10th ASOSAI Research Project
COUNTRY REPORT - SAI INDIA
By: P.K Tiwari, Principal Director & Kulwant Singh, Director
Office of the Comptroller and Auditor General of India
Website: http://www.saiindia.gov.in
Page 1 of 18
10th ASOSAI Research Project
SAI India (Supreme Audit Institution) is the Indian Audit and Account Department. It
acts as an instrument for ensuring accountability. The constitution of India has
mandated SAI to function as Auditors to the nation. SAI has Comptroller and Audit
General and The Indian Audit & Account Department as its constituents. The SAI of
India audits both central and state government and also maintains the accounts of state
governments.
The Role of CAG.
In the Indian system of governance, the policies are set by the parliament and the state
legislators give the goals to be achieved through the public spending. These policies are
the translated into program and then implemented by various department of
government. For this, parliament sanctions the budget detailing the mode of collection,
amount of collection and also for the purpose for it is to be spent and the government
dept. are accountable for the quantity and quality of their expenditure to the
parliament. CAG assists the parliament to enforce the said accountability of the Govt.
Department
The constitution enables the independent and unbiased nature of audit by the CAG by
providing:

Appointed by the president of India.

Special procedure for removal (like a supreme court judge)

Salary and Expenses are charged (not voted)

Can’t hold any other government office after his term expires.
CAG’s DPC Act
The CAG’s DPC (Duties, power and Conditions of services) Act is a detailed legislation
enacted by parliament in 1971. This Act lays down the service conditions to secure the
autonomous nature of the CAG. It also mandate and puts almost every spending,
Page 2 of 18
10th ASOSAI Research Project
revenue collecting or aid/grant receiving unit of government under CAG’s audit domain.
The organizations subject to the audit of SAI India are:

All the Union and State Government department including the Indian Railways
defense and Post & telecommunication.

About 1500 public commercial Enterprises controlled by Union
and state
government

About 400 non-commercial autonomous bodies and authorities owned or
controlled by the union or states,

Bodies and authorities substantially financed from Union or State Finance.
Page 3 of 18
10th ASOSAI Research Project
How Does Audit Take Place?
First of all every audit office prepares annual Audit plan detailing the units to be audited
during the year after the risk assessment exercise is been done. The audit plan is
carried out through Quarterly Audit program. The department to be audited is informed
in advance and then Field Audit is done by Audit officers and Assistant Audit officer.
These officers conduct local inspection of records. Then all operational and financial
documents are checked. Next to it queries are made and reply is obtained through the
respective departments.
What Are Different Types of Audit?
Depending on the objective of Audit, audits are classified as follows;

Compliance Audit

Financial Attest Audit

Performance Audit
Besides this there are other audits as well on Information technology and
Environmental issues.
Compliance Audit.
Compliance Audit is a transaction Audit in which some selected transactions of an entity
for a particular financial year is chosen for examination for e.g. a purchase made by a
medical officer, a contract made by the public works division for building a road or Tax
assessmentby an Assessment Officer.
FinancialAttestAudit
It’s a “supplementary audit” with the primary auditor usually being a chartered
Accountant. It is used to certify how far the accounts are true and fair i.e. whether the
Page 4 of 18
10th ASOSAI Research Project
financial statements are properly prepared, complete in all respects and are presented
with adequate disclosures.
Performance Audit
The Performance Audits are seeks to establish at what cost and to what degree the
policies, programme and projects are working. In addition to all the financial audit
checks it assess whether a scheme or activity deploys sound means to achieve its
intended socio economic objectives.
Information technology Audit
It seeks to take up audit of computerized systems and e-governance initiatives.
Social Audit
The objective of Social Audit is to muster the local knowledge and competence of
various civil society organizations for a better reach of the formal audit process and to
evaluate the performance of government Scheme. It’s being carried out for social sector
schemes such as health, education, rural employment and water.
Environmental Audit
It’s a performance audit on various environmental issues and then to conduct research
on environmental issue and sustainable development.
Audit Reports
It’s the final product of the entire audit process. It contains the final fully corroborated
audit findings. It may be accepted by the department and/or proved factually and are
material enough to be placed in legislature and then it is seek to determine the nature
of inadequacies identified.
Page 5 of 18
10th ASOSAI Research Project
The benefits of the Audit Reports
Audit Reports helps us in Quantitative as well as in Qualitative terms. The on-site audit
is conducted annually and simultaneously issue inspection report in more 64000 units of
the Union, State and Union Territory Government s across the country and abroad and
audit 14.33 million vouchers and transactions. It helps to check the quantum of
overpayments /under recoveries in the range of 15000 crore and recoveries upwards of
Rs. 2750 crore in transactions. Qualitatively, Audit reports provide an in-depth analysis
of the financial health of Union and State Government and facilitate them to take
necessary corrective action in case of financial lapses and to alter law and policy if
change is required.
The Advisory Role of SAI.

