Compliance Audit Subcommittee
(CAS)
Presentation to the
PSC Steering Committee
Brasilia June 2009
1
CAS plan 2008-2010
according to PSC Progress Report 2008
• Purpose to finalize the development of Compliance
Audit Guidelines
• A complete set of guidelines exposed to the
INTOSAI community after being presented to PSC
in October and GB in November 2008, consisting of:
– ISSAI 4000 and 4100 for first time exposure
– ISSAI 4200 (previously 4100) for re-exposure
• Subsequently present a complete set for approval to
PSC and GB 2009
• Present the complete set for endorsement at
INCOSAI 2010
Brasilia June 2009
2
Short update of CAS project status
• Exposure Drafts of ISSAIs 4000-4200 approved by
PSC in October and presented to GB in November
2008
• Exposure process within INTOSAI by 1 February
2009
– Comments received from 23 SAIs and the FAS secretariat
• Adjusted ISSAIs 4000-4200 approved by CAS in
March 2009
• Presented for approval as endorsement versions to
PSC in Brasilia in June 2009
• The current status is in accordance with the
progress plan presented in the PSC report 2008
Brasilia June 2009
3
ISSAI 4000 General introduction to
compliance audit
Presents
• An overall view of compliance audit, and of ISSAIs
4100 and 4200 written from the different
perspectives of compliance audit performed
separately from, or related to, the audit of financial
statements
• Authority of the guidelines
• Diversity in organizing and reporting on compliance
audit
• Relationship to other auditing standards
Brasilia June 2009
4
ISSAI 4100 Compliance audit performed separately
from the audit of financial statements
• The subject matters may vary considerably from audit
to audit
• ISSAI 4100 introduces reasonable vs. limited
assurance, but the scope goes beyond the use of the
“assurance” concept:
– The guidelines apply to auditing tasks where the purpose is
to obtain sufficient appropriate evidence to support the
findings. The conclusion may be expressed in a formalized
statement of assurance or in a more elaborated form
• The reports may be either short-form or long-form
reports
Brasilia June 2009
5
ISSAI 4200 Compliance audit related to the
audit of financial statements
• Based on reasonable assurance
– in line with the ISA approach on audit of financial statements,
leading to reporting in the form of an opinion
• May on an exceptional basis be applied, as
appropriate, to limited assurance reviews
• Sufficiently flexible to allow for combining a reasonable
assurance audit of the financial statements with a
limited assurance review on compliance
• Providing examples of various reporting combinations,
clearly stating the auditor’s different responsibilities on
reasonable assurance audit vs. limited review
• Reports on compliance may be either short-form, as in
the form of an opinion, or long-form
Brasilia June 2009
6
Court of Accounts issues
• ISSAIs 4000-4200 are intended to be relevant for
compliance audit in SAIs representing both the
Auditor General system and the Court of Accounts
system
• Do not cover particularities related to the judgement
part of compliance auditing in SAIs of the Court type
• The CAS meeting in March 2009 decided to initiate
a further exploration of Court of Accounts issues, to
be continued after 2010
Brasilia June 2009
7
Further CAS work beyond 2010
• According to the CAS meeting in March 2009, CAS
should be engaged in:
– The implementation of the compliance audit guidelines
throughout the INTOSAI community
– The maintenance of the guidelines related to issues such
as:
• limited vs. reasonable assurance
• materiality applied to compliance subject matters
• monitoring of developments in relevant auditing standards
• The meeting emphasized the need of further
guidance on limited assurance compared to
reasonable assurance, to be considered after 2010
Brasilia June 2009
8