i. audit objective and scope
advertisement
Chapter 20 Information Technology and Telecom Division Audit Period Audit Year 2007-08 Auditable Expenditure Grant No. Particulars Current/ Non-Development Expenditure 70 Information Technology and Telecommunication Division Rupees 1,219,121,000 1,219,121,000 Development Expenditure 148 Information Technology and Telecommunication Division Total 1,667,507,000 2,886,628,000 Audit Formations Main secretariat, Islamabad Electronic Government Directorate Federal Government – Data center E-services for CDA E-services for Food and Agriculture sector E-services for Islamabad Police IT/ computer lab project, machining project with Govt. of Punjab 341 DG Audit – Federal Government Audit Plan 2007 - 08 Audit Team S.No. 1. Name Dr. Akmal Minallah 2. Nazar Rauf Rathore 3. Muhammad Adnan 4. Imran Mukhtar 5. Liaquat Ali Designation Role Director Finalization of Audit report, Holding DAC meetings Dy. Director Supervision of audit activities, Planning of audit, Review of audit findings, Review of draft audit report Audit Technical support in planning, Expert execution & reporting Audit Officer Audit execution, Preparation of AIRs & draft audit report Update audit permanent file Assistant Audit execution, Audit Officer Prepare audit working papers Time Schedule From 27 July 2007 to 15 October 2007 (For details refer page 365 ) 342 Chapter 20: Information Technology and Telecom Division I. AUDIT OBJECTIVE AND SCOPE A. Audit Objective The overall objective of this audit is to review the management, financial and operating controls to appraise their adequacy and soundness. As we are specifically focusing upon expenditure being incurred from the grants received, it is necessary evaluate the internal controls over expenditure. The main objectives of the audit of the ministry of environment are: - - - B. to attain reasonable assurance whether the financial statements are prepared in accordance with the identified financial reporting framework and the sum expanded has been applied in all material respect for the purposes authorized by the Parliament to check the system of internal control and compliance with the respective authorities to ensure proper classification with respect to account head, function and cost centre. to determine that payroll record is complete and accurate. To ensure that it is being updated and complies with all prescribed rates of Federal Govt. to determine if internal controls for recording and safeguarding of assets are adequate to provide certification for the foreign aided projects, if any to perform performance audit of the major education projects, so that efficiency, effectiveness and the impact of the project on the economy can be assessed. Audit Scope The auditor general is appointed under section 168 of the constitution of the Islamic republic of Pakistan, 1973 and section 169 defines the functions and powers of the auditor general as; - The auditor general shall, in relation toThe accounts of the federation and of the provinces and The accounts of any authority or body established by the federation or a province Perform such functions and exercise such powers as may be determined by the parliament or by order of President. 343 DG Audit – Federal Government Audit Plan 2007 - 08 Further the scope of the auditor general of Pakistan is defined in Section 8 of the Auditor General’s Ordinance, 2001 which, empowers the Auditor General of Pakistan to audit: All expenditure from the Consolidated Funds of the Federation and of each Province; All transactions of the Federation and of the Provinces relating to Public Account; All trading, manufacturing, profit & loss accounts, balance sheets and other subsidiary accounts kept by order of the President or of the Governor of the province in any Federal or Provincial Department; and The accounts of any authority or body established by the Federation or a province, and in each case report on the expenditure, transactions or accounts so audited by him. Audit of Ministry of Information Technology will be conducted in accordance with the requirements of OAGP Auditing Standards as enshrined in FAM. The scope of audit includes verification and analysis of current and development expenditure on test check basis and also includes performance audits as and when required. Compliance testing and substantive tests have to be performed as appropriate, but due to the extensive volume of transactions, more emphasis is laid on compliance testing. Brief description of areas to be covered is as follows: Current expenditure to be verified on sampling basis to ensure the completeness, accuracy, relevance, genuineness and proper classification as well as compliance of grant formalities. Development expenditure has to be checked and verified on a test check basis keeping in view the procedures for the purchases, the necessary formalities that are required to be fulfilled for the expenditure incurred and the related documentation maintained in support of the expenditure incurred. Compliance with approved accounting framework which is NAM. Compliance of the laws and regulations i.e. PC-1, PPRA rules, financial policies etc. Compliance audits / reviews of attached Authorities 344 Chapter 20: Information Technology and Telecom Division II. SIGNIFICANCE AND UNDERSTANDING OF THE MINISTRY A. Significant of Information Technology sector in Pakistan Information technology (IT) has assumed