With the help of GASAB it frames Government Accounting Standard for greater
transparency.

It helps Finance commission to gain an informed opinion on State Government
Finances

Helps the Government department in in strengthening internal controls and
improved financial management in the system.

It organizes various workshops and seminars in Accrual Accounting etc for state
govt. dept.
SAI and Its Role in Anti-Corruption.
Fraud, corruption and money laundering have increasingly become important concerns
for countries around the world. The role of audit in addressing this concern has come
under critical scrutiny. There is an increasing expectation that SAIs should, through
concerted action, play an effective role in promoting a culture that values honesty,
responsibility, and accountability in the exercise of authority and utilization of national
resources. This expectation is embodied in the INTOSAI Auditing Standards.
Page 6 of 18
10th ASOSAI Research Project
With increased public consciousness, the demand for public accountability of persons or
entities managing public resources has become increasingly evident so that there is a
need for the accountability process to be in place and operating effectively. SAI India is
continuously endeavoring through its audit work and reporting that necessary
accountability framework is further strengthened.
International organizations encourage bilateral and multilateral exchanges of views as
well as seminars at the regional level on the role of SAIs in fighting corruption and
money laundering. International co-operation in the fight against corruption should be
intensified within INTOSAI and the regional working groups as well within International
organizations as well as SAI’s.
SAI’s promote and cultivate a permanent exchange of information and experience as
well as close co-operation with all international administrative agencies and institutions
involved in the fight against corruption and mismanagement, and, in particular, with
internal auditing services and is in continuous pursuit of developing a networking
relationship with other enforcement agencies for sharing information and training of
personnel on a reciprocal basis.
One of the effective tool of reducing corruption by SAI is its preventive role with the
objective to minimize the risk of corruption. However under the Constitutional
provisions, CAG do not have direct power to initiate proactive action against anti-money
laundering, however, the main objective of preventive role is to create a network
between CAG and anti-money laundering agencies of Government.
SAI India constantly promote the strong financial management systems through its
preventive role. By promoting strong financial management systems based on effective
financial reporting, strengthening the internal control for auditee entities and the
disclosure of any deviations which has a dissuasive effect on those who might otherwise
engage in corruption.
Page 7 of 18
10th ASOSAI Research Project
Role of Audit in Relation to Cases of Fraud and Corruption
The overall Responsibility for prevention & detection of fraud and error rests primarily
with the management of audited entity.
Audit, however, evaluate and report on the adequacy of systems in place with the
auditee to prevent, detect, respond and take remedial measure in relation to fraud &
corruption. This is integral part of all kinds of audits. Further, fraud examination is a
part of normal auditing procedure. Audit findings include the cases of presumptive and
suspected frauds when the evidence is clear. Audit team put red flags which needs
further investigations by appropriate agencies.
Audit teams do not make legal determinations of whether fraud has actually occurred.
Audit teams maintain an attitude of professional scepticism (questioning mind and
critical assessment of audit evidence) throughout the audit. Audit teams carry out
independent risk assessment and prioritise audit planning. Based on risk assessment,
they design the audit objectives & audit procedures so as to secure reasonable
assurance of detecting material irregularities arising from fraud and corruption.
SAI India has a dedicated training institute as Centre of Excellence in ‘Audit of Fraud,
Fraud Detection Techniques and Forensic Audit’. It acts as a repository of information
on the subject through developing quality reading material, case studies research
papers.
Audit Planning.
The audit offices of SAI India carry out independent risk assessment and prioritizes
their audit plan accordingly. The audit plan in relation to fraud and corruption
essentially focus on high risk areas.
Awareness of the indicators /opportunity for corruption at the audit is assessed at the
planning
stage.Auditors
carry
out
an
independent
risk
assessment
and
prioritize/strategize their audit planning. This include consideration of any information
