal audit

48
11.2 Basic controls include:
• Documentation: A public body must have written evidence of its internal control
structure, including its objectives and control procedures, and all pertinent aspects
of significant events and transactions. Also, the documentation must be available
and easily accessible for examination by appropriate personnel and the auditors.
Documentation of the internal control structure should include identification of an
organization’s structure and policies and its operating categories and related
objectives and control procedures. These should appear in documents such as
management directives, administrative policies, procedures manuals, and
accounting manuals. Documentation of transactions or significant events should be
complete and accurate and should enable each transaction or event (and related
information) to be traced from its inception, while it is in process, to after it is
completed.
• Pre-numbering originating documents, such as goods received notes, cash

receipts and sales invoices, and accounting for all numbers. If the system provides
that all transactions must originate and be authorized on specified forms, and these
forms are sequentially numbered at the time of printing, then by controlling the
issue of the forms and accounting for all numbers issued, the department can ensure
that all authorized transactions are recorded in the books or that all missing
numbers are identified. Such missing numbers then need to be investigated. For
this purpose cancelled documents should be marked accordingly and retained.
Originating documents from outside the department, such as purchase invoices, can
be numbered serially as received and entered in a register. This numbering
technique is designed to ensure that all transactions are accounted for, i.e. to secure
the completeness of recording of transactions.
• Prompt and proper recording of transactions and events: Transactions and

significant events are to be promptly recorded and properly classified. Transactions
and events must be promptly recorded when they occur if information is to
maintain its relevance and value to management in controlling operations and
making decisions. This applies to the entire process or life cycle of a transaction or
event, including the initiation and authorization, all stages while in process, and its
final classification in summary records. It also applies to promptly updating all
documentation to keep it relevant. Proper classification of transactions and events
is also required to ensure that reliable information is available to management.
Proper classification is the organizing and formatting of information from which
reports, schedules, and financial statements are prepared.

49
• Maintaining total accounts: to provide an independent overall control over the

ledgers to which they relate. Value totals of items to be processed are recorded in a
control account and the balance on the control account is agreed periodically with
the total of the balances on the appropriate ledger. Thus sales or purchase invoices
are posted in total to the control account as well as being posted in detail to the
appropriate ledger accounts. The total of the balances on the individual ledger
accounts should then be reconciled with the control account balance at regular
intervals and any differences investigated. This technique is designed to ensure the
completeness and arithmetical accuracy of postings to the detailed ledgers, e.g. for
debtors or creditors. However, it should be appreciated that it will not detect
postings made in error to one detailed account instead of another in the same
ledger, nor any incorrect amounts that are recorded in both the control account and
the detailed ledger.
• Detailed checking of one document or accounting record against another: for

example, the comparison of a cheque drawn in settlement of an invoice with the
relevant invoice and goods received note will provide assurance that the cheque has
been accurately prepared and is a valid payment.
• Authorization of documents after examination and checking by a responsible

person before any further processing takes place. The authorization should be
evidenced by the person’s signature on the document or the file copy thereof. This
is the most common technique to ensure validity of transactions.
• Verifying records with evidence from outside sources such as the regular
comparison of the cash book with the bank statement. This technique can ensure
the validity of transactions and the accuracy of the records.
• Checking the records by verifying the physical existence of the assets to which
they relate, such as continuous stocktaking, periodical surprise cash counts and
periodic inspection of the items recorded in the fixed asset register. Such checking
helps to ensure the validity of transactions and the accuracy of the records.
• Scrutinizing or overall reviews to identify large or unusual items, which may

not have been picked up by means of one of the other, control techniques. This
technique may also identify errors, which have occurred in spite of the use of the
techniques already mentioned.
11.3 Supervision of basic controls includes:
• Supervisory controls (final approvals by senior staff after detailed checking has
occurred)
• Segregation of duties (this ensures that no one individual handles a transaction from
beginning to end)

50
• Physical controls (these mostly concern the custody and protection of assets)
Economic Use of Resources/Value for Money
12. Primarily, the responsibility of internal audit is to examine systems of control. Nevertheless,
the auditor should look beyond controls to the relationship of expenditure to the objectives of
the organization, e.g. cost effectiveness, utilization of resources.
Effective Internal Control System
13. To be effective, internal controls must satisfy three basic criteria:-
• They must be appropriate (that is, the right control in the right place and
commensurate to the risk involved).
• They must function consistently as planned throughout the period (that is, be
complied with carefully by all employees involved and not bypassed when key
personnel are away or the workload is heavy).
• They must be cost effective (that is, the cost of implementing the control should not
exceed the benefits derived).
Reasonable Assurance
14. Internal control structures are to provide reasonable assurance that the general objectives will
be accomplished. Reasonable assurance equates to a satisfactory level of confidence under
given considerations of costs, benefits, and risks. Determining how much assurance is
reasonable requires judgment. In exercising that judgment, managers should:-
• Identify the risks inherent in their operations and the acceptable levels of risk under
varying circumstances; and
• Assess risk both quantitatively and qualitatively.
15. Reasonable assurance recognizes that the cost of internal control should not exceed the benefit
derived. Cost refers to the financial measure of resources consumed in accomplishing a
specified purpose and the economic measure of a lost opportunity, such as a delay in
operations, a decline in service levels or productivity, or low employee morale. A benefit is
measured by the degree to which the risk of failing to achieve a stated objective is reduced.
Examples include increasing the probability of detecting fraud, waste, abuse, or error;
preventing an improper activity; or enhancing regulatory compliance.

51
16. Designing internal controls that are cost beneficial while reducing risk to an acceptable level
requires that managers clearly understand the overall objectives to be achieved. Government
managers may design systems with excessive controls in one area of their operations that
adversely affect other operations. For example, employees may try to circumvent burdensome
procedures, inefficient operations may cause delays, and diluted responsibilities may make it
difficult to identify accountable individuals. Thus, benefits derived from excessive controls in
one area may be outweighed by increased costs in other activities.
Limitations of Internal Control Systems
17. However well designed, internal control systems are still vulnerable. Thus the presence of
internal controls is no guarantee that their objectives will be fulfilled. Some of the obvious
risks are:-
• Abuse of authorization responsibilities
• Collusion between two or more members of staff (thus negating the segregation of
duties)
• Collusion with interests outside the entity (e.g. with suppliers)
• Fraud
• Systems which present obvious opportunities for abuse
• Failure of top management to act decisively on breaches of internal control systems
• Destruction of evidence by those responsible for abuses
To maintain an internal control structure that would eliminate the risk of loss is not realistic
and would probably cost more than is warranted by the benefit derived.
18. Because any internal control structure depends on the human factor, it is subject to flaws in
design, errors of judgment or interpretation, misunderstanding, carelessness, fatigue, or
distraction. While the competence and integrity of the personnel designing and operating the
system may be controlled by selection and training, these qualities may alter due to pressures
from within and outside the public body. Furthermore, no matter how competent the staff, the
control they operate may become ineffective if they do not correctly understand their function
in the control process or choose to ignore it.
Conclusion

52
19. Complying with instructions and regulations is an important part of maintaining internal
controls. But it is quite a small part of the picture. For healthy internal control systems the
active involvement of management is needed. The following are some of management’s major
responsibilities:
• Establishing compliance controls of two types (a) External Control to ensure

compliance with rules established by bodies external to the entity (e.g. laws,
proclamations and regulations) and (b) Internal Control to ensure compliance with
rules established by management for the proper management of the entity.
• Disseminating information to staff members so that they are familiar with

Accounting Controls (e.g. understand the segregation of duties; authorization
procedures; recording instructions, systems of internal check etc.) and know where
to look for written procedural guidance for Administrative Controls.
• Employing internal auditors to evaluate the status of controls and to report on their
adequacy.
• Improving controls and addressing weaknesses in response to the findings and

recommendations of internal auditors.
• Taking rapid and decisive action against those found guilty of breaking internal
controls.
• Informing staff of the presence of controls, of instances of detected abuse and of the
penalties imposed, as a deterrent to further abuse.
• Maintaining the effectiveness of the internal control system on a continuous basis.
Notes on preventive control
20. The types of control which management can deploy as preventive control include: -
Planning
20.1 Planning involves:-
• Clear definitions of objectives and targets;
• Forecasts of activity, operational requirements and external factors which may

affect the achievement of objectives;
• Specification of the desired level of control;

53
• Setting of standards of performance;
• Definition, wherever possible, of the outputs of a system and the criteria for
measuring them;
• Evaluation of different options for achieving objectives;
• Anticipation of contingencies, and the devising of suitable action to take in

response;
• An indication of the relative priorities of objectives, targets and their related

activities.
Organizing
20.2 Organizing involves:
• Clear and documented definition of the responsibilities of individuals and groups

for resources, activities, objectives and targets;
• Establishing clear reporting lines;
• Finding the most efficient balance of duties between organizational groups: for
example, headquarters and operations; management and staff; specialists and
generalists;
• Establishing the most effective spans of command;
• Establishing effective means of communication throughout the public body;
• Separating duties to avoid conflicts of interest or opportunities for abuse;
• Avoiding undue reliance on one individual, particularly for internal control.
Delegating Authority and Establishing Levels of Authorization
20.3 In large organizations, delegation of authority is made from superior to lower levels
of management to permit improved decision-making. Delegation of authority has to
be clear and related to the organizational responsibilities of the persons concerned.
Delegations of authority are usually set according to the nature of activity delegated
and the types of decision, which the manager may make without referring the matter
upwards for permission from the immediate superior.
20.4 Levels of authorization are set to clarify the nature and limits of delegations of
authority. Key features are:

54
• Setting of monetary limits for various types of decision.
• Allocation of defined authority to particular managers for particular types of

decision.
• Segregation of delegated authority so that no one manager may commit the

organization with respect to certain types of decision.
• Checks to ensure that delegated authority is exercised as intended.
Segregation of Duties
20.5 Key duties and responsibilities in authorizing, processing, recording, and reviewing
transactions and events should be separated among individuals. To reduce the risk of
error, waste, or wrongful acts and the risk of not detecting such problems, no one
individual or section should control all key stages of a transaction or event. Rather,
duties and responsibilities should be assigned systematically to a number of
individuals to ensure that effective checks and balances exist. Key duties include
authorizing and recording transactions, issuing and receiving assets, making
payments, and reviewing or auditing transactions. Collusion, however, can reduce or
destroy the effectiveness of this internal control technique.
Staffing
20.6 Adequate staffing is essential for a system to function to its full capability.
Weakness in staffing can lead to mismanagement, error and abuse, which can negate
the effect of other controls. The major areas requiring attention are as follows: -
• Identification and review of the staffing needs: numbers, grades, experience and
expertise levels.
• Recruiting, selecting and training staff to meet the needs.
• Monitoring performance of individuals and groups.
• Staff development including training to achieve the full potential of staff.
20.7 Management and employees are to have personal and professional integrity and are
to maintain a level of competence that allows them to understand the importance of

55
developing, implementing, and maintaining good internal controls and to accomplish

the general objectives of internal controls.
20.8 Management and their staff must maintain and demonstrate personal and professional
integrity and ethical values, a level of skill necessary to ensure effective and efficient
performance, and an understanding of internal controls sufficient to effectively
discharge their responsibilities.
20.9 Many elements influence the integrity of Heads of public bodies and their staff. The
tone at the top is important. Personnel should periodically be reminded of their
obligations under an operative code of conduct that comes from top management.
Counseling and performance appraisals are also important. Overall performance
appraisals are also important. Overall performance appraisals should be based on an
assessment of many critical factors, including the implementation and maintenance
of effective internal controls.
Access to and accountability for resources and records
20.10 Access to resources and records is to be limited to authorized individuals who are
accountable for their custody or use. To ensure accountability, the resources are to
be periodically compared with the recorded amounts to determine whether the two
agree. The assets’ vulnerability should determine the frequency of the comparison.
20.11 Restricting access to resources reduces the risk of unauthorized use or loss to the
government and helps in achieving the public body's directives. The degree of
restriction depends on the vulnerability of the resource and the perceived risk of loss,
both of which should be periodically assessed. The major aspects are:-
• Access controls such as secure custody, identity cards, passwords and

computer log-in.
• Physical checks on assets and records such as taking of inventory, security

inspections etc.
• Environmental controls such as thermostats, health and safety inspections.
• The locations chosen for activities, assets and records.
Supervision of Operations

56
20.12 Supervision requires seniors to monitor the work done by their juniors. It covers
aspects such as conformity with instructions, timeliness, completeness, propriety of
actions, conformity with delegated authority, behavior etc. The scrutiny of work
done by subordinates helps to ensure its quality. It provides a check that staff is
performing according to the standards, needs and objectives of the public body.
Providing Manuals, Instructions and Standard Formats
20.13 Public bodies directives and procedures should be documented. Staff should be
aware of them and trained to ensure that they are followed. Written guidance and
procedural manuals should be clear, unambiguous and easy to refer to. They should
be accessible to all relevant staff. Management should check that they are read,
understood and implemented. Guidance documents should be reviewed regularly.
Changes should be brought to the attention of staff. Standards of documentation
should be established and enforced to ensure an adequate information base for
decisions. This enables management, auditors and other reviewers to follow the
course of operations and transactions and to identify errors or poor performance.

57
SECTION II: EVALUATING INTERNAL CONTROLS
Introduction
1. Evaluating and reporting on internal controls for improvements is the internal auditor's
main responsibility. This involves:
• identifying existing controls, documenting their characteristics and identifying

the areas not covered by controls.
• understanding the purposes of existing controls.
• establishing criteria with which to judge the adequacy of internal controls.
• testing controls to check whether they operate effectively (meet the criteria,
achieve their purposes).
• reporting to management on the operation of controls.
• recommending remedial action where necessary to improve internal controls.
The aim is to provide the necessary assurance to management that controls are
adequate in principle and practice.
2. Criteria for evaluating controls are: relevance, cost of operation (both direct and
indirect), feasibility, effectiveness in meeting control objectives,
complexity/simplicity and adequacy.
3. The internal auditor can use questionnaires to evaluate the internal control system
of a public body. Internal control questionnaires and internal control evaluation
questionnaires will be discussed in this section.
Internal control questionnaires
4. Internal control questionnaires (ICQS) are used to ask whether controls exist which
meet specific control objectives. The major question which internal control
questionnaires are designed to answer is ‘How good is the system of controls?’
Where strengths are not identified, the auditors will perform work in the relevant
areas. If, however, weaknesses are discovered they should then ask what errors or
irregularities could be made possible by these weaknesses.

58
5. Although there are many different forms of ICQS in practice, they mainly comprise
a list of questions designed to determine whether effective controls are
implemented. Since it is the primary purpose of an ICQ to evaluate the system
rather than describe it, one of the most effective ways of designating the
questionnaire is to phrase the questions so that all the answers can be given as
‘YES’ or ‘NO’ and a ‘NO’ answer indicates a weakness in the system. Example of
ICQs are given in Annex XIX - XXVII.
6. One of the strengths of ICQs is that they facilitate the orderly evaluation of controls
present in a system. A weakness of ICQs is that they can promote a somewhat
standardized approach to evaluation. The answering of the question become an end
in itself, rather than the means to an end. The auditors are concerned whether the
controls do or do not prevent the possibility of material errors occurring. This is
not always easy to determine with an ICQ where the questions are notionally of
equal weight. In many systems a particular ‘No’ answer (Say, referring to a lack of
segregation of duties) may cancel the apparent value of a string of ‘Yes’ answers.
Each situation must be judged on its own merits and hence, although the ICQs are a
standard pre-printed pack, they should be used with imagination. As using ICQs is
a skilled and responsible task, the evaluation should be performed by a senior
member of the audit team.
Internal Control Evaluation Questionnaires (ICEQS)
7. Internal Control Evaluation Questionnaires (ICEQS) are used to determine whether

there are controls which prevent or detect specified errors or omissions. This is an
evaluation technique more concerned with assessing whether specific errors (or
frauds) are possible rather than establishing whether certain effective controls are
present. This is achieved by reducing the control criteria for each transaction
stream down to a handful of key questions (or control questions) whose
characteristics is that they concentrate on the significant errors or commission that
could occur at each phase of the appropriate cycle if controls are weak. Each key
control question is supported by detailed control points to be considered in relation
to key control question for the system. An example of ICEQ is given in annex
XXVIII.
8. Two types of test of controls can be identified:
• substantive tests (tests that check that the output of a system is correct e.g.
that the financial statements have been correctly compiled in relation to the
accounting records)
• compliance tests (tests that check whether observed actions conform with the
relevant regulations, requirements, instructions etc.)

59
External auditors are more concerned with the former because they need to express
an opinion on the reliability of the financial statements. Internal auditors are more
concerned with the latter because their job is to advise the Head of the public body
on the adequacy of internal controls.
9. Compliance testing presents four major issues:
• what controls are to be checked.
• what types of compliance test are to be carried out.
• how much compliance testing to carry out.
• determining the impact of errors etc. on the effectiveness of controls.
What controls to check?
10. This is probably the most important of all audit choices. The auditor must
understand the entity which is to be audited: its structure, locations, staffing,
methods of work, resources, responsibilities, objectives and controls. The auditor
must also understand that the resources available for carrying out the audit are
limited. Then the fact that a choice is needed (of what controls to check) becomes
more obvious.
11. The key to this choice is the ability to distinguish what is relevant and important,
from what is not. In deciding what is relevant and important the following may be
considered:
• the amounts of money involved (for instance if 80% of expenditure is made

up of 30 large transactions and the other 20% of 4000 transactions, a good
audit coverage could be obtained by auditing all 30 large transactions and a
sample of the 4000 small transactions. It would cover more than the 80% of
expenditure by value, but a much smaller proportion by number of
transactions checked).
• the major responsibilities of the public body (for instance if the

responsibilities of the public body lie in three main areas)
a. with 60% of the expenditure;

b. with 30% of the expenditure; and

60
c. with the rest, the resources available for audit could be allocated in
similar proportions and this would lead to controls being checked
throughout the entity.)
• the amounts and types of asset held by the public body (for instance if the
public body holds large inventories or uses a large fleet of vehicles these may
be the focus of compliance tests).
• the areas of greatest risk (this is partly a reflection of the amounts of money
involved as already discussed, but the choice is also influenced by the
possible extent of losses. An indicator might be losses, frauds etc. uncovered
by previous audits or by other means. The auditor has to gain some idea of
the probability of loss and combine it with an idea of the amounts of
money/resources which may be vulnerable to loss).
• the areas where the management considers itself most vulnerable to loss,
abuse etc.
• procurement (this is inherently an area of high risk. The auditor must assess
the importance of procurement relative to other activities of the public body.
If procurement is important, the audit will have to reflect this).
• the strength of internal control systems as revealed by previous audits

(identified weaknesses will be the focus of tests of controls).
12. Using criteria of this sort the auditor should be able to explain why particular
controls are to be checked intensively and why others are to be checked less
intensively and why the audit takes a particular shape.
What types of compliance test to carry out?
13. The following are the major types of compliance check, the first being by far the
most prevalent and in the majority of cases, the most important:
• Verification of documents - Each process leaves a documentary trail. This

can be followed for all like transactions (e.g. all purchase invoices) or it can
be followed throughout the entire history of a transaction (e.g. all purchases
covering order, delivery, entry into stores, payable amount and payment and
issue from stores). The one verifies whether a single process is operating
correctly; the other whether linked processes are working correctly as a chain.

61
Possible verification techniques include: vouching (checking all the relevant

details of sampled documents); confirmation by third parties (for example
checking amounts payable to suppliers, or cash book transactions against bank
statements); comparison of similar transactions (for example checking of a
series of documents for similar signatures).
• Observation - Sometimes documentary evidence is missing or actual

procedures differ from official instructions. Observation supplements
verification of documents. It is necessary for example in counting physical
inventory and the payment of wages when payment is made in notes and coin.
It can also be used to see how safes and secure areas are managed and how
documents are kept.
• Enquiry/interview - Actual procedures may differ from designed procedures.

Enquiry may be necessary to find out how staff members interpret and
implement controls and necessary actions. Enquiry and interview throw
important light on informal as well as formal procedures.
• Re-performance - It may be possible to set up dummy transactions and to test

how transactions are in fact handled. This allows comparison between
controls as designed and controls in operation. Alternatively a task that has
been verified as part of a system of internal control, may be re-verified by the
auditor (for example checking the correctness of a bank reconciliation).
How much compliance testing to carry out?
14. One hundred per cent checking is impossible because of limited audit resources.
Selection is therefore necessary. The main selection criteria are:
• size of transaction (i.e. monetary amount).
• risk to the entity.
• importance to management.
• "sensitivity" of the transaction (i.e. particular transactions such as entertaining

expenses may be quite small but still important due to their sensitivity).

62
15. Let us assume that we employ only one of the above criteria (size of monetary
amount) and that the audit concerns physical controls on the acquisition of
materials to be used in construction contracts, the decision on compliance testing
might be as follows:
Purchase amount % of cases

in 000 Birr to be examined
1-5 5
6-10 10
10-25 25
25-50 50
Over 50 100
The result of this is that the intensity of compliance testing is related directly to the
amounts of money involved.
16. On the one hand more cases will give greater certainty about findings; on the other
the larger the number of cases examined the higher the cost. Take for example an
examination of vehicle log books. Ninety per cent of logbooks have been examined
and audit findings established. What will be the likely effect on audit findings, if
the final 10 % are checked? If the characteristics which are the subject of audit are
evenly distributed throughout the universe of logbooks, the likely effect will
approach zero. But if the logbooks in the final 10% of cases are quite different
from the other logbooks (e.g. they are the logbooks of vehicles allocated to
managers), the effect on audit findings could be considerable.
17. If information systems are computerized (depending on the adequacy of these

systems) the population of transactions subject to audit and their key characteristics
can be down-loaded to the auditor's computer and manipulated so that sampling can
take place. However, many systems lack the capacity for this. The auditor is left
with less than ideal sampling methods: judgmental sampling and stratified sampling
(an example is given in paragraph 15 above). Provided that sampling follows the
basic criteria explained in paragraph 10 above, it will result in selective compliance
checks proportionate to risk, and this is what is needed.
Audit sampling
18. The internal auditor can arrive at valid conclusion using audit sampling. 'Audit
sampling' means the application of audit procedures to less than 100% of the items
within an account balance or class of transactions to enable auditors to obtain and
evaluate audit evidence about some characteristics of the items selected in order to
form or assist in forming a conclusion concerning the population which makes up
the account balance or class of transactions.

63
19. It is important to recognize that certain testing procedures do not come within the
definition of sampling. Tests performed on 100% of the items within a population
do not involve sampling. Likewise applying audit procedures to all items within a
population which have a particular characteristic (for example all items over a
certain amount) does not qualify as audit sampling with respect to the portion of the
population examined, nor with regard to the population as a whole, since the items
were not selected from the total population on a basis that was expected to be
representative.
Design of the sample
20. When designing the size and structure of an audit sample, auditors should consider
the specific internal control objective the nature of the population from which they
wish to sample, and the sampling and selection methods. When audit sampling is
appropriate, considerations or other characteristics relating to that evidence assists
internal auditors in defining what constitutes an error and what population to use for
procedures; auditors may be concerned with matters such as whether an invoice was
clerically checked and properly approved.
21. To assist in the efficient and effective design of the sample, stratification may be
appropriate. Stratification is the process of dividing a population into sub-
populations, each of which is a group of sampling units, which have similar
characteristics (often monetary value). The strata are explicitly defined so that each
sampling unit can belong to only one stratum. This process can be used to reduce
the variability of the items within each stratum. Stratification therefore enables
auditors to direct audit effect towards the items which, for example, contain the
greatest.
Sample size
22. When determining sample sizes, internal auditors should consider sampling risk and
the extent to which they expect to find errors. Sampling risk arises from the
possibility that internal auditors' conclusion, based on a sample, may be different
from the conclusion that would be reached if the entire population were subjected to
the same audit test.
23. Sampling risk can be contrasted with non-sampling risk which arises when internal
auditors use any audit procedures. Non-sampling risk arises because, for example,
most audit evidence is persuasive rather than conclusive, or internal auditors might
use inappropriate procedures or might misinterpret evidence and thus fail to
recognize an error or irregularities. Internal auditors should attempt to reduce non-
sample risk to a negligible level by appropriate planning, direction, supervision and
review.

64
24. If internal auditors expect errors to be present in the population, a larger sample
than when no error is expected generally has to be examined. The size and
frequency of errors is important in assessing the sample size. Large sample sizes
arise, for the same overall error, if there are a few large errors compared to where
there are many small ones. Smaller sample sizes result when the population is
expected to be error free. If the expected error rate is high then sampling may not
be appropriate. In determining the expected error in a population, auditors consider
such matters as the size and frequency of errors identified in previous audits,
changes in the public body's procedures and evidence available from other
procedures.
Selection of the sample
25. Internal auditor should select sample items in such a way that the sample can be
expected to be representative of the population in respect of the characteristics
being tested. For a sample to be representative of the population, all items in the
population are required to have an equal or known probability of being selected.
26. While there are a number of selection methods, three methods commonly used are:
• random selection, which ensures that all items in the population have an
equal chance of selection, for example by use of random number tables;
• systematic selection, which involves selecting items using a constant

interval between selections, the first interval having a random start. When
using systematic selection, internal auditors ensure that the population is not
structured in such a manner that the sampling interval corresponds with a
particular pattern in the population; and
• haphazard selection, which may be an acceptable alternative to random

selection provided internal auditors are satisfied that the sample is
representative of the entire population. This method requires care to guard
against making a selection which is biased, for example towards items
which are easily located, as they may not be representative.
Evaluation of sample results

65
27. It does not follow that internal control systems are ineffective, just because errors
have been detected in them. A judgment is needed on the significance of errors and
their frequency before any judgment can be made. For example, the signatures on
purchase orders have been wrong for several months because of absence and
temporary replacement of the concerned member of staff, without any change in
authorized signatories. There is certainly a control weakness (not updating
authorized signatories) but it may not be a serious weakness (for example if no
adverse consequences could be detected because other compensating controls were
working).
28. Internal auditors therefore need to understand fully the implications of errors
discovered. The common reaction to internal audit is that it is all about
faultfinding. Internal auditors are seen as petty policemen. This perception has to
be changed. One way to do this is to assess:
• the severity and frequency of errors discovered.
• their impact on the integrity of the internal control system.
• the actual evidence of loss, wastage, abuse etc.
• whether internal control systems are at real risk.

29. The internal auditor should consider the above situations and advise management
accordingly.
30. We do not want internal auditors to be ignored because of their previous
reputations. We therefore require them to raise the alarm only when the alarm
needs to be raised. This requires judgment and an approach similar to that given in
paragraph 27. The nature of the alarm has to be proportionate to the severity of the
problems discovered. To do this requires the internal auditor to restrain what may
be customary impulses:
• taking undue pleasure from the discovery and reporting of errors.
• regarding the discovery of errors as the final objective of internal audit.
• walking away from helping management to take necessary remedial actions.

Instead, internal auditors have to exercise objectivity, tact and maturity in helping
managers to understand the nature and severity of their internal control problems,
and in advising on appropriate remedies. Of course an appropriate remedy cannot
be in the form, "in future don't make such errors". That is why a risk based
systematic approach to audit (Part II, Section Three) is so important.

66
SECTION III: AUDIT APPROACHES
Introduction
1. The history of auditing shows a gradual change over time, as different

approaches to auditing emerged including: -
• The vouching approach
• The system based approach
• The risk based systematic approach
2. These approaches will be described in this section.
The vouching approach
3. The initial stage of audit was primarily based on the concept of vouching. This
approach involved the checking of entries in the accounting records with the
appropriate vouchers, i.e. the documentary evidence. It was very common for
the auditor to check in detail a substantial portion of all documentary evidences
before concluding the audit. For instance, audit programmes under the vouching
concept of audit would normally specify rigidly predetermined testing volumes
unrelated to the particular situation, such as “vouch three months purchase
invoices”.
4. Under the vouching concept of audit the apparently extensive coverage was
exceptionally shallow, being confined to one “horizontal plane” of entries all of
an identical nature. Tests at any particular stage were unrelated to any other
state. For example, auditors may vouch a vast number of day book entries
against supplier’s invoices (all tests being in the same “plane”, hence the term
“horizontal”), without considering the need to test these entries against purchase
orders or any other documents related “vertically”.
5. Each transaction or event is considered on its own as unrelated phenomena and

checked for its validity. The defects of this approach are readily evident:
• it would be, in the majority of cases, extremely time - consuming as well

as being extremely costly.

67
• it would prove little about 'Completeness' of financial records since the

internal auditor would only be checking transactions or events which are
disclosed.
• all transactions or events, however insignificant, have an equal

opportunity of audit which results in audit of trivial matters but leaves
significant matters unaudited.
• the events/transactions which are subject to audit are treated as unrelated

phenomena, not as components of systems.
• the results of audit findings tell us how many transactions etc. were
found to be defective and the types of defect found, but tell us nothing
about the systems which were "responsible" for the errors.
• gives no assurance that major systems are working as intended.
6. With the mushrooming of large groups of companies and conglomerates and the
defects of the vouching approach, it soon become obvious that auditors would
have to adopt a far more scientific approach to their work if they were to justify
the relatively small number of audit tests carried out in relation to the enormous
growth in the volume of transactions. This led to the emergence of the systems
based approach to auditing.
The system based approach
7. The system based audit approach correctly incorporates the principle that the
nature and depth of audit tests should take into account the extent to which the
system of internal control in operation “audits itself”.
8. In the system based approach, the internal auditor examines and tests the public
body’s internal control systems to see whether they are appropriate and effective
for the public body to achieve its objective. The system of internal control in
force determines the nature, the extent and the timing of subsequent audit tests
to be executed.
9. Generally, in a system based approach a much smaller number of audit tests are
required to be carried out in relation to the enormous volume of transactions and
in contrast to the extensive coverage under the traditional vouching approach to
audit. The justification for the relatively smaller number of audit tests lies in the
auditor placing reliance on the control in the “system”.

68
Procedures of the system based approach
10. The system based approach is a procedure whereby the internal auditors
identify, ascertain, record and confirm the system of a public body operations
and establish the objective of the control designed in the system and evaluate the
appropriateness and effectiveness of the control in achieving the objective of the
system.
11. A system is defined by the Institute of Internal Auditors as "an arrangement, set
or collection of concepts, parts, activities and/or people that are connected or
inter-related to achieve objectives and goals". A public body has systems for
managing personnel, recording and reporting financial data, acquiring inputs
from suppliers, etc. Each system is made up of a number of smaller components
(procedures, steps, checks, reviews, reports, decisions etc.). Clearly a system is
as good as its components, and will not achieve its objectives unless the
components are properly linked and controlled.
The system components
12. Systems vary in nature and purpose (systems for procurement, inventory,
recruitment, accounting, etc.). Systems are designed and their operations
monitored in order to enable the organization to meet its objectives. Resources
(inputs) are processed to provide results (outputs) in accordance with
predetermined purposes (objectives). Systems can be thought of as having five
basic components:
objectives
inputs
processes
outputs
controls

69
Objectives
13. Objectives are statements of what is to be achieved. Each system within the
public body has its own objective:
a) procurement systems are to procure items of adequate quality at lowest cost.
b) financial reporting systems are to inform decision-makers of essential facts

about the financial performance and status of the entity.
c) stores systems are to control their receipts and issuances, to make them
available in relation to need and to protect the items held.
14. Different systems should be coherent and mutually supportive (e.g. payroll and
accounting). However, where objectives are contradictory this may not be
possible (e.g. cost reduction may not be compatible with achieving maximum
impact). Managers of public bodies may need to think more about systems and
their objectives, as simply complying with regulations is only part of their job.
Inputs
15. Inputs are the resources used by the system (e.g. salaries are paid to secure the
services of staff). Inputs may include staff time, materials, services, supplies,
information and so on.
Process
16. Processing is the conversion of inputs to produce outputs. Public bodies have
numerous processes (e.g. authorization actions, purchasing supplies, issuing
inventory, controlling the quality of work etc.).
Outputs
17. Outputs are the products, effects and achievements of a system which result
from the processing of inputs. Some outputs are intermediate (e.g. invoices paid,
staff recruited, suppliers evaluated, stores items issued). Others are final (e.g.
services rendered to clients). Outputs are affected by quality factors such as
their timeliness, suitability and usefulness and the degree to which they are
adapted to the needs of clients.

70
Controls
18. Controls are actions taken or procedures established by management to ensure

that outputs meet the objectives of the entity. Examples include authorizations,
inspections, physical checks, documentary checks, reviews of performance,
reviews of the quality of the services supplied.
Understanding the systems
19. Internal Auditors must fully understand the systems that they audit. They gain
the necessary understanding in four ways:
• by ascertaining the system. This is the step where the Internal Auditor
researches the system by examining various reference materials;
• by recording the system that they have ascertained. This involves using
suitable techniques, both written and diagrammatic, to assist the Internal
Auditors to understand the system as a whole and the elements within it;
• by confirming that the understanding of the Internal Auditor is correct; and
• by establishing the objectives of each of the system’s internal controls.
Each of these aspects will be examined in this Section.
Ascertaining the system
20. The main components of systems have already been outlined. To ascertain
systems the internal auditor has a large range of sources (e.g. staff directive,
organization chart, financial regulation, budget document etc.). In practice, the
internal auditor should refer to all relevant and reliable sources as possible. The
following approach is recommended:
• Identify and agree the objectives of the system with managers.
• Obtain as much relevant and reliable written information regarding the

system as is possible.
• Carry out interviews with relevant managers and staff members to

confirm understanding.