unprecedented importance in the global economic arena. In Pakistan, the present Government is according a very high priority to this sector. One of the prerequisites for ensuring sustained growth of the industry, nay the economy, is the provision of a definite framework consisting of policy, legislative, financial, and operational guidelines, which can provide a stable umbrella for growth. Thus, the government, as the main facilitator, enabler, and promoter of the IT sector, has evolved an effective national IT Policy and Action Plan that clearly caters to the needs of nurturing the industry and is responsive to the dynamic forces of change that can affect its future growth. B. Understanding of the Ministry of Information Technology The Ministry of Information Technology (MoIT) is the national focal Ministry and enabling arm of the Government of Pakistan for planning coordinating and directing efforts to initiate and launch Information Technology and Telecommunications programs and projects aimed at economic development of the country. Organizational Structure The organizational structure of the ministry is annexed as Annexure A to the chapter. Principal Address Ministry of Information Technology Pak. Secretariat, Islamabad C. Status of the Entity and its Core Operations a) Status of the entity Ministry of Information Technology is strategically run by elected representatives of the public and administratively controlled by the bureaucracy. Being the primary concern sector for any government this sector is controlled by each provincial ministry at province level and by district governments at district level. 345 DG Audit – Federal Government Audit Plan 2007 - 08 b) Core Operational Activity The core operational activities of the ministry are, Preparation of an over all integrated Plan as well as formulation of policy for the development and improvement of Information Technology including infrastructure in Pakistan. Cooperation with the provincial Governments, autonomous bodies, private sector, international organizations and foreign countries in respect of information Technology. Promotion of information Technology applications. Providing guidelines for the standardization of software for use with in the Government. Matters relating to Pakistan Computer Bureau, Pakistan Software Export Board and the National Information Technology Commission. Planning, Policy making and legislation covering all aspects of Telecommunications excluding radio and television. All matters relating to PTCL, FAB, NTC, TIP, CTRL, CTI, Telecom Foundation and the Special Communication Organization and NRTC All matters relating to Pakistan Computer Bureau and Petroman. There is a full commitment at policy level about the importance of investing in Information Technology as a critical input for socio economic development. To translate this commitment into action a number of initiatives in public sector programs (new and ongoing) have been undertaken: the most notable include the Federal Government data Center, E-services for CDA, Food & Agriculture Center and Islamabad police, IT/ Computer series for teachers lab project. These programs with current and future major interventions should help to improve general uplift of masses. Investment in Information Technology stood at only 0.083% of the total federal development program. The government obtains foreign loan/aid also to invest in the Information Technology sector. Federal Ministry of Information Technology is the key functionary which plays a leading role in regulating aid flow in the Information Technology sector. The common identified objectives are: o Preparation of an overall integrated plan as well s formulation of the policy for the development and improvement of Information Technology including infrastructure o Human resource development in the field of Information Technology. 346 Chapter 20: Information Technology and Telecom Division o Promotion of IT applications o Providing guidelines for the standardization of software and electronic governance within the Government o Planning and policy making and legislation covering all aspects of telecommunications Excluding radio and television. Being the priority agenda of the government a lot can be achieved in Information Technology due to its far-reaching impact on the society at large, if the commitment from the bureaucracy is there. D. SWOT analysis Before considering the risk areas that are at present hindering the government in fully implementing the objectives in Information Technology sector, the strength/opportunities available for its foster growth and achieving objectives are discussed below; Strengths: Heavy investments from international organizations International investment companies are investments heavy amounts in IT and telecom sectors Latest technology International companies are bringing latest technologies in Pakistan like 3G, television broadcasting on mobiles, internet on mobiles. Full financial support from Federal Government Federal Government provides full financial support to the Information Technology support Vesting of Powers through Legislation Devolution of the power through Ministry of Information Technology at all levels of government, that is, federal, provincial and local government level. Availability of large infrastructure Federal, provincial and local governments provide large infrastructure to the ministry Weaknesses: The main weaknesses of