Page 8 of 18
10th ASOSAI Research Project
received from public or media on suspected cases of corruption. The auditor keep in
view that the risk of corruption could be higher in certain organizations in those
involving the procurement of goods and services. Further, for example, the auditors
need to be alert to some situations that are more prone to corruption as compared to
others. Some of the common high risk areas (Illustrative) are contracts of
service/procurement,
inventory
and
asset
management,
sanctions/clearances,
performance information, revenue receipts, cash management, general expenditure,
grants , financial statements , operating information and other areas involving publicprivate interface.
Based on the risk assessment, the auditor develop audit objectives and design audit
procedures so as to have reasonable expectations of detecting irregularities arising from
presumptive cases of corruption.
At the commencement of each Audit, information about fraud and corruption
awareness, adequacy of internal controls , detection and prevention policy and related
environment (including any instances of fraud and corruption noticed since last audit
and any action taken on such instances including further strengthening of internal
control systems ) is collected from the audited entity management.
During the course of audit, the audit team/officers are vigilant (professional skepticism)
and seek explanations/clarifications, if they come across possible fraud or corruption
indicators.
Audit teams may also prepare a comprehensive list of ‘red flag’ items in audit of various
departments/sectors and establish procedures to ensure that such items are reckoned
with while planning the audits, transparently documented and evidence of addressing
all such items and their treatment are recorded and retained which becomes and input
for audit planning for the next circle of audit.
Page 9 of 18
10th ASOSAI Research Project
Fraud Indicators.
SAI India has fraud indicators which are developed while applying normal auditing
procedures during regular audit or fraud examination by being alert for situations and
environment conducive for fraud, control weaknesses, inadequacies in record keeping,
errors and unusual transactions and results, which could be indicative of fraud and
corruption, improper expenditure and lack of probity.
Anti-corruption Complaint Mechanism.
SAI India hasavery robust anti-corruption complaint mechanism. Complainants can
address their complaints directly to the Head of Audit formations in the Field offices or
to the SAI of India directly. Further, our website lists out details of the relevant
authorities to home the complaints regarding anti-corruption can be addressed.
SAI India being a public authority is under the preview of Right to Information Act –
2005, wherein any citizen can ask for any information about the audit processes or
administration within the SAI. This act gives immense powers to the common man to
seek any information (unless specifically exempted) and strengthen the already existing
complaint mechanism.
Further, SAI’s interaction with the stake holders at various levels; preliminary study &
analysis of the audited entity, entry & exit conference level, building and sustaining
professional working relationships with the audited entities, ensuring an effective
interaction and involvement of the audited entities in the audit process etc. helps in
further strengthening the anti- corruption complaint mechanism.
In essence , continuous two way interaction and strengthening and open
communication environment between SAI and the audited entity at every stage - audit
plan finalization, intimation of audit, entry Conference, field Audit, exit Conference,
draft final report and other follow-up activities gives ample opportunity to strengthen
anti-corruption complaint mechanism.
Page 10 of 18
10th ASOSAI Research Project
Any complaint so received or any information received which indicates towards red flags
is considered to be material and is acted upon in a time bound manner. This is either
taken care in a special audit or becomes a part of the risk assessment factor while
planning for the next audit depending on its gravity.
Whistle blowing
SAI India encourage whistleblowing system or receiving complaints for detecting
corruption by welcoming such information and acting on them firmly, in the meanwhile
keeping the identity of the source confidential.
Further SAI India also substantiates and establish the facts as provided by the whistle
blower or complainant by corroborating it in the field audit. Thus the facts are
established with a rigorous process of audit and are backed by key documents.
Forensic audit
SAI India does not have forensic audit units however they are need based and specially
constituted audit teams in case of detection of fraud/corruption.