71
21. The objective of systems should be consistent with the aims and objectives of
the public body as a whole. In most cases, the internal auditor may have to
identify the system objective from scratch because of absence of written
instructions. Here are some commonly found systems with a description of their
objectives:
• Procurement system - procuring the right quality and quantity of items at

the right time, and reasonable cost, from the most appropriate source.
• Financial reporting system - to effectively produce financial statements

required by the Ministry of Finance on behalf of the Government and
donors on time and with no material errors.
22. Interviewing managers and staff members helps the internal auditor to
understand how the systems work in practice. Interviews can be undertaken
formally or informally. However they are undertaken, they should be:
• planned in advance;
• conducted professionally; and
• the findings summarized and agreed with the interviewee.
Conclusions made on the basis of interviews may sometimes be unreliable

unless cross-checked against other information (such as the outcome of other
interviews).
Recording the system
23. The internal auditor should record the system and how it works. There are two
principal ways of recording the system:
• written, narrative notes of the system and its components.
• a diagrammatic flowchart of the system.
24. The Internal Auditor should have full understanding but should be wary of the
danger of drawing flowcharts which are not needed. The auditor's written
narrative should cover the system and its components. The notes can form the
basis for a flowchart. The notes should be clearly structured so that others can
understand them.

72
25. Flowcharting is the accepted method of recording systems and internal controls.
When the internal auditor prepares flowcharts, they should be based on narrative
notes. Well-written flowcharts are designed to leave no doubts as to the nature
of the system recorded. The main advantages of using flowcharts are:
• the system is presented in a logical sequence, rather than in discrete, and

unrelated elements
• the interrelationships within the system become clear
• the flowchart enables the system to be understood quickly
• the flowchart serves as a permanent record, and can be easily verified or

updated as necessary.
Confirming the system
26. At this stage the systems will probably have been recorded on the basis of a
verbal description provided by management. However, the tendency is to
describe the systems, as they should operate, rather than how they actually
operate in practice. It is only human nature to cut corners, but often this
weakens the controls, which have been built into systems.
27. To overcome this, it is necessary, having recorded the system, to select sample
of transactions and to conduct a "walk through test". A walk-through test
involves tracing one or more transactions through the accounting system and
observing the application of relevant aspects of the internal control system. In
this way any departures can be identified and recorded. Thus an accurate
picture can be obtained of how the systems work in practice.
Establishing the control objectives of the system
28. The internal auditor should establish the objectives of the systems recorded to
ensure that the control objectives are appropriate. Control objectives should be
specific so that it is possible to evaluate whether or not they are being achieved.
Consequently, generalizations such as “to ensure that support services are
adequate” should be kept to a minimum. Control objectives should reveal the
purpose of the control, not the means used to carry it out or the control itself.
Internal controls and their evaluations are discussed more fully in the next two
sections.

73
Evaluate the controls
29. Methods of evaluating internal control systems by questionnaire and flowcharts

have obvious limitations. The former does not discriminate between different
controls in terms of importance; neither do they specify objectives for the
system as a whole. A flowchart depicts a system but is neutral as regards its
evaluation. The internal auditor can form an opinion by looking at a flowchart
but it will not be a structured assessment and will vary according to the
experience of the internal auditor. The outcome of this stage is to find out
whether internal check and other control factors exist. It is also important to
identify any weakness in controls due to absence of internal check and other
control factors. At the same time, it may be possible to locate inefficient or
unnecessary procedures. Evaluations of internal control are discussed in Part
Three Section II in detail.
Conclusion and report
30. Based on the result of the evaluation of internal control system the internal
auditor can reach to conclusions whether the current control system is efficient
and effective in achieving the public body's stated objectives. Furthermore, the
internal auditor should give recommendations on those internal control systems
areas where weaknesses are observed and improvement is needed.
31. Finally, the internal auditor is required to report the weaknesses in the internal
control, the conclusions reached and recommendations made for improvements.
Weakness of the system based audit approach
32. It is axiomatic that controls in any organization should be commensurate with its
risks because, excessive controls result in unnecessary costs whereas inadequate
controls lead to unacceptable exposures. Excessive controls would lead to high
costs which may not be commensurate with the advantage accruing to the
Organization, namely, the prevention of possible loss arising from the operation
of the relevant control.
33. The evaluation of internal controls is a complex task calling for great skill.
Each Organization will have different internal control requirements and any
given control level may be achieved in a variety of ways. There appears to be
no definite standard against which to judge what is appropriate and effective
internal control.

74
34. It is important to recognize that management may circumvent or override internal

controls. It is critically important to recognize that illegal and improper activities
can and will occur regardless of the strength of internal controls, because no
system has yet been devised that can withstand collusive behavior or
circumvention by management.
35. There are inherent limitation on the effectiveness of any system of internal
control. No system of internal control, however elaborate, can by itself guarantee
efficient administration and completeness and accuracy of the records; nor can it
be proof against fraudulent collusion, especially on the part of those holding
positions of authority or trust. In particular, internal controls that depend on
segregation of duties can be avoided by collusion. The internal controls that
depend on authorization can be abused by the person in whom the authority is
vested.
36. Critics of the system based audit approach have pointed out that it is cold and
clinical and ignores what is generally referred to as “management style”. That the
application of this approach is common to all types of management; it does not
recognize the underlying philosophy and motivation of the management.
37. In recent years, a further evolution has taken place. The great wave of litigation
charges against external auditors coupled with soaring audit costs have led
individual audit firms to develop systems of quality control and also research into
new methods of auditing. Recognition of the need to improve the excellence of
audit together with emphasis on reduction in unproductive time spent on audit has
led to the emergency of risk based auditing.
Risk based systematic approach
38. The risk based systematic approach to auditing is the most effective of all the
other approaches. It requires the internal auditor to assess the relative
vulnerabilities of the systems and identify those systems which are more risky
than the others and should, therefore, be audited sooner and more often. This
approach includes identification of the system (which is covered under system
approach above), identification of relevant risk factors, and assessment of their
relative significance.
Risk
39. Risk refers to the possibility of a system having so poor internal control that the
public body does not achieve its objectives effectively and efficiently. The effect
of risk can involve:
• Failure to adhere to public body's policies, plans, and procedures, or not

complying with government's laws and regulations;

75
• An erroneous decision from using incorrect, untimely, incomplete, or

otherwise misleading information;
• Acquiring resources uneconomically or using them inefficiently or

ineffectively;
• Failure to adequately safeguard assets of the public body;
• Failure to accomplish established objectives and goals for operations or

programs.
Risk factors
40. Risk factors are the criteria used to identify the relative significance of, and
likelihood that, conditions and/or events may occur that could adversely affect the
public body. The risk factors utilized should be sufficient to provide a
comprehensive risk assessment.
41. Risk factors may include :
• Adequacy and effectiveness of the system of internal control.
• Competence, adequacy, and integrity of personnel.
• Asset size, liquidity, or transaction volume.
• Complexity or volatility of activities.
• Geographical dispersion of operations.
• Organizational, operational, or economic changes.
• Acceptance of audit findings and corrective action taken.
42. The Head of Internal Audit may decide to weigh the risk factors to determine their
relative significance. The weighing of risk factors reflects the Head's judgment of
the relative impact that it may have on selecting a system for an audit. This
section is not intended to prescribe a rigid process that specifies how risk
assessment must be conducted. However, steps of risk assessment and example of
calculation of the Risk Index is provided in Annex I.

76
Risk assessment
43. Risk assessment is a systematic process for assessing and integrating professional
judgments of the probable adverse conditions and/or events. Risk assessment
process is crucial to the development of effective audit work schedule. In
developing an audit work schedule, the Head of Internal Audit should allocate the
resources of the Internal Audit department in a manner that gives appropriate
consideration to the various risks confronting the public body. The Head should
generally assign higher audit priorities to systems with higher risks.
44. The Head of Internal Audit can obtain information from a variety of sources for
the risk assessment process. Such sources include: -
• Discussion with the management of public body;
• Discussion with external auditors;
• Consideration of applicable government laws and regulations;
• Review of prior audits.
45. Audit priorities determined through the risk assessment process may be reviewed
and updated continuously. There should be a periodic assessment of the effect of
any major changes of the system or related risk factor which have occurred since
the audit work schedule was prepared.
46. To summarize, internal auditors using the risk based systematic approach should:-
• Identify and record the objectives of the system, risks and controls;
• Establish the congruence of the objectives with higher-level corporate

objectives;
• Evaluate management's risk analysis, taking account of their acceptance of

specific risks;
• Evaluate the controls to decide whether or not they are appropriate and can
be reasonably relied upon to achieve their objectives;
• Systematically assess the probable exposure of the public body by taking

into account the risk factor;
• Identify instances of over-control;

77
• Determine an appropriate strategy to test the effectiveness of risk

management and controls;
• Arrive at conclusions and report, making recommendations as necessary and

providing an opinion on the effectiveness of risk management and control in
the audited area.
47. Advantages of the risk based systematic approach include:-
• The systematic assessment of risk of the public body enables the internal
auditor to have a profound knowledge of the public body;
• The approach focuses the audit on the high risk areas which are material to
the public body;
• The approach adds value to the audit;
• The approach tends to make the Head of the internal audit and senior
internal auditors much more involved in the planning stage of an audit
assignment.
48. To summarize, the development of auditing can be traced from the traditional
vouching approach to the system based approach and then to the risk based
approach each of which is not at the exclusion of the other. The system based
approach contains the concept of vouching, but in digestible portion, just as the
risk based approach contains one of the inputs of the system based approach, the
evaluation of the internal control system.

78

78
SECTION IV PLANNING AND CONTROLLING INTERNAL AUDIT
PLANNING
Introduction
1. Planning is an essential element in the audit process. This section deals with the
aspects of planning, the level of plans involved, their preparation and
characteristics in general. The responsibility of planning the audit lies with the
Head of the Internal Audit department. Audits require adequate planning for a
variety of reasons.
2. The major ones include:-
• It helps to define the objectives and scope of the audit.
• It provides a basis for allocating adequate resources in terms of human

and other resources.
• It provides a basis for communicating to the Head of the public body

and its likely demands.
• It provides a base line for assessing, monitoring and controlling the

progress of each audit.
• It enables the audit to be carried out more efficiently and effectively.
3. Planning is not simply a process of scheduling a set of mechanistic audit

operations. It involves in general establishing objectives, understanding
systems, prioritizing the audit works including extent of work (deciding on
auditable activity or area based on risk assessment), determining resource
allocation and other issues. The operational standards No. 500 of the Internal
Audit Standard of Government of Ethiopia deals with, in detail, the planning
aspects of the internal audit. It requires the preparation of :-
• strategic plan - usually the 5 – year plan.

• periodic plan – the annual plan.
• planning of individual audit assignments.

79
Strategic plan
4. The first level of planning is the preparation of the strategic plan, the duration of
which is set to be 5 years. The necessary criteria for the preparation of strategic
plan differ from one audit approach to the other. It therefore appears useful to
mention the basic criteria for the preparation of strategic plan at different audit
approach for internal auditors in order that they can apply them in line with their
stage of development. It follows that in the vouching (traditional) audit approach
the internal auditor intends to check all documentary evidences of an entity as far
as possible. In the system based audit approach the intention was changed to
evaluation of the internal control of all systems of the entity. In the emergence of
the risk based systematic audit approach the internal auditor commences to
prepare a strategic plan in which the risk materiality of the systems is ranked and
their scheduling together with the resource required is determined.
5. In the vouching (traditional) audit approach the internal auditor checks in detail a
substantial proportion of all documentary evidences before reaching his
conclusion. When it becomes impossible to check all documentary evidences
due to the volume of transactions, the internal auditor designs audit programmes
which normally specify rigidly predetermined testing volumes unrelated to the
particular situation such as "vouch three months of purchase invoices."
6. In the system based audit approach the internal auditor evaluates the internal
control systems of an entity by giving equal weight to all systems. In this
approach a much smaller number of tests are required to be carried out in
contrast to the extensive converge under the traditional vouching audit approach.
The level of testing under this approach would be primarily guided by two
determining factors which are the frequency with which a control is performed
and the type of tests. The more frequently the control is performed the more it
will need to be tested. Testing which requires re-performance would necessitate
substantially lower level of tests than testing which requires examination of
evidence.
7. The important characteristic of the strategic plans prepared under the risk based
systematic approach is that it should be made on the basis of risk and materiality
assessment with a view to systematically prioritize audit work. The strategic
plan prepared under all approaches has the following characteristics;
• It should be developed to meet the needs of the public body i.e. it should
be value adding;
• It should be flexible for subsequent improvements and reviews;
• It should establish long term resource and skill requirement and
allocation issues;
• It should describe major audit assignments and overall audit techniques
selected;
• It should provide basis for other levels of planning.

80
8. Preparation of strategic plans
• Identifying and understanding of the systems of the public body, its

operations and environments in general;
• Assessing the risks and materiality issues involved in those systems

using risk factors and ranking of those systems based on the assessment.
This will enable the auditor to prioritize between systems and identify
vulnerable /riskier/ systems with the objective of auditing them sooner
and more often;
• Once the risk materiality is assessed and ranked, the next step is
determining audit and their scheduling over the strategy period (5
years). This involves determining which system to be audited, audit
objectives, their frequency, timing, type and nature of audits and audit
techniques to be followed, and other issues;
• Determining the long term resources needed to achieve the strategic

plan with regard to adequacy of staffing both in quantity and quality.
Long term knowledge upgrading such as training should be addressed to
increase the quality of staff. Consideration of the use of experts of both
internal and external sources, where required, should be planned as well.
Periodic plan – Annual plan
9. The strategic plan is then used as a basis to prepare periodic work plans. The
annual plan is prepared by the Head of the Internal Audit in consultation with
the audit staff by breaking the strategic plan into periods of audit i.e. usually a
year and is put forward to management of the public body for approval.
Performances Standard No. 520 of the Internal Audit Standard of Government of
Ethiopia deals with the developing of periodic audit plans. The objectives of this
plan is to implement the strategy by detailing it further within the period (a year).
It also puts emphasis on resource allocation. In translating the 5 year plan into
the annual plans, care should be taken as to whether the assumptions and
judgments that underpin the 5 years plan are still valid. The following points
thus have to be considered in this regard:
• Risk assessment and prioritization is still valid (for risk based systematic
approach);
• Changes in the activities and system of the public body;
• Changes in the resources availability;
• Any audit works brought forward (not carried out) in previous year;

81
• Emerging audit needs like newly established activities and systems,

areas seen by management requiring attention, activities where there
have been allegations of wrong doing or inefficiency etc.
10. Therefore the annual plan should be kept under review to identify and reflect
changing priorities, resource allocations, timing issues and other emerging audit
needs. The annual plan should sufficiently set out the details of the assignments
so that management understands the purpose and scope of the assignments. The
plan should establish resource and skill requirements and set relative priorities
for each assignment. It thus matches available resources and the audit
assignments.
11. Preparation of annual plans
• Taking into account of the re-appraisal of risk assessment and

prioritization, select appropriate audit assignments and respective audit
techniques for the period under review (one year);
• Assess the total time required for each audit assignment and the total
time available in the period;
• Schedule the audit assignments into weeks considering reporting

requirements. The format could be in charts (gant chart), or notes;
• Determining communication of audit results – reporting requirements.

This involves identification of users, the manner of reporting and the
frequency and timing of reporting;
• Review staff and other resources allocations over the period of audit
assignments taking into account:
• The quantity and experience level of staff;
• The nature and complexity of the audit assignment;
• The time constraints;
• The knowledge, skill and discipline of the staff;
• Other issues such as consideration of use of external resource in

instances where additional knowledge, skill and disciplines are
needed, training study time, leave period and other
commitments, etc.

82
12. After considering the above and other issues that could influence audit
assignments, the periodic/annual/audit plan is prepared and forwarded to
management or Audit Committee for approval. This process allows the
management or the Audit Committee to review the plan to place emphasis upon
areas that may be of particular interest. The next step in the planning process, is
the planning of each individual audit assignment based on the approved annual
audit plan.
Planning Audit assignments
13. For every audit assignment a detailed plan of work should be prepared. The plan
should establish detailed objectives of the assignment, resources requirement,
outputs, target dates and other issues. The plans have to be discussed with Head
of the public body or Audit Committee and agreed upon. This enables to take
into account any concerns of the Head of public body and Audit Committee over
policies, procedures and operations in the relevant audit area.
14. On the basis of the strategic plan and especially the annual plan the detailed
plan is prepared. It includes:
• The scope, objectives, extent and priority of audit work depending on risk
assessments;
• The schedule and timing (starting and finishing dates) and reporting issues
as well (when, how, to whom);
• Detailed staff and resource allocation for each aspect of the audit
assignment. This includes the number, experience level, knowledge and
skill level of staff;
• The need for expertise from external/internal sources;
• Narration of special aspect of audit to be carried out (as needed);
• Documents that ascertain that an understanding is reached concerning the

operations/activities to be audited;
• An audit program;
• Documents of review of plans by management;
• Other issues as relevant.

83
Preparation of Audit Assignment Plans
15. Obtaining background information about the activities to be audited.
15.1 A review of background information should be performed to determine

the impact on the audit. Such items include:
• Mission statements, goals, and plans.
• Organizational information, e.g. number and names of employees,

key employees, job descriptions, policy and procedure manuals,
and details about recent changes in the organization, including
major system changes.
• Budget information, operating results, and financial data of the

activity to be audited.
• Prior audit working papers.
• Results of other audits, including the work of external auditors,

completed or in process.
• Correspondence files to determine potential significant audit

issues.
• Authoritative and technical literature appropriate to the activity.
15.2 Other requirements of the audit, such as the audit period covered and
estimated completion dates, should be determined. The final audit
report format should be considered, since proper planning at this
stage facilitates writing the final audit report.
16. Establishing audit objectives and scope of work
• Audit objectives are broad statements developed by internal auditors and

define intended audit accomplishments. Audit procedures are the means to
attain audit objectives. Audit objectives and procedures, taken together,
define the scope of the internal auditor’s work.
• Audit objectives and procedures should address the risks associated with
the system under audit. The risk based systematic approach to internal
audit is discussed in part two section one in detail.

84
17. Writing the audit program
17.1 To achieve audit objectives of each assignment it is essential to

develop
an audit program. It is the link between the survey and the actual audit
work. Audit program serves as a guide for the actual audit and
provides a means of monitoring and controlling the progress and
completion of the audit. It also helps as a basis for assigning each
aspect of the audit assignment. In addition, it provides a record of the
work done.
17.2 Audit programs should:
• Document the internal auditor’s procedures for collecting,

analyzing, interpreting, and documenting information during the
audit.
• State the objectives of the audit.
• Set forth the scope and degree of testing required to achieve the
audit objectives in each phase of the audit.
• State the nature and extent of testing required.
• Be prepared prior to the commencement of audit work and

modified, as appropriate, during the course of the audit.
18. Communicating with all who need to know about the audit
18.1 The head of internal auditing is responsible for determining how,

when, and to whom audit results will be communicated. This
determination should be documented and communicated to
management, to the extent deemed practical, during the planning
phase of the audit. Subsequent changes which affect the timing or
reporting of audit results should also be communicated to
management, if appropriate.
18.2 An entry conference should be held with management or audit

committee responsible for the activity being examined. Topics of
discussion may include:
• Planned audit objectives and scope of work.
• The timing of audit work.

85
• Internal auditors assigned to the audit.
• The process of communicating throughout the audit, including

the methods, time frames, and individuals who will be
responsible.
• Business conditions and operations of the activity being

audited, including recent changes in management or major
systems.
• Concerns or any requests of management.
• Matters of particular interest or concern to the internal auditor.
• Description of the internal auditing department’s reporting

procedures and follow up process.
18.3 A summary of matters discussed at meetings and any conclusions

reached should be prepared, distributed to individuals, as appropriate,
and retained in the audit working papers.
19. Obtaining approval of the audit work plan
19.1 Audit work plans should be approved in writing by the management or

audit committee of internal audit prior to the commencement of audit
work .
19.2 Adjustments to audit work plans should be approved in a timely

manner. Initially, approval may be obtained orally, if factors preclude
obtaining written approval prior to commencing audit work.
CONTROLLING AUDIT ASSIGNMENTS
20. Internal audit have objectives, and to ensure that its objectives are achieved, the
work should be controlled at each level of the audit to ensure that a continuously
effective level of performance that comply with standards is being maintained.
This is the scope of quality assurance dealt with in Performance Standard No.
1100 of the Internal Audit Standard of Government of Ethiopia. It involves the
management of audit assignment in aspects of supervision and review to assure
the quality of the work.
Supervision of Audit Assignment

86
21. The overall management supervision of audit assignments should be

continuously carried out to monitor progress and assess quality of work and
coach staff. Supervision should include:
• Ensuring compliance with internal auditing standards, the public body’s

policies and audit plans and programs.
• Reviewing the allocation of work tasks based on the experience

training and proficiency of staff. It extends to providing training and
skill upgrading courses.
• Ensuring adequate planning and providing suitable instructions and

briefings of audit staff at the outset of an audit.
• Approving audit objectives and work plans.
• Ensuring that audits are conducted as planned or that variations are

approved.
• Ensuring that appropriate audit techniques are used.
• Ensuring that full and adequate working papers are maintained that
properly document the work carried out and the conclusions arrived at
along with recommendations are adequately supported by relevant
evidences.
• Maintaining a system of review along with quality control procedures

whereby the work of each member of the assigned audit staff is
reviewed by a senior member.
• Ensuring that reports are accurate, objective, clear, concise and timely.
• Ensuring that the work is achieved within resource budgets or

variations are approved.
• Using audit completion check lists to ensure that important issues are
not overlooked.
• Maintaining employee performance evaluations based on

predetermined performance measures and criteria.
Quality Reviews of Audit Assignment
22. Another aspect of quality assurance is review. Quality reviews should be

performed by both internal and external parties to appraise the quality of the
audit assignments that are carried out as well as ongoing assignments, so as to
take corrective measures on time, and to appraise the efficiency and effectiveness

87
of the staff engaged in the audit assignment and to provide guidance for future
audit assignments.
Internal Quality Review
23. This type of review should be undertaken by an experienced member of the

internal audit function. The review should indicate the degree of compliances
with Internal Audit Standards, policies, plans and guidelines. In addition, it
should show the effectiveness and efficiency of the audit assignment and the
audit staff. It should also provide for recommendations for improvement.
24. Internal Reviews should appraise:
• The quality of audit work – from planning to conclusion of the audit.
• The quality of supervision.
• Compliance with standards, policies and plans, procedure manuals and

guidelines.
• The achievement of performance standards/indicators
25. The reviews could be undertaken at three stages of the audit process:
• At the planning stage – to ensure that the audit assignment is

adequately planned with satisfactory quality.
• During the audit (interim review) – to ensure that the audit is

progressing in a manner of satisfactory quality, to identify where
changes are required and review other issues like man power allocation,
etc.
• At the completion stage – to ensure that the audit has been satisfactorily
performed in all aspects.
26. These reviews should be documented and kept in working papers. See attached
review sheets under annex VI-VIII.
External Quality Review
27. This review is undertaken by persons who are independent of the public body.
The review is carried out to assess the performance of Internal Audit
Department. As it is stated in the Internal Audit Standard of Public Bodies of
Government of Ethiopia such reviews should be conducted within a reasonable
period of time depending on various issues.

88
28. External quality review should appraise:
• The terms of reference of the internal audit function.
• The independence and objectivity of internal audit.
• The efficiency and effectiveness of the approach in formulating the

audit strategy and plans.
• The quality of audit work by selecting sample audit assignments. The

review here includes all aspects of the audit process i.e., from planning
to conclusion.
• Compliance with Internal Auditing Standards policies, plans and

procedure manuals.
• Achievement of performance standards/indicators
Significance of Audit Programs in Controlling Audit Assignments
29. The audit program provides a means of monitoring the progress of audits. It is
not always possible to stick to each aspect of the audit program. Time estimates
may have been wrong, unforeseen events may occur, judgments and assumptions
may prove to be wrong, etc. All these would lead to amendment of audit
programs and respective audit works. Therefore, original audit programs as
amended due to subsequent events will be valid throughout the audit.
30. Audit program helps to plan and budget time available with the objective of
setting a framework of control in which planned and actual time is compared. In
addition, audit programs provide the starting point for discussions between the
head of internal audit and the auditors carrying out the audits. The auditor in
charge can indicate how the audit is progressing, whether it is on track, whether
unexpected problems have arisen and the likely chances of completing the
program as planned. The reviewers can keep abreast of progress, observe quality
of work, obtain an interim understanding of the audit findings and take corrective
actions (eg. Allocating more time to particular aspects; adjust the location and
intensity of compliance checks in relation to interim review findings, etc.). In
particular, it will be possible for reviewers to assess whether tests conducted
provide sufficient evidence for the development of reliable audit findings.

89
SECTION V : DOCUMENTING INTERNAL AUDIT
1. Internal audit is a systematic process, which must be carried out with due care and
attention. Audit findings must be supported by sufficient evidences. Consequently,
record keeping is very important indeed. It provides a trail of verifiable evidence.
2. Documenting is made possible through the use of working papers. Working papers
are the records kept by the auditor of the procedures applied or followed, the tests
performed, the information obtained and the pertinent conclusions reached.
3. As per the Performance Standard No.710 of the Internal Audit Standard of the
Government of Ethiopia, the internal auditor should prepare working papers, which
provide the principal evidential support for the audit report and demonstrate the
internal auditors’ compliance with the internal audit standards and support for audit
conclusions reached.
4. Specific objectives of documenting the internal audit assignments are it:-
• Provides a historical record of the information collected during the conduct of

audits.
• Provides a record of the audit tasks performed.
• Identifies audit objectives and methods chosen as a basis for planning future
audits and for review purposes.
• Allows an audit supervisor or manager to make an interim review of what has

been done during the audit to date.
• Allows an audit supervisor or manager to carry out final assessment of the

validity of draft audit conclusions before they are expressed as audit findings.
• Provides support for audit findings and evidence of compliance with the internal
audit standards.

90
• Establishes a record for the purposes of peer review.
• Provides a framework for further review in cases where management disagrees

with audit findings and the audit methods and conclusions have to be re-
assessed.
• Provides a framework of control whereby delegated work is monitored.
Principles of Documentation
5. Good documentation is achieved by implementing the following principles:
5.1 Consistency and Standardization
When carrying out audits internal auditors should use consistent reporting
methods. Consistency is achieved by using the standard formats
appearing in this manual. Completing the recommended formats will
make documentation easier to understand and review. For instance if an
auditor takes over a work that has been started by another auditor, the use
of standardized formats will promote continuity. However, practical
experience may dictate the need for amendment of standard formats.
Moreover, the auditor could use additional formats as necessary.
5.2 Accuracy and Timeliness
Documentation should accurately reflect the tests planned, the tests carried
out and the result of these tests. There should also be documents that
show the timing of the work carried out.
5.3 Clarity and Conciseness
The aim is to provide working papers that will make it easy to understand
the way the audit was carried out. For this the working papers should be
well organized and cross-referenced with clear and concise language and
structure. The information recorded should be sufficient for the purposes
of subsequent review by someone other than the responsible auditor.
5.4 Completeness
The audit papers should be complete in the sense of covering the whole
audit; the tests carried out, the meetings held, the queries raised,
management responses and the draft conclusions reached.

91
5.5 Authorship and Review
Audit papers should reveal who carried out each piece of work. In
addition, working papers should be reviewed. Information regarding the
identity of reviewers and their instructions/advice should be documented.
5.6 Confidentiality
Audit papers are in principle confidential. The Head of the Internal Audit
unit may decide to share audit papers, only if there is good reason. If the
external auditor or the Ministry of Finance and Economic Development
requests access, this is good reason in itself. If, in the case of fraud, the
police or a court of law requests information, the Head of internal audit
will comply. When access is requested, the circumstances, reasons,
persons with whom information was shared and the information shared
should be recorded in permanent files. It should be noted that principle of
confidentiality prevents the sharing of audit information with third parties
(e.g. suppliers). In general, internal auditors should be very wary about
sharing audit information, because of possible conflicts of interest. As
audit papers are confidential, measures should be taken to restrict access
to them.
Content of Working Papers
6. The Performance Standard No.720 of the Internal Audit Standard of Government of

Ethiopia stated what working papers should contain. It should sufficiently
document the audit process with emphasis on the:-
• Planning;
• Examination and evaluation of the adequacy and effectiveness of the

system of internal control;
• The auditing procedures performed, the information obtained and the

conclusions reached;
• Review;
• Reporting;
• Follow-up; and
• Governance and organizational aspects.

92
7. These and other aspects of documentations should be kept in an orderly and

organized manner in two files : Permanent File and Current File.
Permanent File
7.1 Permanent file is used for retaining key information of continuing audit
relevance, which changes little from year to year. It contains data of
historical or continuing nature pertinent to the audit. The permanent file
typically include:
• Extracts or copies of the public body document that deal with the
organizational aspects. It includes organization structure (chart);
organizational history detailing authority and duty;
• Proclamations dealing with establishment, organizational authority and

responsibility, Job descriptions and general organizational issues and other
documents showing how the public body is organized, sub-divided,
managed, staffed and directed;
• Information related to the understanding of the accounting system, internal

control structure and assessment of control risk. This includes accounting
policies, flow charts, internal control questionnaire or internal
control/evaluation, manuals, organizational chart, system descriptions and
notes along with specimen of documents, and other information on
internal control and accounting system;
• Information relating to understanding the rules and regulations pertaining

to activities within the public body. This is with respect to directives,
Statement of policies, rules, regulations, proclamations internal
instructions and manuals;
• The results of previous years’ audit. This includes previous audit

findings, management actions and follow-up, weak areas, outstanding
audit queries, and matters deserving continuous follow-up;
• Other relevant information of continuing nature. For instance details of

contracts, committee members (e.g. tender committee), key personnel who
authorize various types of decisions, details of projects being implemented
along with agreements, all bank accounts, signatories, authority limit,
safes, stores and other information like plans, etc.

93
• Correspondence with the Head of the Public Body, audit committee and
outside parties concerning various issues. Note that a separate file could
be maintained for all correspondence depending on the size, frequency and
necessity.
Current Files
7.2 The current files include all working papers applicable to the year under
audit. They contain relevant information of the audit for the current year.
Their contents include:
• General information - This information is current information that

is of a general nature rather than dealing with specific issue. This
includes such items as audit planning memos, abstracts or copies
of minutes or contract or agreements not included in permanent
files, notes on discussion with management, working paper review
comments, check lists, time summaries and comparison with
budget, financial statements etc.
• Audit report - This is the final output of the audit process. It

includes the final and draft version.
• Audit program which is initialed when each procedure is

performed. It is reviewed and approved. It is cross-referenced
with each section of the audit procedures.
• Financial Statements - This is relevant in financial audit.
• Trial balance – list of accounts with their balance supporting

financial statements. This is relevant in financial audit.
• Schedules and working papers prepared by the internal auditor in

performing certain audit procedure. There are lead schedules that
support the items in the trial balance. Lead schedules could also
be summaries of certain audit procedure (especially in the case of
audit other than financial audit). Supporting schedules are detail
schedules. There are many types or forms of schedules. The
major ones are:-
• Analysis – show the activity (entries) in an account. It

includes opening balance, description of sample, transactions
tested, summary of those not tested, ending balances,
sampling method, etc.

94
• Examinations of supporting document – These are various

schedules that show detail tests performed.
• Reconciliation of amounts – that support a specific amount

and is normally expected to tie the amount recorded in
financial statement or auditee record to other sources of
information, e.g. bank reconciliation.
• Information supporting schedules e.g. notes.
• Queries of the auditors along with responses.
• Documentation – documents from both internal and external

sources.
• Listings – List of items, balances, etc.
8. Preparation of working papers
An important aspect with respect of documentation of audit work is the preparation

of working papers (schedules). The Performance Standard No. 730 of the Internal
Audit Standard of Government of Ethiopia advocate the use of standardized
policies and procedures in this regard. It also mentions some techniques or
essential characteristics that should prevail in working papers. Although the design
depends on the objectives and activities involved, certain common points or
characteristics should be given due regard. These are:
8.1 Each working paper should be properly identified with such information
as:
• The name of the public body being examined;
• The title or description of the content or purpose of the working

paper;
• The period covered by the audit;
• The preparer and reviewer with respective dates of preparation and

review;
• the index code.

95
8.2 Each working paper should be signed (or initialed) by the preparer and the
reviewer.
8.3 Each working paper should be properly indexed and cross-referenced to

aid in organizing and filing. Indexing is done at the front of each paper
using a combination of letters and whereby if lead schedules are given a
letter, e.g. "A" then for supporting schedule a suffix indicating the
sequence in the file is added e.g., "A1". Cross referencing between lead
schedules and supporting schedules or between two supporting schedules
should be done in a logical and consistent manner. Please refer to
Annex XII for the relationship of working papers, indexing and cross-
referencing.
8.4 Each working paper should include sufficient information to fulfill the
objectives for which it was designed.
8.5 Completed working papers must clearly indicate the audit work performed
including sampling methods and samples selected. This is accomplished
in three ways:
• By a written statement in a form of memorandum;
• By initialing the audit procedures in the audit program;
• By notations on working paper directly on working paper

schedules. Notation on working paper are accomplished by use
of "tick marks" which are symbols written adjacent to the details
on the body of the schedule. These notations must be clearly
explained at the bottom of the working paper.
8.6 The conclusions that were reached along with the respective
recommendations about the segment of the audit under consideration
should be plainly stated.
9 Organization/structure of working papers
The documents in working paper should be organized or structured in a manner

that enhances efficiency and facilitates accessibility. Although working papers
could be organized differently depending on the nature of the organization, an
example of a lay-out and an index is provided in Annex X which can be
customized as required.