the system that are identified before starting the audit engagement activities through discussions with the key officials and initial system analysis are; Lack of implementation of applicable laws Lack of trained staff 347 DG Audit – Federal Government Audit Plan 2007 - 08 Threats: Cyber crimes Threat of hackers Extremist attacks on IT installations Religious forces may be hinder the activities Funds might not be utilized for the purposes to achieve the targets. Qualified staff may leaves the organization Change of government may suspend the development projects undertaken by the present government. Opportunities: Mobile banking Use of Wireless technologies Co-ordination with International Organizations for bringing home new technologies Implementation of applicable laws in true jist E. External Factors (PEST analysis) External factors that might affect the ministry’s performance may include; - Technological factors Social factors Political factors Economic factors Climatic factors Technological factors: Can lead to burden the budget if the institutes and scholars are targeted in technology area which can no longer be in demand/use i.e. Information Technology, Science education Social factors: Cultural issues can lead to gender bias in some areas resulting in non availability /non willingness for females/ families in enrolment into programs/ activities Political factors: Change of government may abandon present programs 348 Chapter 20: Information Technology and Telecom Division Funding from the foreign donor may discontinue due to external pressures. Economic factors: If the economic condition of Government detroit, Government may impose major cut on the Information Technology budget hence resulting in curtailment of Information Technology activities High rates of inflation can lead to high cost of Information Technology resulting in low activities Climatic disaster: Natural disaster such as earth quake, flood, light-striking, wind storms Sudden change in weather patterns F. Intergovernmental Relationship: Functionally ministry consists of one main division along with various line departments/suboffices. The Ministry of Information Technology is responsible for matters concerning National Planning and Coordination in the field of Information Technology. Departments: The Departments attached Information Technology are; /sub-ordinate with the ministry Carrier Telephone Industries (CTI) Electronic Government Directorate (EGD) National Radio Telecommunication Corporation (NRTC) National Telecommunication Corporation (NTC) Pakistan Computer Bureau (PCB) Pakistan Software Export Board (PSEB) Pakistan Telecommunications Company Limited (PTCL) Pakistan Telecommunications Mobile Limited (PTML - Ufone) Paknet Special Communication Organization (SCO) Telecom Foundation (TF) Virtual University (VU) 349 of DG Audit – Federal Government Audit Plan 2007 - 08 Various programs are initiated by the government under each division/department with a sharper focus on poor and unprivileged segments of the society. G. Accounting System of the Ministry: Ministry of Information Technology is a centralized accounting entity, where, controller general of accounts is responsible for processing of its accounting transactions and maintaining the accounts. The sub offices of the controller general of accounts at province and districts maintain the respective accounts. Various development projects are undertaken by each line department. For the purpose of the accounting classification each division and line departments are classified under cost centers, (the functions), which are then further classified into various cost element (the objects). The major cost centers as per New Accounting Model are; Account Cost centers Code 016 Basic research 019 General Public Services 045 Construction and Communication 046 Communications For more specific accounting each department and projects to further detailed level can be classified as cost centre. Each cost centre is further divided into cost elements, the major classification of which is detailed below; Account Code A01 A02 A03 A04 A05 A06 A09 A13 Cost elements Employee related expenses Project pre-investment analysis Operating expenses Employees retirement benefits Grants subsidies and write-off loans Transfers Physical assets Repairs and maintenance 350 Chapter 20: Information Technology and Telecom Division Broadly the expenditures are classified as current or non-development expenditure and development expenditure. Separate budget are allocated for each type of expenditure. Gazette officers of at least BPS 16 and above hold the charge of the post of drawing and disbursing officers in each ministry/divisions/departments/development projects. The budget allocation are on account of Releases from the federal government Grant in aid The budget are transferred ministries/departments; AGPR Counter PLA is maintained with federal treasury and Assignment account maintained with NBP Departmental accounts The budget of province is transferred to account 1 whereas the budgets of districts are then transferred to a/c IV. Foreign aided projects maintain departmental accounts where the expenses are incurred in the department from the government account and the proportionate share is reimbursed from the aid account. through III. RISK ASSESSMENT A. General Risk Assessment Procedures the following to the Our risk based approach during the audit would be to plan and document our risk assessment procedures performed so as to obtain an understanding of the entity and its environment. Our risk assessment procedures may include inquiries, observations and inspections, and analytical procedures. The major risk factors that would commonly be addressed to assess the risk of the entity are; The adequacy of internal controls and the control consciousness environment is in place; Participation by those charged with governance Management approach to taking and managing business risks Changes in operating environment Corporate restructuring Discussions with the management regarding any internal control weakness, frauds and irregularities identified earlier. 