Forensic investigator conducts an investigation to establish facts in relation to acts or
actions/situations that may constitute a legal significance. The exact procedure to be
followed in conducting investigations to uncover cases of frauds, misappropriations and
defalcations varies according to the circumstances of the case. The Forensic auditor has
to know, study and analyses, the nature of frauds, psychology of the persons involved
in fraud, the transactions and the circumstances which are more prone to frauds and
the steps involved in detecting such frauds.
Forensic Auditor designs program of investigation in such a way to eliminate the various
possibilities till the facts are established. He prepares working papers of the work
carried out by him such as examining evidences, minutes of the discussions, relevant
Page 11 of 18
10th ASOSAI Research Project
statements and supporting schedules for finalizing his report. His conclusions of the
investigation should be clear and to the point with supported by evidences.
SAI India has a dedicated Regional Training Institute; one of the nine Regional Training
Institutes situated throughout the country. This institute caters to the training
requirements of Indian Audit & Accounts Department in some specialized courses viz.
"Audit of Fraud, Fraud Detection Techniques and Digital Forensics", this institute takes
participants from all the corners of the country.
Investigative Audit.
SAI India do undertake investigative audits. However, they are part of our regular
auditing procedures. SAI India doesn’t have special or specific investigative units. As a
part of continuous capacity building of the human resources within the SAI, we partake
continuous training to our auditing personnel’s which help them train in the
investigative auditing techniques and procedures.
Information Technology Audit – to prevent fraud and corruption
IT fraud & corruption could involve the manipulation of a computer or computer data by
whatever method in order to dishonestly obtain money, property or some other
advantage of value or to cause loss. IT systems provide opportunities for their misuse
for economic or financial gains. Computer networks can be used to commit crimes from
geographically far off places. Frauds committed using computers vary from complex
financial frauds to the simpler frauds where computer is only a tool to commit a crime.
With some state governments, union government departments and public sector
organizations going for e commerce/e payment systems in a large way possibility of
electronic fraud requires attention.
IT assisted corruption or frauds are committed by insider’s outsider’s vendor’s
competitors etc. Such frauds are committed by manipulation of input output or
Page 12 of 18
10th ASOSAI Research Project
throughput of a computer system. Fraud can also be committed by hacking into the
system for causing deliberate damage.
Since many records are produced by computers in the usual and ordinary course of
work, we as auditors understand how to collect and handle those records as audit
evidence. Collecting computer evidence requires careful planning and execution.
Auditors examine whether appropriate controls are in place in order to ensure the
authenticity of computer evidence
The steps in prevention of frauds in computerized systems involve setting up of proper
access controls both physical and logical. Physical access to computerized system and
logical access controls prevent unauthorized access to data and software for its use and
manipulation
For auditors the most effective tool is data enquiry analysis and reporting software.
Powerful interactive software like ACL and IDEA can quickly sift through voluminous
electronic data and assist in the detection and prevention of fraud in an organization.
They can be used to process normal data as well as exception reports and audit trails
but demand flexibility and creativity on the part of the auditor. SAI India has a pool of
IT auditors with the capability to revise and upgrade queries based on the findings from
previous queries. Besides having auditing skills it is important that auditors have
intimate knowledge of computerized system to understand the possible modes of fraud
so that they can isolate all types of risks to the organization.
Increasing use of IT systems by auditees requires that the auditor should have access
to reliable and verifiable system based audit trains to evaluate the internal control. The
auditor has to be particularly aware of the audit trail of the checks and balances of IT
systems of the levels of control and needs to also have a fair idea of how processing
controls can be circumvented by the perpetrator of fraud and how data can be accessed
and manipulated. It is particularly important for the auditor of the IT system to assess