96
10. Review of working papers

Audit working papers should be reviewed to ensure that they properly support the
audit report and that all necessary auditing procedures have been performed.
Evidence of the supervisory review should be documented in the working paper.
The Head of the Internal Audit or designated senior auditor has the responsibility
for review. Generally, review has to be conducted at a level of responsibility
higher than that of the preparer of the working paper. Evidence of review
consists of the reviewer initialing and dating the working paper after it is
reviewed. It could also consist of completing a working paper review checklist
and/or preparing a memorandum stating the nature, extent and result of the
review. In addition, reviewers may also make a written record (review notes) of
questions arising from the review process, which should be satisfactorily
resolved.
11 Retention of working papers

In order to comply with the financial regulation No. 17/1997, records should be
retained for a minimum of ten years. It should be noted that permanent files
should be retained permanently.
12. Ownership and custody of working papers

Working papers are the property of the public body and remain under the custody
of the Internal Audit Department. The Head of the public body may request
access to the working paper in which case the Head of Internal Audit approves the
issue. Where parties outside the public body request the working papers, the
Head of the Public Body should approve the request.

97
SECTION VI : REPORTING AUDIT FINDINGS
Introduction
1. The Internal Audit Standard of Government of Ethiopia requires that after the audit
examination is completed, the Internal Auditor should discuss conclusions and
recommendations at appropriate level of management and issue a signed, objective,
clear, concise, constructive and timely written report with appropriate format
(content).
Audit findings
2. Internal auditors report their findings and recommendations in a formal way. Audit
findings are the outcome of the audit. The value of auditing can be judged by the
quality, relevance, timeliness and reliability of audit findings and the deterrent effect
that audit creates. Here, we are concerned only with audit findings and the way they
are reported.
3. Audit findings are much more than simple opinions. The audit process is a
meticulous process for building up very specific information. It is meticulous
because it must result in reliable and relevant information, sufficient to support robust
conclusions. A robust conclusion is one which is objective and fully supported by the
evidence. An auditor using the same audit methodology could repeat the audit and
arrive at the same conclusion.
4. Audit findings emerge by a process of comparing "what should be" with "what is".
Whether or not there is a difference, the internal auditor has a foundation on which to
build the report. When conditions meet the criteria, acknowledgement in the audit
report of satisfactory performance may be appropriate. Findings should be based on
the following attributes:-
• Criteria - The policies, procedures, directives, regulations, laws, standards,

measures, or expectations used in making an evaluation and/or verification
(what should exist).
• Condition - The factual evidence which the internal auditor found in the course
of the examination (what does exist).
If there is a difference between the expected and actual conditions, then:

98
• Cause - The reason for the difference between the expected and actual
conditions (why the difference exists).
• Effect - The risk or exposure the auditee organization and/or others encounter
because the condition is not the same as the criteria (the impact of the
difference).
5. The Head of Internal Audit is employed for his/her expertise and experience. A
critical element of this is judging the adequacy of information gathered through the
audit process as a basis for arriving at conclusions.
6. A process is needed for developing conclusions and testing their robustness before
they are embodied in audit findings. This may involve:-
• developing audit interim conclusions by auditors in charge as the audit is in

progress.
• discussing these interim conclusions by the Heads of internal audit (and

giving guidance on their validity and indicating whether more evidence is
needed to substantiate them).
• auditors drafting their final conclusions at the end of their audits.
• heads of internal audit carrying out further evaluation of the validity of

conclusions.
• redrafting these conclusions as audit findings.
7. Validity of the findings is an important over-riding consideration. But when it comes

to reporting, other concerns are also of great importance. Audit reports are intended
to be read. So it is important to consider the needs of readers. The main readers are
the Heads of the public bodies. We presume that they are:-
• busy people who have to read many reports on a lot of subjects and who do
not want to plough through a lot of detail before reaching key conclusions.
• not familiar with auditing terminology or processes.
• less interested in processes than in findings.
• much more interested in significant matters than trivial ones.

99
Characteristics of effective audit reports
8. These presumed characteristics are the key to writing effective audit reports. An
effective audit report is one which is objective, clear, concise, constructive and
timely.
• Objective reports are factual, unbiased, and free from distortion. Findings,
conclusions, and recommendations should be included without prejudice.
• Clear reports are easily understood and logical. Clarity can be improved by
avoiding unnecessary technical language and providing sufficient supportive
information.
• Concise reports are to the point and avoid unnecessary detail. They express
findings completely in the fewest possible words.
• Constructive reports are those which, as a result of their content and tone, help
the organization to make the necessary improvements where needed.
• Timely reports are those which are issued without undue delay and enable
prompt and effective action to be taken.
Content and format of audit reports
9. Although audit report formats and content may vary, they should at least contain the
purpose, scope, and results of the audit.
• Purpose statements should describe the audit objectives and may, where
necessary, inform the reader why the audit was conducted and what it was
expected to achieve.
• Scope statements should identify the audit activities and include, where
appropriate, supportive information such as time period audited. Related
activities not audited should be identified, if necessary, to delineate the
boundaries of the audit. The nature and extent of auditing performed should
also be described.
• Results may include findings, conclusions (opinions), and recommendations.
• Findings are pertinent statements of fact. Those findings which are necessary
to support or prevent misunderstanding of the internal auditor's conclusions
and recommendations should be included in the final audit report. Less
significant information or findings may be communicated orally or through
informal correspondence.

100
• Conclusion (opinions) are the internal auditor's evaluations of the effects of

the findings on the activities reviewed. They usually put the findings in
perspective based upon their overall implications. Audit conclusions, if
included in the audit report, should be clearly identified as such. Conclusions
may encompass the entire scope of an audit or specific aspects. They may
cover but are not limited to whether operating or program objectives and goals
conform with those of the public body, whether the public body's objectives
and goals are being met, and whether the activity under review is functioning
as intended.
• Recommendations are based on the internal auditor's findings and

conclusions. They call for action to correct existing conditions or improve
operations. Recommendations may suggest approaches to correcting or
enhancing performance as a guide for management in achieving desired result.
Recommendations may be general or specific. For example, under some
circumstances, it may be desirable to recommend a general course of action
and specific suggestions for implementation. In other circumstances, it may
be appropriate only to suggest further investigation or study.
An example of audit report is provided in Annex IX.
10. One of the conspicuous weaknesses of auditors all over the world is their inability to
write effective audit reports, so this aspect requires attention and effort. When
writing their reports, internal auditors should bear in mind that there is no report that
cannot be improved, however many times it may have to be rewritten.
11. It is the responsibility of the Head of internal audit to ensure that audit reports reach
high standards of relevance and readability. The Head should examine all draft audit
conclusions for relevance, robustness, economy of language, clarity, tactfulness,
helpfulness and positive tone. The last three are important, as effective audit reports
should not alienate the reader. The reader should be treated as a friend rather than an
enemy. After all, if the ultimate usefulness of audit is effective remedial action, it is
wise to treat those responsible for such actions with respect. The idea is to help them,
not to embarrass or anger them.
Stages of audit reports
12. Writing audit reports entail drafting, redrafting, discussing, eliminating redundant
information, and so on. It requires patience and care. But this process is worthwhile
at the end of the day as it guarantees that internal audit reports will be read and
understood.

101
13. Audit reports go through several stages:-
• report of conclusions by the auditor in charge of an audit (interim).
• draft report of audit findings submitted by the Head of internal audit to the
Head of the public body for discussion(interim).
• final report of audit findings formally submitted to the Head of the public
body.
14. The internal auditor should held exit conference to discuss conclusions and report
recommendations at appropriate level of management before issuing the final report.
The discussion will help to ensure that there have been no misunderstandings or
misinterpretations of facts by providing the opportunity for the auditee to clarify
specific items and to express views of the findings, conclusions, and
recommendations. Although the level of participants in the discussion may vary by
public body and by the nature of the report, they will generally include those
individuals who are knowledgeable of detailed operations and those who can
authorize the implementation of corrective action.
15. Heads of internal audit units must ensure that:-
• for every completed audit, a final audit report is submitted to the Head of
public body in a timely manner.
• for every year there is a brief annual report showing the audits carried out
during the year, the auditor's general opinions on the status of internal control
systems and the manner in which management has followed up on audit
findings.
The annual report is submitted to the Head of the public body with copies to the
Audit Committee and the Ministry of Finance and Economic Development.
16. Formal audit reports are not the only way (and certainly not the most effective way)
of reporting audit results to management. Auditors should think of additional ways of
bringing their work to the attention of management. Material can be presented orally
in seminars, workshops, meetings, briefings and one-to-one sessions in a variety of
formats ranging from presentations on what management needs to know,
management tools, principles and concepts, advice on best practice, recommendations
and actual audit findings.

102
17. Internal audit reports are sent to the management of the public body for the following
reasons:-
• to ensure that audit findings are known to management.
• to prevent the Head of the public body from keeping audit findings secret
from his management team.
• to ensure that significant matters resulting from audit receive collective

management attention.

103
INTERNAL AUDIT MANUAL PART FOUR
SECTION I - INTRODUCTION
This part of the Manual includes procedural guidance for financial and compliance audits. Each
section of this part contains an introduction definition, audit objectives, internal control system
and the audit procedures to be carried out by the internal auditors to discharge their
responsibilities. Internal auditors should carry out these activities by taking into account the
basic concepts and principles explained in Part Three. The audit procedures provided in this part
should only be used as guidance for the internal auditor to design an audit program, which
specifically meets the requirement of the public body under audit. The internal auditor should
select audit procedures, which are materially related to risk, feasible to the audit and likely to
generate useful findings.
__________________________________________________________________________________
104
SECTION II
CASH AND BANK BALANCES
Introduction
1. Of all assets, cash is the most susceptible to misappropriation, theft and loss. It follows
that the control mechanism established, for the proper monitoring and custody of cash,
has to be carefully designed. The implementation and follow-up of control procedures is
the responsibility of all eligible staff of the public body. The internal auditor should
frequently check the extent of compliance with established policies and procedures for
proper use of cash and bank accounts. The audit of cash and bank balances is commenced
by a surprise cash count. The accuracy of the cash balance is determined by examining
records and supporting documents kept by the public body for the collection of receipts,
effecting of payments and banking of money. The audit of cash and bank balances
verifies cash and bank balances at a specific date. In this section, the definition, audit
objectives, internal control system and audit procedures for cash and bank balances are
briefly presented.
Definition
2. Cash is the balance of money, which is found in the hands of cash collectors and main
and assistant cashiers, and in bank, at a specific date and time. Cash includes paper notes,
coins, bank notes, e.g. certified payment orders (CPOs), cheques, bank balances, etc.
Internal Control System
3. The overall internal control system for the management and control of cash and other
liquid assets are the responsibility of the Head of the public body. The system should
include:
• Having adequately trained and qualified staff in charge of all aspects of the
management and control of cash and other liquid assets.
• Establishing adequate formal procedures for all aspects (e.g. authorizing actions;
making entries in accounting records; ensuring the accuracy of accounting records;
safeguarding cash and other valuables; specifying limits and ceilings for insurance
for the issue of cheques and payment by petty cash; keeping of records and
supporting documents; etc.).
• Providing a procedural manual and/or official instructions and giving training to

ensure that staff know official procedures and how to comply with them.
__________________________________________________________________________________
105
• Specifying clear lines of responsibility for all actions regarding cash management
and banking including the responsibility for authorizing actions and transactions.
• Ensuring that a system of reporting to management is in place and that it is

appropriate to management needs.
• Carrying out checks to ensure that the procedures established by management are
working as intended.
• Making sure that when failures in management and control have occurred,
appropriate remedial actions are taken to prevent their recurrence.
• Establishing a system whereby the normal duty of one person is checked by another.
• Segregation of duties – the structure should be organized in a manner that those in

custody of cash are not involved in recording of cash.
• Compliance with directives/proclamations/policies. Making sure that the Financial

Administration Proclamation, Regulation and directives are adhered to.
• Rotating duties between staff in as much as time, necessary skill and staff
availability permits.
4. The internal auditor should evaluate the internal control system of the public body with a
view to assessing whether proper procedures exist for managing and controlling cash,
suspense vouchers and bank accounts and whether the procedures operate as intended. In
addition to the overall control environment listed above, the detailed internal control
system for controlling cash and bank balances includes the following:
4.1 Main and Assistant Cashiers (Main Cash)
• Collections and payments should be made on a legal (official) receipt,

voucher and payment vouchers, respectively.
• Cash collected and other receipts should be deposited intact into bank,
on a daily basis wherever possible.
• The public body should maintain an appropriate cashier’s office and a

safe for proper management and safeguarding of cash.
• Recording of cash and cheques collected daily is to be made after

compiling them in the summary collection form.
__________________________________________________________________________________
106
• Individual collections and payments should be immediately entered

into the books of account (registers, cash books, ledger cards) to
ensure the accuracy and completeness of the records.
• Cash accounts, transactions, registers and cash books kept on a daily

or monthly basis should be summed and checked at frequent time
intervals to prove their accuracy.
• Cash kept in safe should be counted and checked against the balance
of cash shown in the accounting records of the public body at specific
time intervals.
• Separate individuals should carry out the handling of cash transactions

and their recording.
• The cash in hand should be insured against risks of theft and burglary
(fidelity guarantee insurance should also be acquired).
• A system of internal check should be established to check:
• Daily cash and cheque summaries against receipts;
• Sequence of cash receipt vouchers;
• Whether the collections are deposited into bank on time and

intact.
4.2 Petty Cash
• The petty cash fund should be maintained using the imprest system by
which a petty cash float is established and replenishments are made
upon presentation of payments made with their supporting documents.
• The system should determine the following:
- The maximum amount to be paid from the petty cash fund;
- The level at which used-up petty cash fund is replenished;
- Type /nature of expenditures to be paid by petty cash fund.
• Those responsible for keeping petty cash should be properly trained

and should ensure that there is a correct voucher for every petty cash
transaction, properly checked and approved.
__________________________________________________________________________________
107
• A petty cash book must be kept and transactions recorded in it on a

timely basis.
• Approved petty cash payment vouchers along with supporting

documents should be filed sequentially.
• The petty cash balance is only to be replenished after presentation of

all payment documents commensurate with the replenishment amount.
• At specific time intervals the correctness of the petty cash book, petty cash
vouchers and supporting documents must be checked in order to prove
that the balance of cash in hand is correct.
4.3 Suspense Account

Payment through suspense account is only effected for salary advances and
running costs. The following controls should be exercised:
• Payment should be authorized and signed by a designated official.
• The payment voucher should be signed by the cashier, the chief

accountant and the person receiving the cash.
• A control mechanism should be established for ensuring that requests for

payments are appropriate in amount and purpose.
• No payment should be effected for salary advance in excess of the

established ceiling.
• Advances of salary and running costs should be refunded within 30 and 7

days, respectively.
• The document used for an advance payment should be cancelled when

refund is made and the suspense account balance reduced accordingly.
• No additional suspense account request should be allowed before former

suspense account transactions have been cleared. Strict control is
necessary to ensure that this control operates.
4.4 Bank Account
• Bank accounts should be opened and closed only by the order of the Ministry
of Finance and Economic Development.
• All transactions on bank accounts including deposits should be supported by

relevant documents and properly recorded.
• Withdrawal from bank should be authorized only by designated officials.
__________________________________________________________________________________
108
• Withdrawals should be properly recorded and checked against payment

vouchers and check stubs.
• The accuracy of computations in the cash book should be checked.
• Bank reconciliations should be carried out monthly and these should be

checked and certified by senior staff for accuracy.
4.5 Bank Reconciliation

Bank reconciliations may follow different formats but must clearly show the
following, whichever format is chosen:
• The date at which the reconciliation is carried out and the amounts of closing
balances taken from the cash book and bank statement.
• A list of all payments appearing in the cash book which have not yet passed
through the bank account (usually unpaid cheques).
• A list of all receipts appearing in the cash book which have not yet passed
through the bank account (usually cheques received and other bank credits
not yet credited by bank).
• A list of items appearing in the bank statements but not in the cash book and
an explanation of how these items have been treated (i.e. the adjustment
entries made in order for the cash book to reflect the correct information).
• A reconciliation statement proving the difference between the cash book and
bank statement balances, signed by the preparer and by senior staff.
Audit Objectives
5. The objectives of an audit of cash and bank balances include, but are not limited to:
• Ensuring that collection and payment of cash are made on legal receipt and payment
vouchers, respectively.
• Ascertaining that cash collected by the public body is deposited intact into bank in a
timely manner.
• Ensuring that payments above a certain level specified by the head of the public
body are effected by cheque.
• Ascertaining that every cash and bank transaction is properly registered in the books
of account.
__________________________________________________________________________________
109
• Verifying that bank accounts opened for particular purposes are used for those
purposes and that no unauthorized bank accounts exist.
• Verifying that the public body deposits money in excess of its requirements in an
appropriate bank account, making sure that if no bank branch is conveniently
located, the money is transferred to the treasury department of the Ministry of
Finance and Economic Development.
• Ensuring that proper actions are taken with regard to safeguarding of cash.
• Ensuring compliance with proclamations, directives, rules and regulations, and

policies with regard to the handling of cash.
• In as much as possible, audit procedures should be designed to prevent and detect

fraud or irregularities.
• Ensuring that those in custody of cash be separated from accounting functions.
Audit Procedures
6. The following are the audit procedures to be followed in order to ensure the adequacy of
control over cash and bank balances.
6.1 Overall Procedures
6.1.1 Review the personal files of cashiers to check that:
• Complaints were not made against the cashier's honesty with a

view to assessing the degree of risk involved;
• A fidelity guarantee insurance and money insurance are

acquired;
• There exists clear job description detailing all duties,

responsibilities and accountability of the cashier;
• The cashier has proper education and training levels.
6.1.2 Ensure proper safeguarding of cash is made by verifying the existence of:
• Secure cashier’s office/safe box;
• Strict control over used and unused receipt vouchers;
__________________________________________________________________________________
110
• Proper and timely handover of cash by collectors is made to

main cashiers;
• Adequate control over cheques in that:
- Blank cheques are not signed in advance.
- Cancelled cheques remain undetached in the pad

being marked “VOID”.
- Safe box keys should be kept with the cashier only.
6.1.3 Review the organizational structure, duties and responsibilities of

accounts department to verify the existence of:
• Adequate qualified staff;
• Sufficient and satisfactory internal check mechanisms;
• Adequate and effective segregation of duties;
• Clear and precise job descriptions.
6.1.4 Ascertain that Ministry of Finance and Economic Development

directives as well as rules and regulations, policies and proclamations
are complied with:
• Identifying relevant directives, policies, rules and regulations

and proclamations pertaining to cash and bank balances;
• Review the practical situation prevailing in the public body;
• Compare and assess the directives, rules, regulations etc.
against the current situation.
6.2 Main and Assistant Cashiers' Balances
6.2.1 Ascertain the location of cash safes and identify suspense account
documents with money value.
6.2.2 Verify the existence of prenumbered official receipt vouchers.
6.2.3 Ensure that cash and cheque collection summaries are maintained and
check the summaries against cash receipts and cheques on sample
basis.
6.2.4 Verify that the cash and cheque collection summaries are checked by a
person other than the preparer as part of one’s duty.
__________________________________________________________________________________
111
6.2.5 Ascertain that daily receipts are deposited into bank on time and intact.
6.2.6 Check that updated records exist (when undertaking count), i.e. cash
book, transactions register, cash ledger. Record any unrecorded receipts
and expenditures.
6.2.7 Check the accuracy of cash book (rows, columns, balances).
6.2.8 Perform the cash count procedure on regular basis (e.g. monthly) and a
surprise count on irregular basis.
• Ensure the presence of the cashier and the chief accountant until the end
of the count of cash and cash equivalents.
• Having listed all relevant documents and valuables found in the safe,
seal the safe. The cashier and the chief accountant should sign the list.
• Similarly the cashier and the chief accountant should sign on the last
used page of the cash book (register of receipt and payment) and other
books of account and last used receipt to establish cutoff point used for
the audit.
• Administer safe – opening questionnaire and ask the cashier and senior
finance officer to sign it.
• Take care to prevent double counting of cash, cheques and stamps, etc..
• Count and record the amount of cash, suspense account and other
documents which have money value kept in the safe.
• Ascertain that all cash, cheques, stamps, etc. are counted.
• Sign along with the cashier and chief accountant on the count form.
• Compare the cash counted against the record balance (cash book).
• Make the cashier and chief accountant sign the cash balance comparison
form.
• Perform similar checks on other books of account which record receipts

and expenditures.
__________________________________________________________________________________
112
6.3 Petty Cash Balance
• Count the cash found in safe and cash boxes of petty cashiers and
register details of payment vouchers not replenished. The count sheet
should be signed by the petty cashier and the chief accountant.
• Seal the petty cashier’s safe.
• Ascertain the accuracy of computations in the petty cash book or

equivalent.
• Ascertain that all payments are authorized by a designated official.
• Verify that payments made are consistent with the rules of the petty
cash fund which should stipulate the types and maximum amounts of
permitted expenditure.
• Ask petty cashiers and the chief accountant to sign the petty cash
balance comparison record form.
• For further audit procedures please refer to petty cash payment

procedures under “Expenditure” section.
6.4 Suspense Accounts
• Ensure that the designated official, the cashier, the chief accountant and
the receiver have signed all documents giving rise to suspense account
payments.
• Verify with care all suspense account expenditures made in the name of
the cashier, the chief accountant or the head of the public body.
• Reconcile suspense account documents issued with payment documents

and cash held in the safe.
• Verify with care repaid/cleared suspense accounts where the relevant

documents (torn off stubs) are not available for examination.
• Ask the cashier and the chief accountant to sign the suspense account
count sheet.
__________________________________________________________________________________
113
• Check the age of suspense accounts (the period from issue to the date of
audit). Identify overdue suspense accounts and investigate the reason
for their outstanding.
6.5 Bank Balance
• Identify all bank accounts held in the name of the public body.
• Check bank balances with the bank by making several visits to the bank
during the month. Checking bank balances only after receiving bank
statements is not advisable.
• Ascertain the accuracy of the bank reconciliation statement prepared by

the accounts section of the public body .
• Check that outstanding cheques shown in the bank reconciliation

statement for the current month are included in the bank statements of
the public body for the following month or months.
6.5.5 Ascertain there are no cheques outstanding for more than six months.
6.5.6 If there are long outstanding cheques, ask accounting staff to make the
necessary adjustments in respect of them (for instance make write-back entries
in cash book to cancel the overdue cheques).
6.5.7 Ascertain that the cashier does not present “bounced” cheques during the cash
count in order to prevent means of covering defalcation.
6.5.8 Ascertain the inclusion in the following month’s bank statement of deposits in
transit shown in the cash book in the previous month (by checking their
accuracy against bank deposit slips) to prevent their use for covering
misappropriation.
6.5.9 Make further investigation when uncommon and high value adjustments appear
in the bank reconciliation. Check also unusual high value withdrawals
appearing in the bank statement.
6.5.10 Ensure that bank reconciliation statements are prepared monthly.
6.5.11 Ensure that errors made by bank are notified to the bank as soon as possible.
__________________________________________________________________________________
114
SECTION III
RECEIPTS AND RECEIVABLES
Introduction
1. Money collected by way of taxes, custom duties and other revenues enables the
Government to carry out its social and economic programs. The methods used for
ensuring collection are, therefore, critical to the government’s ability to deliver public
services. While taxation and customs provide the largest sources of revenue, most
government entities collect smaller sums of revenue arising from fees, licenses and other
charges. Consequently, all government entities require adequate collection and revenue
management systems, to ensure that sums due to the State are properly collected and paid
into government bank accounts. Revenues, particularly when collected in cash, are
vulnerable to diversion and loss. Moreover, some government staff may be tempted to
forgive debts due to the state, for personal gains. Therefore, the internal control
measures put in place by management to control and safeguard receipts and debtors, need
to be proportionate to the risks involved.
Definition
2. Government receipts include collections received in cash and kind. These can be divided
into five major parts:
• Tax Revenue
• Non-Tax Revenue
• Grants
• Proceeds of loans from both domestic and foreign sources
• Capital Revenue
3. These guidelines apply to all government revenues. However, it is realized that taxation,
customs and excise may require more specific treatment than is stated here.
4. Over all internal control systems for the management and control of receipts and
receivables are the responsibility of the Head of the public body concerned. They
include:
• Having adequately trained and qualified staff in charge of all aspects of revenue
management and control.
__________________________________________________________________________________
115
• Establishing adequate official procedures for all aspects of revenue and debt
management (e.g. authorizing actions; making entries in accounting records;
ensuring the accuracy of accounting records; safeguarding cash and other
valuables; ensuring that cash received is quickly banked and accounted for;
keeping adequate records and supporting documents; etc.).
• Providing a procedural manual and/or official instructions (in the case of public
bodies with large revenues) and giving training to ensure that staff know official
procedures and how to comply with them.
• Specifying clear lines of responsibility for all actions regarding revenue collection
and management of debtors including the responsibility for authorizing actions
and transactions.
• Ensuring that a system of reporting to the Head of the public body is in place and
that it is appropriate to his/her needs.
• Carrying out checks to ensure that the procedures established by the Head of the
public body are working as intended.
• Ensuring a system of internal check whereby the work of one employee is

checked by the other.
• Making sure that there is segregation of duties of those who are in custody of
assets, those who keep records and those who determine, assess and adjust
revenues.
• Ensuring a system that ascertains compliance with proclamations, directives, rules

and regulations.
• Rotating the duties of staff in as much as time, skill and staff availability allows.
5. The internal auditor should evaluate the internal control system of the public body
with a view to assessing whether proper procedures exist for managing and
controlling receipts and receivables and whether the procedures operate as
intended. The internal control system for controlling receipts and receivables
includes the following:
__________________________________________________________________________________
116
5.1. Income From Budget Transfers (Recurrent and Capital Budget), Disposal Of
Property And Sundry Accounts
The cashier must issue official cash receipt vouchers for collections from all
sources including those from the budget, resulting from disposal of property and
sundry accounts. Sufficient control mechanisms should be established to ensure
that only appropriate income is collected. Such collections should be properly
recorded in the books of accounts. The above procedures apply to:
• all deductions withheld by the Ministry of Finance and Economic

Development (e.g. income tax, pension contribution).
• deposits collected from third parties such as bid and performance
securities, etc.
• proceeds of repayment of loans made to other parties, unclaimed salary,
and income from fines and other sources.
5.2 Tax Revenue
• A control mechanism is needed to ensure that taxes and custom duties are
properly assessed and adjusted in accordance with existing law and tariffs,
and that sums due are efficiently recorded and collected.
• For all taxes and customs duties there should be complete separation of
responsibility between assessment and adjustment, and between
responsibility for recording sums due and the actual collection of those
sums. There should be an effective "firewall" between assessment and
collection.
• For all receipts there should be a monitoring mechanism to record

variations between estimated and actual collections and to ascertain the
causes of large variations.
5.3 Non-Tax Revenue
• The income collected from sale of goods and services rendered by the
public body must be in accordance with rates set by the government.
• The determination of fees and charges and the preparation, collection and
recording of receipts should be done by different staffs of the public body.
• There should be a strong control mechanism for recording and controlling

advance payments and their subsequent liquidation to prevent
misrepresentation and defalcation.
__________________________________________________________________________________
117
5.4 Collection from debtors account
• There should be a debtors’ register in which debtors are recorded

alphabetically by name so that their records can be conveniently accessed.
• A debtors’ schedule should be prepared showing an age analysis of sums

due. It should be regularly submitted to top management of the public
body on a timely basis. Sums collected from debtors should be similarly
reported.
5.5 Grants and Loan
• There should be a system of control that ensure the compliance with the
grant or credit agreement.
• The use of official receipt vouchers.
• Proper maintenance of books of account.
5.6 Receipts (common to all)
• Ensuring that collections are made by official receipt vouchers.

• Making sure that adequate control is made over used and unused receipt
vouchers.
• Ensuring that collections are properly summarized, checked, recorded and
deposited.
Audit Objectives
6. The Financial Administration Proclamation requires that no public money shall be

collected unless (a) it is authorized by law and (b) it is recorded on official receipts of the
Ministry of Finance and Economic Development. Therefore, the objectives of the audit of
receipts and receivables include but are not limited to: -
• ensuring that all collections are in compliance with the proclamation.
• ascertaining that all receipts are deposited to central treasury account regularly.
• making sure that all receipts are recorded properly and that the books of account
show the correct receipts for the specific financial period.
• ascertaining that all deductions withheld are properly recorded and accounted for.
• ensuring that financial reports are in accordance with the books of accounts.
__________________________________________________________________________________
118
• making sure that there is appropriate segregation of duties.
• ensuring that in as much as possible there is proper rotation of duties.
• ascertaining the system of internal check.
• ascertaining compliance with relevant proclamations, rules and regulations.
Audit Procedures
7. The following audit procedures are to be followed to verify the existence and operation
of appropriate controls.
8. Overall Substantive Procedures
8.1 Secure financial statements or reports concerning receipts (income) and

receivables.
8.2 Check that proper supporting schedules exist that support financial statement or
reported figures.
8.3 Ascertain that items stated in financial statement or reports agree with ledger
balances.
8.4 Compare the current years revenue with that of last year and that of the budget.
Secure necessary justifications for major variations.
8.5 Check accuracy of schedules /financial statements and reports - casting.
8.6 Perform reconciliations where possible.
9. Receivables
The audit of receivables includes but is not limited to:
9.1 checking that a schedule of receivables is regularly and accurately prepared

incorporating an age analysis and that it is reported to management.
9.2 Examining the nature, age and amount of receivables.
__________________________________________________________________________________
119
9.3 Ascertaining that proper and up-dated general (control) and subsidiary ledger
cards are maintained. Ensure also that the total subsidiary ledger balances agree
with that of the control ledger balance.
9.4 Check schedule balances against ledgers.
9.5 Ascertaining that there is a proper register of sums charged, money received in
settlement and amounts outstanding.
9.6 Ensuring that all necessary measures are taken to collect debts.
9.7 Seeing that there is a strong follow up mechanism for collecting from overdue
debtors in particular regarding delinquent cases already reported to court.
9.8 Ensuring that debts which cannot be collected after repeated attempts, are written
off in accordance with official procedures and that the write-off of debts is
properly controlled and authorized.
9.9 Ascertaining that the cash collected from debtors is properly accounted for and
recorded in individual ledger cards corresponding to each debtor.
9.10 Ascertaining whether statement of accounts of receivable balances are exchanged
with major debtors.
9.11 Sending request of confirmation for major receivable balances, depending on
materiality and risk involved. Review responses received.
9.12 Ascertaining compliance with directives in respect to both short and long term
loans to staff.
10 Income From Budget Transfers (Recurrent and Capital Budget), Disposal of Property
And Sundry Accounts
10.1 Ascertain that official vouchers are used for recording collection of all types of
receipts, including receipts from budget transfers, disposal of property, sundry
accounts, etc.
10.2 Check that all recurrent and capital budgets transferred to bank from Ministry of
Finance and Economic Development or collected directly from Treasury
Department in cash, are in line with the authorized and allocated budget.
10.3 Ascertain that all personal income taxes, fines and pension contributions are
properly computed and deducted from employees' salaries.
__________________________________________________________________________________
120
10.4 Ensure that there are receipt vouchers for all deductions withheld and that the
amounts are properly calculated and recorded in the accounts.
10.5 Ascertain that all public bodies which make charges for services rendered do so in
accordance with the relevant proclamations and regulations.
10.6 Ensure that receipts resulting from services rendered, the disposal of assets,
charges, fines, donation, etc. are properly transferred to central treasury account.
10.7 Ascertain that disposals of assets are conducted as per the Financial
Administration Proclamation, regulation and directives.
10.8 Ascertain that the collection of money from other sources are in accordance with
the relevant agreements and Financial Administration Regulations, adequately
supported by documents where appropriate and that they are reported to the
Ministry of Finance and Economic Development in a timely manner.
10.9 Examine receipts to ensure that they have been properly classified, summarized
and recorded in the books of accounts.
11. Tax Revenue
11.1 Receipts from income, excise and value added taxes:
11.1.1 Ensure that official cash receipt vouchers are used to collect all taxes.
11.1.2 Ensure that ledger cards and tax file are maintained for taxpayers and that
relevant and detailed documents are kept in the tax files.
11.1.3 Ensure that the names, addresses, identification numbers and other details
are recorded in an appropriate register or tax file.
11.1.4 To ensure the adequacy of control over collection and recording process:
• Select sample of collections – state the sample, sampling method,

population etc.
• Check that sums collected are properly, classified and coded.
• Check that all sums collected are recorded on to registers

(journals) and ledger cards.
• Ensure that sums collected are deposited in tact and on time to

central treasury account.
__________________________________________________________________________________
121
• Ensure that taxes are collected within the period prescribed in the
relevant tax regulation.
• Ensure that relevant details are kept in the taxpayer file.
• Check that the fines imposed on those who fail to pay their taxes in
time, are in accordance with relevant tax regulations.
11.1.5 To ensure that taxes are assessed in accordance with the relevant tax
regulations:
• From taxpayer file:
• Select sample of taxpayers files state the sample, sampling

methods, population, etc. (by each category/class);
• Check whether the income of the taxpayer is declared and

that tax returns are filed.
• Check whether the taxpayer is audited by tax inspectors (to

ascertain whether the tax payer is assessed or not).
• If the tax payer is assessed by tax inspectors:

