Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Legal and Regulatory Requirements of Online Audit(Pakistan)

advertisement 
Legal and Regulatory Requirements of Online Audit
Dr. Khuram Farooq and Dr. Iram Khan1
1.
Introduction
We live in a world where online Audit is becoming a reality even in developing countries. As
computer technology advances, governments are becoming increasingly dependent on
computerised information systems to carry out their operations and to process, maintain, and
report essential information. Information systems have become critically important in the
management of financial institutions. At the same time, risks involving information systems
have become diversified and their scope has expanded. Damage stemming from these risks
can be immense. Financial institutions must ensure that their information systems provide
appropriate information, means of communication and processing functions in line with the
business purposes and strategies. To do so, they are required to evaluate accurate information
system risks and improve their control systems. It is job of an auditor to ensure that the risks
are minimised. For this it is essential that an auditor is given authority commensurate with
the responsibility entrusted to him.
This paper intends to develop a framework for legal and regulatory requirements of online
audit. The introduction is followed by a theoretical framework that examines the issue from
theoretical perspective. The third section looks at the Pakistani scenario and has separate
discussion on the authority and mandate of the public and private sectors in Pakistan. The
fourth section is about the challenges of the public sector auditors faced by Pakistani while
the penultimate section makes some recommendations as to how improve public sector
auditing with respect to legal and regulatory requirements. Conclusion sums the discussion.
2.
Theoretical Framework
Traditionally, audit is the independent examination of financial information of an entity,
whether profit oriented or not, and irrespective of its size, or legal form, when such an
examination is conducted with a view to expressing an opinion thereon. However,
1
Both are Directors in the office of Auditor General of Pakistan and presently posted in a World Bank funded
project called PIFRA (Project to Improve Financial Reporting and Auditing)
introduction of computerised information systems means that auditors evaluate the reliability
of computer generated data supporting financial statements and analyse specific programs
and their outcomes. In addition, they examine the adequacy of controls in information
systems and related operations to ensure system effectiveness. As a consequence, the
reliability of computerised data and of the systems that process, maintain and report these
data are a major concern to audit. Compliance with the basic principles requires application
of auditing procedures and reporting practices appropriate to the particular circumstances.
This has led to the idea of ‘system-based audit’. A system auditor investigates and assesses
whether the system is appropriate and effective for controlling the risks that could affect the
achievement of effectiveness, efficiency, reliability, compliance, and security. This task was
equally important in manual accounting/auditing framework but has gained greater
importance and significance with the introduction of information technology.
According to the OECD (1997), regulation refers to the diverse set of instruments by which
governments set requirements on enterprises and citizens. Regulation includes laws, formal
and informal orders and rules issued by all levels of government, and rules issued by nongovernmental or self-regulatory bodies, which enjoy delegated regulatory power:
‘Constitutions, parliamentary laws, subordinate legislation, decrees, orders, norms, licenses,
plans, codes, and even some forms of administrative guidance can all be considered as
“regulation’’’ (OECD Council document, quoted in Black, 2002:9). In this approach,
regulation is straightforwardly based on rules which may give strict directives, or be broadly
enabling in ways which permit further negotiation; rules may also be framed in ways which
concede discretion over their detailed application. Any enquiry into rulemaking must
establish what are the institutions of rule-making, who are the rule-makers, how rules are
implemented, and by whom, and the forms that compliance and accountability take.
An auditor should have appropriate legal and regulatory mandate and authority to undertake
online audit. Lima Declaration2 clearly stipulates that the basic powers of Supreme Audit
Institutions, exercised by an auditor, should be embodied in the constitution of a country.
Though actual terms and conditions will depend on the peculiar conditions of each country,
there will be certain principles common to all the countries to ensure independence and
2
Lima Declaration of Guidelines on Auditing Precepts.
reliability of audit. In this regard, audit enjoys a special relationship with the parliament since
it works as its agent. This relationship ensures that audit is guaranteed initiative and
autonomy under the constitution and law.
The audit mandate also stems from its interaction with the executive and administration,
which SAIs audit. Executive, being fully and solely responsible for its actions, accepts audit
findings which are legally valid and enforceable judgements.
Professional ethics and standards developed by national and international professional bodies
such as IFAC, GAAP and INTOSAI outline and delineate policies and principles that give
mandate and assurances to the auditors as to their role in the private and public sectors.