351 DG Audit – Federal Government Audit Plan 2007 - 08 Are changes in the design of internal controls documented and review by a competent authority; There is a clearly defined organization structure and the operating functions are performed independently so as to create segregation of duties; The role and authority of the internal audit function (if any), and review of internal auditor’s assessment of the corrective actions taken, and to consider the impact on the nature, extent and timing of our audit tests and procedures; The nature of transactions (for example, the number and Rupee volumes and the complexity involved); Assessment of non-routine transactions and its adequacy of its documentation and approvals; Understanding of the financial reporting process; The age of the system or applications used; The physical and logical security of information, equipment, and premises; Susceptibility of assets to theft and misappropriation; The adequacy of operating management oversight and monitoring; Previous regulatory and audit results and management’s responsiveness in addressing the issues raised; Human resources, including the experience of management and staff, turnover, technical competence, management’s succession plan, and the degree of delegation; and Senior management oversight. The auditor must be able to identify high risk areas and the high risk areas may be identified from material weaknesses. Material weaknesses will be; B. Be evident at multiple agencies Affect a significant portion of the government’s total budget or other resources Stem from a deficiency that should be monitored and addressed through individual agency actions as well as through Office of Management and Budget initiatives Major non-compliance of applicable laws and regulations. Inherent Risk Factors 1) Inherent risk factors associated with activities/programmes Complexity of programs; Complex, unusual or high value transactions; 352 Chapter 20: Information Technology and Telecom Division Activities involving the handling of large amounts of cash or high value attractive goods - embezzlement or theft; Activities of a nature traditionally considered to be particularly prone to fraud or corruption (e.g. public works and technical contracts, contracts for the delivery goods); Urgent operations (e.g. emergency aid) and operations not fully subject to the usual controls; Historical evidence of a high incidence of intentional irregularities; Eligibility criteria inconsistent with objectives (too wide, too restrictive, not relevant); Activities that are uninsurable and/or are subject to risks arising from political, financial, ecological (etc) instability; 2) Inherent risk factors associated with the operating structure Management approach to taking, managing and mitigating business risk; Geographically dispersed organization, or organization operating in areas where communications are difficult; Unclear division of responsibilities within the Division/Department; Activities or projects involving numerous partners (coordination problems, weaknesses in management and communications structures); Particular points mentioned in internal and external audit reports, and in press reports etc. 3) Inherent risk factors associated with the beneficiaries Operations where the conduct of beneficiaries is difficult to check, or where the ultimate beneficiaries may be different from the apparent recipient; Beneficiaries highly dependant on public funds; Activities which imply several levels of subcontracting, making the identification of eligible beneficiaries difficult; Historical evidence of a high incidence of intentional irregularities; Political or administrative pressure exerted by beneficiaries or participants in the activity; Imposition of unwanted responsibilities upon organizations, administrations or beneficiaries; 353 DG Audit – Federal Government Audit Plan 2007 - 08 4) Inherent risk factors associated with the economic or technical circumstances Abnormal trends and ratios; Results intangible or difficult to evaluate; Activities that are starting up or coming to an end, or are subject to rapid technological change; Unstable sources of supply and variable prices of inputs (raw materials, etc); Over-dependence on one supplier (e.g. supplier of equipment has exclusive maintenance contract, is sole supplier of parts and materials, software, etc); 5) Inherent risk factors associated with the audited entity Lack of turnover of personnel and/or personnel not taking holidays in a sensitive department/area; Activities with which the audited entity has no or limited experience; Activities that are highly dependant upon a small number of key personnel; Insufficient staff, or staff and management