- Check the assessments made by tax inspectors as to
whether it is in accordance with the relevant tax
regulation.
- Check that the assessments are reviewed and
approved by a higher official
• If the taxpayer is not assessed by inspectors:

- Check that proper income declaration and tax
returns are filed.
- Assess the tax due in accordance with tax rules and

regulations and review it against tax returns and
payments made by the taxpayer.
• Ascertain that penalties are levied from late taxpayers as

per the tax regulation.
• Check cash collection against the cash receipt voucher and

relevant assessments.
__________________________________________________________________________________
122
• From inspectors work/assessment forms:
• Select sample of assessments.
• Ensure that tax assessments are as per relevant tax

regulation.
• Ensure that the assessment is reviewed by higher officials.
• From cash receipt vouchers:
• For the samples selected under procedure 11.1.4:
• Check the cash receipt against tax assessments.
• Check tax assessments against tax regulations.
11.1.6 Verify that the duties and responsibilities of tax assessment, collection of
cash and record keeping are effectively segregated and carried out by
different staffs.
11.1.7 To ensure that all taxpayers are identified with an objective of ascertaining
completeness of income:
• Select sample taxpayers from business licences or VAT

registration number lists.
• Ensure that tax file is maintained for the taxpayers selected.
• Ensure relevant information like addresses, names and other details

are kept in the tax files.
• Review the files for tax assessment and payment by the taxpayer.
11.1.8 Where tax relief is granted ensure that it is given as per directives,
regulation, official letters of approval, etc.
11.1.9 Ensure the existence of a system of internal check whereby the work of
one employee is checked by another.
11.2 Income from non-excise taxes
11.2.1 Ascertain that customs duties are properly assessed and collected.
__________________________________________________________________________________
123
11.2.2 Identify variations between the estimated and actual collection from
customs duties and when significant verify their causes.
11.2.3 Ensure that all exported and imported goods are properly taxed in
accordance with relevant regulations.
11.2.4 Ascertain that all rent, transit charges, income from the sale of customs
declaration forms, and license fees are collected in accordance with the
customs duty regulations,
11.2.5 Ascertain that goods left in customs warehouses for more than six months
and smuggled goods are disposed of according to the requirements of
official regulations, including recording and storing procedures.
11.2.6 Ensure that appropriate receipt vouchers are raised for foreign currency
and valuables confiscated because of illegal transfer and that they are
properly recorded.
11.2.7 Ensure that cash collected from disposal of confiscated assets is deposited
intact to the central treasury account.
11.2.8 Ascertain that separate individuals have carried out duties of confiscation,
issuing of appropriate receipt vouchers, recording and disposal.
11.3 Income from other taxes:

11.3.1 Ensure that all other taxes are properly assessed as per tax regulation.
11.3.2 Ensure that other taxes are properly summarized, classified and recorded
into books of accounts.
11.3.3 Ensure the use of official receipt vouchers.
11.3.4 Ensure maintenance of tax files.
11.3.5 Ascertain that collections are deposited intact and on time.
11.3.6 Other procedures as relevant can be applied from above.
12. Non-Tax Revenue

Government institutions such as hospitals, health centers, colleges, universities, etc.
render services and also generate and collect income when they charge for the supply of
services. The audit of receipts from sale of goods and services includes but is not limited
to:
__________________________________________________________________________________
124
12.1 Ensuring that all incomes are properly classified and recorded in the books of
account.
12.2 Ascertaining that the rates used for the calculation of charges are in accordance
with the relevant regulations.
12.3 Ascertaining that all receipts have been properly determined and that no income
has escaped control or recording to ensure completeness.
12.4 Verifying that all used and unused receipt vouchers are properly kept.
12.5 Ensuring that all cash receipt vouchers are sequentially numbered and are used
accordingly.
12.6 Ensuring that all the daily collections are forthwith deposited to bank or handed
over to the main cashier.
12.7 Ascertaining that all money collected is deposited intact to the central treasury
account.
12.8 Ensuring that the duties of collection and recording are carried out by separate
individuals.
12.9 In cases where the public body uses a part or the whole of sums collected,
ensuring that the sums so used are properly authorized by Ministry of Finance and
Economic Development and/or by appropriate regulation and that they are
adequately controlled.
13. Income from Grant and Loans
13.1 Secure all lists of grant and loans. Ensure that all are approved by Ministry of
Finance and Economic Development (MOFED)
13.2 Ensuring that all separate bank accounts are notified to MOFED.
13.3 Select major grants/loans agreement and receipts and perform procedures
mentioned below.
13.4 Secure and review the grant/loan agreement.
13.5 Check compliance with the grant/loan agreement, its conditions and requirement
concerning collection.
13.6 Ensure that official receipts are issued along with acknowledgement letters (if
required) concerning cash receipts.
13.7 Ascertain that cash collected are recorded in the books of account (registers,
ledgers).
13.8 Where appropriate review the adequacy of supporting documents that support
cash collections.
__________________________________________________________________________________
125
13.9 For donation in kind, ensure that proper goods receiving note is issued.
13.10 Ascertain that receipt of the goods is completely and properly recorded in:
• Stock cards;
• Books of accounts.
13.11 Check valuation of aid in kind is carried out as per the Financial Administration
Regulation and Directives. Review the adequacy and relevance of supporting
documents.
13.12 Review receipts against budget.
14 Common Procedures for all Receipts
The following procedures are common to all receipts of the public body. Although some
of them are included in specific income procedure dealt above, they are repeated here to
emphasize their importance.
14.1 Ensure that adequate control is maintained over used and unused receipt
vouchers:
• Check the whereabouts of unused receipts and that restricted access is

exercised over them.
• Check that stock cards and bin cards are maintained that show receipts,
issues and the unused balances.
• Check that cancelled receipts are kept undetached with the pad being
marked “VOID”;
• Check the sequence of used receipt vouchers to ascertain completeness.

14.2 Ensure that collections are summarized.
14.3 Ascertain that the collection summaries are checked by an employee other than
the one who has prepared it.
14.4 Ensure that collections are deposited intact and on time to central treasury
account.
14.5 Check that approval is secured where the collections are used (after they are
deposited to bank intact) to finance the budget of the public body.
14.6 Check that an independent person oversee (review) that all collections are
deposited intact and on time.
14.7 Ensure that receipts are properly recorded to books of account (ledgers,
registers).
__________________________________________________________________________________
126
NTERNAL AUDIT MANUAL PART FOUR
SECTION IV
STOCKS
Introduction
1. As many stock items are portable, easily exchangeable and readily convertible to
cash, they are susceptible to theft, loss and misappropriation. It follows that a
strong internal control system should be established and followed in order to
safeguard such items. The internal auditors of public bodies should, therefore,
thoroughly review the existing internal control system in this area, comment on
its weaknesses and recommend what should be done to improve it. In this
section, the definition, audit objectives, internal control system and audit
procedures for stock items are briefly presented.
Definition
2. Stock items are part of current assets, which are normally purchased, but may also
be produced by the entity. They are held as stock, and used and replaced during
the year. At the year-end there are normally stock items which are carried
forward for use in future periods. Items which make up the stock of a public body
vary from case to case. In general, stock items include, but are not limited to, the
following categories:-
• Stationery and office supplies

• Cleaning materials
• Fuel and lubricants
• Spare parts
• Medicine and medical supplies
• Other items which are consumed or sold in the normal course of operation
within a year or business cycle.
__________________________________________________________________________________
127
3. Internal control systems for stock items are the responsibility of the senior
managers of the public sector body. They include:-
• Having adequately trained and qualified staff in charge of all aspects of the
storage, receipt, issue and management of stock.
• Establishing adequate official procedures for all aspects (e.g. authorizing

actions, receiving and issuing stock, making entries in accounting records,
ensuring the accuracy of accounting records, safeguarding stock items,
specifying limits and ceilings for the holding of particular items,
establishing procedures for stock acquisition and disposal, keeping of
records and supporting documents, etc.).
• Providing a procedural manual and/or official instructions and giving

training to ensure that staff know official procedures and how to comply
with them.
• Specifying clear lines of responsibility for all actions regarding stock

including the responsibility for authorizing actions and transactions.
• Ensuring that a system of reporting to management is in place and that it is

appropriate to management needs.
• Carrying out checks to ensure that the procedures established by

management are working as intended.
• Preventing the purchase of items which are not needed and the build-up of
excessive stock.
4. The audit section should evaluate the internal control system of the public body
with a view to assessing whether proper procedures exist for managing and
controlling stock and whether the procedures operate as intended. The internal
control system for managing and controlling stock includes the following:
__________________________________________________________________________________
128
4.1 Acquisition of Stock Items
• Public bodies should arrange purchases according to a plan.
• All public bodies must purchase required materials in accordance with

existing financial administration regulations and directives.
• The purchasing system should aim at achieving value for money in

terms of price, quality and suitability of the items to be bought.
• Items of stock acquired through means other than purchase should be

properly valued and recorded.
4.2 Receipt of stock items
• Stock items acquired should be inspected and counted, measured or

weighed and compared with invoices and delivery notes to verify
adequate delivery.
• All stock items (e.g. acquired through purchase, donation,

expropriation, inheritance and the like) should be entered into the store
of the public body only after a goods receipt note has been created.
• Goods return notes should be issued if previously distributed stock

items are returned to store.
4.3 Issue of Stock Items
• Only when requested by means of an authorized goods requisition

form printed by the Ministry of Finance and Economic Development
should the storekeeper of a public body issue stock items.
• A designated official should authorize the issue of stock items to

individual users.
• When stock items are issued, they should be listed on a goods issue
note which is signed by the receiver.
4.4 Recording of Stock Items
• All stock items whether acquired through purchase, donation,

inheritance, or expropriation should be recorded in the receipt column
of the bin card and stock card maintained for each stock item.
__________________________________________________________________________________
129
• Authorized issues of stock items are to be recorded in the issue column

of the bin card and stock card maintained for each stock item.
• The arithmetical accuracy and the proper recording of stock items in

each bin card and stock card are to be ascertained at regular time
intervals.
4.5 Storage and Security of Stock Items
• The store should be close to a road or other means of transport to

facilitate the receipt and issuance of stock items.
• The store shall be built and organized in such a way that stock items
are safely kept, and damaged, defective or obsolete stock items can be
easily identified.
• The arrangement of materials in the store should be in terms of their

type and nature to ensure proper control.
• Obsolete and slow moving materials shall be segregated from other

materials and kept apart until a decision to dispose of them is taken.
• No one except the storekeeper should be allowed to enter the store

without permission from an authorized official.
• No stock items should enter or be issued from the store without the
raising of goods receiving and goods issuance notes, respectively.
• As far as possible the store should be safeguarded from fire, flood,

theft and other natural and human made calamities.
4.6 Physical Count of Stock Items
• Stock should be counted according to an established system. For this,

a specific instruction regarding stock counts is needed.
• A physical stock count should be carried out at least once a year.
• Independent staff members who are responsible for stock custody

should be selected by the head of the public body to carry out the
physical count which should occur in the presence of the storekeeper.
__________________________________________________________________________________
130
• The physical count for each item should be compared with the balance
appearing on the stock card. Significant differences between the count
and the amount recorded on the card should be properly investigated
and appropriate action taken.
Audit Objectives
5. The objectives of audit of stock items include but are not limited to:
• Ascertaining that there is a strong internal control system regarding the

receipt, storage and issuance of items of stock.
• Ascertaining that there are appropriate stock receiving notes and stock
issue vouchers.
• Ensuring that stock items acquired through purchase, donation,

inheritance or expropriation are properly recorded, safeguarded and
utilized in accordance with principles of good management and public
finance administration regulations and directives.
• Ascertaining that all issues from stores are on the basis of approved
stock requisition forms.
• Ensuring that there are bin cards/stock cards for recording the quantity
and value of stock items. Bin cards contain quantity movements only.
• Ensuring that there is segregation of duties of staff between activities

such as maintaining stock records and dealing with physical receipt
and issuance of stock.
• Ensuring also that there is segregation of duties among responsibilities

for ordering stock items, receiving stock items and authorizing
payments for the acquisition of stock items.
• Ascertaining that necessary caution is exercised to ensure that the

stock balance in store is within the optimal prescribed limit and is not
in excess of periodic requirements.
• Ensuring that appropriate measure is taken in respect of slow moving

and damaged stock items and that the disposal of surplus stock follows
public finance administration regulations and directives.
__________________________________________________________________________________
131
• Ensuring that the environment in which stock items are stored is

adequate and appropriate bearing in mind the need for physical
safeguard against loss.
• Ascertaining that there is a physical stock count at least at the end of

each fiscal year to ensure the accuracy of stock records and stocks
actually held.
Audit Procedures
6. The ensuing are audit procedures to be followed in order to assess the adequacy
of control of stock items:-
6.1 Acquisition, Receipt, Distribution, Recording, Storage and Security of

Stock Items
• Review the internal control system covering stock items and

identify problem areas if there are any.
• Ascertain that there is a mechanism for the storekeeper to verify

that stock items purchased are similar to samples submitted by
suppliers before purchase.
• Ascertain that a system exists for measuring, counting and weighing

stock items acquired through purchase, donation and other means.
• Ensure that goods receiving notes are issued for all stock items
received and that they are properly recorded in stock records.
• Ensure that an authorized requisition form supports the issuance of

stock items.
• Check that separate individuals carry out the duties of procurement,

store keeping, and record keeping.
• Identify high value stock items and determine whether their

conditions of storage are adequate.
• Seek professional advice if there is difficulty in understanding the

nature and content of special stock items.
• Verify that shortage or damage of stock items is promptly reported

to the responsible authority for appropriate action to be taken.
__________________________________________________________________________________
132
6.2 Activities To Be Carried Out Before The Physical Count Of Stock Items
• Identify the number and location of stores.
• Identify the staff members involved in different aspects of

inventory management.
• Present internal control questionnaires for stock items (see

Appendix) to the head of general service and the storekeeper and
complete them carefully.
• Mark the cut off date on the last used page of the stock register
books, stock cards, goods receiving notes and goods issuance notes
and ask the responsible persons to sign them.
6.3 Activities To Be Carried Out During Physical Count Of Stock Items
• The internal auditor should ensure that the physical count is taken
in accordance with the stock count instruction provided by the head
of the public body and that the instruction has been properly
followed.
• If there is doubt concerning the adequacy of the stock count, a

sample of stock items may be recounted to ensure that they are in
agreement with the count sheet.
• The auditor should ascertain the methods to be used for identifying

damaged, obsolete, broken or slow-moving stock items. The
internal auditor should take note of damaged, broken, obsolete and
slow moving stock items and ensure that they are written down to
net realizable values.
• The auditor should take note of any variations that come outside the
physical count instruction.
• The auditor should ascertain that goods belonging to third parties

are segregated from other stock items before the physical count is
carried out.
6.4 Activities To Be Carried Out After The Physical Count Of Stock Items
• The auditor should ascertain that all the goods receiving notes,
goods issuance notes, stock cards and bin cards are marked and
signed as of the cut off date.
__________________________________________________________________________________
133
• The auditor should check the arithmetical accuracy, the quantity

and total value of stock items in the stock count sheet and ensure
that it is signed by the responsible individuals.
• The auditor should also check that the physical count sheet is in
agreement with bin cards and stock cards balances so that there are
no differences between the physical count and the records.
• If the auditor suspects that the physical count of stock items has not
been taken properly the head of the public body should be
informed.
• The auditor should seek external confirmation of stock items held in

the name of third parties. There should be a physical count to
verify stock items held on behalf of third parties.
__________________________________________________________________________________
134
SECTION V
FIXED ASSETS
Introduction
1. Fixed assets, as per financial administration regulation, is any tangible asset

costing Birr 200 or more that is in operational use and that has a useful economic
life of more than one year. Examples are computers, buildings equipment,
vehicles, airplane, ships, etc. Since governments and donors invest substantial
amount. Capital expenditure in acquiring fixed assets, it is very important that
management should adopt strong internal control system to accurately record and
adequately safeguard the assets ensuring at the same time effective and efficient
use of them. On the other hand, the auditor must generally ensure that the
measures taken by management in controlling and managing fixed assets are
sound and consistent with current standards and applicable government
directives.
2. General
• Establish clearly stated procedures for delegation and segregation of duties;
• Ensure compliance with Authority limit and procedures for processing of

transactions with applicable directives and law/ regulation of government;
• To keep accounting records which are both accurate and up-to-date.
Ensure that there are procedures and policies established by Management which
are not easily over ridden.
3. Acquisition
• Ensure that acquisition of fixed assets is well planned and that alternative
means have also been equally considered;
• Ensure that competitive purchasing methods are adopted (e.g. by open

tender) as far as practicable;
__________________________________________________________________________________
135
• For detail requirement of purchasing – refer section on (Audit of

Procurement).
4. Registration
• Set up a system to correctly and fully record fixed assets owned by a public
body and projects financed by donors in separate fixed asset registers;
• Ensure that fixed asset registers provide all necessary information as required
by the applicable directive of the government;
• Identification number should be given to each fixed asset and the number
should be recorded as reference in the register of fixed asset;
• Ensure that the register is immediately updated when fixed assets are moved
from one location to another.
5. Protection/safeguarding/
Establish procedure for protecting all fixed assets. Particular consideration

should be given to the following factors;
• Employment of securities and operators;
• Restricting access to the assets;
• Adequately insuring high value assets, and
• Servicing regularly.
6. Physical verification
• Establish a policy to conduct inventory of fixed assets at least once a year and
to compare the results with the records;
• Produce regular reports about physical condition of fixed assets, regarding

obsolescence, damage, breakage, etc. to respective senior managers;
• Identify phased out projects of donors and ensure that all fixed assets of the
projects are handed over to the concerned authority as per the agreement.
7. Disposal
__________________________________________________________________________________
136
• Ensure that list of disposable assets has been prepared and reviewed and
commented by an appropriate technically qualified persons;
• Ensure that disposal whether through sales or other means should be authorized
by designated official;
• Observe the required procedures of government directives which deal with

disposal of fixed assets;
• Institute a system of reporting the reasons for and result of the disposal to senior
management.
8. Audit Objectives
• To design an audit procedure to provide reasonable assurance on whether

internal controls are applied properly;
• To design audit steps to provide reasonable assurance of compliance with

applicable laws and regulations;
• To examine accounts and fixed assets register, with a view to assuring that all
acquisitions and disposals are accurately and fully recorded.
9. Audit Procedures
Examine a sample of invoices and contracts to ensure that:-
• Purchases of fixed assets are supported by budget;
• Relevant supporting documents such as purchase requisitions, purchase orders,

goods receiving reports, etc. are in order;
• Acquisition is authorized;
• To avoid duplication of work refer procedures covered in “Audit of

procurement”
10. Examine A Sample Of Issue Vouchers To Ascertain:
• That store requisitions are made by the appropriate user department;
• That all issuances are approved;
• That issued fixed assets are immediately recorded on fixed assets register.
__________________________________________________________________________________
137
11. To Confirm Existence, Maintenance And Insurance
• Ascertain that all registered assets are given identification numbers (fixed with
tag number);
• Carry out physical inspection of fixed assets periodically and/or annually and
compare this against fixed assets register;
• Where there are various agents and/or projects which are located far from the
Head Office, inspection visits should be made on a sample basis in such a way
that the sampling would enable you to visit all numbers of the group at least
within five year plan of government;
• Observe and note the condition of fixed assets held by public body (for being
scrap, obsolescence, damage, excess etc.) and compare with the report of
management.
12. Determine Whether
• Insurance coverage of fixed assets was adequate in value;
• Insuring methods used are efficient.
13. To Confirm disposals and write-offs
Obtain schedule for fixed assets disposed of and written off during the year and
ensure that:
• Senior management has approved the disposal and the writing off;
• Whether management has properly evaluated other factors including alternative

uses of the fixed assets prior to disposal;
• The procedure applied in disposing of and writing off fixed assets is consistent
with the directives and regulations of the government.
14. To Confirm Accounting Records
Select large and unusual amounts (debit or credit) out of current year movements
in general ledger account of fixed assets and :-
• Vouch to source documents such as, invoices, suppliers receipts, goods

receiving notes, purchase order, etc.
__________________________________________________________________________________
138
• Compare amount credited representing disposal of a fixed asset with that

amount recorded in fixed asset register as “original cost”
• Ascertain that all entries in general ledger account are approved by designated
persons;
• Ensure that there is segregation of duties between custody of fixed assets and
recording on registers and ledger accounts;
• Identify adjustments and ensure that they are substantiated by genuine and
properly approved documents.
15. The Protection And Handling Of Government Vehicles
• Ensure that the public body acquires and disposes vehicles on the basis of
relevant directives of the Government.
• Ascertain that there is a chief of transport (or other designated senior manager)
who controls all aspects of vehicle management;
• Ascertain the existence of control mechanisms (driver’s log books; checks on

mileage readings etc.) to ensure that the vehicles of the public body are only
used for government duties;
• Ascertain that the vehicles of the public body are only driven by the drivers and
eligible officials of the public body;
• Make sure that all eligible officials and drivers are using government vehicles
properly and with due care as per relevant guidlines;
• Ascertain the reporting procedures in principle and in practice when drivers and
eligible officials are involved in accidents causing damage to government
vehicles;
• Make sure that drivers and eligible officials who damage government vehicles
as a result of their own carelessness or negligence, are held responsible for the
cost of repairs;
• Ensure that vehicles of the public body receive maintenance at regular intervals;
• Ensure that those who receive transport allowances do not at the same time
utilize a vehicle of the public body.
__________________________________________________________________________________
139
SECTION VI
PAYROLL
Introduction
1. As Government sets aside substantial amounts for salaries and allowances, the
systematic and proper management of the same should be ascertained by the audit of
salaries and allowances.
2. In this section, the objectives, internal controls and audit procedures for salaries and
allowances are briefly stated.
Internal control system
3. All public bodies should maintain an appropriate internal control system with regard
to controlling salaries and allowances including the following: -
3.1 Personal files of employees
• ascertaining that the personnel section maintains adequate records regarding

employees’ salary information (e.g. information originating from staff
recruitment, the salary of incoming and outgoing staff; changes in salary
scales; changes in personal circumstances that have an impact on salary,
deductions and allowances; the amount of approved deductions and the
formal documents supporting the current level of payments);
• ensuring that staff employment, transfer, departure, change in salary, details

of deductions and the like are approved under the signature of an authorized
official and sent to payroll section before the payroll sheet is prepared;
• ascertaining that the personal files of employees are in the safekeeping of a

designated staff member who is not part of the Accounts Division and
Payroll Section.
3.2 Attendance sheet
• ensuring the accuracy of attendance sheets (or other documents confirming

the performance of distinct duties) and their approval by designated
officials;
__________________________________________________________________________________
140
• ensuring that documents confirming entitlements to over-time or other

monetary benefits are signed by the immediate superior of the employee
(the superior must not be engaged in payroll preparation and effecting of
salary payment);
• verifying that duties such as ascertaining the accuracy of attendance sheets

and the preparation of payroll are not carried out by the same staff.
3.3 Payroll sheet
• checking that gross pay, deductions, allowances and unclaimed salary have
been computed accurately and on the basis of current scales and eligibility;
• ascertaining that the accuracy of payroll calculations is verified by a staff

member other than those preparing the payroll;
• checking that staff engaged in payroll preparation and the computation of

pay are independent of staff engaged in the keeping of personnel files.
3.4 Deductions from salary
• ensuring that deductions of a repetitive nature such as those for personal

income tax, pension, repayment of loan and the like, are allocated separate
columns in the payroll sheet;
• ascertaining that deductions other than those determined by law (such as

deduction for edir contribution, resettlement bank loan, family allowance,
and the like) are deducted from the salary of an employee only after a
written application from the employee is authorized by the concerned
official and that such documents are kept in the personal file of the
employee;
• checking that collections from salary deductions are paid to the concerned
public bodies and other beneficiaries in full and in a timely manner.
3.5 Payment of salary
• Checking that any changes to staff salaries, arising from such factors as the
employment of new staff, promotion, dismissal, fine or court judgment, are
communicated to the payroll section before the preparation of the payroll
sheet;
__________________________________________________________________________________
141
• Assuring when allowances are paid in addition to basic salary, that

documents exist in the individual personnel files of officials and ordinary
staff members receiving allowances, which certify their eligibility to the
allowances;
• Ascertaining that the payroll sheet prepared for effecting the payment of
wages to daily laborers is supported by contracts of employment and a
signed attendance sheet;
• Confirming that the different duties in the payroll section ranging from
initiation of payroll calculations to delivering the payroll sheet for the
effecting of salary payment are carried out by different persons;
• Checking that the various staff members who are engaged in preparing,
reviewing and approving the payroll sign in their respective places on the
payroll sheet;
• Ascertaining that the accuracy of details in the payroll sheet such as names,
working hours, over time, salary scale and the computation of deductibles, is
verified by a staff member who is entirely independent of those who have
prepared the payroll sheet;
• Ensuring that the total salary payment for each month is compared with the
payment made in the previous month and that the causes of any difference
are identified and explained.
Audit objectives
4. The objectives of the audit of salaries and allowances include but are not limited to the
following:
• to ascertain that there is a strong internal control system to prevent theft and
fraudulent acts during the preparation of payroll sheet, recording and effecting of
salary payment;
• to ascertain that deductions from salaries are made in accordance with the existing
proclamation and other relevant legislation;
• to ascertain that the salary payment being effected is for services rendered by
employees and to ensure that the persons who receive salaries actually exist, and
are in fact entitled to the payment of salary;
• to ascertain that the payment of allowances is effected strictly in accordance with

the relevant legislation;
__________________________________________________________________________________
142
• to ensure that the arrangements made with respect to unclaimed salary are in
accordance with regulations and that the unpaid sums are correctly retained and
properly recorded;
• to ensure that the necessary controlling mechanisms exist to prevent unclaimed

salary being utilized improperly.
5. Audit procedures
• The following audit procedures should be followed in order to ensure the proper
control of salaries and wages: -
5.1 Personal file of employees
• See whether the personnel section holds employees’ personal files, which
contain information such as letter of engagement, letter of resignation,
notification letter of salary scale, documents related to special deductible
items, and other relevant information;
• Ensure that employees’ engagement, resignation, change in salary scale and

details of special deductible items have been approved by a designated
official and that appropriate instructions are sent to the payroll section
before the payroll for the month is prepared;
• Check that documents kept in employees’ personal files have been signed
by officials who are not involved in payroll preparation;
• Ascertain that employees personal files are kept in the custody of a staff
member who is not part of the accounts division or payroll section.
5.2 Attendance sheet
• Ensure that the accuracy of attendance sheets (or similar documents for
those under contract) have been approved by appropriate officials not
involved in the preparation of payroll;
• Ascertain that staff members who are responsible for ensuring the accuracy
of attendance sheets are not involved in the preparation of payroll;
• Check that documents giving an entitlement to the payment of overtime and

other benefits are signed by the immediate superior of the employee who is
eligible for that entitlement (and that such superior is not involved in the
preparation of payroll and effecting of salary payment).
__________________________________________________________________________________
143
5.3 Computation of Payroll
• Ascertain that the payroll clerk does not have direct access to employees’
personal files;
• Ensure that the computation of gross pay and deductibles have been made in
compliance with the present scales of pay and eligibility;
• Check that the staff member who verifies the accuracy of the computation of
payroll, has no involvement in payroll preparation.
5.4 Deductions from salary
• See that a separate column is maintained in the payroll sheet for deductibles
of a repetitive nature such as income tax, pension, repayment of loan and the
like;
• Check deductions other than those authorized by law (such as deduction for
edir contribution, resettlement bank loan, family allowance, and the like) to
ensure that the deduction is in accordance with an approved written
application from the employee (or other official document) and that such
documentary evidence is kept in the personal file of the employee;
• Ascertain that collections from deductibles have been paid to the correct
beneficiary account in full and in a timely manner.
5.5 Payment of salary
• Ascertain that documentary evidence relating to matters such as salary scale

changes, the employment of new staff, promotion, resignation, penalty or
court order has been sent to payroll section before the payroll for the month
is prepared;
• Ensure that contracts and properly signed attendance sheets support the
payroll sheet for daily laborers;
• See that documentary evidence of entitlement for the payment of allowances

is kept in the personal files of those employees and officials who are eligible
for such payment;
• Check that necessary caution has been exercised to prevent an employee

from being involved in the whole process of payroll preparation, from its
initiation to the delivery of the payroll sheet for salary payment to be
effected;
__________________________________________________________________________________
144
• Ascertain that the accuracy of details shown in the payroll sheet such as
names, gross salary, working hours, over time and the computation of
deductibles has been verified by an official with no involvement in payroll
sheet preparation;
• Ascertain that the payroll sheets have been signed by the payroll clerk, the
staff member responsible for checking and finally by the designated official
who authorizes the payment;
• Verify that the salary payment for each month has been compared with the
payment for the previous month and that the causes of any differences are
identified and reconciled;
• Check that every employee on the payroll signs on the payroll sheet to
acknowledge the receipt of the net pay;
• Check that no employee is allowed to take the salary of another employee

without a written delegation.
5.6 Unclaimed salary
• Verify unclaimed salaries against summation of net pays unclaimed on

payroll sheets;
• Ascertain that unclaimed salaries are deposited in to the bank within

predefined period of time.
5.7 Accounting records
• Test postings of payrolls to subsidiary and general ledgers;
• Compare actual expenditure against the budget.
__________________________________________________________________________________
145
SECTION VII
EXPENDITURES
Introduction
1. Public bodies should manage their expenditures to ensure that payments are made
in accordance with financial regulations and directives. Management should
closely follow-up payments not to be made beyond the budget allotted to that
particular type of expenditure.
2. Auditing is carried out to examine compliance with laws & regulations and whether
payments have been made properly and whether complete and relevant evidence
has been available for every payment made during the year.
3. Payments made by public bodies can be categorized as disbursement and

expenditures. According to the Financial Administration Proclamation No. 57/1996
disbursement means the release of any public money from the Consolidated Fund.
Consolidated Fund represents all public moneys that are on deposit to the credit of
any public body where the bank account has been opened by the Ministry of
Finance and Economic Development under the mentioned Proclamation; all public
moneys held in cash by any public body pending disbursement; and all in kind.
Disbursements to public bodies should not be made in a fiscal year which exceed
the amounts appropriated in the budgetary proclamation for that fiscal year.
4. Expenditure refers to the act of payments to be made either as capital or recurrent

expenditure. According to the financial regulation Proclamation No.57/1997
capital expenditure is defined as follows:
• Cost of acquisition, reclamation, enhancement and laying out of land.
• Cost of acquisition, construction, enhancement or replacement of road,

buildings and structures.
• Cost of acquisition, installation or replacement of moveable and

immoveable plant, machine apparatus, vehicles and vessels.
• The making of advances, grants, financial assistance to any person in

relation to acquisition of investments.
• Cost of acquisition of share capital or loan.
• Any associated consultancy, etc.
__________________________________________________________________________________
146
5. Any expenditure which may not be categorized as capital expenditure is recurrent

expenditure. Recurrent expenditure is also divided into two parts of expenditure -
recurrent expenditure - salaries and allowances (which is dealt with under a
separate section) and recurrent expenditure - others. In this section, therefore, we
deal only with capital expenditure and recurrent expenditure other than salaries and
allowances.
Internal control system
6. Controlling expenditure is the primary responsibility of the management of the

public body. Management should, therefore, establish internal control system
which includes the following :
6.1 General
• Employing adequately trained and qualified staff in charge of all aspects of

disbursements.
• Establishing adequate procedures for all aspects of expenditures to ensure

that payments will not be made without budget approval and proper
authorization.
• Providing a procedural manual and/or official instructions based on

Financial Administration Proclamation, Regulation and Directives and
giving training to ensure that staff know official procedures and how to
comply with them.
• Specifying clear lines of responsibility and their limit of authority for all
actions regarding expenditures.
• Ensuring that there is strong and effective financial reporting system.
• Install regular reviewing system to check whether control procedures are

working as intended.
6.2 Cash payments
• Every payment should be authorized by designated person.
• There should be segregation of duties in initiating, preparing, authorizing,

etc. of payments.
• There should be a maximum established limit for cash payments.
__________________________________________________________________________________
147
• Payment vouchers should be verified by budget control and finance

department before payment is made.
• Payment vouchers together with pertinent supporting documents should be

filed sequentially for controlling and future reference.
6.3 Check payments
• There should be a control mechanism for receiving and preserving cheque

pads.
• The system should prohibit signing of blank cheques.
• Cancelled cheques should always be marked with the word "Void" and kept
in the pad.
• Payment vouchers and the supporting documents should be stamped "Paid"

immediately after payment is effected.
• Expenditures should be properly coded and recorded in the books of

account.
• Documentary evidences provided by suppliers should always be original

and not photocopies.
Audit objectives
7. Whether the expenditure is capital or recurrent the objectives of the audit of
expenditure deal with the two aspects.
• To test control - to ensure that management's policies and procedures are

adhered to and respective laws and regulations are complied with.
• To substantiate payments by checking that they are made for actual goods and
services received and whether there are pertinent supporting documents.
Audit procedures
8. To test control on petty cash vouchers and payments
• Determine the number of replenishments made during the whole year under
review.
• Select sample replenishments and ensure that:
• Payments are made as per existing Government directives.
__________________________________________________________________________________
148
• every petty cash voucher is verified by budget section.
• cashier, financial officer and designated official have signed on all petty cash
vouchers.
• the word "Paid" is marked on all documents attached with the petty cash
voucher.
• all payments are within the limit established.
• petty cash vouchers are properly coded and posted to proper ledger card.
• petty cash summaries are reviewed properly.
9. Test control - check payments
• Determine the total population of payment vouchers used during the whole year
under review.
• Select sample payment vouchers and ensure that:
• procedures required above for petty cash are also valid for check payments,
as appropriate.
• cheque stubs are signed by cheque signatories and date, amount and purpose
of payment are filled there on.
• signatures are the same as specimen signatures in permanent file.
• cheque numbers are cross referred with payment vouchers.
• large sums were not split to circumvent regulations on limiting signatory

powers.
10. Substantive tests on balances of subsidiary ledgers
• Select certain subsidiary ledger balances from both recurrent and capital
expenditure.
• Check the mathematical accuracy of the balances.
• Ascertain that all transactions are authorized.
• Compare actual expenditures against the revised budget.
__________________________________________________________________________________
149
SECTION VIII
PROCUREMENT
Introduction
1. Public procurement demands major commitment of funds. It is also a long and

continuous process which consists of the following steps:-
• Authorization to purchase requisitioned items;