The SAIs acts as an investigative body. It should have the authority to access all records and
documents relating to financial management and should also be empowered to request, orally
or in writing, any information deemed necessary by it. As part of its investigative activity,
SAI should have the power or it should be defined in the law to set time limits for furnishing
information or submitting documents and other records including the financial statements to
the SAIs.
Convention also plays an important role defining the role and authority of audit in a country.
Convention has a more facilitating effect in developing a relationship between an auditor and
a client.
These legal and regulatory pre-requisites stem from the professional and ethical standards
prevalent in a country. As mentioned before, the standards may vary from country to country
but there are certain principles which are basic to all the standards. These are primarily
related to independence and autonomy of audit.
3.
Context – Pakistani Scenario
This section presents the Pakistani scenario in the context of legal and regulatory
requirements of online audit. It examines the roles and mandates of the public and private
sectors in Pakistan. This context sets the stage for discussion on the subject in the next
section.
3.1
The Private Sector
There are several bodies in Pakistan that provide legal and regulatory guidance to the
auditors for carrying out their assignments. The important ones are the Institute of Chartered
Accountants of Pakistan (ICAP) and Institute of Cost and Management Accountant (ICMA).
The role, mandate and contribution of each organisation is discussed in the following
paragraphs.
The Institute of Chartered Accountants of Pakistan (ICAP) was established on July 1, 1961 to
regulate the profession of accountancy in the Country. It is a statutory autonomous body
established under the Chartered Accountants Ordinance 1961. With the significant growth in
the profession, the CA Ordinance and Bye-Laws were revised in 1983, which are in the
process of being updated once again. The institute is a member of International Federation of
Accountants (IFAC), International Accounting Standards Board (IASB), Confederation of a
Asian & Pacific Accountants (CAPA) and South Asian Federation of Accountants (SAFA).
The institute makes sure that appropriate principles and standards are reviewed and adopted
in the country. The institute co-ordinates with different international professional bodies for
this purpose. It also develops standards to cater for peculiar needs of professionals in
Pakistan and guides government in the preparation of proposals for finance bills and
corporate laws. There is a also a committee on Accounting standards for Islamic financing
and investment.
Institute for Cost and Management Accountants (ICMAP), established in 1951, has statutory
status under the Cost and Management Accountants Act 1966 and regulates the profession of
cost and management accounting in the country. Like ICAP, ICMAP, being member of
different international accounting bodies such as IFAC, IASB, CAPA and SAFA, plays its
role in the development of principles and standards in the management accounting
profession. It collects data, analyses it, plans for the future, puts in place an effective control
mechanism and operates an emergency alarm system. It helps regulate the management
accounting profession in terms of studies and reports on different aspects of accounting and
auditing. Studies such as “The Role of Regulatory Authority under ‘Code of Corporate
Governance’”, “The Role of ‘Board of Directors’” and “The Role of ‘Internal Auditor and
Audit Committee’” go a long way in spelling out the broad contours of accounting and
auditing profession in Pakistan.
3.2
The Public Sector
The office of the Auditor General was made independent by statute for the first time under
the Constitutional Reforms of 1919 in matters of audit and administration of audit
department. After the establishment of Pakistan, the independence and autonomy of the
office of the Auditor General has been ensured through different constitutions and statutes.
The post of the Auditor General of Pakistan is a constitutional post and he can be removed
from office only through impeachment by the legislature. He has the authority to frame and
modify rules relating to maintenance of accounts and undertake audit of expenditure and
receipts of both federal and provincial government departments. These powers extend to
audit of all transactions relating to debt, deposits, sinking funds, advances, suspense accounts
and remittance business. He is also mandated to audit all trading, manufacturing and profit
and loss accounts and balance sheets kept by the order of the President or Governor. The
Auditor General of Pakistan can delegate all these powers to an officer authorized by him.
The office of the Auditor General of Pakistan further draws his authority from acts of
parliament, orders of the president, rules and subsidiary/procedural rules made by the
president or governor. In addition to that, there are Accounts and Audit codes, Accounts and
Audit manuals as well as Auditor General’s Manual of Standing Orders which lay down the
framework defining the authority and mandate of public sector audit in Pakistan.