under-qualified, inexperienced or poorly motivated; Peaks and troughs in work patterns and information flows; Utilization of obsolete information technology systems; 6) Inherent risk factors associated with the audited entity’s management policies and practices Badly defined or unrealistic objectives; Strong pressure upon management to produce results, achieve objectives, meet unrealistic deadlines, achieve high rates of budgetary utilization at the year-end; Short-term budgetary pressures (e.g. delay in undertaking necessary maintenance imposes greater costs later); Management, supervision and control functions poorly suited to the activity; Lack of management information system and/or cost accounting system; Unclear division of responsibilities within and between the various departments; 354 Chapter 20: Information Technology and Telecom Division C. Specific Audit Risks Proper utilization of development budget Violation of PPRA rules, 2004. Illegitimate payments Compliance with clauses of grant agreements Proper authorization and classification of expenses Incorrect mode of payment Incomplete record Misuse and mismanagement of funds Inadequate control over cash payments and bank payments The major areas that are considered material and need to be focused upon during the course of audit includes: IV. Employee related expenses Operating expenses Grant in aids & write off of loans Repair and maintenance Physical assets Transfers AUDIT APPROACH The audit approach would include a combination of financial audit and compliance audit. At the preliminary stage, the assessment of internal control system would be performed to identify the weaknesses that would lead to the assessment of audit risk. Materiality level is basically determined at 2 percent of the budgeted amount, but nature of expenditure is also considered. The departments, offices and projects are selected on the basis of - High budget appropriation Grants subsidies and write offs involved Criticality of audit issues Sensitivity of core operations Government high priority areas that are threats for public Huge investment in the procurement Huge investments by the donors and the government Projects not audited in the previous year The selection of each DDO of each division for current expenditure and development expenditure is made on the basis of the level of materiality that is established by determining its nature and its amount. The DDOs selected have been mentioned individually and the areas to be focused upon are also mentioned. 355 DG Audit – Federal Government Audit Plan 2007 - 08 The audit approach for efficient and effective would encompass around understanding of the financial reporting and internal control system, checking compliance with applicable laws and regulations and performing compliance testing (test of control) and substantive testing as appropriate. The audit procedures may include any of the following, but are not exhaustive of the all the procedures as some of the procedures may be identified at the time of execution of the audit. Understanding the client internal control system and identifying internal control weaknesses and audit risks Issues highlighted in the previous audit reports that are still unresolved Compliance testing to ensure that applicable policies, rules and regulations and complied with. Compliance with grant agreement. Use of sampling to select items for compliance testing and substantive testing Vouching payments on a test basis and check the payments for accuracy, completeness, valuation and ownership Compliance of PC-1 document Checking compliance with PPRA rules for the procurements made during the year. Comparison of actual expenditure with budgeted expenditure Prepare analytical procedures and Investigate where actual are more than budget appropriation. Investigate transfer payments to sub-offices and there utilizations. Performance audit procedures, if performance audit needs to be performed: o Identification of cost savings o Identification of services that can be reduced or eliminated Identification of programs or services that can be transferred to the private sector o Analysis of gaps or overlaps in programs or services and recommendations to correct gaps or overlaps o Feasibility of pooling information technology systems within the Department o Analysis of the roles and functions of the department, and recommendations to change or eliminate departmental roles or functions o Recommendations for statutory or regulatory changes that may be necessary for the department to properly carry out its functions o Analysis of departmental performance data and performance measures o Financial, economic and technical appraisal of projects 356 Chapter 20: Information Technology and Telecom Division o Identification of best practices. The understanding of the accounting and internal control system will enable the auditor to 1) identify types of potential material misstatements, 2) considers factors that affect the risk of material misstatements, and 3) design appropriate audit procedures. Therefore, the auditor should obtain an understanding of the accounting and internal control system to identify and understand: Major classes of transactions How such transactions are initiated Significant accounting records and supporting documents Accounting and financial reporting process, from the initiation of significant transactions and other events to their inclusion in the