• Determination of product specifications, quantities required and delivery
requirements;
• Selection of suppliers/contractors;
• Delivery in accordance with purchase order terms; and
• Payment of invoice(s).
2. In order to serve the best interests of a public body, management should be able to
adopt a sound procurement system which should be guided, at all times, by the
following principles:
• Maximizing economy and efficiency;

• Encouraging as wide as possible a solicitation of proposals to promote
competition, and to secure the best least price;
• Encouraging local producers and tax payers;
• Promoting integrity, fairness and maintaining the transparency of the
procurement process; and
• Ensuring that all procurements have complied strictly with existing
government’s laws and regulations.
3. Procurement procedure involves diverse consideration that are complex and

difficult to control. It is, therefore, imperative that effective audit techniques should
be employed in order to determine compliance with public body's policies,
procedures as well as with applicable legal requirements.
__________________________________________________________________________________
150
4. General
• Authority limits of responsible officials of departments/sections and at all

levels of the structure are clearly defined;
• Duties should be segregated so that no one employee would involve in all

aspects of the public procurement procedures;
• Tendering committee should be formulated, whose members are selected

from different departments on the basis of a criteria that would promote
accountability and transparency;
• Organizing a strong purchasing department that can adequately manage

local and foreign purchases in addition to following up those contracts
awarded to bidder suppliers and contractors.
Purchase Requisition
5. Purchase requisitions should be approved by user department or store-keeper as

appropriate specifying the following information:
• Name and type of program/project/activities for which the goods are

intended;
• Full details of the goods required – standards or specifications applicable;
• Unit of measurement and quantity required of each item.
6. In order to be consistent with the activities of the public body, it is important to

establish priorities of needs among the requisitioned items particularly when budget
is small that does not accommodate the above request.
Selecting of Bidders
7. The process of requesting and selecting of bidders/contractors should comply with

the existing guidelines, laws and regulations of government. (Refer the detailed
standard audit procedure)
__________________________________________________________________________________
151
Delivery of Goods
8. Management under all circumstances must make certain that:
• There are adequate storage facilities before bulk items are received;
• Items are delivered in accordance with the purchase agreement/order;
• All items received by the stores are evidenced by pre-numbered receiving
vouchers with sufficient number of copies;
• Any discrepancy in quantity and quality of items delivered should be
immediately reported to senior management for appropriate action.
Payments of Invoices
9. Control over payments must provide all practicable and reasonable assurance that:
• Payment requisitions are supported by pertinent documents;

• Payments are verified by persons/department other than those
who physically manage the procurement;
• No unauthorized payments are made in any way;
• For detail of control – refer: internal control system
recommended for expenditure.
Audit Objectives
10. The main objectives of the audit of procurement include:-
• To ascertain whether adequate internal control procedures are designed

and properly applied throughout the year under review.
__________________________________________________________________________________
152
• To ensure whether government’s regulations and directives with regard to

procurements have been observed.
• To check that all goods received are as per contracts and conditions
stipulated in the purchase order and properly safe guarded and fully
recorded in the accounts.
Audit Procedures
11. Generally, the internal auditor should be concerned with ensuring the
reasonableness and appropriateness of management’s action and overall
effectiveness of the procurement process. In each state, however, it is expected to
apply at least the following procedures:
11.1 Purchase requisitions and orders
Select a sample from the purchase orders issued during the year under
review and check:
• that purchase orders have been per-numbered and approved;
• that purchase requisitions have been made from user departments and
they are always approved by authorized persons;
• whether need priorities have been properly considered and this is

evidenced by written documents;
• whether possibility of repairing and/ or transferring excess holdings in

other departments have been properly considered before purchasing;
• that the provisions of government’s regulations and directives with

regard to procurement are strictly observed from the time requisitions
are made upto awarding the contract to a selected supplier(s). The
auditor should be familiar with each and every requirement of the
directives in order to design detailed check list that will be used for
making sure that directives are strictly complied with (refer separate
audit program).
• that all delivered goods are within the time specified on purchase
orders;
• that quantity and quality of goods ordered are the same with those
recorded on goods receiving vouchers.
__________________________________________________________________________________
153
11.2 Obtain a list of goods returned during the year under review because of
damage or excess delivery and a list of goods received but not ordered and
ensure that the existing procedure for such incidences is adequate in:
• Timely reporting to management for appropriate action;
• Making the necessary follow-up to secure the required refund/credit;
• Safe guarding the assets until dispatched to supplier/insurance and

ensure that they are being segregated from own stocks;
• Adjusting the books of accounts accordingly.
11.3 To ensure that a system of proper documentation and follow up is in place:
• Obtain minutes of bid committee for the whole year and review:
• How well suitable were members in terms of competence, skill,

composure, etc.;
• How frequent members have attended meetings held during the

year;
• How well substances of decisions are presented in the minutes

etc.;
• Check that purchase orders and goods receiving vouchers are issued
from the store in sequential order;
• Undertake sequence tests and ensure that both purchase orders and
goods receiving vouchers are issued sequentially;
• Extract list of outstanding purchase orders from purchase follow-up

register and look into the related terms and conditions of contract
and determine if anything is performed contrary to the terms of the
agreement.
• Discuss with the head of purchase department about overdue

purchase orders.
11.4 With respect to foreign purchases handled by purchasing department the

following audit procedures may be applicable:
• Extract list of letters of credit (L/C) files and identify:
__________________________________________________________________________________
154
• Outstanding L/Cs at the beginning of the year;
• L/Cs opened during the year, and
• L/Cs closed by full payment during the year.
11.5 Select a sample of L/C files;
• Review correspondence letters in L/C files for completeness;
• Check that all goods have been received as agreed (purchase order,
invoice, packing list and GRN);
• Ensure letter of credit is paid within grace period;
• Ensure that margins paid for cancelled letter of credit are refunded in
time.
12. According to the public procurement proclamation, suppliers are invited and
selected by one of the four preferred methods of procurement listed below:-
• Open tender
• Restricted bid
• Requesting Quotation
• Direct procurement
13. In most cases, goods and services are procured by open tendering method.
Sometimes, however, processing tendering documents may become onerous or
inappropriate to apply. It is, therefore, not uncommon to follow one of the other
procurement procedures that fit to the given circumstance.
14. The auditor should ascertain whether the requirements in the procurement
proclamation and directive have been strictly complied with by designing an audit
procedure for each method.
14.1 Procurement by Open Bid
Select sample of procurement made by open bid method and ensure (in each
case) that:
__________________________________________________________________________________
155
• A proper bid document has been prepared;

• Tender invitation has been made by proper media and for sufficient
period as per the law;
• With regard to detail specification of goods/services ensure whether the
detail:
• is prepared by the user department;
• incorporated the benefit, performance and technical details;
• indicated no preference to any particular branch/manufacturer

name;
• has taken into account the minimum level of standard expected

by government.
• All tenders are registered on a roster of suppliers at MOFED;
• Proposals submitted by bidders have incorporated every detail as

required by bid invitation document and the directive;
• A tenderer will be disqualified only when the bidder:
• Could not satisfy conditions stipulated by Finance Administration

Proclamation and regulation, or
• Violated requirements of the tender documents, or
• Has consistently poor performance records in previous

government’s tenders;
• Has not deposited the required security for tender;
• Corrupted or made an attempt to corrupt any authority and

employees in order to gain special favour or win the bid, provided
this could be proved;
• Have material false information in the bid documents and this

could be proved.
__________________________________________________________________________________
156
• Procedures applied for evaluating prospective bidder have to take into

account the following:
i) Cost of preserving and maintaining
ii) Delivery time
iii) Mode and term of payments
iv) Guarantee given
14.2 Procurement by Restricted Bids
Select sample purchases made by restricted bids and ensure that:
• The method is selected by reason of the nature of the goods being

highly complex or specialized and, therefore, were available only
from few suppliers.
• The price of the goods/services is not proportionate to the amount

of money and time that would be spent on evaluating and
examining several tender documents.
• All suppliers in the roster of qualified suppliers were invited-

without any discriminatory manner.
• Whether tender security has been required and that was deposited
accordingly.
14.3 Procurement by Quotations Procedure
Select sample purchases made by requesting quotations and ensure that:
• The method is selected because of urgent tasks/works which demand

immediate purchases of goods/services for that purpose;
• Suppliers were invited from the roster of qualified suppliers;
• There were at least three prospective bidders;
• Every supplier has offered one price only and with no amendment
subsequently;
__________________________________________________________________________________
157
• Purchase prices which are between Birr 3,000 and Birr 30,000 were
approved by bid committee;
• No purchase was made beyond the maximum limit of Birr 30,000.
14.4 Procurement by Direct procurement
Select sample purchases made by direct procurement and ensure that:
• The goods/services were available with a sole supplier or the supplier is

the only patented supplier for that particular line of item;
• Other preferred methods of procurement could not be applied by reason

of urgent needs that were unforeseeable by management;
• Due to emergency, goods and services were required urgently and

because of this other methods could not be justifiable;
• Additional goods/services of the quality and price were purchased from

the original supplier provided that the additional works or orders have
been unforeseen and made within the limits defined in procurement
directive.
__________________________________________________________________________________
158
INTERNAL AUDIT MANUAL PART FIVE
SECTION - I
FRAUD AND INVESTIGATION
Introduction
1. Fraud is a significant and sensitive management concern. This concern has grown in recent
years owing to a substantial increase in the number and the size of the fraud disclosed. The
tremendous expansion in the use of computers and the size of and publicity accorded to
computer related fraud intensify this concern.
2. The internal auditors responsibilities for deterring, detecting, investigating and reporting of
fraud have been a matter of controversy. Some of the controversy can be attributed to the
differences in internal auditing charters from country to country and from organization to
organization. Another cause of the controversy may be unrealistic expectations of the
internal auditor's ability to deter and detect fraud.
3. The information and procedures which the internal auditor uses as a result of fraud
investigation could be used in a court law. Therefore, the internal auditor should be
required to be sure about any conclusions and recommendations she/he makes.
4. The objectives of the subsequent sections is to clarify the procedures that the internal
auditor should follow during detection, investigation and reporting of fraud.
Definition
5. Fraud is defined as:-

• The use of deception to obtain an unjust or illegal financial advantage.
• International misstatement or omission of amounts or disclosure from an entity's

accounting records of financial statements.
__________________________________________________________________________________
159
6. Fraud may involve the falsification of accounting records which is also a criminal offence
and theft. It must be appreciated that there is no general definition of fraud in law and that
it is ultimately the courts' decision as to whether an illegal fraud has been committed. The
auditor is usually dealing with a suspected rather than a proven fraud. The definition will
encompass acts that are not necessarily illegal.
Audit objective
7. The main objectives of fraud investigation include the following:-
• To collect sufficient audit evidence to substantiate fraud investigation.
• To investigate existing evidence for providing a recommendation to take both legal

and administrative actions.
• To introduce a new or strengthen the existing internal control system for preventing
further fraud.
Causes of fraud
8. The main causes of fraud include the following:-
• Poor internal control:- If the public bodies have not implemented a strong
internal control, there will be high possibilities for occurrences of fraud.
• Collusion between members
• The environment which the public bodies work for:- Some types of working
environments are likely to be more conducive to fraud.
Characteristics of fraud
9. Fraud encompasses an array of irregularities and illegal acts characterized by intentional
deception. It can be:-
• Internal fraud:- Committed by the organization or its employees which is

perpetrated to the benefit of the organization or its employees.
• External fraud:- Committed by persons outside the organization which is

perpetuated to the detriment of organization for the benefit of persons outside the
organization.
10. Internal fraud designed to benefit the organization or its employees generally produces
such benefit by exploiting an unfair or dishonest advantage that also may deceive an
outside party. Perpetrators of such frauds benefit directly or indirectly. Personal benefit
may accrue when the organization is aided by the act.
__________________________________________________________________________________
160
Some examples are:-

• Acceptance of bribes or kickbacks.
• Embezzlement, as typified by the misappropriation of money or property.
• Sale or assignment of fictitious or misrepresented assets.
• Intentional, improper representation or valuation of transactions, assets, liabilities or
income.
• Intentional failure to record or disclose significant information to improve the

financial picture of the organization to outside parties.
• Tax fraud.
11. External fraud perpetrated to the detriment of the organization generally is for the direct or
indirect benefit outside individual or another firm. Some examples are:-
• Intentional concealment or misrepresentation of events of data.

• Claims submitted for services or goods not actually provided to the organization.
Responsibilities of the Head of Public bodies, management and internal auditors

12. The first responsible person to defend against fraud is the Head of public bodies. It
should:-
• Establish and operate internal control system that minimizes the opportunity for fraud
(including division of responsibility and systems of internal check for risk sensitive
tasks).
• Inform staff members of their responsibility to report suspected fraudulent acts and
ensure that they know who to inform, and how to do so.
• Pursue cases of alleged fraud and ensure that when fraud has been established the
perpetrators surrender the benefits derived and receive suitable punishment.
• Create general awareness that fraud will not be tolerated and will be punished. This
provides a deterrent effect.
13. Responsibilities of internal auditor in respect of fraud include:-

• To evaluate internal control systems in terms of their susceptibility to fraud.
• To inform the Head of the public body of any weaknesses in internal control systems
which may give rise to fraud.
• To advise the Head of the public body on necessary remedial steps which will strengthen
internal controls and make them proof against fraud.
__________________________________________________________________________________
161
• To evaluate the totality of management's anti-fraud programme.
How to prevent/minimize fraud

14. There are many ways the management of public bodies can discharge their duties towards
prevention of fraud:-
• Establishing system of internal control, monitoring affectivity and evaluating the system
to identify and to correct weaknesses.
• Establishing an internal audit function.

• Having an audit committee.
• Developing a code of conduct, monitoring compliance and taking corrective actions.
15. With respect to preventing fraud, internal auditors are required to ascertain whether the Head
of a public body has taken reasonable steps such as setting up an adequate internal control
system to provide segregation of duties, proper authorization procedures and an effective
internal audit function.
How to deter and detect fraud
16. Experts agree that it is easier to prevent fraud than to detect it. Fraud detection is more a
matter of mind set than of routine methodology. It involves being aware of how fraud can
occur, in particular when, where, and how it is most likely. It also involves understanding
people and their motives. In contrast, managing examinations of suspected fraud or other
illegal activity involves careful attention to rules for the collection and maintenance of
evidence that may later be needed for administrative or judicial proceedings.
17. Deterrence consists of those actions taken to discourage the perpetration of fraud and limit
the exposure if fraud does occur. The principal mechanism for deterring fraud is control.
Primarily, responsibility for establishing and maintaining control rests with the Head of
public body.
18. Internal auditing is responsible for assisting in the deterrence of fraud by examining and
evaluating the adequacy and the effectiveness of control, commensurate with the extent of
the potential exposure/risk in the various systems of an entity's operations. In carrying out
this responsibility the internal auditor should, for example, determine whether:-
• The organization environment fosters control consciousness.
__________________________________________________________________________________
162
• Realistic organization goals and objectives are set.
• Written government policies (Example, code of conduct exist that describe prohibited
activities and the action required wherever violation is discovered.
• Appropriate authorization policies for transactions are established and maintained.
• Policies, practices, procedures, reports and other mechanisms are developed to monitor
activities and safeguard assets, particularly in high-risk area.
• Communication channels exist to provide management with adequate and reliable

information.
• Recommendations need to be made for the establishment or enhancement of cost

effective controls to help deter fraud.
19. Experience has shown that fraud is usually not discovered in the course of conducting an
audit using standard audit procedures. To detect fraud the internal auditor must be aware and
keep in mind that fraud exists. This does not mean that the auditor should conduct audits
assuming that management or employees are dishonest. Rather, the internal auditor should
be aware of the risk factors that increase the possibility of fraud. Internal auditors are
expected to be aware of the possibility of fraud and the factors that increase the possibility
rather than waiting for suspicions to arise in the course of normal auditing.
20. Detection consists of identifying indicators of fraud sufficient to warrant recommending an

investigation. These indicators may arise as a result of control established by management,
tests conducted by internal auditors and other sources both within and outside the public
body.
21. The responsibilities of internal auditor with respect to detection of fraud are:-
• Having sufficient knowledge of fraud, be able to identify indicators that fraud might
have been committed. This knowledge includes the need to know the characteristics of
fraud, the techniques used to commit fraud, and the types associated with the activities
audited.
__________________________________________________________________________________
163
• Be alert to opportunities, such as control weaknesses, that could allow fraud; if

significant control weaknesses are detected, additional tests conducted by internal
auditors should include tests directed towards identification of other indicators of fraud.
Some examples of indicators are unauthorized transactions, override of controls,
unexplained pricing exceptions, and unusually large product losses. Internal auditors
should recognize that the presence of more than one indicators at any one time increases
the probability that fraud might have occurred.
• Evaluate the indicators that fraud might have been committed and decide whether any
further action is necessary or whether an investigation should be recommended.
• Notify the appropriate authorities within the public body if a determination is made that
there are sufficient indicators of the commission of a fraud to recommend an
investigation.
22. Internal auditors are not expected to have knowledge equivalent to that of a person whose
primary responsibility is detecting and investigating fraud. Also, audit procedures alone,
even when carried out with due professional care, do not guarantee that fraud will be
detected.
How internal auditor investigates allegation and suspicions of fraud
23. A fraud investigation requires specialized knowledge and techniques, and needs to be
handled with extreme care. Any mismanagement of a potential fraud could have far-
reaching consequences.
24. Investigation consists of performing extended procedures necessary to determine whether

fraud has occurred. The role of internal auditor as an investigator is in many ways quite
different from his traditional function. It includes gathering sufficient evidential matter
about the specific details of a discovered fraud. Internal auditors, lawyers, investigators,
security personnel, and other specialists from inside or outside the public body are the parties
that usually conduct or participate in fraud investigations.
25. There are two main ways that the internal auditor can become alert to the possibility of
fraud:-
• By being informed by someone either internally or externally.
• As a result of the internal auditors own day to day work.
__________________________________________________________________________________
164
26. The internal auditor should have sufficient understanding of the areas of possible fraud when
he is auditing a system to be able to identify when there is a possibility of fraud occurring
and when there are symptoms that it has occurred.
27. There are a number of symptoms which possibly lead to suspect fraud, Of these:-
• Making no delegation of work while deemed necessary.
• Conducting repeated procurement from same supplier.
• Making improper contract with suppliers for generating hidden benefit, ect.
28. When fraud is suspected, either by somebody or on his/her work, intelligent information
gathering becomes crucial. Internal auditors must make sure that their focus is not biased by
assumptions about people or events or by inside information provided by interested parties.
The auditor must remain independent and objective, and consider all possible interpretations
of events.
29. In this context, the audit focus shifts to:-
• Identifying and summarizing the evidence indicating that a fraud may have been
committed.
• Identifying possible fraud scenarios.
• Summarizing and explaining the legislative accounting and management control

systems involved, the paper trail involved in the expenditure, and the deviations from
the systems.
• Demonstrating the suspect's position and responsibilities within the system.
• Demonstrating the control exercised by the suspect on the accounting and management
control system.
• Demonstrating the suspect's knowledge of the accounting and management control

system.
• Explaining patterns used in covering up fraud.
• Identifying the possible extent of the fraud, and
• Considering the positions of the other people in the public body and the possibility of
collusion.
__________________________________________________________________________________
165
30. When conducting fraud investigation, internal auditor should follow the following
procedures:-
• Assess the probable level and the extent of complicity in the fraud within the public
body. This can be critical to ensuring that the internal auditor avoids providing
information to or obtaining misleading information from persons who may be involved.
• Determine the knowledge, skills, and disciplines needed to effectively carry out the
investigation. Assess the qualification and the skills of the internal auditor and of the
specialists available to participate in investigation to ensure that it is conducted by
individuals having the appropriate type and level of technical expertise. This should
include assurance on such matters as professional certifications, license, reputation, and
that there is no relationship to those being investigated or to any of the employees or
management of the public body.
• Design procedures to follow in attempting to identify the perpetrators, extent of the fraud,
techniques used, and causes of the fraud.
• Co-ordinate activities with management personnel, legal counsel, and other specialists as
appropriate throughout the course of investigation.
• Be cognizant of the rights of alleged perpetrators and personnel within the scope of the
investigation and the reputation of the public body itself.
.
31. Internal auditors should have different types of evidence to facilitate decisions on whether
and how to proceed with further examinations, referral to investigative agencies and possible
introduction in court.
32. There are two major types of evidences:-
• Testimonial (oral evidence)
• Documentary (written evidence)
33. The documentation of testimonial evidence should identify persons who can testify about
things, people and events they have seen or heared first-hand, and the interview records of
what they have said. Moreover, written evidences should be photocopied and filed in the
working paper in order to substantiate fraud investigation. In addition, the location and the
departmental official responsible for the original documents should be noted.
34. Once a fraud investigation is concluded, internal audit should assess the facts known in
order to:-
__________________________________________________________________________________
166
• Determine if controls need to be implemented or strengthened to reduce further

vulnerability.
• Design audit tests that help to disclose the existence of similar frauds in the future.
• Help the internal auditor to maintain sufficient knowledge of fraud and thereby be able to
identify future indicators of fraud.
Reporting the results of a fraud investigating
35. The objective of internal auditor during fraud investigation is to obtain sufficient evidence
which enables him to draw reasonable conclusions and recommendations and to report to the
Head of public body whether fraud has occurred or not. The internal auditor should use the
guidance for writing a report in Part Three Section VI in this manual.
36. It is important that reports on fraud investigation are clearly written, have conclusions and
recommendations that are justified by the evidence used. The structure that should be used is
similar to that for normal audit report, except the following points.
The investigation report should disclose:-
• The reasons for investigation:- The investigation will either be the result of other
routine work of the internal auditor or due to an allegation made by an individual inside
or outside of the public body.
• The objectives of investigation:- The objective of investigation is to establish whether

there is sufficient evidence for the suspected fraud occurrences to substantiate legal
action and to report findings to the public body.
• The work carried out:- Documents scrutinized, locations visited, timing and staffing,
interviews held and other relevant documents which were inspected.
• Conclusions and recommendations:- The report should include all findings,

conclusions, recommendations and corrective actions to be taken.
38. Finally, a draft of a proposed report on fraud should be submitted to legal departments for
review in order to obtain opinion in respect of legal matters and to take further necessary
action.
39. Moreover, the auditor should follow whether appropriate action has been taken on findings
she/he reported on the perpetrator of fraud. If such action has not been taken it should be
reported to the next higher public body till it reaches the Ministry of Finance and Economic
Development. In addition, the internal auditor could pass the report to external auditors like
Auditor General, if it is necessary to do so.
__________________________________________________________________________________
167
SECTION II
VALUE FOR MONEY/PERFROMANCE/ AUDIT
Introduction
1. Performance measurement/value for money audit/is an important tool for evaluating

value for money in the public sector. In the private sector detailed performance
measurement is relatively less important because profitability tends to be used as the
main overriding indicator. In the public sector the profit indicator is seldom available
and the measurement of service output, particularly in areas such as social service can be
a difficult task especially in respect of effectiveness. After all, if the quality of product of
a commercial company is poor then the public will not buy it, which in turn affects profit.
However, in the public sector the client often has no alternative product to use.
2. Measuring the performance of people and activities can have a number of different
objectives. The result may be used for all or some of the following:-
• Determining that the benefits and impact looked for are being obtained.
• Getting assurance that goals are being met.
• Monitoring and controlling progress against plans.
• Justifying the use of resources.
• Assessing the overall economy efficiency and effectiveness.
• Determining overall that the value for money is being obtained.
The subsequent section of this part is discussing audit objectives, procedures, circumstances and
overall review of performance (value for money) audit.
__________________________________________________________________________________
168
Definition
3. Value for money audit/performance audit/ has been defined as:
"A forward looking and evaluation of operations by internal auditors to identify areas in
which economy, efficiency and effectiveness (the three E's) may be improved or to
evaluate compliance with and the adequacy of operational policies, plans and
procedures"
INTOSAI defines the three E's follows:-
Economy
4. Judging economy in itself implies forming an opinion on the resources deployed (human,
financial and material). The central question is whether - given the political and social
context - resources have been acquired, upheld and used economically. Do the
means chosen represent the most - or at least a reasonable - economical use of public
funds? Economy can be measured only if there is a reasonable criterion - or good
arguments - for doing so.
5. Auditing economy embraces for instance:
Audit of the economy of administrative activities in accordance with sound

administrative principles and practices, and management policies;
Audit of whether the government entities have used their resources economically and
kept their costs low.
Efficiency
6. Efficiency is related to economy. Here, too, the central issue is about the resources
deployed. The main question is whether these resources have been put to optimal or
satisfactory use or whether the same or similar results in terms or quality and turn-around
time could have been achieved with fewer resources. Are we getting the most output - it
terms of quantity and quality - from inputs and actions? The question refers to the
relationship between the quality and quantity of goods and services provided and the
activities and cost of resources used to produce them in order to achieve results.
7. Auditing efficiency embraces aspects such as whether:
• Human, financial and other resources are efficiently used;
__________________________________________________________________________________
169
• Government programmes, entities and activities are efficiently managed,

regulated, organized and executed;
• Government services are delivered in a timely manner;
• The objectives of government programmes are met cost-effectively.
Effectiveness
8. Effectiveness is essentially a goal-attainment concept. It is concerned with the

relationship between objectives set up, outputs provided and objectives met. Are the
objectives of the policy being met by the means employed, outputs provided and
impacts observed? Are the means employed and the results achieved consistent
with the objectives of the policy, and - perhaps most difficult - are the stated
impacts really the result of the policy rather than other circumstances?
9. Effectiveness actually consists of two parts: the question of whether the policy
objectives have been achieved, and the question of whether the desired events, which
have occurred, can be attributed to the policy pursued. In order to judge to what
extent the objectives have been achieved, they need to be formulated in a way that
makes an assessment of this type possible. This cannot be done with vague or
abstract objectives. In order to judge to what extent observed events could be traced
back to the policy, a comparison will be needed. Ideally, this consists of a
measurement before and after the introduction of the policy and a measurement
involving a control group, which has not been subject to the policy.
10. In auditing effectiveness performance audit may for instance:
• Assess whether the objectives of and the means provided (legal, financial, etc)
for a new - or ongoing - government programme are proper, consistent,
suitable or relevant;
• Assess the effectiveness of government programmes and/or individual

components, i.e. assess whether objectives are met;
• Assess whether the observed direct or indirect social and economic impacts of
policy are due to the policy are due to the policy or to other causes;
• Identify factors inhibiting satisfactory performance or goal-fulfillment;
• Assess whether the programme complements, duplicates, overlaps or

counteracts other related programmes;
__________________________________________________________________________________
170
• Assess the adequacy of the management control system for measuring,

monitoring and reporting a program's effectiveness;
• Identify relative utility of alternative approaches to yield better

activity/programme/undertaking performance or eliminate factors that inhibit
activity/programme/undertakng effectiveness;
• Identify ways of making programs work more effectively.
Difference Between Performance/Value For Money And Financial Auditing
11. Three major differences exist between performance and financial auditing: Purpose of
the audit, distribution of the reports and inclusion of non-financial areas in performance
auditing.
11.1 Purpose of the Auditing
The major distinction between financial and performance (VFM) auditing is the
purpose of the tests. Financial auditing emphasized whether historical
information was correctly recorded whereas performance auditing emphasized the
three E's (Efficiency, Effectiveness and Economy).
11.2 Distribution of the Reports
Financial Auditing Reports are distributed to users of financial statements

whereas performance audit reports are intended for management only.
11.3 Inclusion of Non-Financial Areas
Performance audits cover any aspect if Efficiency, Effectiveness and Economy in

an organization and can therefore involve a wide variety of activities, For
example, the effectiveness of a public sector would be part of performance audit.
But financial audits are limited to matters that directly affect the fairness of
financial statements presentation.
Audit Objectives
12. The internal auditors' performance (VFM) evaluation in the accomplishment established
objectives and goals may be carried out with respect to an entire operation or programme
or only a portion of it. Audit objectives may include the following:
__________________________________________________________________________________
171
12.1 To ensure that the public body has strong control to achieve value for money.
12.2 To ascertain the resources are utilized Economically, Efficiently and Effectively.
12.3 To identify and analyze indicators of problems of Economy, Efficiency and

Effectiveness in government programmes or areas where performance seems to be
poor and thus help the management or government more generally, to improve the
Economy, Efficiency and/or Effectiveness.
12.4 To ensure that the objectives and goals established by management for a
proposed, new or existing operation or programme are adequate and have been
effectively articulated and communicated.
12.5 To determine whether an operation or programme is in compliance with policies,

plans, procedures, laws and regulations.
12.6 To ensure that the objectives of the operation or programme have achieved the
desired level of interim or final results.
12.7 To report on the intended and unintended direct or indirect programme impact
whether and to what extent, stated objectives have been met or why they have not
been met (by verifying and analyze indications or problems of Economy,
Efficiency and Effectiveness).
Audit Procedures
13. The following are the audit procedures that should be followed during value for money
(VFM)/Performance Audit.
13.1 Review the previous years audit working papers to see if there are useful points
noted about value for money audit (VFM).
13.2 Fill internal control questionnaire for value for money (ref. Internal control ?
Questionnaire for Value for Money as Annex in this Section).
13.3 Examine books, documents. letters, minutes, audit reports and other relevant
documents that have relation with VFM audit.
13.4 Ascertain that the administrative controls are in accordance with the relevant
regulations and laws.
13.5 Ensure that the public body properly:

__________________________________________________________________________________
172
• safeguards its assets;
• complies with the existing government proclamations, regulations and

directives;
• maintains Economic, Effective and Efficient system of managing existing

resources.
13.6 Evaluate that each department within the public body has fulfilled the aims and
objectives of the public body with the existing physical, financial and human
resources.
13.7 Evaluate the work of projects or programmes from the start to their end state.
13.8 Collect relevant internal and external confirmation from the users of services and
measure their level of satisfaction and compare with the yard stick/bench mark.
13.9 Make physical observation to ensure the information flow and workflow are in
compliance with the prescribed directives and manuals.
13.10 Prepare temporary file to keep the relevant working paper for the audit work
carried out.
13.11 Prepare or up-date permanent file to keep basic documents for the audit.
Overview of the Value for Money Audit Process
14. Value for money (performance) audit undertaken by the internal auditor involves three
basic phases:
• Planning
• Examination
• Reporting
15. The precise timing and depth of procedures may vary from one audit to the next, but all
VFM audits have the three basic phases.
15.1 Planning
__________________________________________________________________________________
173
15.1.1 The first step in a VFM audit is planning. The purpose of this phase is
to provide focus and direction for the detailed examination phase by
identifying what the audit objectives will be and the procedures
required to be performed to achieve the stated objectives. This focus
is based on having an appropriate understanding of the areas in which
VFM is to be conducted.
15.1.2 The planning phase in a VFM audit features two distinct stages; the
overview and the survey stages. The key to planning a VFM audit is
to have a good understanding of the areas in which VFM is to be
conducted. The overview stage is the first stage in the planning phase
and its primary purpose is to obtain the crucial understanding on the
areas to be audited.
15.1.3 The second stage of the planning phase is the survey stage. The
purpose of the survey stage is to explore, in an efficient manner, lines
of audit inquiry identified during the overview stage and to expand
and improve the initial understanding of the lines of audit inquiry that
are potentially significant and should be pursued in the next phase, the
examination phase.
15.2 Examination phase
15.2.1 The examination phase consists of conducting tests, evaluating controls

and collecting sufficient and appropriate evidence to conclude whether
or not the matters originally identified during the planning phase are
potentially significant for reporting purposes.
15.2.2 The examination phase includes the following major activities:
• Selecting or preparing detailed audit programme;
• Conducting tests and documenting audit findings;
• Analyzing the associated causes(s) and effect(s);
• Preparing project report/fact sheets.
• Developing conclusions and recommendations; and
• Completing and reviewing audit files.
15.3 Reporting Phase
__________________________________________________________________________________
174
The reporting phase is the last phase of VFM audit process. The purpose of this
phase is to communicate to management findings, conclusions and
recommendations. Reporting audit finding is discussed in Part Three - Section
VI of the manual in depth.
Under What Circumstances VFM Audit is undertaken
16. Internal auditors of public bodies are expected to spend most of their time and efforts
on the financial and compliance issues to ensure:
• The reliability of information;
• Compliance with policies, procedures, laws, regulations and contracts;
• The safe guarding of assets.
17. VFM audit is carried out to ensure:
• The effective, efficient and economic uses or resources
• The accomplishment of established objectives and goals.
18. The specific circumstances to undertake VFM audit are as follows:
• The annual programme for financial and compliance audit is relatively

comprehensive;
• Completing the annual programme for financial and compliance audit is

well within the capability of the internal audit unit;
• The programme of financial and compliance audit (taking this year,

previous years and next year into account) covers the major risk areas of
the entity;
• The Head of the Internal Audit is confident that relevant audit skills
exist to carry our the audit;
• The proposed VFM audit topic(s) are feasible provided that audit
resources are available;
• Management strongly supports carrying out certain VFM audits.
__________________________________________________________________________________
175
19. The effect of the above approaches is to give priority to financial and compliance audits
and to make them reasonably comprehensive. Value for money (VFM) audit is treated
as a special activity to be conducted selectively on the basis of available resources.
Reporting The Results Of Value For Money Audit
20. The objective of internal auditors during value for money audit is to obtain sufficient
audit evidence to evaluate the accomplishment of established objectives and goals and
to report any findings and recommendations.
21. The audit report should be well structured and well written. The report should be
reader based and the language should not be suggestive and ambiguous. Performance
audit reports should be objective and fair in their presentations. This might for instance
require that:
• There are separate presentations of findings and conclusions;
• Facts are presented and interpreted in neutral terms;
• Different perspectives and view-points are represented;
• All relevant findings, arguments and evidences are included;
• Reports are constructive and positive conclusions are also presented.
22. Published reports arising from performance audits often include the following elements:
• A summary of context in which the activities under scrutiny took place

including the historical context;
• The objectives for those activities, a description of the activities and analysis
of the prospects for achieving economy, efficiency and effectiveness, leading
to a statement of the objectives of the audit;
• A description or summary of audit methodologies used for collecting and

analyzing data and presentation of the sources of data;
• An explanation of the criteria used (to verify the hypothesis or to interpret and
assess the findings);
• The audit findings and all arguments that are considered material; and
• Conclusions relating to the audit objectives.
__________________________________________________________________________________
176
SECTION III
PROJECT AND CONTRACT AUDIT
A. PROJECT FUNDED BY GRANTS AND LOANS
Introduction
1. Donations and loans are resources secured by the Government or the public body for the
support of projects as per agreements with donors or lenders. The proceeds from the
loans and donations are used by the implementing agency (public body) as per relevant
agreements in undertaking various activities within the recurrent and capital expenditure
budgets as well as other special socio-economic projects of the government. Counter part
funds are created by means of payments into a special account of the equivalent value in
local currency from the proceeds of the sale of commodities or foreign currencies that
were provided by grants or loans. They are recorded in the budgetary accounts as
receipts and are used to finance capital projects and recurrent budget as well. A public
body has now also incorporated additional function, i.e. it acts as a disbursing agent
(implementing agent) for the loans obtained from lenders (like World Bank, IDA, ADB)
for the health and education sectors.
Audit objectives
2. The audit objectives with respect to the counter part funds in particular and donor funds in
general are as follows:
2.1 General objectives
• To assure the proper receipt and use of funds designated for a specific purpose and
to ensure satisfactory compliance with relevant agreement,
2.2 Specific objectives
• To assure proper compliance with bilateral/multilateral agreement.
• To assure proper collection of funds.
__________________________________________________________________________________
177
• To verify that disbursements are made for the purposes designated and are in
agreement with the budget.
• To ensure proper record maintenance.
• To provide adequate stewardship over grants and loans.
• To ensure the economic and efficient use of funds.
Audit procedures
3. Though it is difficult to stipulate detailed procedures with regard to each agreement, some
generalized issues can be raised.
3.1 Compliance with agreement
• Check the details of the agreement and make sure that the points raised are
adhered to. This is concerning general and specific responsibilities,
requirements, conditions, covenants, etc.
3.2 Collection
3.2.1 From donors/lenders
• Check correspondence file in relation to donation/loan advice of payment

of donors/lenders.
• Check that official cash receipts are issued for collections of cash of the
grant/loan from donors/lenders.
• Proper acknowledgements be made (if required).
• Ascertain that goods receiving vouchers are issued for receipt of

commodities.
• Check whether stock cards are used to record receipts and issues of
commodities by the public body.
• Ensure the receipts are as per agreement or budget.
• Ascertain that the collections are properly registered and recorded in the
books of account.
• Other relevant procedures as mentioned in 'receipt and receivables' and

'cash and bank balances' sections can be used.
__________________________________________________________________________________
178
3.2.2 From Sale of Commodity or foreign Currency
• Ensure that official receipt vouchers are issued when collecting cash.
• Check that collections or sales are as per plan/budget.
• Check that the sales prices/rates are in accordance with policies.
• Ascertain that stock issue vouchers are used when issuing commodities.
• Check that stock cards are used.
• Perform reconciliations to check that equivalent local currency is raised by sale

of foreign currency or commodity.
• Ensure that activities are in accordance with relevant agreements.
3.3 Payments
• Ensure that payments are approved.
• Ensure that payments are made as per plan/program/budget and agreement.
• Check relevant supporting documents with respect to the payments.
• Ensure that payments are made for the designated purposes.
• Check the actual expenditure against budget.
• Check interest rate computations and loan status (for credit agreements).
• Ensure the proper recording of expenditure to the right account/ledgers.
• Other relevant procedures as mentioned in the 'Expenditure' and 'Procurement'

sections can be applied here.
3.4 Cash and Bank Balances
• Check that an imprest system is maintained.
• Check that any cash in hand is regularly counted.
__________________________________________________________________________________
179
• Ensure that monthly bank reconciliations are done.
• Checks some of the bank reconciliations.
• Other relevant procedures mentioned in the 'Cash and Bank Account' section can
be applied.
3.5 Monitoring and reporting
• Ensure that proper and timely work program (Narrative) and financial reports are
produced and submitted to users.
• Check that work in progress is monitored to ensure performance as per time

schedules.
• Check that performance reports compare achievements with goals set, with
justifications for variances especially for under performance.
• Check the preparation of other reporting requirements as per agreement.
B. CONTRACT AUDIT
Introduction
4. public authorities spend large sums of money each year on capital expenditure. The process
is long and complex commencing with the formulation of a project and conducting with the
final account and post-contract review. In the past and even today in some public bodies
the internal auditors have been deeply involved in the final account stage. However, whilst
this stage is important, so are the others, and it is vital that the auditor is involved in
reviewing and testing systems throughout the whole capital project process.
Definition
5. Contract audit could be defined as follows:
"Contract audit is an audit which is intended to ascertain that the construction of buildings,
roads, dams drilling water wells and other types of constructions are executed in
accordance with the relevant laws and regulations of the government and the agreements
entered between the contractor and public body".
Audit objectives
__________________________________________________________________________________
180
6. Although the audit approach for construction and engineering contracts varies from
organization to organization the overall audit objectives should be universal and should
include the following:
• Assessing and reporting on the adequacy of the public body's standing orders relating to
contracts and associated financial regulations.
• Reviewing and reporting on the extent to which procedures comply with policies and
procedural rules of the public body.
• Reviewing the adequacy of systems for controlling the operation of the contracts workers
from the initial planning stage to post completion assessment.
• Reviewing and reporting on the extent to which management information is prompt,

adequate, accurate and designed for the needs of all the users.
• Appraisal of the system for controlling and recording the utilization of resources,
including staff.
• Reviewing the use of consultants and agency services provided by other organizations.
• Monitoring the arrangements for the security of the public body's assets and for
recovering the cost of rechargeable works.
• Prevention and detection of fraud, error and impropriety.
• Identification of losses due to waste, inefficiency etc., and recovery where appropriate.
Audit procedures
7. To attain the audit objectives stated above it will be necessary for the internal auditor to
observe the following audit procedures:
7.1 Take a sample of contracts and establish whether the rules for using approved supplier
lists have been observed.
7.2 Take a sample of recently prepared bid documents and assess them for clarity and
completeness.
7.3 Take a sample of recently advertised tenders (invitation for tender) and ensure that
tenders are issued:
• In a timely manner, so that suppliers had a good chance of responding.
• In the newspapers, where suppliers would normally look for such invitation.
__________________________________________________________________________________
181
7.4 Take a sample of bids received for contracts and check that:
• There exists adequate completion among bidders in terms of the number of bids
received and the price quoted.
• Contract bids are re-advertised, in the absence of adequate competitors.
• There are not evidences of contracts being awarded without adequate completions.
• The evaluation given for the bid document is reasonable as per the documents in the
respective files and minutes of the tender committee.
• There are compliances of agreements and note any non-compliances.
7.5 Take a sample of recent contract awards of the tender committee and compare them
with:
• The actual contract awards made by the public body.
• The terms appearing in the final contracts.
7.6 Examine a sample of contract files and tender committee minutes to identify any of
the following:
• Reported cases of conflict of interest on the part of members of the tender

committee or the head of the public body.
• Complaints by unsuccessful bidders concerning unfair treatment and the response

of the public body to their complaints.
• Breaches of commercial confidentiality.
• Delivery of materials to unusual sites and addresses.
If such cases exist and seem significant, interview relevant staff members and ask for
further explanations from management.
7.7 When the contractor claims payment for work completed ensure that:
• The work has been satisfactorily completed.
__________________________________________________________________________________
182
• The public body retains money from the contractor's claim in accordance with the
terms of the contract.
• There are procedures to prevent over-payment of contract price.
• Periodical payments were supported with approved certificate of payments.
• Release of retention money is in accordance with the contract.
7.8 Select a sample of completed contracts and:
• Compare these with final costs and actual completion data.
• Evaluate the extent of discrepancies.
• Check for costs over-run and obtain approvals and explanations.
• Ensure that liquidated damages have been recovered where appropriate.
• Check the systems for post-contract reporting.
• Check the systems for post completion assessment.
SECTION IV
__________________________________________________________________________________
183
COMPUTER AUDITING
Introduction
1. Internal auditor, even in a smallest public body, will have to come into contact with
computers in the course of his/her work and it is almost certain that in the future basic
computer knowledge required of the auditor is mandatory.
2. Computerization of a public body system does not affect the general principles and
objectives of the audit, especially the need to obtain adequate audit evidence and evaluate
internal control system. However, the computer does change audit approach that is audit
structure needs to take into account the particular features of each public body's
computerized system. Thus, the planning stage of the audit has great importance to this
end in that internal auditor should appreciate the extent to which the nature of the audit
work changes when computerized systems are in operation owing to combination of three
important factors: loss of available visible records, shift in emphasis from manual/clerical
check to programmed application controls, and programmed generation of data which
prevent a simple input/output check.
Definition
3. Computer auditing is concerned with auditing of computerized system and use of

computer in auditing process. Auditing of computerized system requires that review of
computer related internal controls present in the computer operating environment and are
built into the program application themselves as well as the operating system. Use of
computer in audit process, on the other hand, is employment of computer to assist the
internal auditor in the performance of his audit work using techniques performed with
computer known as Computer Assisted Audit Techniques (CAAT).
Internal Controls in computerized systems
4. Computer systems record and process transactions in a manner which is significantly

different from manual systems, giving rise to such possibilities as a lack of visible
evidence and systematic errors. As a result, when auditing in a computer environment,
the internal auditor will need to take into account additional considerations relating to the
techniques available to him, the timing of his work, the form in which the accounting
records are maintained, the internal controls which exist, the availability of the data and
the length of time it is retained in readily usable form.
5. When auditing in a computer environment, the internal auditors should obtain a

basic understanding of the fundamentals of data processing and a level of
__________________________________________________________________________________
184
technical computer knowledge and skills which, depending on the circumstances,

may need to be extensive. This is because the internal auditors' knowledge and
skills need to be appropriate to the environment in which they are auditing.
6. A few years ago it was widely considered that auditors could discharge their
duties as auditors of an entity with computer-based systems without having deep
knowledge of such systems. The auditors would commonly audit 'round the
computer' by ignoring the procedures which take place within the computer
programs and concerning solely on the input and corresponding output. Audit
procedures would include checking authorization, coding and control totals of
input and checking the output with source documents and clerical control totals.
7. This view is changed and it is now recognized that one of the principal problems
facing the auditors is that of acquiring an understanding of the workings of the
electronic data processing department and of the computer itself. It is now
customary for auditors to audit 'through the computer' to determine whether the
controls in the system are adequate to ensure complete and correct processing of
all data.
8. One of the major reasons why the 'round computer' audit approach is no longer
considered adequate is that as the complexity of computer systems has increased
there has been a corresponding loss of audit trail. An audit trail is the means by
which a transaction can be traced sequentially through the system from source to
completion, and its loss will mean that normal audit techniques will bread down.
9. The original concept of an audit trail was to print out data at all stages of
processing so that an auditor could follow transactions stage-by-stage through the
system to ensure that they had been processed correctly. Computer auditing
methods have now cut out much of this laborious, time-consuming stage-by-stage
working, and make use of:
• A more limited audit trail;
• Efficient control totals;
• Use of enquiry facilities; and;
• Audit packages.
10. An audit trail should ideally be provided so that every transaction in a file contains a
unique reference back to the original source of the input. For instance (a sales transaction
records include a reference numbers of the customer order, delivery note and invoice.
Where master file records are updated several times, or from several sources, the
provision of a satisfactory audit trail is more difficult, but some attempt should
__________________________________________________________________________________
185
nevertheless be made to provide one. Typical audit problems that arise as audit trails
more further away from the hard copy trail include.
• Testing computer generated totals when no detailed analysis is available;

• Testing the completeness of output in the absence of controls totals.
In these situations it will often be necessary to employ computer assisted audit

techniques.
11. If internal auditor intends to place reliance upon internal control system he must
ascertain, record and evaluate the system via use of compliance test.
12. Internal control system in a computerized system that is implemented and applied in a
public body may be categorized in the following three headings.
12.1 System development controls
System development controls relate to the environment within which computer

systems are developed which include:
• New proposals and proposed amendments should be subject to an

organization-wide present pattern.
• Feasibility studies should be carried out for new proposals and some of the
proposed amendments, subject to materiality limit.
• Standardized approval procedures be implemented based on named officials or

regular committee.
• Users including internal auditors should participate in the system development

process.
• Standardized documentation and systems specifications and programs be

applied so that an organization-wide standard is in force to ensure continuity as
staff members come and go.
• System and program testing involving end users be carried out before
operationalising of new system or program, using test data on parallel running
or reprocessed 'live' data.
• Full records of old system files be transferred to the new system to be

maintained and controls over totals transferred should be carried out at time of
conversion.
__________________________________________________________________________________
186
• If significant system amendment is made all the above controls should be

carried out.
12.2 Administrative Control
Administrative controls are defined as the environment within which computer

systems are maintained and operated which include:
• Adequate division of staff responsibilities and a formal system of the chain

of command in the separation of duties between development staff,
operators, controllers, file librarians and so on.
• Adequate training and job descriptions, provision of manuals and learning

materials be provided.
• Entry and other security controls be introduced.
• Standard operating procedures such as adequacy of staffing, rotation of

duties, clear set-up instruction, well understood and practiced emergency
procedures, log and record of all operator's interventions.
• Work scheduling, adequacy of system documentation controlling the

distribution of output, review of actual computer operations, breakdowns,
interventions, and revision of access and passwords regularly.
• Access to file be restricted through physical and software by means of

banning access to computer terminals to unauthorized personnel and use of
secure passwords and ensuring all disks have unique identification.
• Back-up file and stand-up controls be implemented, that is duplicate copies

of all sensitive files, several generation of transaction files, security over
file held on disk at remote location, standby generators, back-up equipment
and fire procedures.
12.3 Application Controls
Application controls are related to the transactions and standing files pertaining to
each computer based system and are, therefore, specific to each application.
Objectives of application controls are to ensure the completeness and accuracy of
__________________________________________________________________________________
187
the records and the validity of the entries made therein resulting from both manual
and programmed processing and with specific objectives.
• Input data should accurately reflect that of the prime source documents.
• Input data should reach the computer input stage.
• Only authorized data should be completely and accurately entered.
• Errors occurring during processing should be detected and corrected.
• Errors and rejected items must be acted upon to correct swiftly and
properly.
• Output reports should reach the designated recipient and dealt with in an
appropriate way.
• Amendments to standing/master file data should be properly authorized

and correctly processed.
• No unauthorized access to standing data should be permitted and no

unauthorized changes allowed.
• Correctness of the overall processing should be confirmed via

reconciliations of input with output.
Audit objectives
13. primary objectives of internal auditing of computerized system is to ascertain the

reliability of the system in processing of data and with specific objectives to ascertain
that:
• Adequate system development procedures are followed and controls are

exercised.
• All system and program modifications are properly authorized and

implemented in disciplined and controlled manner.
• Appropriate procedures are followed in conversion from old system to new

system.
• Access to computer resources is restricted to authorized personnel only.
__________________________________________________________________________________
188
• Disruption caused by file corruption is minimized.
• Entry and processing of invalid data is detected and prevented.
• Only authorized input data is submitted for processing.
• All errors and exceptions are corrected and reprocessed.
• Master file data is properly maintained.
Audit Procedures
14. In order to perform quality audit, internal auditor should follow but not be limited to the
following procedures:
14.1 Ensure that standard system development procedure is followed and

documentation is produced for an application including:
• narrative description of the system
• flowcharts and block diagram of the system
• input and output data descriptions
• file record layouts
• control procedures
• program listing
• test data and results of testing
• output distribution instructions
• operating instructions
• procedural manuals.
14.2 Ascertain that the system is adequately tested by means of processing test data,
pilot running, parallel running, and involving the clerical and control procedures
in all users concerned with the system.
__________________________________________________________________________________
189
14.3 Check that result of testing is evaluated and report is produced.
14.4 Ensure that content of master file is checked before a system becomes operational.
14.5 Ensure that completed work is reviewed and approved and further progress
authorized by responsible officials at completion stages of system specification,
programs and systems testing and accepting new system into operational use.
14.6 Ensure that all changes to system and program are authorized, documented and
tested in the same manner as new system and program, subject to significance
level.
14.7 Ensure that system development, data preparation, computer operating, file library
functions are carried out by different persons.
14.8 Ascertain that the following basic restrictions are applied:-
• access to documents containing original data is limited to control and data

preparation staff.
• computer specialist do not have access to records maintained in the computer.
• access to files and programs is limited to computer operators and file

librarian.
• computer operators and programmers do not amend input data.
• computer operator and file librarian do not have other duties within the system
and program development function.
• computer specialist does not initiate transactions and change to master files.
• unauthorized access to the computer terminal is forbidden.
14.9 Review that work of computer operators controlled by the use of administrative
procedure manuals, work schedules, operating instructions, computer usage
reports and rotation of duties.
14.10 Ensure that copies of master and important files are kept at places outside
__________________________________________________________________________________
190
computer operating location.
14.11 Ascertain that adequate reconstruction procedures are instituted by the

establishment of retention period for file and copying of file at appropriate
interval.
14.12 Ensure that there are adequate fire precautions, stand-by arrangements for
processing in case of hardware or software failure.
14.13 Make sure that controls for complete and accurate processing of
data establishment are practiced before documents are forwarded to input by
using clerical totals or sequence checks.
14.14 Ensure transcription of data to input medium is independently verified.
14.15 Check that input data is authorized before transcription into computer.
14.16 Ensure that computer inputs are authorized and their conversion
independently verified.
14.17 Review the existence of list of reasons for which input data should be rejected.
14.18 Review the procedures for investigating, correcting and resubmitting the rejected
data.
14.19 Review how the system ensures that all rejections are promptly reprocessed.
14.20 Ascertain that output contains sufficient information to trace source documents,
verify computer generated calculations and totals.
14.21 Ensure that totals and detail output are checked with controls established prior to
processing of input data.
14.22 Ensure that addition and amendment to standing data is authorized by a person
independent of computer operating and programming function.
14.23 Ensure that all amendments are documented and controlled by retention
of copies.
Computer assisted audit techniques (CAAT)
15. Nature of computer based systems give opportunities to use computer to assist
internal auditor in the performance of his audit work. Computer assisted audit
__________________________________________________________________________________
191
techniques are used to carry out this work. They may vary in nature from
techniques used to record control systems (Computerized Internal Control
Evaluation and Flowcharting Programs) to specially written computer software
which selects, tests and evaluates transactions for substantive testing purposes or
which carries out analytical review procedures.
16. There are two principal categories of computer assisted audit techniques, test data
and audit software. Audit test data consists of data submitted by the auditor for
processing by the public bodies. For example, an application control to ensure
the completeness of input may consist of programmed agreement of batch totals.
The internal auditor may choose to test this control by submitting test data with
correct and incorrect batch totals.
17. Audit software comprises computer programs used by the internal auditor to
examine the public body's computer files. It may consist package programs or
utility programs which are usually run independently of the public body's
computer-based accounting system. Package programs consists of prepared
generalized programs for which the auditor will specify his detected requirements
by means of parameters, and sometimes by supplementary program code. Utility
programs consists of programs available for performing simple functions, such as
sorting and printing data files.
18. Advantages of using computers in auditing include:-
• Internal auditors can use computers for very basic administrative functions,
such as time records, work processing and basic mathematical tasks.
• Automated working paper packages can be used to make the documenting

of internal audit work much easier. Such programs will aid preparation of
working papers such as lead schedules, and other schedules. The working
papers will be neater and easier to review and the risk of error is reduced.
These packages help the internal auditor to save time.
• Internal auditors can use other auditing packages to perform analytical

procedures and statistical sampling in which the package can perform tasks
such as determining sample size, computing standard ratios, generating
random numbers from a given sequences and evaluating results from tests
based on samples.
19. A specimen internal control questionnaire is provided in Annex XXVII.
SECTION V
SOCIAL AND ENVIRONMENTAL AUDIT
__________________________________________________________________________________
192
Introduction
1. An environmental audit is an audit which confirms the degree of compliance with both
internally and externally determined emission and pollution standards. The results of an
environmental audit have implications for the external financial auditor since financial
liabilities for causing environmental damage are rapidly increasing.
2. There is widespread recognition that the costs of ignoring environmental issues are
potentially high although a key element of such costs can not be easily quantified because
it relates to public relation and corporate image.
3. For those public bodies which do not adopt environmentally conscious policies, the
immediate effect is usually unfavorable public relation. These public bodies should
realize that it is becoming increasingly difficult to conceal their behavior and
performance from the increasingly vigilant public.
4. Some public organizations may have no legal obligation in some instances but a moral
obligation will be just as serious. Therefore, most public bodies operating in situations
where environmental issues are of particular concern are investing more and more in
research to monitor their performance and the way in which they are perceived by the
public in the key areas of public relations and corporate image.
5. The following sections of this part focus on audit objectives, impacts of relevant laws and
regulations and measuring environmental effects.
Definition
6. Environmental audit could have the following definition:-
6.1 "A management tool comprising a systematic, documented, periodic and objective
evaluation of how well organizations management and equipment are performing,
with the aim of contributing to safeguarding the environment by facilitating
management control of environmental practices and assessing compliance with the
organization policies, which would include meeting regulatory requirements and
standards applicable".
6.2 "The independent review by a specialist of an enterprise operations to identify any

areas of non-compliance with environmental legislation and find ways for the
enterprise to make more efficient use of resources, and identify opportunities for
enhancement of environmental performance and practices including potential cost
savings".
__________________________________________________________________________________
193
Audit objectives
7. The audit objective is to compare actual record emission and discharges of all
environmentally sensitive materials against such predetermined limits. The internal
auditor should be aware of any national environmental laws and regulations for their
compliance. In addition to this, the internal auditor should ensure the compliances of any
International Environmental Conventions, which were ratified by the Government of
Ethiopia since non-compliance may entail legal action and bad images on the national
and international level.
Audit procedures
8. When an internal auditor realizes that his/her organization may have environmental
issues which could have an impact on the financial statements, the following steps are
appropriate:-
• Obtain an appropriate understanding of the organization, its operations and in

particular its environmental issue.
• Evaluate whether there is any possible risks in the public body as a result of
environmental issue.
• Obtain understanding of the control environment operating with your

organization.
• Review any international environmental conventions which were ratified by

federal government for compliance.
• [Please refer annex XXXI of this part for nine International environmental
accords which were ratified by the Government of Ethiopia].
• Review any national environmental laws and regulations for compliance.
• [During writing of this manual, the national environmental law is at the Council
of Ministers in the form of draft for approval].
• Review publicly available industry information on environmental audit.
• Review report issued by environmental experts about the organization.

• Assess and obtain the environmental impact of previous and existing operation.
• Assess and obtain possible future changes in activities or the process of operation
involved.
Impact of Social And Environmental Law In Respect Of Public Bodies
__________________________________________________________________________________
194
9. Environmental laws and regulations can have considerable impact on some public bodies.
Possible problems associated with environmental laws and regulations include:-
• Contingent liabilities. These may be claims against the public bodies for
environmental offence including, for example, nuisance or watercourse
contamination of damage to health;
• Asset values may be affected. Stocks may be subject to environmental concern and
may need to be modified or replaced. Land may be contaminated and require clean
up. Plant and machinery may be replaced because it pollutes or otherwise fails to
meet modern environmental standards;
• Accounting for capital and revenue expenditure. On fitting environmental safeguards

and in undertaking remedial treatment following incidents op pollution;
• provision for future improvements in the plant required to enable the process to
continue operating within stricken.
Measuring Environmental Effect
10. Measuring the effect of environmental matters presents particular problems for an
organization and its auditor. This includes the following:-
• There is often a long delay between an activity that caused an environmental problem
and its identification by the entity or by regulators;
• Accounting estimates may not have an established historical pattern or may have
wide ranges or reasonable values because of the number and nature of assumptions
underlying the determination of those estimates;
• Environmental laws or regulations are evolving and interpretation may be difficult or

ambiguous. It may be necessary to consult with an expert on the valuation of certain
assets;
• Liabilities may arise other than as a result of legal or contractual obligations. They
may arise from the perceived moral obligation of the organization.
__________________________________________________________________________________
158
__________________________________________________________________________________
195
Annex I
EXAMPLE OF RISK ASSESMENT
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area Risk Assessment

Budget Year ________________
This Annex gives a worked example of the calculation of the Risk Index for a system. The process
has been broken down into 5 distinct steps.
Step 1 Internal Auditors should select the risk factor

Example - Transaction volume
Step 2 For each risk factor chosen, Internal auditors should chose a scale of
measurement that will be used to compare each system.
Example - Classify the transaction into five groups depending on
their volume
Step 3 Identify the points rating for each one of the scale of measure. Internal
Auditors should use points rating of between 1 and 5 for each element.
Example - give 1 for the group with the smallest volume
Step 4 Internal auditors should select a weighing factor for each risk factor. This
allows the Internal Auditor to place emphasis upon elements that are more
important to the risk assessment.
Step 5 Internal Auditors then should take the appropriate scale of measurement
for each one of the systems to be assessed. This will give points rating to
be multiplied by the weighing factor and summed for each of the
elements.
196
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget Year ________________

STEP 1
Internal Auditors should select the risk factors for the risk assessment
Risk factor
Value of transactions
Complexity of the system
Stability of the system

197
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget Year ________________

STEP 2
For each risk factor chosen, Internal Auditors should chose a scale of measurement that
will be used to compare each system
Risk factor Scale of

measurement
Value of transactions $0 - $1,000
$1,000 - $10,000
$10,000 - $100,000
$100,000 - $1m
more than$1m
Complexity of the system Very simple

Simple
Average
Complex
Very complex
Stability of the system Very stable
Stable
Average
Unstable
Volatile
198
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget Year ________________

STEP 3
Determine the Rating Points, for example, between 1 and 5 for each one of the scales of
measurement.
Risk factor Scale of Rating Points

measurement (a)
Value of transactions $0 - $1,000 1
$1,000 - $10,000 2
$10,000 - $100,000 3
$100,000 - $1m 4
more than$1m 5
Complexity of the system Very simple 1
Simple 2
Average 3
Complex 4
Very complex 5
Stability of the system Very stable 1
Stable 2
Average 3
Unstable 4
Volatile 5
199
Annex II
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget Year ________________

STEP 4
Internal Auditors should select a weighting factor for each of the risk factors. This allows the
Internal Auditor to place emphasis upon risk factors that are more important to the risk
assessment. For instance, in the example below, the most important risk factor is the complexity of
the system, the least important the value of transaction.
Risk factor Scale of Rating Points Weighting factor

measurement (a) (b)
Value of transactions $0 - $1,000 1
$1,000 - $10,000 2
$10,000 - $100,000 3 2
$100,000 - $1m 4
more than$1m 5
Complexity of the system Very simple 1
Simple 2
Average 3 5
Complex 4
Very complex 5
Stability of the system Very stable 1
Stable 2
Average 3 3
Unstable 4
Volatile 5
200
Annex II

Sch. Ref.
Initials Date
Prepared by
Reviewed by
Budget Year ________________

STEP 5
Internal Auditors should take the appropriate scale of measurement for each one of the systems to
be assessed. This will give rating points to be multiplied by the weighting factor and summed for
each of the risk factors. In the example below, the system has been identified as having between
$100,000 - $1m of transactions; being of average complexity and being unstable. The Internal
Auditor then should compare the total Risk Index of each system and identify those systems, which
are more risky than others and, therefore, should be audited sooner and more often.
Risk factor Scale of measurement Rating Points Weighting Rating

(a) factor (b) (a) x (b)
Value of transactions $0 - $1,000
$1,000 - $10,000
$10,000 - $1000,000
$1000,000 - $1m 4 2 8
more than$1m
Complexity of the system Very simple
Simple
Average 3 5 15
Complex
Very complex
Stability of the system Very stable
Stable
Average
Unstable 4 3 12
Volatile
TOTAL RISK INDEX 35

201
Annex III
INTERNAL AUDIT PLANNING CHECKLIST
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Planning Checklist

Budget Year ________________
YES NO INITIALS
PRIOR YEARS AUDIT REPORTS
1. Have you reviewed with the in-charge auditor (Senior
Auditor), re:-
• Changes in presentation of disclosure?
• Points to which special attention should be paid?
• Improvements to the content and style of the audit
findings and recommendations report?
PRIOR YEARS WORKING PAPERS

2. Have you reviewed with the in-charge auditor, re:-
• Points for attention at next audit, if any?
• Unnecessary schedules?
• Inadequate or excessive work?
• Changes in procedure or scope of examination?
NARRATIVE SYSTEM NOTES AND/OR FLOW CHARTS
3. Are you satisfied that narrative system notes and/or flow
charts and updates cover all aspects of the accounting and
other relevant systems and explain the significance of any
systems weaknesses?
202
Annex III
Sch. Ref.
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
INTERNAL CONTROL EVALUATIONS

4. Are you satisfied that the ICEQ’s have been properly
completed and evaluated and the audit implications of
weaknesses fully disclosed?
AUDIT PROGRAMMES
5. Are you satisfied that the audit programmes fit the particular
circumstances and that the scope and extent of the tests
adequately cover the implications of systems and control
weaknesses disclosed by the narrative system notes/flow
charts and ICEQs?
TIME BUDGET
6. Have you reviewed and approved the time budget ensuring
that total time is within the limit for the type of audit to be
carried out?
STAFF ASSIGNMENTS
7. Have you reviewed with the in-charge auditor and agreed

his provisional assignment of staff to the various audit
responsibilities?
PLANNING MEETING
8. Have you held a planning meeting with the staff assigned to
discuss all aspects of the audit work to be undertaken?
203
Annex IV
INTERNAL AUDIT MONITORING CHECKLIST

Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Monitoring Checklist
Budget Year ________________
YES NO INITIALS
WORKING PAPERS
1. Do the working papers properly demonstrate the nature and

extent of the work performed?
2. Have all material weaknesses noted during the review and
testing of internal control been properly summarized?
3. Have schedules been signed and dated by the prepare
and recommendations report? and the reviewer?
4. Has the permanent file been properly updated?
5. Are conclusions given for all areas of the audit, and are these
properly worded and soundly based?
6. Have you reviewed and approved the proposed audit
adjustments?
7. Have you resolved or otherwise disposed of queries and
major points noted for your attention?
8. Are you satisfied that the working papers are complete and
accurate and that no further work is required?
9. Are you satisfied that the audit was carried out within the
intended scope?
REPORT
10. Have you reviewed the draft report?
11. Does the format and terminology of the reports conform to
the standards of the Internal Audit Manual?
204
Annex IV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
YES NO INITIALS
12. Has adequate disclosure of all pertinent and material facts
been made in the report?
13. Have any subsequent events, of which you are aware, and
which may have significant effect on the report, been
properly disclosed?
14. Does the Audit Findings and Recommendations Report
include sufficient factual evidence and clear
recommendations upon which the head of public body can
take sound and appropriate decisions and actions?
15. Has adequate consideration been given to recommendations
in previous reports and the extent of compliance therewith?
16. Are you satisfied that all material points, findings, and
recommendations noted during the audit, and which should
be included in the report, are actually included?
17. Are you satisfied that no additional audit work of
outstanding items are pending before the working papers
and draft report are submitted for final review to the
Head of Internal Audit Service?
18. Have you reviewed the completed audit review checklist of
the in-charge auditor (Senior auditor) and are you satisfied
that his representations as to facts and work done are
adequately supported by the working papers?
JOB ADMINISTRATION
19. Are major variations of actual time from budget
satisfactorily explained?
20. Have you checked agreement of time taken per time control
forms with time ledger and completed time control form?
21. Are you satisfied that the staff have accounted for their time
on the audit work properly and accurately?
22. Have you discussed with the in-charge auditor and the other
members of the team any weaknesses they should overcome
to improve their audit skills, efficiency, and work habits?
205
Annex V
INTERNAL AUDIT PLANNING REVIEW SHEET
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Planning Review Sheet
Budget Year ________________
Questions Y/N Comments
Is a correct compliance testing sample size

selected? Y
Is the plan includes updating systems Plan should be revised to include

flowchart? N confirmation that existing systems
is still relevant
“ “
“ “
“ “
206
Annex VI
INTERNAL AUDIT COMPLETION CHECK LIST
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Completion Checklist
Budget Year ________________

INITIALS DATE
1. Audit Programmes signed
2. All schedules initialed
3. All schedules referenced and cross referenced
4. All outstanding points cleared
5. Audit works reviewed by Head of Internal Audit
6. Audit works reviewed by Audit team leader
7. Draft report discussed with the Head of public body
8. Final report reviewed by Head of Internal Audit
9. Final report passed for typing
10. Report issued
Comments
207
Annex VII
INTERIM AUDIT REVIEW SHEET
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Review Sheet
Budget Year ________________
Is the time taken to carry out compliance tests

corresponds with that of the budgeted time? Y ---
Are the systems notes fully written up Additional junior Internal Auditor
from the interviews with management? N is required for 1 week to fully write
up system notes
“ “
“ “
208
Annex VIII
INTERNAL AUDIT COMPLETION REVIEW SHEET
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Completion Review Sheet
Budget Year ________________

Has the compliance testing been completed Y

as per internal audit plan?
Have systems flowcharts been updated? Y
Has the internal audit report been drafted N Paragraphs should be redrafted by
the
based clearly on the conclusions reached internal auditor for inclusion in the
from the internal audit work? Internal Audit report. These should
be based on the conclusions of the
internal audit work.
“ “
“ “
209
Annex IX
INTERIM AUDIT REPORT
The Head of Public Body ________________

Purpose Statement
1. Based on our periodic audit plan we conducted an audit of fixed assets of the public body to
ascertain the existence of effective internal control exercised thereon.
Scope Statement
2. Accordingly, we have verified the fixed asset register and the physical existence of fixed
assets to ascertain that all fixed assets of the public body were registered and also to check
the existence of all registered fixed assets.
Findings
3. We noted that the fixed asset register was not complete with respect to property
identification number, location, date of purchase and other relevant information. We further
noted that the fixed assets were not given identification numbers.
4.
5.
6.
7.
Conclusion
8. We were therefore unable to check the physical existence of the fixed assets which implies
that there is a weakness in the overall control exercised thereon.
Recommendation
9. We recommend that all relevant details such as property identification number, location and
other relevant information be recorded on the fixed asset register and identification number
be given to all fixed assets of the public body.
Signature
Head of the Internal Audit

Date
210
Annex X
ORGANIZATION OF WORKING PAPERS
PF - 1 Organizational Information
PF-1.1 Nature of the public body: history, establishment etc.