The Auditor General’s (Functions, Powers and Terms and Conditions of Service) Ordinance
2001 further spells out the powers of Auditor General of Pakistan in connection with audit of
accounts. Under the ordinance, Auditor General has the authority to inspect any office of
accounts, under the control of the federation or provinces or a district including treasuries
and such offices responsible for the keeping of initial or subsidiary accounts. The Auditor
General office may enquire or make such observations as he may consider necessary and to
call for such information as he may require for the purpose of audit. The audited offices or
departments are required to facilitate and provide record for audit inspection as the auditor
may require for the purpose of audit. Any authority or person hindering the auditorial
functions of audit regarding inspection of accounts shall be subject to disciplinary action
under the relevant Efficiency and Discipline Rules.
The Auditor General of Pakistan is assisted by Public Accounts Committees (PACs) at the
federal and provincial levels for the examination and reporting of audit findings in the
consolidated financial statements prepared by him. Members of national and provincial
legislatures constitute members of these committees. The mandate and authority of these
committees are governed by the rules and procedures of respective national and provincial
assemblies to whom these committees report. However, there are no legislative powers
covering the accountability of PACs to the parliament.
4.
Challenges in the Public Sector
Auditing in the public sector faces many challenges. It suffers from several weaknesses and
bottlenecks which renders the auditing function ineffective or inadequate. This inefficiency
and inadequacy stems not only from mandate and authority assigned to the office of Auditor
General of Pakistan but also from human resources involved in the audit process. For these
two reasons, the public sector auditing practice cannot ideally be termed as geared towards
the achievement of public sector objective of prudent financial management. The objective is
there but its achievement leaves a lot to be desired.
The combination of accounting and auditing functions under the office of the Auditor
General has compromised the independence of audit. This, however, is not true for
departments and autonomous bodies which are maintaining their own accounts and have
disbursement responsibilities. In situations where both the accounting and auditing functions
are being performed by the Auditor General's Office, the present organizational structure
permits free mobility of staff between the two functions. It is not difficult to visualise a
situation where an auditor or an accountant is transferred to a position where he is auditing
his own accounts and vice versa. The audit department has tried to ensure the independence
of audit through separation of audit and accounting functions. The position of Controller
General of Accounts (CGA) has been created under the administrative control of Ministry of
Finance. However, down the line, officers and staff that man the CGA office are
administratively under the control of Auditor General of Pakistan and can be posted in and
out of CGA office.
The office of the Auditor General, as discussed in the previous section, has a constitutional
sanction behind it. Being a supreme audit institution, it should be independent.
Unfortunately, this is not the case in Pakistan. The office of the Auditor General is styled as a
'division' of the federal government requiring all sorts of financial and administrative
approvals from the government. The independence of the Auditor General's office may be
ensured through appropriate legislative measures, e.g. an enactment of Audit Act granting it
autonomy in financial and administrative matters.
There is a general misconception about the audit function itself. Generally, government
departments tend to have a pre-payment check function which is routinely styled as 'audit'. In
essence, this is not an audit function at all. This can, at best, be styled as an 'attest' function
wherein the concerned organizational management is ensuring that whatever payments they
are making, are in order in all respects. Furthermore, this is primarily the responsibility of
management to ensure that the payments it makes are appropriate and meet the propriety
criteria.
Another challenge faced by audit in the public sector is relating to internal audit function.
The management of every ministry/department has a responsibility to ensure that requisite
control systems have been devised and are in place to guard against all risks. This is a
‘finance function’ that is meant to ensure checks and balance to discharge smooth and
efficient payment responsibility. This internal control mechanism is normally confused with
internal audit which is a much broader concept encompassing all functional areas in an
organization and is not just restricted to finance function only. Internal audit should be
organizationally independent, separate from finance and accounting functions, reporting
directly to the highest level of authority. Though
Another challenge to the public sector is the passive involvement of auditee in the audit
process. The auditing process employed is more or less one-sided. Audit observations in the
shape of audit-paras are developed almost in isolation and without the knowledge of the
auditee. The auditee is informed of the audit observations in the shape of audit-paras and is
then asked to resolve issues or take appropriate actions. The issues raised by auditors contain
all sorts of observations - may they be insignificant or substantive in nature. Some
observations or conclusions reached by the auditor may be invalid and inappropriate since
they were framed on insufficient knowledge or misconception of ground realities. What
happens as a consequence of this mechanism of communicating all observations to the
auditee in the shape of a report is that the important and significant issues are equated with
minor and inappropriate ones. This lowers the overall impact of the auditing function making
it look like an unnecessary exercise or burden with little utility. The auditee, in fact, should
be involved in the process right from the beginning, and issues, more particularly minor in
nature, communicated should be debated and resolved through mutual discussions. This
communication would eliminate the number of non-issues being included in the audit report.