financial statements. The audit procedures would include a combination of compliance testing (tests of controls) and substantive procedures (test of detail). The objective of test of controls is to evaluate whether a control operates effectively, whereas the objective of tests of detail is to detect material misstatements. The auditor is required to perform tests of control when the auditor’s risk assessment includes an expectation of the operating effectiveness of controls or when substantive procedure do not provide sufficient appropriate audit evidence. The auditor selects procedures to obtain sufficient appropriate evidence that the controls operated effectively throughout the period of reliance. The more the auditor relies on the operating effectiveness of controls in the assessment of risk, the greater is the risk of the auditor’s test of controls. In addition, as the rate of expected deviation from a control increases, the auditor increases the extent of testing of the control. The matters that may be considered in determining the extent of the auditor’s test of controls include the following: The frequency of performance of control by the entity during the period. The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. The relevance and reliability of the audit evidence to be obtained in supporting that the control prevents, or detects and correct, material misstatements at the assertion level. The extent to which audit evidence is obtained from tests of other controls. The extent to which the auditor plans to rely on the operating effectiveness of the control in the assessment of risk. The expected deviation from the control. 357 DG Audit – Federal Government Audit Plan 2007 - 08 The following are the types of controls to test: Financial reporting controls (including certain safeguarding and budget controls) for each significant assertion in each significant cycle/accounting application, Compliance controls for each significant provision of laws and regulations, including budget controls for each relevant budget restriction, and Operations controls for each operations control (1) relied on in performing financial audit procedures or (2) selected for testing by the audit team. The auditor also should understand performance measures controls, but is not required to test them. However, the auditor may decide to test them Substantive procedures are performed in order to detect material misstatements and include tests of detail of transactions, account balances, and disclosures and substantive analytical procedures. Substantive procedures are generally applicable to large volume of transactions that tend to be predictable over time, which includes a combination of tests of detail and analytical procedures. The auditor designs tests of details responsive to the assessed risks with the objective of obtaining sufficient appropriate audit evidence to achieve the planned level of assurance. In designing the tests of details, the extent of testing is ordinarily thought of in terms of the sample size, which is affected by the risk of material misstatement. However, the auditor may consider the use of selective sampling such as selecting large or unusual items from a population. In addition to the above mentioned audit procedures, analytical procedures may also be performed that would include analysis significant ratios and trend, consideration of relationships among elements of financial information and considering the relationship between financial information and non-financial information. The auditor will need to consider the testing of controls, over preparation of information used in applying analytical procedures, accuracy and reliability of information available. Types of audits to be performed: Financial audit Compliance audit Performance audit (if required) System documentation: Cash/bank payment and receipts system Procurement of assets and other items Payroll 358 Chapter 20: Information Technology and Telecom Division Grant receipt and related expenditure Transfers Delegation of powers V. BUDGET ALLOCATION A. Current Expenditure The total federal budget for current expenditure amounts to Rs. 1,219,121,000. Grant wise detail is as follows: Grant No. 70 Particulars Information Technology and Telecommunication Division Total Budget allocation for current expenditure (Rs.) 1,219,121,000 1,219,121,000 Function wise and object wise classification of expenditure under each grant is as follows; Grant No. 70: Information Technology and Telecommunication Division (Rs. 1,219,121,000) Account Codes Revised Estimates 2006-07 Pak Rupees Particulars 1. Functional Classification 016 Basic Research 019 General Public Services not elsewhere defined 045 Construction and Transport 046 Communications 2. Object Classification A01 Employees Related Expenses A03 Operating Expenses A05 Grants subsidies and Write-off Loans A06 Transfers A09 Physical Assets A13 Repairs and Maintenance 359 8,300,000 175,401,000 35,420,000 1,000,000,000 1,219,121,000 72,871,000 1,092,821,000 44,720,000 560,000 5,200,000 2,949,000 1,219,121,000 DG Audit – Federal Government Audit Plan 2007 - 08 Departments selected for the audit are: DDO Code Name of the Offices/ Projects ID1892 Main secretariat, Islamabad ID1894 Electronic Government Directorate Budget appropriation for current expenditure in FY 2006-07 108.3 Million 36 Million The sub offices carried out the audit of all the federal