in his audit the level of security controls built in and if these are in tune with the
sensitivity of data.
Page 13 of 18
10th ASOSAI Research Project
Qualification in audit opinion on financial statements.
In case of financial audit instances of possible fraud and corruption may require making
qualification in the audit opinion on financial statements depending upon the materiality
of the audit findings. In other cases they may be reported to entity management in a
special letter or in the regular inspection reports depending upon the circumstances.
When in the opinion of the auditor the financial statements include material fraudulent
transactions or such transactions have not been adequately disclosed or the audit
conducted by the auditor leads him to the inference that instances of fraud and or
corruption have taken place and when the auditor has adequate evidence to support his
conclusion he should qualify the audit certificate opinion and or ensure that his findings
are adequately included in his audit report. However the term fraud or corruption may
not be used in a conclusive sense unless such action is established in a court of law.
Fraud Auditing Standard
SAI India have Auditing Standards which are as applicable to fraud auditing as well. Our
Auditing Standards prescribe the norms of principles and practices, which the Auditors
are expected to follow in the conduct of Audit. They provide minimum guidance to the
Auditor that helps determine the extent of auditing steps and procedures that should be
applied in the audit and constitute the criteria or yardstick against which the quality of
audit results are evaluated. The auditing standards of the International Organization of
Supreme Audit Institutions (INTOSAI) have been suitably adapted with due
consideration of the Constitution of India, relevant Statutes and rules for the auditing
standards for the Supreme Audit Institution of India (SAI). The reporting standards for
fraud are contained in the document on Auditing Standards – Second Edition 2002 /
Chapter IV – Reporting Standards / No – 9
Page 14 of 18
10th ASOSAI Research Project
Documentation
During the course of Audit, auditors should collect adequate documentation which may
provide evidence during subsequent enquiries investigations court cases etc. The
documentation should include inter alia:
a)
The identified and assessed risks of fraud& corruption the overall response of the
auditor to the assessed risk of fraud& corruption and the nature, timing and
extent of audit procedures and the linkage of those procedures with the assessed
risk of corruption and fraud;
b)
The results of the audit procedures including those designed to address the risk
of management override of controls
c)
Communications about corruption or fraud made to management etc.
The documentation should also be capable to proving that the audit personnel have
discharged their functions with reasonable care and due diligence and should enable a
review of working procedures and working papers.
Reporting to investigating agencies
Accountants General, Principal Directors of Audit, etc. carry out a quarterly review of
the audit findings contained in the inspection reports, audit notes, etc. relating to
different wings of their offices and bring specific material/ significant cases of suspected
fraud or corruption.
Such cases should be forwarded to the vigilance or investigative authorities such as the
central bureau of investigation, central and state vigilance commissions lokayuktaetc.
through confidential letters drawing reference to earlier correspondence if any and with
additional information that these cases have been included in the CAGs audit report to
Parliament state legislature while forwarding such cases the Accountant general/Pr.
Director should also send a brief write up of such cases with details of the names of
individuals, firms, address etc. and any other necessary information available in field
Page 15 of 18
10th ASOSAI Research Project
offices which are not mentioned in the audit report as per our reporting policy. It should
be clearly stated in the communications that in view of the intent of audit to bring the
matter to the notice of parliament/legislature strict confidentiality should be maintained
about the matter to avoid any likely breach of privilege of parliament/legislature
The communication to vigilance or investigative authorities should clearly indicate that
the audit evidence is obtained from the original documents of the audited entity. They
should also indicate that the audit findings are based on the test check carried out and
the information and records received from the audited entity. The investigative agency
should use information given by us as a lead and make their own examination of the
primary/original records which are available with the audited entity/ department.