PF-1.2 Objectives
PF-1.3 Organizational structure (chart)
PF-1.4 Job description
PF-1.5 Staffing
PF - 2 Accounting system and Internal Control Structure
PF-2.1 Accounting policies

PF-2.2 System documentation forms
PF-2.2.1 System Notes
PF-2.2.2 Flow Charts
PF-2.3 Internal Control Questionnaire
PF-2.4 Internal Control Evaluations
PF-2.5 Risk Assessment Index
PF-2.6 Specimen of Documents (Vouchers)
PF - 3 Rules and Regulations
PF-3.1 Directives
PF-3.2 Rules, Regulations
PF-3.3 Internal Instructions
PF-3.4 Official Rates (Price lists)
PF - 4 Previous Year Audit History
PF-4.1 History of Audit Report - Findings

PF-4.2 Management Action
PF-4.3 Outstanding Queries
PF-4.4 Matters Deserving Attention and Follow-up.
PF - 5 Important Memorandum
PF-5.1 Contracts - Project Agreements, Other Contracts etc.
PF-5.2 Committee members
PF-5.3 Key Personnel: Signatories, Authority Limit etc.
PF-5.4 Bank Accounts number
211
PF - 6 Correspondence
CURRENT FILE
Section 1 Audit Reports
AR - 1 Final Audit Reports
AR-1.1 Report on Internal Control
AR-1.2 Report on Performance Audit
AR-1.3 Report on Fraud Investigation
AR-1.4 Reports on Project Audit
AR-1.5 Ad-hoc Reports
AR-1.6 Interim Reports
AR - 2 Draft Reports
Section 2 General Information
GI-1 Matters for Attention: Auditor Follow-up,

Management Action etc.
GI-2 Summary of Findings
GI-3 Discussion with Management: Comments,
Responses etc.
GI-4 Extracts of Minutes
GI-4.1 Management
GI-4.2 Audit Committee
GI-5 Review and Check Lists
GI-5.1 Review Notes
GI-5.2 Check Lists
GI-6 Audit Time Summary and Budget
GI-7 Important Memorandum
GI-7.1 Financial Statement
GI-7.2 Letters
212
Annex X
Section .3 General Audit Procedure

GA-1 Audit Planning
GA-2 Audit Programs
GA-3 Other Planning Issues
Section 4 Financial Audit and Compliance Audit

TB Trial Balance
A Cash
A1 Lead Schedule
A2 Summary of Findings
A3 Support Schedules
A3-1 Support Schedules
A4 Queries/Notes
B Receivables
B1 Lead Schedule
B2 Summary of Findings
B3 Support Schedules
B3-.1 Support Sheets
B4 Queries/notes
C Payables and Letters of Credit

C1 Lead Schedule
C2 Summary of Findings
C3 Support Schedules
C3.1 Support Sheets
C4 Queries/notes
D Long Term Debts

D1 Lead Schedule
D2 Summary of Findings
D3 Support Schedules
D3.1 Support Sheets
D4 Queries/notes
213
Annex X
E Net Assets/Equity
E1 Lead Schedule
E2 Summary of Findings
E3 Support Schedules
E3.1 Support Sheets
E4 Queries/notes
F Revenue
F1 Lead Schedule
F2 Summary of Findings
F3 Support Schedules
F3.1 Support Sheets
F4 Queries/Notes
G Expenditures : Capital and Recurrent

G1 Lead Schedule
G2 Summary of Findings
G3 Support Schedules
G3.1 Support Sheets
G4 Queries/Notes
TC Tests of Internal Control

TC 1 Revenue/Collections
TC 1.1 Summary of Findings
TC 1.2 Support Schedules
TC 1.2.1 Support Sheets
TC 1.3 Queries/notes
TC 2 Disbursements
214
Annex X
TC 3 Procurement
TC 4 Payroll
TC 5 Stock/Inventory
TC 6 Fixed Assets
TC 7 Computer Audit
Section 5 Performance Audit
PA1 Summary of Findings
PA2 Support Schedules
PA2.1 Support Sheets
PA3 Queries/notes
215
Annex X
Section 6 Fraud Investigation
FI1 Summary of Findings

FI2 Support Schedules
FI2.1 Support Sheets
FI3 Queries/notes
Section 7 Environmental Audit
EA1 Summary of Findings

EA2 Support Schedules
EA2.1 Support Sheets
EA3 Queries/notes
Section 8 Project Audit
8.1 Contract audit - Constructions
CA1 Summary of Findings

CA2 Support Schedules
CA2.1 Support Sheets
CA3 Queries/notes
8.2 Donor Funded Projects
DF1 Compliance with agreement - same as Section 8.1

DF2 Reporting and monitoring - same as Section 8.1
DF3 Financial audit - if financial report and
statements are prepared - same structure as above
in "Section 4"
216
Annex XI - 1
SCHEDULE OF SUMMARY OF FINDINGS

Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Summary of Findings
Budget Year ________________
• Audit objective
• Findings and respective recommendations

Schedule Reference
1.
2.
3.
217
Annex XI – 2
AUDIT FINDINGS
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Audit Findings – Cash and Bank Balances
Budget Year ________________
Comments (Disposal)
1. Cash receipt voucher number 21273 is missing. Subsequently obtained
2.
3.
•
•
•
NB Reportable findings are to be taken to Schedule of

Summary of
Findings. (Annex XI - 1)
218
Annex XII
RELATIONSHIP OF WORKING PAPERS TO FINANCIAL STATEMENTS
FINANCIAL STATEMENTS
REF. BIRR
CASH A1 1,500
TRIAL BALANCE TB
Debit Credit
BIRR BIRR
CASH 1,500
LEAD SCHEDULE CASH A1
SCHEDULE
REFER. BIRR BIRR
CASH ON HAND A2 400

CASH IN BANK
ACCOUNT No. XX A3 500
ACCOUNT No. YY A4 600
1100
1,500
A2 A3 A4
CASH COUNT SHEET BANK RECONCILIATION BANK RECONCILIATION

ACCOUNT NO.XX ACCOUNT NO.XX
AMOUNT 400 AMOUNT 500 AMOUNT 600
TO A1 TO A1 TO A1
219
Annex XIII
WORKING PAPER - TYPICAL SCHEDULE

Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Cash and Bank Balances
Budget Year __________________________

BALANCE
AS AT 30/10/19XX
BIRR
CASH AT BANK B3 60,000 C
CASH ON HAND B6 3,000

63,,000 TO B
Supporting Schedules
on which detail Cross Referencing
work(such as bank
reconciliation, cash count)
is done.
Tick Marks Work Done
C Confirmation sent
Balance agree with ledger Explanation of audit steps
Footed Performed or work done
Conclusion
We noted that cash counted as 30/10/19xx was less than

the record balance by Birr 560 which implies that there Auditor's Conclusion
is a weak control over cash on hand.
220
Annex XIV
AUDIT PROGRAMME
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year ________________
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________
1. Estimated Time ______________

2. Actual Time ______________
3. Difference _______________
4. (If significant, give reasons on last
5. page of this form)
Audit Procedures to be Ref Name of Initial of

No. Performed No. Auditor Auditor Remark
Audit Objectives
1.
2.
3.
General Procedures
1. Review previous year audit working

papers.
2. Review the updating of the permanent
file.
3. Fill the internal control questionnaire.
4. Draw or update flow chart or system
notes
5. Evaluate the appropriateness and
effectiveness of the control system.
6. Conduct walk through test to confirm the
control system.
7. Review internal and external reports.
Specific Procedures
1. (Obtain information from 'audit
procedures' in respective section)
2.
3.
221
Annex XV
AUDIT PROGRAM - CASH AND BANK BALANCES
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________

Budget Year ________________
State Audit Sampling
Procedures Which Population Sample
varies in sample size Size Size Budget Year _______________
1. Estimated Time ______________

2. Actual Time ______________
3. Difference _______________
4. (If significant, give reasons on last
5. Page of this form)
No. Audit procedures Ref. Name of Auditor Signature Remark
Audit Objectives
Ensuring that collection and

1 payment of cash are made on
legal receipt and payment
vouchers respectively
Ascertaining that cash collected

2 by the public body is deposited
intact to bank in a timely manner
3 Ensuring that imprest system is
established
222
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Ascertaining that every cash and
4 bank transaction is properly
registered in the books of
account
5 Ensuring that cash is properly
safeguarded
6 Ascertaining compliance with
laws, regulations, directives.
7 Ensuring segregation of duties.
General Procedures
Review the previous year audit
1 working paper to see if there are
useful points noted about cash
and bank balances.
2 Review the permanent file
Fill the internal control
3 questionnaire for cash and bank
balances
Draw or update flow charts to
4 represent the existing system for
the administration of cash and
bank balances of the public body
Conduct a walkthrough test or
other preliminary review
5 mechanism (observations) to
confirm the practicability of the
prescribed control system
223
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

6 Evaluate whether the existing
internal control system for cash
and bank balances is proper.
Specific Procedures
Review the organization
7 structures and personal files
of cashiers and accountants
to:
- ensure existence of clear
and precise job
description;
- ensure segregation of
duties;
- check the education level of
cashiers and accountants
and whether proper
trainings are given
- check whether adequate
internal check mechanisms
are established
- check whether there exist
rotation of duties
224
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

8 Ensure proper safeguarding of
cash and cash documents,
check:
- Existence of cash safe or
cashier offices.
- Control over unused receipt
vouchers;
- Control on movement of
cash. If collectors exist,
check timely, intact
handover
- Control over cheque:
. check that blank cheques
are not signed in advance;
. check that cancelled
cheques kept undetached
on the pad being marked
VOID
Ascertain that MOFED
9 directives, as well as laws and
proclamations are adhered to
Check the existence of
10 prenumbered official receipt
vouchers.
Check that cash and cheque
collection summaries are
maintained and check whether
11 the summaries are checked by
individuals other than cashier
(accountants) as part of an
internal check.
225
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Check the sequence of the
12 receipt ascertaining that
cancelled receipts are kept
undetached in the pad being
marked VOID
13 Ascertain that daily receipts are
deposited to bank on time and
in tact:
- Select sampling method;
- Specify sample size and
population size
- Check receipt vouchers
against deposit slips
Check if undated accounting

14 records exist – ledgers, cash
books, transaction registers etc.
Check accuracy/casting of cash

15 book, transactions registers.
Perform cash count:

16 - see that cashier and chief
accountant are present
when undertaking count;
- list all relevant documents
and valuable found in the
safe, sign along with
cashier and accountant on
the list;
- take cut-off on the count
date and sign on the last
used receipt and books of
account;
- take steps to prevent
226
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

double counting of cash;
- count and record the
amount of cash, suspense
account and other
documents which have
money value found in the
safe and ascertain that all
are counted;
- check count versus the
records/float;
- sign, along with cashier
and accountant on the
count forms;
- sign confirmation with the
cahier and senior finance
officer by comparing the
cash and suspense account
found in the safe against
the net book balance at the
cut-off point;
- follow-up on differences of
cash counted Vs. record
balance – short/over
- ensure that cash or cash
equivalents that are not the
property of the public body
are not kept in safe. If so
note details;
- ensure that cashier do not
present “balance” cheques
during the count as part of
cash.
227
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Check whether suspense
17 payment vouchers are approved.
Check also the age of suspense
18 payments. Review the status of
long overdue suspense payments
not yet cleared.
Check that an impresit system is
19 established and that the rules
regarding the impresit system
are complied with.
Identify all bank accounts held
20 by the public body along with
signatories.
For all bank account check that
bank reconciliation is prepared
21 at the end of each month; check
also that the reconciliation is
checked by individual other
than the preparer.
22 Check the bank reconciliation:
- check the reconciling items
against bank statements;
- see that the balances of
book (record) and bank
statement agree taking the
reconciling items into
consideration
- check the accuracy of
summation;
- enquire into long
outstanding reconciling
228
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

item (outstanding cheques
and deposits);
- check that the outstanding
cheques are withdrawn in
subsequent months.
- Ascertain this against bank
statements;
- check that the outstanding
deposits are credited by the
bank in subsequent months.
Ascertain this against bank
statements.
- Check that appropriate
action be taken for
outstanding cheques over
six months;
- Enquire into inter bank

transfers;
- review adjustments against
supporting documents;
- check that proper
notification is made to
bank on time when bank
errors are observed;
- review unusual, high value
withdrawals appearing in
the bank statement.
229
Annex XV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Ensure that proper records are

23 kept – receipt, registers,
ledgers, bank statements and
bank deposit slips.
24 Prepare a file for the audit

works carried out throughout
the period.
25 Update the permanent file.

230
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Annual Plan
Budget Year ________________
1. Estimated time required to complete the

audit assignments
Audit Areas Estimated Hours
• Planning each audit assignments Senior Auditor Junior Auditor
• Audit program 100 -
• Entry conference 20 -
• Cash and bank balance
• Main cash 15 20
• Petty cash 10 15
• Bank balances 30 20
• Cash count 10
• Receipt and receivables
• Receipts
• Budget transfers (Recurrent
and Capital) 40 -
• Grants and loans 60 15
• Fees and charges 50 50
• Disposal of property 10 30
• Sequence of cash receipt voucher - 150
• Sundry
• Receivables 40 30
• Stocks
• Stocks movement
• Receipt of stocks 40 150
• Issue of stocks 50 160
• Recording of stocks - 150
• Stocks count 100 150
231
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
• Fixed assets
• Acquisition 200 -
• Recording of fixed assets
• Acquisition 80 60
• Disposal (Sales, issue, write-offs) 80 60
• Physical verification 120 110
• Payroll
• Payroll sheet 60 95
• Attendance sheet 10 60
• Personal files 40 -
• Expenditures
• Cash payments 100 180
• Check payments 235 240
• Procurement
• Purchase requisition 60 -
• Selecting of bidders 70 -
• Delivery of goods 80 100
• Payment of invoices 60 30
• Finalizing each audit assignments
• Report writing 100 -
• Exit conference 30 -
• Contingency (for special assignments) 100 100
2,000 1,975
2. Estimated Available Time

Senior Auditor Junior Auditor
Hours Hours
Total hours in the year 2,080 2,080
Less : Public holidays 80 80
Annual leave 160 120
Estimated sick leave 40 40
Estimated morning leave 16 16
Total Hours Available 1,784 1,824
232
Annex XVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
3. Required time in excess of available time

Senior Auditor Junior Auditor
Hours Hours
Estimated time required 2,000 1,975
Available time 1,784 1,824
216 151
NB. The Head of the Internal Audit should discuss about the additional time needed with the
Head of the Public Body and find ways to make the deficit good.
233
Annex XVII-1
CASH COUNT FORM
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Cash Count
Cash Count Date _________________________

Fund _________________ Budget Year ________________
1. LOCAL CURRENCY
1.1 Notes and Coins
Denomination Quantity Amount

Notes 100
50
10
5
1
Coins 0.50
0.25
0.10
0.05
0.01
Total of notes and coins
1.1 Cheques
Cheque No. Date of Issuance Payee Amount
Total of checques
1.3 Other documents with money value

Postage stamps
Fuel coupons
Total of other documents
Total Local Currency
Record balance/petty cash float
Difference short (over)
2. FOREIGN CURRENCY
Denomination Quantity Amount
Total foreign currency

Record balance/petty cash float
Difference short (over)
I, Ato/W/ro/W/t. ____________________________ the cashier of the ______________________ (name of the public body) confirm that
the cash amounting to Birr ________________ (in words) and the foreign currency as detailed above were counted in my presence and
returned to me intact.
Cashier Senior Finance Official Auditor
Name: _______________ ___________________ ______________

Signature ______________ ___________________ ______________
234
Annex XVII-2
SUSPENSE ACCOUNT - COUNT SHEET
S
c Initials Date
Prepared by h
Reviewed by .
Ref.

Audit Area Suspense Count Sheet
Budget Year ________________
Cash Count Date _____________
Suspense
Payment Name of Authorized Name of Person AMOUNT OF MONEY
Voucher Date of Person who Who received Salary Recurrent Capital
No. Payment Allowed the Payment The payments Reason for payments Advance Expenditure Expenditure TOTAL
TOTAL
I (Ato, W/ro./W/t.) ______________________, cashier of __________________ confirm that the suspense account vouchers amounting to Birr _______________
(in words). Were counted in my presence and returned to me intact.
Cashier Finance Officer Auditor
Name _________________ ________________________ ________________________
Signature _________________ ________________________ ________________________

235
Annex XVIII
BANK RECONCILIATION
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Bank Reconciliation
Budget Year ________________
Birr
Balance per bank statement X
Add: Outstanding deposit (list receipt

number, date, amount) X
Less: Outstanding cheques (list cheque number,

PV. No., date, amount) (X)
Balance per book X

236
Annex XIX
INTERNAL CONTROL QUESTIONNAIRE-CASH AND BANK BALANCES
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Cash and Bank Balance
Budget Year ________________
Evaluation
Not And
No. Questionnaire Yes No Applicable Comments
1. Does the public body have bank accounts?
If so how many?
2. Is the Ministry of Finance informed of the
bank accounts along with signatories?
3. What are the job positions of the
signatories?
4. Is there approval limit? Co-signatories? If
so how much and how many respectively?
5. Are bank reconciliations done monthly?
6. Are they checked and approved?
7. Are cheques kept in a secure place? Are

they signed in advance? (blank cheques)
8. Is the control surrounding the unused
cheque satisfactory?
9. Are unused official cash receipts
safeguarded and adequately controlled?
237
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
No. Questionnaire Yes No N/A Comments
10. What type of items are designated as cash

for the public body?
11. How many cashiers exist:
- main cashier?
- Assistant cashier?
- Collectors?
- Petty cashier?
12. Are cashiers educationally qualified?
Have they taken proper training?
13. Are cashiers insured? Or are they
required to obtain guarantee?
14 Are efforts taken to safeguard cash
satisfactorily?
- safe box?
- cashier office?
- timely deposited?
15 Are there any cash, suspense account or
documents which have money value and
belonging to the public body kept outside
the safe? If so why?
16. Is there any cash, suspense account or
documents which have money value and
which do not belong to the public body
kept in the safe?
238
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by

17. Is there an imprest system in use? How
many?
- What are their purpose?
- How much is the float?
- What is maximum amount that can be
paid?
- Is the fund regularly reviewed?
18. Are cash, suspense account and
documents counted as part of an internal
check?
- If so state the frequency
- By whom it is done (position)
- If there is cash Vs. record
reconciliation
19. Are collections transferred to main cashier
on time and intact?
20. Are the collections deposited into bank on
time and intact?
21. Are cash collection summaries prepared?
If so are they checked as part of an
intended check?
22. Are the deposits checked against receipts?

If so by whom (position) ?
239
Annex XIX
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Are duties segregated in a manner where

23 those responsible for custody of cash
(cashiers) are apart from recording
functions?
Are there books for recording cash and
24 suspense accounts? If so maintained
by whom?
Are all transactions recorded timely,
25. completely and accurately ? If so
maintained by whom?
26. Are suspense payments authorized? If so
by whom?
27. Are there long outstanding suspense
account payments?
28. Is 'PAID' rubber stamp used?
29. Is there rotation of duties?
240
Annex XX
INTERNAL CONTROL QUESTIONNAIRE RECEIPTS AND RECEIVABLES
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Receipts and Receivables
Budget Year _________________________________
No. QUESTION YES NO N/A COMMENT

1. Is there any source of income other than the
budget? If so is it an authorized income?
2. Are official receipts in use?
Is there a satisfactory control over used and
3. unused receipt vouchers?
a. log books
b. access restriction
c. sequence checking
d. original copy of cancelled receipt
attached
4. Are collections summarized in a summary
form?
5. Does another individual as part of his/her
duty check the summaries?
241
Annex XX
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Are all collections properly and accurately
6. coded, classified and recorded into books of
account?
7. Are all collections deposited to bank on time
and intact – to central treasury account?
8. Does another person as part of his/her duty
review this process?
9. Is the budget financed by collections? If so
is it approved?
10. Do different individuals carry out the duty of
tax/income assessment (determination),
collection and recording?
11. Are taxes and custom duties properly
assessed?
12. Are fees and charges properly determined in
accordance with relevant regulations?
13. Are taxpayer files, identification number,
ledger cards maintained?
14. Are tax assessments checked or reviewed by
higher officials?
15. Are procedural guides, directives, rules and
regulations adhered to, when collecting from
various sources?
• disposal of properties
• interest income
• etc.
242
Annex XX
Sch. Ref.
Initials Date
Prepared by
Reviewed by

16. Are the control procedures maintained to
assure the completeness of collections?
17. Is there rotation of duties between staff?
18. Are control and subsidiary ledgers
maintained with respect to receivables? If so,
are the total balances in agreement?
19. Are schedules of receivables prepared taking

into account age, nature and amount?
20. Are directives complied with concerning
debtors?
• write off
• long term staff loan
• short term staff loan
21. Is there proper follow-up of outstanding
debts?
22. Are statements of accounts exchanged with
major receivables?
23. Are debts collected without the knowledge of

accounts section?
24. Is there compliance with agreements of
grant/loan (concerning income from grants
and loan)?
25. Are official receipts vouchers and goods
receiving vouchers in use to acknowledge
receipt of grants/loan?
26 Are valuations properly supported?
243
Annex XXI
INTERNAL CONTROL QUESTIONNAIRE FOR STOCKS
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Stocks
Budget Year _________________________________
1. Are all incoming stocks cleared by a

receiving department?
Does the receiving department deliver or

2. supervise the delivery of each item to the
proper store location?
Are materials held in store:

3. 1. inaccessible to anyone other than store
personnel?
2. Stored in an orderly fashion?
3. Issued only on properly approved
requisitions?
4. Are perpetual stores records maintained for

each stock item or for major categories?
244
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
No QUESTION YES NO N/A COMMENT

.
Does the public body control the records of
5. stocks owned by the public body but which
are in the hands of others?
Does the public body control the records of
6. stocks owned by other party but which are in
its hands?
7. Are related functions separated so that
employees keeping the stores records have no
access to the stock held in stores?
8. Is a copy of the purchase order given to the
storekeeper upon receipt to verify the stock
items purchased?
9. Does the storekeeper raise goods receiving
notes for all stocks entered into the store?
Does the storekeeper issue stocks upon
10. receiving store issue voucher which is
approved by authorized person?
11. Are perpetual stock records periodically
checked by physical count at least once a
year?
245
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by

In reference to the physical count:
12. 1. Are employees taking the physical
count properly:
a. instructed?
b. Supervised?
2. Are prenumbered count sheets used?
3. Are all count sheets accounted for?
4. Are receiving and issuing documents
cut-off taken?
5. Do the employees taking the physical
counts have regular duties other than
those of keeping stores or stores
records?
6. Are counts and descriptions as

indicated by the count sheets
checked?
7. Are appropriate procedures instituted
to ensure that all stock items were
counted?
8. Are obsolete scrap, third party stocks
separately indicated?
9. Are stock valuation sheets checked to
original physical count sheets?
10. Are prices, extensions and footings
of the valuation sheets checked?
246
Annex XXI
Sch. Ref.
Initials Date
Prepared by
Reviewed by

13. Are discrepancies (if any) between stock
records and physical counts promptly
investigated, particularly differences of a
material nature?
14. Do routine procedures provide for a frequent
check of stocks for overstocked and slow-
moving items?
247
Annex XXII
INTERNAL CONTROL QUESTIONNAIRE FOR FIXED ASSETS
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Fixed Assets
Budget year___________________
No. Question Yes No N/A Comments
1 Are different staff members engaged in the purchase of
fixed assets, keeping custody of fixed assets before
being issued for use, and recording their movements?
2 Is there any assigned section or body to follow-up

foreign purchase?
3 Is there a mechanism to prevent the purchase of

more quantity of fixed assets than required?
4 Are goods receiving notes issued upon receipt of all

acquisitions of fixed assets?
5 Is the store-keeper forced to raise goods receiving

notes without getting a chance to see the fixed
asset physically?
6 Are fixed assets issued without the authorization of
a designated official?
248
Annex XXII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
No. Question Yes No N/A Comments
7 Does each fixed asset have its own identification number?
8 Is there fixed assets register for proper recording

and controlling of the movement of fixed assets?
9 Is there a strong control mechanism to ensure that

fixed assets are not exposed to theft or damage?
10 Is there annual physical count of fixed assets and the count

compared against the balance in the fixed assets register?
11 Is physical count of fixed assets undertaken in the presence

of the storekeeper and by staffs assigned from other
section?
12 Is the result of fixed assets physical count

reported to the Head of public body?
13 Is there any mechanism to ensure the level of fuel

consumption being in line with the length of
distance that the vehicle has covered? For
example, maintaining log book.
14 Is there any controlling mechanism over the proper

utilization of the services of vehicles
15 Are there any fixed assets which are out of service?
16 Does Management take appropriate measures

consistent with the existing directives when
there are fixed assets, which are out of Service?
17 Is there a mechanism to verify the condition of those

fixed assets, which are aged and malfunctioning, before
disposing them off?
249
Annex XXIII
INTERNAL AUDIT QUESTIONAIRE FOR PAYROLL
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Payroll
Budgeted Year _________________________________
Yes No N/A Comments
1. Are personnel records (files) maintained

for all employees?
2. Is personnel section responsible for the
proper custody of personnel records?
3. Do personnel files provide up-to-date
information of each and every employee's
salaries and related benefits?
4. Is there separate control system for
recording annual leave entitlement accrual
and payment?
5. Is budget constraint considered before new
employment, additional benefit and salary
increment is proposed, etc?
6. Is payroll section notified in writing for
every change that should be reflected in
payroll?
250
Annex XXIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments
7. Are payroll sheets prepared, checked and

approved by different responsible persons
before payment is made?
8. Do all employees who receive their salaries
always sign on the proper space of payroll
sheets?
9. Are delegations for salary payments
supported with official authorization?
10. Are salary advances and loans paid and
repaid according to existing laws and
regulations?
11. Are payroll expenditure and deduction
posted to proper accounts?
12. Is one month expenditure compared against
another to identify causes of differences
and take the necessary steps accordingly?
13. Are salaries and allowances paid out of
capital budget fully capitalized in
respective capital expenditure account?
14. Is payroll generally subject to civil service
regulations?
251
Annex XXIV
INTERNAL AUDIT QUESTIONNAIRE FOR EXPENDITURES AND

PROCUREMENT
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Expenditure and Procurement
Budget Year __________________________
S. No. Question Yes No N/A Comments

1. Does a designated official authorize
payments?
2. Are there circumstances where a
designated official authorizes payment
beyond the limit of his signatory
power?
3. When cheques are cancelled, do they
remain undetached on the pad?
4. Is verification of payment documents
made before payment effected?
5. Are unused cheque pads kept with
those who are authorized to sign
cheques?
6. Are cheques or payment vouchers
prepared in the names of the legal
beneficiaries?
7. Are crossed cheques prepared for
effecting payments?
252
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

8. Do the same amount of money and
reason for payment, which appear on
the cheque, also appear on the cheque-
stub?
9. Are those individuals who are
involved in the signing of cheques
prevented from being involved in such
activities as preparing, recording and
effecting payments?
10. Do officials, who sign a cheque,
consistently sign on the cheque-stub?
11. Is there mechanism to prevent
signatories from signing on blank
cheques?
12. Are payment vouchers and supporting
documents attached with the cheque
when cheques are presented for
signature?
13. Is the word "Paid" stamped on official
receipts and payment documents to
prevent them from being presented
again?
14. Are all payment vouchers properly
coded and recorded in the books of
accounts?
253
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

15. Is transfer of money from one bank to
another recorded in the books of
accounts immediately?
16. Is there any payment out of collection
with out being authorized?
17. Is there possibility of payment to be
made over and above the budget?
18. Is there any budget transfer which is
not permitted by the budget
proclamation?
19. Is there a budget control ledger for
monitoring the proper utilization of
allocated budget?
20. Are cheque pads recorded on a cheque
pad register upon receipt and
issuance?
21. Are substantial amounts of payments
split and effected with a batch of
cheques rather than a single cheque to
prevent higher official from getting
awareness of such payment?
22. Are all receipts presented for clearing
suspense account signed at their back
by the individual who presents them
for verification of payment?
254
Annex XXIV
Sch. Ref.
Initials Date
Prepared by
Reviewed by

23. Is the plan for the contract approved
by Ministry of Works and Urban
Development and the budget of the
project authorized by Ministry of
Economic Development and
Cooperation?
24. Are bid documents prepared according
to the plan of the project?
25. Are payments for the project effected
according to approved payment
certificates?
26. Is the evaluation of bidders made
according to the financial
administration regulations and
directives?
27. Are goods receiving notes issued for
collecting items bought specifically
for the project?
28. Is there a strong control mechanism to
ensure that the performance of the
project is according to the plan?
29. Are items for the project bought
according to the financial
administration regulations and
directives?
30. Are payments for acquired goods and
services made according to the
relevant regulations and directives?
255
Annex XXV
FRAUD INVESTIGATION STANDARDS
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Fraud Investigation
Budget Year ________________________
Review Objective :
To determine the extent to which the public body has
developed appropriate, effective and efficient mechanisms
and policies for the handling of suspected fraud situations
from first alert to final conclusion of a matter.
Question Yes/No Conclusion
1 Determine by research and discussion the extent to which
actual practice may vary from formal policy with respect
to preliminary assessments, full investigation, police
notification, depending perhaps on factors such as :
• The specific nature of the allegation or offence
(i.e. various types or categories of fraud).
• The type or level of the individual or persons
involved.
• The number of persons involved.
• The monetary amount or financial impact
involved.
2. Are designated or specialist officers responsible for
conducting any internal investigations completely clear
as to when and how to proceed in any given fraud
situation?
256
Annex XXV
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Question Yes/No Conclusion

3. Are operational and the management officers in the public
body completely clear as to when and how to proceed in
any given fraud situation?
4 Are preliminary investigation and handling arrangements
suitable so as not to prejudice or hinder any further or
formal investigation, whether internal or external?
Particular attention should be given to procedures and
expertise utilized at the preliminary phases to ensure that
any form of evidence will not be lost or contaminated.
5. Have staff received appropriate training to be able to
effectively perform their designated roles and functions
in fraud handling? This will depend on the form of
fraud handling and investigation policy determined by
the agency and subsequently the roles and
responsibilities of the various officers involved. In
addition to specialist investigation, audit or review staff,
consideration may need to be given to the role and
training needs of operational staff and line managers in
this context.
6. Are adequate reporting systems in operation to keep
executive management, relevant line managers and any
other relevant parties (internal or external) informed of
the ongoing status of fraud investigations?
7. Has responsibility been clearly assigned, and relevant
systems developed, to ensure that full and complete
records are maintained of all fraud reports and
situations? Who ensures that records are complete in all
respects? How is this achieved in practice?
8. Are records of all reports of fraud and all fraud
investigations securely maintained? Is the possibility of
tampering with or unauthorized removal of material
from official records, now or in the future, reasonably
prevented? How would it be detected if it occurred?
257
Annex XXVI
INTERNAL AUDIT QUESTIONNAIRE FOR VALUE FOR MONEY
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Value for Money
Budgeted Year ______________________
S.No. Question Yes No. N/A Comments
1. Do staffs obtain proper external training

or on job training?
2. Is there a mechanism to ensure that staff

are aware of what, how and why they do
their work?
3. Is there timely information, which

enables the relevant official to be aware
of the conditions and level of
performance and the positions that staff
are assigned to work?
4. Is there co-ordination of action plan,

objectives and system of one
department/service of the public body
with the others?
258
Annex XXVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
S.No. Question Yes No. N/A Comments
5. Are action plans time framed and do

they have allocated budgets?
6. Is priority line established by the public

body, to perform its different activities?
7. Are the different activities of the public

body performed as per the established
priority lines?
8. Are staff responsible for the works that

they have performed?
9. Is there feed back information for the

performance of work to ensure that the
performance is in line with the set up
action plan?
10. Is there a plan, which has not taken into

account all departments and services of
the public boy?
11. Are the relevant subordinate staff, not
aware of the action plan of the public
body?
12. Are the goals and standard of works set
by the public body?
13. Is the plan of the public body in
compliance with its objective?
259
Annex XXVI
Sch. Ref.
Initials Date
Prepared by
Reviewed by
S. No. Question Yes No. N/A Comments