Corrective action should be initiated right at the time auditing process was on, saving time
and energy on both sides. Written report should contain only significant findings raising
impact and stature of the auditing profession in general and with the auditee in particular.
Audit profession in the country has been organized in line with the prevailing bureaucratic
structure. Like bureaucracy, they work more like file pushers and lose sight of objectives and
their role. They are more like bureaucrats and generalists rather than professionals and
technocrats. They are constrained by public sector ethos and incentive structure and salary
package which is ill suited to their professional status and need.
As the audit profession becomes more complex and demanding, calling for professional
knowledge and expertise is all the more essential. It requires intelligent people who should be
able to quickly understand operations and be able to identify risks threatening an enterprise.
There is a need to assign staff with professional expertise who have dedication and are
motivated to undertake auditing exercise. This is possible through creating a professional
service of core individuals and teams who work with objectives in mind. This can be
achieved with a fundamental change in the induction and training of audit staff.
The auditing process is not timely. The audits are carried out after considerable time may
have elapsed between the period under review and the time of actual audits. Additional time
is lost in presenting reports at the appropriate forum – Public Accounts Committee. Since
audit and accountability are invariably tied with democracy, intermittent presence of
democracy in the country has greatly harmed the cause of public sector. Public Accounts
Committees do not exist for quite sometime whenever there is break in the democratic
process. Absence of PACs means that all the audit reports remain sealed and the culprits
more or less go scott free.
Relating to the first is the ineffectiveness of PACs to undertake the work of accountability.
Audit can bark but cannot bite since its teeth are the PACs. In the absence of PACs or their
being ineffective means that all the good work done by Auditor General of Pakistan is lost.
5.
Recommendations
To improve the governmental process, its essential arm of audit needs to be rejuvenated and
improved in several ways. First the office of Auditor General needs strengthening by giving
it financial and administrative authority with direct reporting responsibility to the Parliament
or else, in its absence, to the highest executive level. Financial and administrative
independence of the Auditor General may come through a legislative mechanism in the shape
of an Ordinance or Act.
The audit function needs to be organized on modern professional lines. The Auditor General
be granted authority to hire professionals/ and or professionals with appropriate
qualifications be taken into the audit service at entry level. This can also be done through the
civil service exam by making it mandatory that persons of certain qualification can join the
audit department. The present staff should be trained extensively to re-orient it to the new
challenges emanating from changing technological and other requirements of public interest.
Auditing recommendations of the Auditor General should have teeth obligating concerned
departments to fire employees found involved in frauds or embezzlement of funds. Instances
of gross negligence or failure to achieve objectives should stall promotions or call for strong
punitive actions. Strong follow-up on audit recommendations should be instituted making it
obligatory on departments to respond to audit observations and resolve outstanding issues
before the start of the next cycle. PACs can be made stronger by making the committee or at
least chairman continue in office like speaker/deputy speaker of national assembly even
when the assembly has been dissolved. Their tenure should end with the election of new PAC
and its chairman. This would give continuity to the audit and accountability in the
parliament.
6.
Conclusion
The conventional approach to auditing has simply out-lived its utility and is no more
relevant. In all fairness the current practice can be called as 'retrogressive' in nature and
'obstructive' for operations. The new approach to auditing is assisting the management in
effective discharge of its responsibilities. It guides management and at times acts as
consultant to it in resolving issues and suggests practical solutions to problems / challenges
faced by it. The overall objective is to contribute towards the achievement of organizational
objectives or targets by pointing out weaknesses in the process and suggesting mechanism
for improvement. In other words the audit effort is to be geared towards core business
activity and should contribute towards adding value to it. This is to be achieved by helping to
overcome risks and challenges facing the organization.
References
OECD (1997): Regulatory Impact Analysis: Best Practices in OECD Countries Paris,
Organisation for Economic Cooperation and Development. Pp.5-30
Black, Julia (2002): Critical Reflections on Regulation Centre for Analysis of Risk and
Regulation Discussion Paper No 4, London School of Economics and Political Science
London.
Related documents
Accounting 241 Outline
Accounting 241 Outline
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Green Impact Auditor
Green Impact Auditor
(financial and operational) auditor internal (financial and operational
(financial and operational) auditor internal (financial and operational
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Chapter-17 Audit of Information Systems IS Auditor must ensure
Chapter-17 Audit of Information Systems IS Auditor must ensure
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Download
advertisement