Reporting and following up.
The field audit offices have institute mechanism for recording the case of fraud and
corruption (including possible indicators of fraud and corruption) noticed during the
course of audit in separate registers maintained for the purpose. Such cases are to be
followed up vigorously with the concerned audited entity and with higher executive
authorities and should not be settled in a routine manner. All significant cases are
followed up with the Secretary of the Administrative Department concerned.
In following up on reported cases of fraud and corruption the auditor determine
whether the necessary action is being taken with due regard to urgency that the
situation demands and become aware of the changes in the systems and procedures
which could be validated through subsequent audits.
The Accountant General send annual confidential letters to the Secretaries of the
concerned
Administrative Departments (in cases where the Inspection Reports, Audit
Notes, etc. throw a pattern of fraud across the Department) indicating the details of the
important cases of suspected fraud and corruption. It should be noted that once a
matter has been referred to the investigative or vigilance agencies, the responsibility
and scope of audit is to provide the information and assistance sought by them in
Page 16 of 18
10th ASOSAI Research Project
accordance with the extant instructions. The matter, may, however be followed up
through discussions in formal meetings with the investigative or vigilance agencies.
The cases of suspected fraud/corruption are reported confidentially to the controlling
authority with the approval of the Competent Authority. More serious cases are also
confidentially reported to the Secretary of the Administrative Departments(where they
are not the controlling officers) concerned and the investigative authorities like
Central/State Vigilance Commission, Lok Ayukta etc. over the signature of the
Accountant General or with his/her approval. Therefore, the establishing investigative
audit unit is a typical example to represent the detective role of SAI in combating
corruption.
The communications to vigilance or investigative authorities should clearly indicate that
the audit evidence is obtained from the original documents of the audited entity. They
should also indicate that the audit findings are based on the test check carried out and
the information and records received from the audited entity. The investigative agency
should use information given by CAG office as a lead and make their own examination
of the primary/original records which are available with the audited entity/department.
Utilization of audit findings in order to prevent future instances of anticorruption.
When auditors detect fraud, illegal acts, or other noncompliance that are not of
materials nature, they should communicate those findings to the auditee, preferably in
writing and should refer to such communications in their report on compliance. Auditors
should document in their working papers all communications to the auditee about
fraud, illegal acts, and other noncompliance.
Management is responsible for taking timely and appropriate steps to remedy fraud or
illegal acts that auditors report to it. When fraud or an illegal act involves assistance
received directly or indirectly from another government or agency, (for example Central
Page 17 of 18
10th ASOSAI Research Project
Government Grants received by the State Government or a government agency
including an autonomous body received a government grant) auditors may have a duty
to report it directly (to the other government/agency) if management fails to take
remedial steps.
Auditors should obtain sufficient, competent and relevant evidence (for example, by
confirmation with outside parties) to corroborate assertions by management that it has
reported fraud or illegal acts.
Auditors under some circumstances may be required to report promptly indications of
certain types of fraud or illegal acts to law enforcement or investigatory authorities.
When auditors conclude that these type of fraud or illegal act either has occurred or is
likely to have occurred, they should ask those authorities and/or legal counsel if
reporting certain information about that fraud or illegal act would compromise
investigative or legal proceedings. Auditors should limit their reporting to matters that
would not compromise those proceedings, such as information that is already a part of
the public record.
Further, the important Audit Reports and audit findings are presented as case studies
to various wings of SAI for education and awareness of audit teams to sensitize them
about possibility of such cases in their audit domain. These case studies are also
included as part of training programs of auditors in our training institutes.
Page 18 of 18