14. Is there any problem in obtaining
relevant and timely information for the
preparation of action plan?
15. Is the performance of the public body
properly reviewed?
16. Is there proper span of control?
17. Does the level of authority coincide with
the assigned responsibility?
18. Is there a clear line of communication
between superior and subordinate staff?
19. Are performances lagging behind due to
the delegation of improper authority to
lower level of management?
20. Is there a proper unity of command?
21. Are performances compared against
work plan, variances investigated and
the causes of the variances reported to
the head of the public body for prompt
action to be taken?
22. Is there a review and follow-up
mechanism
260
Annex XXVII
INTERNAL CONTROL QUESTIONNAIRE IN A COMPUTERIZED SYSTEM
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year ____________________
Yes No N/A Comments

I. Systems Development Controls
Standard procedures and documentation
1. Does the documentation produced for an application

include the following :
a. Narrative description of the system?
b. Flowcharts and block diagrams?
c. Input and output data descriptions?
d. File record layouts?
e. Control procedures?
f. Program listing?
g. Test data and results of testing?
h. Output distribution instructions?
i. Operating instructions?
j. Procedure manuals?
2. How does the system ensure that the documentation
in question 1 is:
a. Properly prepared?
b. Properly altered for system and program
changes?
261
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments
Systems and program testing
3. Are programs adequately tested by means of :

(a) Desk checking?
(b) Processing with test data?
(c) Use of operating instructions without
programmers being present?
(d) Any other method? (Describe)
4. Are systems adequately tested by means of
(a) Processing test data?
(b) Pilot running?
(c) Parallel running?
(d) Involving the clerical and control procedures
in all user departments concerned with the
system?
(e) Any other method? (Describe)
5. Who evaluates the results of testing and what report
is prepared?
File conversion
6. Are the contents of master files checked before a
system becomes operational?
Acceptance and authorization procedures
7. Is completed work reviewed and approved and
further progress authorized by responsible officials
in both user and computer departments at the
following stages in development :
262
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

(a) Completion of outline systems specification?
(b) Completion of systems specification?
(c) Completion of program and systems testing?
(d) Accepting new systems into operational use?
Systems and program amendments
8. Do all changes to operational systems and programs
require to be authorized?
9. Are all changes :
a. Documented;
b. Tested;
in the same manner as new systems and
programs?
10. How does the system ensure that all changes are
notified to all concerned, including user
departments? (Describe)
II. Administrative Control
Division of responsibilities
11. Is the head of the computer department responsible
to an appropriate senior official in the public body?
12. Is the following work carried out by separate
sections or departments:
(a) Development?
(b) Data preparation?
(c) Computer operating?
(d) File library?
(e) Control?
263
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

13. Have organization charts and job descriptions been
prepared?
14. Do the following basic restrictions apply:
a. Access to documents containing original data is
limited to the control section and data preparation
staff?
b. Computer department staff do not have access to
any of the public body's clerically maintained
financial records?
c. Access to the computer during production runs is
limited to computer operators?
d. Access to files and current programs is limited to
computer operators and file librarian?
e. Computer operators and programmers do not
amend input data?
f. Control section staff and the librarian do not have
other duties within the computer department?
g. Computer department staff do not initiate
transactions and changes to master files?
h. Unauthorized access to the computer room is
forbidden? (State how this is achieved.)
15. Do the restrictions in question 14 apply at all times?
Control Over Computer Operators
16. Is the work of computer operators controlled by the
use of :
(a) Administrative procedure manuals?
(b) Work schedules?
(c) Operating instructions for each program?
(d) Computer usage reports (e.g. operating logs
and console printouts)
264
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

(e) Rotation of duties?
(f) Any other method? (Describe)
17. Is all operator intervention recorded on the console
printout?
18. Are computer usage reports, including console
printouts, reviewed by a responsible official?
File Control
19. Is a permanent record of files maintained? (Describe)
20. Are movements of files recorded? (Describe)
21. On what authority are files issued?
22. Are master copies of important files (e.g. programs
and documentation) kept at outside locations?
File Identification procedures
23. Are there adequate file identification procedures by
use of :
a. Visible reference numbers?
b. Protection rings?
c. Header label checks on set up?
d. Any other method? (Describe)
File reconstruction procedures
24. Are there adequate reconstruction procedures by use
of :
(a) The establishment of retention periods for
files, input media and documents?
(b) File generation systems?
265
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

(c) Copying of disk files at appropriate intervals?
(d) Any other method? (Describe)
Fire precautions and standby arrangements
25. (a) Are there adequate fire precautions? (Describe)
(b) Are there adequate standby arrangements for
processing in case of equipment failure?
(Describe)
(c) If so, have these arrangements been tested?
III. Application controls
A. Input controls
Establishment of control
26. Is control for complete and accurate processing first
established:
(a) Before the documents are batched by use of :
i. Controls from prior procedures? (Describe)
ii. Clerical sequence checks?
iii. Retention of copies?
Any other method? (Describe)
(b) Clerically after batching by use of:
i. Control totals? (Describe)
ii. Any other method? (Describe)
(c) By computer by use of :
i. Control totals? (Describe)
ii. Sequence checks?
iii Any other method? (Describe)
27. What controls are established over data fields that
contain significant reference data (e.g. check digit
verification and matching with master file records)?
(Describe)
266
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

Verification of conversion
28. (a) Is conversion of data independently
verified?
(b) How does the system ensure that all errors are
corrected? (Describe)
Authorization of input
29. Are all input data adequately authorized?
30. If the documents are authorized before control is
established, is the authorization checked after
control is established (e.g. to guard against the
introduction of unauthorized documents)?
31. Is the computer programmed to carry out
significant authorizing functions (e.g. limit and
reasonableness checks)?
B. Processing controls
Rejections
32. Is there a list of the reasons for which data can be
rejected?
33. What are the procedures for investigating,
correcting and resubmitting the rejected data and
recording the action taken? (Describe)
34. How does the system ensure that all rejections are
promptly reprocessed (e.g. maintaining suspense
control records, independent scrutiny of rejection
listings)? (Describe)
267
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

Intermediate printouts of control data
during processing
35. (a) If control is established prior to
processing is this control used to verify all
(or some) accounting data on final output?
(Describe)
(b) If not, is it used to verify processing
to certain stage by checking
intermediate output (e.g. input totals
printed and checked on edit list)?
(Describe)
36. If the control used to verify final output is
established by the computer either on
input or during processing:
(a) Is it first printed out on intermediate
output for subsequent clerical
verification with final output (e.g.
computer totals printed on edit list)?
(Describe)
(b) If so, are there adequate program
controls to ensure the completeness
and accuracy of the data at each stage
of processing until printed out?
(Describe)
C. Output controls
General
37. What is the printout used for (e.g. to
originate or support entries in the books
for control purposes)? (Describe)
268
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

38. Does the printout contain sufficient
information to :
(a) Trace source documents to it?
(b) Verify computer generated calculations
and totals?
Output directly related to input
39. (a) Are the totals and details checked
clerically with controls established prior to
processing? - or obtained from
intermediate printout?
(b) If not, are there adequate program
and accuracy of the data printed out?
(Describe)
Output indirectly related to input
40. (a) Are the totals and details checked
clerically to external information?
(Describe)
(b) If not, are there adequate program
(Describe)
Exception reports
41. Is the completeness of the report verified
clerically? If so, give details.
269
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

42. Are there adequate program controls to
ensure the completeness (if applicable)
(Describe)
43. What are the procedures for investigating
and taking action on exception reports and
recoding the action taken? (Describe)
Distribution of output
44. If receipt of output is not controlled by the
user department how does the system
ensure it receives all printouts intact?
Amendments to standing data
45. (a) How are amendments authorized?
(Describe)
(b) Is this authorization adequate?
46. Are processed amendments checked in
detail? (Describe)
47. How does the system ensure that all
amendments are controlled:
(a) By controls total? (Describe)
(b) By retention of copies?
(c) By any other method? (Describe)
270
Annex XXVII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Yes No N/A Comments

Maintenance of standing data
48. How, and how often, are standing data
verified:
(a) By printouts of individual items for
checking with external information?
(b) By printouts of totals for reconciliation
with an independently or computer
established record of totals?
(c) By establishment and reconciliation of
totals by the computer?
(d) By any other method? (Describe)
Maintenance of transaction data
49. How, and how often, are transaction data
on the file verified on a total basis:
(a) By printouts of totals for reconciliation
with a record of independently or
computer established totals?
(b) By establishment and reconciliation of
totals by the computer?
(c) By any other method? (Describe)
50. Are individual balances printed out and
externally verified? (Describe)
271
Annex XXVIII
INTERNAL CONTROL EVALUATION QUESTIONNAIRE FOR PAYROLL
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area Payroll
Budget Year _________________________
Not Evaluation &

Question Yes No Applicable Comments
A Is there reasonable assurance that
employees are paid only for work done?
consider;
Criteria
1. Are responsibilities for supervision and
time-keeping functions adequately
segregated from personnel, payroll
processing, disbursement, and general
ledger functions?
2. Whether there is a clearly defined
procedure for ;
• Review and approval, by the
employee's supervisor, of hours
worked, overtime hours, and other
special benefits?
• Procedures for time keeping and
attendance records?
• Review for completeness and for the
employee's supervisor's approval of
time cards or other time reports?
• For authorizing, approving, and
recording vacations, holidays, and
sick leave?
B Is there reasonable assurance that
employees are paid the correct amount?
consider;
272
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

Criteria
1 Are responsibilities for supervision and
ledger functions?
2 Is one month expenditure compared
against another to identify causes of
differences and take the necessary steps
accordingly?
3 Is budget constraint considered before
new employment, additional benefit and
salary increment is proposed, etc?
4 Is payroll section notified in writing for
every change that should be reflected in
payroll?
5 Is payroll generally subject to civil
service regulations?
273
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

6 Are payroll sheets prepared, checked and
approved by different responsible
persons before payment is made?
7 Are personnel records (files) maintained

for all employees?
8 Is personnel section responsible for the
proper custody of personnel records?
9 Whether there is adequate clearly defined
procedure for ;
• Properly authorizing, approving, and
documenting all changes in
employment (additions and
terminations), salary and wage
rates, and payroll deductions;
274
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

• Are personnel records (files)

maintained for all employees?
• Promptly reporting notices of

additions, separations, and changes
in salaries, wages, and deductions
to the payroll processing function;
• Maintaining appropriate payroll

records for accumulated employee
benefits (vacation, pension data,
sick leave, etc.);
• Interviewing, by the personnel

department, of terminating
employees, as a check on departure
and as a final review of any
termination settlement.
275
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

C Is there reasonable assurance that
the right employees actually receive
the right amount? Consider;
Criteria
1 Are responsibilities for supervision and
ledger functions?
2 Are payroll sheets prepared, checked

and approved by different responsible
persons before payment is made?
3 Do all employees who receive their

salaries always sign on the proper
space of payroll sheets?
4 Are delegations for salary payments

supported with official authorization?
276
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

5 Is one month expenditure compared against
another to identify causes of differences and
take the necessary steps accordingly?
6 Is there adequate procedure for
• Returning unclaimed wages to a

custodian independent of the
payroll department?
• Having employees who distribute

checks or pay envelopes make a
report of unclaimed wages directly
to the accounting department?
• Making payments of unclaimed

wages at a later date, only upon
presentation of appropriate
evidence of employment and with
approval by an officer or employee
who is not responsible for payroll
preparation or time reporting?
277
Annex XXVIII
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year _________________________
Not Evaluation &

D Is there reasonable assurance that
accounting for payroll costs and
deduction is accurate? consider;
Criteria
1 Are responsibilities for the payroll
processing function adequately
segregated from the general ledger
function?
2 Are payroll expenditure and deduction
posted to proper accounts?
3 Adequate account coding procedures for
classification of employee compensation
and benefit costs, so such costs are
recorded in the proper general ledger
account?
4 Is there adequate procedure for proper
recording or disclosure of accrued
liabilities for unpaid employee
compensation and benefit costs?
278
Annex XXIX
RULES AND PRINCIPLES WHEN PLANNING A PEFORMANCE AUDIT
• Consider the significance and the needs of potential users of the audit
report as well as other interested parties.
• Obtain an understanding of the government undertaking to be audited

and of the problems to be scrutinized, including an understanding of the
context of the activities in question.
• Consider political objectives and the legal and regulatory environments.
• Define the problems to be studied, the entity to be audited and the audit
objectives, i.e. the expected effect of the audit.
• Identify the questions to be answered or the hypothesis to be tested.
• Define the criteria needed to verify the hypothesis or to answer the

questions.
• Identify significant findings from previous audits and other

investigations and reports that could affect the audit objectives.
• Determine the audit evidence that will answer the audit question - the
relevance, reliability and sufficiency of any data available within the
audited entities should be evaluated. The possibility of collecting the
required evidence (data_ should also be tested.
• Identify potential sources of information that should be used in the audit

in order to verify hypotheses, gain better knowledge about the audit
object, or to obtain answers to audit questions, i.e information that
might be used as audit evidence.
• Establish the audit assessment criteria. The audit assessment criteria

represent the normative standards against which the audit evidence is
judged. The assessment criteria will vary according to the specific audit
subject and objectives, the legislation governing the undertaking or the
audited entity, the stated objectives and the specific conditions that the
SAI deems relevant and important for the case.
• Consider the need of help from experts (consultants, other auditors) and
how to secure quality in the audit. It is important to evaluate the
professional knowledge and skills required by the audit team to carry
out the audit.
279
Annex XXIX
• Provide sufficient staff and other resources to do the audit and prepare a
written plan. A budget for the resources needed to carry out the
examination and the timetable is needed.
• Consider the possible conclusions and impacts of the examination. The

proposed outcome of the performance audit should be judged in terms
of "usefulness" and "feasibility". The auditor should also consider the
views and interests of the stakeholders.
280
Annex XXX
RULES AND PRINCIPLES WHEN CONDUCTING PERFORMANCE

AUDIT
• Execute the work-plan with integrity and care in a timely manner in

accordance with international and national standards for performance
auditing. Planning should continue throughout the audit. Activities
should be reviewed and modified as the audit process evolves.
• Maintain an active, open and constructive dialog with auditee and other
interested parties during the audit. The auditee (or the main executive
bodies involved in the undertaking to be scrutinized) should be informed
about the objectives, scope and time schedule of the audit.
• Choose appropriate auditing techniques. Some of the methods available
are interviews, surveys, file examinations, sampling and case studies,
secondary analysis and literature search, direct observation, seminars and
hearings. Quality in data-collection, analysis and documentation is vital,
since performance auditing is open to judgment.
• Gathers best possible information (within reason) from different sources
and seek requisite knowledge and expertise. See that the work is
characterized by objectivity, impartiality and sensitivity. Value
information obtained and arguments put forward in a critical way. All
relevant argument must be collected and tested (to see whether they are
viable).
• Undertake a qualified analysis. The analysis may for instance be in the
form of cause-and-effect studies, before-and-after studies, studies of
processes or comparative studies.
• Protect the integrity of persons providing information and ensure that
working papers are not disseminated incorrectly and, in all other ways, to
observe high ethical standards.
• The results of the field work/analysis need to be documented, filed and
cross-reference. Evidence should be sufficient, competent and relevant.
• Make analysis and assessments of observations on the basis of political
intentions, rational considerations and criteria specific to the audit. The
case of the findings may form the basis for recommendation.
• Ensure that the factual basis of descriptions, analyses and
recommendations are accurate and that they are fair and well founded,
balanced and correctly communicated to the auditee. The auditor should
check that the recommendations, if provided, address the objectives of the
audit.
281
Annex XXXI
NINE GLOBAL ACCORDS
This section contains a short description of a selection of important international

environmental accords. These accords were chosen for inclusion in this manual because of
their global importance and weight in relation to the main world wide environmental
protection issues. All the following accords were ratified by the Government of Ethiopia.
THE NINE GLOBAL ACCORDS ARE
1. Convention On Control Of Trans boundary Movements Of Hazardous Wastes And

Their Disposal (Basel Convention 1989)
Objectives:
To control and reduce trans boundary movements of wastes subject to the Convention
to a minimum consistent with there environmentally sound management.
To minimize the hazardous wastes generated, ensuring their environmentally sound

management, including disposal and recovery operations, as close as possible to the
source of generation. To assist developing countries and countries with economies in
transition in environmentally sound management of the hazardous and other wastes
they generate.
2. Convention on the Prevention of Marine Pollution by Dumping Wastes and

other Matter (London Convention 1972)
Objectives:
To prevent indiscriminate disposal at sea of wastes liable to create hazards to human

health, to harm living resources and marine life, to damage amenities, or to interfere
with other legitimate uses of the sea. The fundamental principle of the Convention is
the prohibition of damping of certain wastes (black list), the requirement of a specific
permit prior to dumping of others (grey list), and the demand for a general permit for
the rest.
282
Annex XXXI
3. International Convention for the Prevention of Pollution from Ships, 1973, as modified
by the Protocol of 1978 (MARPOL 73/78)
Objectives:
- To eliminate pollution of the sea by oil, chemicals, and other harmful

substances which might be discharged in the course of operations. To
minimize the amount of oil which could be realized accidentally in collisions
or stranding by ships, including also fixed or floating platforms.
- To improve further the prevention and control of marine pollution from ships,
particularly oil tankers.
4. Convention on Wetlands of International Importance especially as Waterfowl Habitat

(Ramsar Convention, 1971)
Objectives:
The conservation and wise use of wetlands by national action and international co-
operation as a means to achieving sustainable development throughout the world.
5. Convention to Combat Desertification (CCD, 1994)
Objectives:
To combat desertification and mitigate the effects of drought in countries

experiencing serious drought and/or desertification, particularly in Africa, through
effective actions at all levels, supported by international co-operation and partnership
arrangements, in the framework of an integrated approach which is consistent with
Agenda 21, with a view to contributing to the achievements of sustainable
development in affected areas.
283
Annex XXXI
6. Convention on Biological Diversity (CBD, 1992)
Objectives:
To ensure the conservation of biological diversity and the sustainable use of its
components; and to promote a fair and equitable sharing of the benefits arising out of
the utilization of genetic resources, including by appropriate access to genetic resources
and by appropriate transfer of relevant technologies (taking into account all rights over
those resources and to technologies)
7. United Nations Framework Convention on Climate Change (UNFCCC)
Objectives:
- To stabilize greenhouse-gas concentration in the atmosphere at a level that

would prevent dangerous anthropogenic interference with the climate system,
within a timeframe sufficient to allow ecosystems to adapt naturally to climate
change.
- To ensure that food production is not threatened.
- And to enable economic development to proceed in a sustainable manner.
8. Convention on International Trade in Endangered Species of Wild Fauna and Flora

(CITES, 1973)
Objectives:
- To ensure, through international co-operation, that the international trade in

species of wild fauna and flora does not threaten survival in the wild of the
species concerned.
- To protect certain endangered species from over-exploitation by means of a

system of import-export permits issued by a management authority under the
control of a scientific authority.
284
Annex XXXI
9. Vienna Convention for Protection of the Ozone Layer (1985), including the Montreal
Protocol on Substances that Deplete the Ozone Layer (1987)
Objectives of the Vienna Convention:
- To protect human health and the environment against adverse effects resulting
or likely to result from human activities which modify or are likely to modify
the ozone layer.
- To adopt agreed measures to control human activities found to have adverse

effects on the ozone layer.
- To co-operate in scientific research and systematic observation.
- To exchange information in the legal, scientific, and technical field.
Objectives of the Montreal Protocol:
To protect the ozone layer by taking measures leading to total elimination of global
emissions of ozone-depleting substances (ODS) on the basis of developments in
scientific knowledge, taking into account technical and economic considerations and
the needs of developing countries.
285
GLOSSARY OF TERMS
ADD VALUE Organizations exist to create value or benefit to their owners, other stakeholders,
customers, and clients. This concept provides purpose for their existence. Value is
provided through their development of products and services and their use of resources
to promote those products and services. In the process of gathering data to understand
and assess risk, internal auditors develop significant insight into operations and
opportunities for improvement that can be extremely beneficial to their organization.
This valuable information can be in the form of consultation advice, written
communications, or through other means all of which should be properly communicated
to the appropriate management or operating personnel.
ASSURANCE SERVICES An objective examination of evidence for the purpose of providing an independent
assessment on risk management, control or governance processes for the organization.
Examples may include financial, performance, compliance, system security, and due
diligence engagements.
An examination by an auditor which compares an auditee’s actions, processes, systems

AUDIT etc. with relevant norms in order to express a professional opinion on their adequacy.
AUDITEE The entity, which is subject to audit, including its managers and staff.
AUDIT EVIDENCE Sufficient information obtained by an auditor to support audit findings.
AUDIT FINDINGS The written conclusions of the auditor based on a comparison between what is and what
ought to be.
AUDIT OBJECTIVES Statements developed by internal auditors that define intended audit accomplishments.
AUDIT PROCEDURES Tasks the internal auditor undertakes for collecting analyzing, interpreting and
documenting information during an audit. They are means to attain audit objectives.
AUDIT PROGRAM Document which lists audit objectives and procedures to be followed during an audit.
CODE OF ETHICS Standards of conduct required of internal auditors in discharging their responsibilities. In
addition, they are guideline on personal behavior designed to alert the reader to types of
behavior which are incompatible with official duties.
COMPLIANCE AUDIT An audit whose objective is to evaluate the extent of conformity with laws, regulations
and instructions.
CONFLICT OF INTEREST Any relationship that is not, or does not appear to be, in the best interest of the
organization. A conflict of interest would prejudice an individual’s ability to carry out
this duties and responsibilities objectively.
CONSULTING SERVICES The range of services, beyond internal audit’s assurance services, provided to assist
management in meeting its objectives. The nature and scope of work are specified by an
agreement between the internal auditor and the management. Examples may include
facilitation, process design, training, and advisory services.
286
GLOSSARY
CONTROL Any action taken by management to enhance the likehood that established objectives and
goals will be achieved. Management plans, organizes, and directs the performance of
sufficient actions to provide reasonable assurance that objectives and goals will be
achieved. Thus, control is the result of proper planning, organizing, and directing by
management.
CONTROL ENVIRONMENT The attitude and actions of the board and management regarding the significance of
control within the organization. The control environment provides the discipline and
structure for the achievement of the primary objectives of the system of internal control.
The control environment includes the following elements: integrity and ethical values,
management’s philosophy and operating style, organizational structure, assignment of
authority and responsibility, human resource policies and practice, and competence of
personnel.
CONTROL PROCESS The policies, procedures and activities, that are part of a control framework, designed to
ensure that risks are contained within the risk tolerance established by the risk
management process.
DETERRENT EFFECT The reduced preparedness of staff members and others to contemplate and be involved in
illegal behaviour such as fraud and corruption because of the impact of internal control
system, possibility of detection and likelihood of penalty.
DUE PROFESSIONAL The standard of skill, competence and diligence expected of a reasonably prudent internal
CARE auditor
ECONOMY Acquiring inputs at the most favourable cost in relation to quality and usefulness.
EFFECTIVENESS The extent to which objectives are achieved and the relationship between intended and
actual impact (related to the concept of “outcome”)
EFFICIENCY The relationship between outputs (in terms of goods, services or other results) and (inputs)
the resources used to produce them.
EXTERNAL AUDIT An audit conducted by auditors who are independent of the audited entity and who report
to third parties.
An audit of the type carried out by external auditors where the objective is to evaluate the
FINANCIAL AUDIT reliability of financial statements (and the accounting records on which they are based)
and their conformity with relevant norms. The objective of a financial audit is attestation:
giving of an auditor’s opinion on the adequacy and reliability of the financial statements.
FOLLOW - UP A process to determine the adequacy, effectiveness, and timeliness of actions taken by
management on reported findings and recommendations by internal and external auditors,
including relevant findings made by external auditors and others.
287
GLOSSARY
FRAUD Intentional, deceptive action(s) of a dishonest nature designed to enrich the perpetrator by
giving illegal access to assets, influence or privilege.
GOVERANCE PROCESSES Deal with the procedures utilized by the representatives of the organization’s stakeholders
to provide insight of risk and control processes administered by management.
IFAC International Federation of accountants (its Public Section Committee issues International
Public Sector Accounting Standards).
INDEPENDENCE As applied to internal auditors, the ability to carry out their work freely and objectively,
and not being involved in the activities which they audit.
INSTITUTE OF Body established for instance in USA, UK which provides authoritative standards and
INTERNAL AUDITORS guidance on internal auditing.
INTERNAL AUDITING A department, division, or other group of internal audit practitioners who perform the
ACTIVITY internal audit function for an organization.
IRREGULARITY The intentional misstatement or omission of significant information from the accounting
records, financial statements, other reports, documents, or records. Irregularities include
fraudulent financial reporting, which renders financial statements misleading and
misappropriation of assets. Irregularities involve falsification or alternation of accounting
or other records and supporting documents; intentional misapplication of accounting
principles; or misrepresentation or intentional omission of events, transactions, or other
significant information.
INTERNAL CONTROL The plan of the organization and all the coordinated methods and measures adopted by
management to safeguard assets, ensure the timeliness, accuracy and reliability of
accounting data, promote operational efficiency and maintain adherence to regulations
and directives.
INTOSAI The International Organization of Supreme Audit Institutions (the umbrella body for
external auditors of government which publishes Government Auditing Standards)
OBJECTIVES The broadest statements of what the organization chooses to accomplish.
OBJECTIVITY An independent mental attitude that requires internal auditors to perform engagements in
such a manner that they have an honest belief in their work product and that no significant
quality compromises are made. Objectivity requires internal auditors not to subordinate
their judgment on audit matters to that of others.
OPINION An expression of the internal auditor’s assessment or judgment about the overall internal
controls related to an assurance engagement.
OUTCOME The impact achieved by a government activity or program e.g. an increase in farm
production (see “Effectiveness”).
288
GLOSSARY
OUTPUT The immediate services produced by a government activity or program (see “Efficiency”).
PREVENTIVE Actions taken by management to deter the occurrence of expected adverse events such as
CONTROLS error, fraud, irregularity, inefficiency.
PUBLIC BODY Any organ of the Federal Government of Ethiopia which is wholly or partly funded by the
government budget (typically refers to administrative bodies not to public enterprises).
RISK The probability of an event or action which will adversely affect the entity.
RISK ASSESSMENT A systematic process for evaluating risk which takes into account both probability of
occurrence and the relative significance of risky events (i.e. it considers whether risky events
are likely to occur and concentrates on those likely to do most damage)
RISK MANAGEMENT Put in place by management to identify, evaluate, and respond to potential risks that may
PROCESSES impact the achievement of the organization’s objectives.
SCOPE OF THE AUDIT Refers to the activities covered by an internal audit.
SCOPE LIMITATION A limitation placed on internal audit (often by management) preventing it from
accomplishing objectives and plans
SIGNIFICANCE Sometimes termed materiality, refers to the relative importance of items, transactions,
findings, etc. Items of larger monetary amount tend to be more significant than smaller ones.
SUPPLIERS’ LISTS Lists established by Ministry of Finance and Economic Development and other authorized
public bodies which set out the names and addresses of suppliers from whom public bodies
may solicit bids.
SYSTEM Defined by the Institute of Internal Auditors as an arrangement, set or collection of concepts,
parts, activities, and/or people that are connected or inter-related to achieve objectives or
goals.
SYSTEM OF INTERNAL The arrangement of procedures, instructions, activities and people chosen by management to
CONTROL comply with government laws etc. and to achieve its own internal control objectives. For a
definition of internal control see above.
‘THE THREE Es” Economy, Efficiency and Effectiveness.
VALUE FOR MONEY An audit concerned with economy, efficiency and effectiveness, sometimes known as a
AUDIT performance audit.
WALK-THROUGH TEST Test based on preliminary understanding of a system to confirm that the system works as
expected.
WORKING PAPERS Documents prepared by auditors to record the information obtained, analyses made and
conclusions reached during an audit (on which audit findings and recommendations are
based)
ANNEXES
ANNEX PAGE
I Example of Calculation of Risk Index 192
II Risk Index 193
III Internal Audit Planning Checklist 194
IV Internal Audit Monitoring Checklist 196
V Internal Audit Planning Review Sheet 198
VI Internal Audit Completion Checklist 199
VII Interim Audit Review Sheet 200
VIII Internal Audit Completion Review Sheet 201
IX Internal Audit Report 202
X Organization of Working Papers 203
XI - 1 Schedule of Summary of Findings 209
XI - 2 Audit Findings 210
XII Relationship of Working Papers to Financial Statements 211
XIII Working Paper – Typical Schedule 212
XIV Audit Programme 213
XV Audit Programme – Cash and Bank Balances 214
XVI Annual Plan 223
XVII - 1 Cash Count Form 226
XVII - 2 Suspense Account – Count Sheet 227
XVIII Bank Reconciliation 228
XIX Internal Control Questioner – Cash and Bank Balances 229
XX Internal Control Questioner – Receipts and Receivables 233
XXI Internal Control Questioner – Stocks 236
XXII Internal Control Questioner – Fixed Assets 240
XXIII Internal Control Questioner – Payroll 242
XXIV Internal Control Questioner – Expenditures and procurement 244
XXV Fraud Investigation Standards 248
XXVI Internal Audit Questioner – Value for Money 250
XXVII Internal Control Questioner in A Computerized System 253
XXVIII Internal Control Evaluation Questionnaire 264
XXIX Rules and Principles When Planning Performance Audit 271
XXX Rules and Principles When Conducting Performance Audit 273
XXXI Nine Global Accords 275

Book of Audit

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Book of Audit

Uploaded by

Copyright:

Available Formats

INTERNAL AUDIT STANDARDS AND CODE OF ETHICS

FOR INTERNAL AUDITORS AND INTERNAL AUDIT

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMEN

Part - One Introduction

Part Two – Internal Audit Standards and Code of Ethics

Part Three - Basic Concepts and Principles of Internal

Part Four - Procedural Guidance on Financial Audits

Part Five - Procedural Guidance on Special Audits

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

SECTION II : BASIC CONCEPTS OF AUDITING

2. Currently, auditing can be defined as the process by which a competent,

Auditing can be mainly grouped into four types:-

3. Financial audit: involves verification of financial data to express opinion on their

4. Compliance audit: involves verifying adherence to policies, plans, procedures,

5. Value for money (performance) audit: is a forward looking evaluation of

6. Environmental audit : is an audit which confirms the degree of compliance with

Types of auditor [Internal and External Auditors]

7. Internal auditors are auditors employed by the organization to carry out an

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

• Provide an independent and objective opinion to the Head of public body

• Provide an independent and objective consultancy service specifically to

• Carry out procedures designed to obtain sufficient and appropriate audit

• Evaluate the overall presentation of the financial statements, in order to

• Issue a report containing a clear expression of their opinion on the financial

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

Internal auditor External auditor

1 is an employee of the 1 is not an employee of the

2 reports to the management 2 reports to third parties

3 reviews the internal controls primarily 3 reviews the internal controls

5 is directly concerned with the 5 is incidentally concerned with the

6 is independent of the financial 6 is independent of the entity

7 audits the organization throughout the 7 audits the organization periodically,

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

Government financial management is an integrated process, which works best when

11. What are the major risks/dangers facing internal auditors?

• Lack of expertise, leading to trivial audit findings and lack of management

• Lack of opportunity for professional development;

• Domination by dishonest management and staff members, leading to the neglect

• Repetitive audit routines which staff members can predict;

• Being assigned to tasks such as accounting and pre-control of expenditures

• Inability to insist on getting significant information because of fears of losing

• Management and employees do not maintain and demonstrate a positive and

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

Preaudits and Postaudits

Scope and concept of preaudit

• expenditures are not unreasonable or extravagant;

• sufficient funds are available to enable payment of the invoice; and

• there has been compliance with government proclamations, regulations,

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

Scope and concept of postaudit

• Financial accountability and legality – the verification of accounting records

• Value for money – the examination of the efficiency, effectiveness and

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

SECTION III: ADVICE TO USERS OF THIS MANUAL

Contents of the Manual

3. This is an introduction which provides the basic concept of auditing, including

4. The draft Internal Audit Standard of Public Bodies of Government of Ethiopia

5. This part contains the following:-

• It presents the main concepts and principles of internal audit function;

• It describes different areas of the internal control system of a public body

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT

• It explains how the internal auditor evaluates the effectiveness of the

• It elaborates the three types of audit approaches and describes as to how