departments in the respective provinces with focus on the significant audit areas. a) Significant audit risk areas: We tried to integrate the approaches for financial and compliance audits and simultaneously planned to perform performance audit so that effective utilization of financial resources can be ensured. Further the audit approach is more directed towards system based audit to address the system weaknesses. As discussed in the earlier section the expenditure are broadly classified in the current and development expenditure. We have focused more on development expenditure as huge investment has been made in development sector which if utilized efficiently will help the government in achieving their goals. The brief description of the areas to be covered but not limited to are as follows: Major audit areas for current expenditure: Current expenditure is recurring expenditure of the Ministry Information Technology departments listed above. For the purposes the audit we have focused on the i) operating expenses and the purchase of physical assets of the departments selected for the audit particular and the rest will be audited in general. of of ii) in i) Risks involved in operating expenses: Illegitimate payments Improper classification of expenses in the heads of accounts Improper mode of payment Improper allocation of expenses Audit approach to address the risks involved in operating expenses: 360 Chapter 20: Information Technology and Telecom Division - Illegitimate payments: The risk could affect the management assertion regarding RIGHTS and OBLIGATIONS. Document the system for the sanction of expenditure and identify any non compliance from general financial rules. The expenses are compared against the budget allocations so that excess especially in the utilities and general which includes advertisement and miscellaneous can be critically analyzed. Ensure that each payment is supported by the proper contract duly approved and authorized by the competent authority. Ensure that the payments are made against the schedule of authorized expenditure, and the applicable laws and regulation. - Improper classification of the expenses in the heads of the account The risk could effect the management CLASSIFICATION and PRESENTATION. assertion regarding Review the details of expenditure, select the sample from each major classification and check the classification according to the new accounting model. - Improper mode of payment. The risk could effect the management assertion regarding EXISTENCE and OCCURRENCE Document the system recommended by the accounts manual and check the compliance in the departments/division. Verify on sample basis the expenditures from the bank statement. Obtain the list of expenditure paid in cash and obtain their justification. - Improper Allocation Of Expenses The risk could effect the management assertion regarding VALUATION and EXISTENCE Ensure with focus on advertisement expenses and miscellaneous whether the expenditure should be classified as capital expenditure or revenue expenditure as detailed in the audit code and IPSAS. ii) Risks involved in the purchase of physical assets: Violation of PPRA rules In adequate measurement In complete records In adequate utilization of resources 361 DG Audit – Federal Government Audit Plan 2007 - 08 In adequate disclosure Approaches to address risks involved in purchase of assets: - Violation of PPRA This risk will affect the assertion of compliance with regulation and inadequate disclosure of facts. Document the system to call tenders and compare it with the bench mark provided in the PPRA rules. Inquire non-compliances - In adequate valuation This risk will affect the assertion of valuation Check the useful life of the fixed asset and the depreciation rate applied with the market information for similar assets. Document the criteria for the recognition of the cost and compare it with international standards. - Incomplete records This risk could affect the assertion of EXISTENCE Documents the system of recording the assets. Document the internal control applied on recording the assets. Check the items from records to ground and vice versa. - Inadequate utilization of resources The risk will affect the assertion of Rights and Obligation. Ensure that the assets are maintained properly Ensure that assets are used for the purposes it is acquired. Ensure that assets are in the name of the project/department. Ensure that assets are insured or not. Ensure that warranty services are acquired when required during the warranty period. - Inadequate disclosure This will affect the assertion of classification and presentation and disclosure. Select a sample and ensure that the items are properly disclosed in the correct account as per the classification of New accounting model. Ensure that the assets are disclosed in accordance with financial reporting manual, and IPSAS. 