Project
Guideline for
Auditing Internal Control Systems
Claudia Kroneder-Partisch
Austrian Court of Audit
ICS Guideline Project

Objectives of the guideline

Development process

Structure and key elements of the guideline

Lessons learned in the pilot phase
ICS Guideline Project
Kroneder-Partisch
2
ICS Guideline Project
Starting point

Audit focus at the ACA in 2014:
“Internal Control Systems”
Audit focus - Objectives:
•
Auditing efficiency and effectiveness of ICS
•
General statements and recommendations
on ICS
ICS Guideline Project
Kroneder-Partisch
3
ICS Guideline Project
Purpose of the guideline

Guideline for performance audits

Support tool for the audit team

Practical relevance

Focus on the key elements of ICS audits –
no comprehensive checklist
ICS Guideline Project
Kroneder-Partisch
4
ICS Guideline Project
Project team
Sponsor: President Josef Moser
Project Managers:
Head of Department responsible for ICS
Head of Department responsible for knowledge management
Team members:
8 team members with long-standing experience
• ICS
• Audit of enterprises
• Audit of municipalities
• Procurement audit
• Audit of subsidies
• Audit of financial management
• Prevention of corruption
ICS Guideline Project
Kroneder-Partisch
5
ICS Guideline Project
Process and timeline

Kick-off at meeting of directors of the ACA:
August 2013

4 meetings of the working group
- planning structure and content, finding joint approach
- assignment of tasks
- harmonization, finalization

Bilateral exchange

Presentation of draft at ACA training conference:
December 2013

First application of the guideline in a
pilot/feedback phase: January 2014
ICS Guideline Project
Kroneder-Partisch
6
ICS Guideline Project
Structure of the Guideline
Modular structure
General part




ICS: Definition and objectives
ICS-Standards: COSO / INTOSAI
Main audit questions / evaluation criteria
Reference to key statements concerning ICS in
former audit reports
ICS Guideline Project
Kroneder-Partisch
7
ICS Guideline Project
Structure of the Guideline
Specific parts
i.e. guidelines for auditing ICS for
5 typical ICS-relevant audit topics







Small organisations / companies
Procurement
Subsidies
Financial management
Municipalities
Main audit questions and risks to be identified
Reference to key statements in former audit reports
ICS Guideline Project
Kroneder-Partisch
8
ICS Guideline Project
Pilot/Feedback phase

Application by audit teams – since January 2014

Feedback
• Positive reception – with regard to the general
concept as a support tool
ICS Guideline Project
Kroneder-Partisch
9
ICS Guideline Project
Pilot/Feedback phase

Approval of
• Definition of key audit issues and risks –
formulating concrete audit questions
• Reference to key positions in former audit
reports
• Bibliographical references
• Modular structure
ICS Guideline Project
Kroneder-Partisch
10
ICS Guideline Project
Trial/Feedback phase

Need for further discussion and guidance
• Segregation of duties
What duties should be separated
(without creating red tape)
• Size of organization and ICS
 Very small organizations
 Auditing ICS in large organizations –
specifying the audited fields
ICS Guideline Project
Kroneder-Partisch
11
ICS Guideline Project
Trial/Feedback phase

Need for further discussion and guidance
• ICS and awareness about ICS-Standards
Does developed bureaucracy ensure certain level
of ICS?
• Risk of management override
• Audit sampling
Sampling for examining effectiveness and
functioning of a system
ICS Guideline Project
Kroneder-Partisch
12
ICS Guideline Project
Thank your for your attention!
ICS Guideline Project
Kroneder-Partisch
13
Backup
ICS Guideline Project
Kroneder-Partisch
14
ICS Guideline Project
ICS - audit focus

Areas with relevant risks
• Potential loss / extent of financial damage
• Risk of mismanagement, risk of misallocation
• Risk of corruption
• Risk of deterioration in reliability of state
systems / deficiencies in performing state
tasks

Evaluation / audit statement
Effectiveness / reliability of ICS
ICS Guideline Project
Kroneder-Partisch
15
ICS Guideline Project
ICS - audit focus

Cost-benefit approach
controls must be adequate to the risk to be avoided
(extent of damage and probability of occurrence)

ICS as on-going process
regular and systematic review of the ICS
ICS Guideline Project
Kroneder-Partisch
16
ICS Guideline Project
Audit questions and Risks to be identified (1)

Has the audited entity identified and assessed its
main risks?


Is there a clear definition of procedures and
responsibilities?


No risk awareness of the management/organisation
No standards, no reliability, no transparency
Are these standards appropriate to limit risk and to
ensure the achievement of goals?

No risk-adequate (control) processes, no effectiveness
ICS Guideline Project
Kroneder-Partisch
17
ICS Guideline Project
Audit questions and Risks to be identified (2)

Are the provisions relevant for ICS met?


Are errors and undesirable developments
identified?


No effectiveness
No accuracy
Based on the detected deficiencies: are adequate
conclusions drawn; is the ICS adapted in a
adequate manner?

No adaptability of the system
ICS Guideline Project
Kroneder-Partisch
18