362 Chapter 20: Information Technology and Telecom Division General audit approach: B. Prepare analytical procedures and Investigate where actual are more than budget appropriation. Investigate transfer payments to sub-offices and there utilizations. Document the system of revenue recording, from source document till deposit in the bank account. Ensure that the procurement of the contractor as per PPRA RULES Circularize confirmation for loan amount to the local offices of the donor agencies and obtain reconciliations Development Expenditure The development budget for the year 2006-07 is Rs. 1,667.5 Million. Special Communication Organization consists of Rs 1,032.97 Million out of total development expenditure mentioned above. The total federal budget for development expenditure amounts to Rs. 1,219,121,000. Grant wise detail is as follows: Grant No. 148 Particulars Information Technology and Telecommunication Division Total Budget allocation for development expenditure (Rs.) 1,667,507,000 1,667,507,000 Function wise and object wise classification of expenditure under each grant is as follows; Grant No. 148: Information Technology and Telecommunication Division (Rs. 1,667,507,000) Account Codes Revised Estimates 2006-07 Pak Rupees Particulars 1. Functional Classification 016 Basic Research 046 Communications 634,536,000 1,032,971,000 1,667,507,000 363 DG Audit – Federal Government Audit Plan 2007 - 08 2. Object Classification A01 Employees Related Expenses A02 Project Pre-investment Analysis A03 Operating Expenses A05 Grants subsidies and Write-off Loans A06 Transfers A09 Physical Assets A12 Civil Works A13 Repairs and Maintenance 90,536,000 2,245,000 64,597,000 160,075,000 77,000 304,463,000 1,043,464,000 2,050,000 1,667,507,000 The development projects selected for audit during year under review includes; DDO Code a) Name of the Offices/ Projects Budget appropriation for development expenditure in FY 2006-07 ID2125 Federal Government – Data center 52 Million ID2560 E-services for CDA 52 Million ID2393 E-services for Food and Agriculture sector ID2414 E-services for Islamabad Police ID2032 IT/ computer lab project, machining project with Govt. of Punjab 45.6 Million 40 Million 36.4 Million Significant audit risk areas: The significant areas are the same as that of non-development expenditure; however certain additional procedure will be applied for the purposes of the audit, discussed below; Internal control assessment Document and analyze the system of internal control in the light of internal control questionnaire provided in the FAM and Analyze the delegation of powers authorized by the ministry to the key officials and the powers actually exercised. Project objectives Obtain PC-1 and check the efficiency of the project with respect to time and resources. Discuss the modes of viability/sustainability of the projects. 364 Chapter 20: Information Technology and Telecom Division Budget utilization Compare the budget appropriation with actual utilization. Investigate where budgets are not utilized fully along with its financial impact. Compare expenditure statement with budget allocation and ensure that expenditures are in line with appropriations only. Cash/bank balances Confirm bank balances for loan account with the local offices of the donor and investigate differences and financial implications if any. Obtain reconciliation with Document the imprest system for cash handling and identify any irregularities. VI. ISSUES HIGHLIGHTED IN PREVIOUS YEARS VII. Irregular retention of Government money outside the Government Treasury Unnecessary retention of IT equipment Unauthorized drawl of public funds from PLA and deposit thereof in commercial bank account. Irregular expenditure Non compilation of benchmarks in violation of IT policy Non preparation of IT Action Plan Inordinate delay in completion of project Heavy surrender of project funds TIME SCHEDULE Planning 10 days Execution – Fieldwork 24 days Reporting 4 days Holding DAC Meeting 31 days Total 69 days 365 DG Audit – Federal Government Audit Plan 2007 - 08 Particulars Permanent File Planning File Execution Main Ministry Identify Data acquire Data Upload of CAATS system Design Test Execute test Report COMSATS Institute of Information Technology IBD Identify Data acquire Data Upload of CAATS system Design Test Execute test Report IT &TD Development Projects – 129 Nos. (All – Old &New) Identify Data acquire Data Upload of CAATS system Design Test Execute test Report Monitoring of IT Projects, IT & T Division Identify Data acquire Data Upload of CAATS system Design Test Execute test Report Reporting Prepare AIR Send AIR to PAO DAC Hold DAC meeting Sign Minutes of meeting Complete Worker Papers Scan WP Evidence Finalize Audit Report Duration 69 days 5 days 5 days 24 days 6 days 1 day 1 day 1 day 1 day 1 day 1 day 6 1 1 1 1 1 1 Start Date Finish Date 27-Jul-07 15-Oct-07 27-Jul-07 1-Aug-07 2-Aug-07 7-Aug-07 8-Aug-07 4-Sep-07 8-Aug-07 14-Aug-07 8-Aug-07 8-Aug-07 9-Aug-07 9-Aug-07 10-Aug-07 10-Aug-07 11-Aug-07 11-Aug-07 13-Aug-07 13-Aug-07 14-Aug-07 14-Aug-07 days day day day day day day 15-Aug-07 15-Aug-07 16-Aug-07 17-Aug-07 18-Aug-07 20-Aug-07 21-Aug-07 21-Aug-07 15-Aug-07 16-Aug-07 17-Aug-07 18-Aug-07 20-Aug-07 21-Aug-07 6 days 1 day 1 day 1 day 1 day 1 day 1 day 6 days 1 day 1 day 1 day 1 day 1 day 1 day 4 days 2 days 2 days 31 days 21 days 1 day 3 days 4 days 2 days 22-Aug-07 22-Aug-07 23-Aug-07 24-Aug-07 25-Aug-07 27-Aug-07 28-Aug-07 29-Aug-07 29-Aug-07 30-Aug-07 31-Aug-07 1-Sep-07 3-Sep-07 4-Sep-07 5-Sep-07 5-Sep-07 7-Sep-07 10-Sep-07 10-Sep-07 4-Oct-07 5-Oct-07 9-Oct-07 13-Oct-07 28-Aug-07 22-Aug-07 23-Aug-07 24-Aug-07 25-Aug-07 27-Aug-07 28-Aug-07 4-Sep-07 29-Aug-07 30-Aug-07 31-Aug-07 1-Sep-07 3-Sep-07 4-Sep-07 8-Sep-07 6-Sep-07 8-Sep-07 15-Oct-07 3-Oct-07 4-Oct-07 8-Oct-07 12-Oct-07 15-Oct-07 366 Chapter 20: Information Technology and Telecom Division Annexure A Ministry of Information Technologies Organization structure 367
