The Indian Audit and Accounts Department has been continuously striving to upgrade and update its auditing practice as part of its overall endeavour to achieve professional excellence. The Auditing Standards were first brought out by the Department in 1994 and were subsequently revised in 2002.

I am pleased to release the third edition of the Auditing Standards, which is the result of a structured and diligent process of internal consultation at various levels. This edition takes into account the prerequisites for functioning of the Supreme Audit Institution and is suitably aligned with existing fundamental auditing principles of the framework of International Standards of Supreme Audit Institutions.

I trust that all officers and staff of the Department would abide by these Auditing Standards and apply them conscientiously in auditing for achieving the mission of promoting accountability, transparency and good governance.

March 2017

Shashi Kant Sharma
Comptroller and Auditor General of India

Basic Postulates

1.1 Introduction

The Comptroller and Auditor General of India (CAG) who is the head of Supreme Audit Institution of India (SAI India) discharges his constitutional functions through the Indian Audit and Accounts Department. The Constitution of India provides for the Comptroller and Auditor General of India who is appointed by the President of India by warrant under his hand and seal. The Constitution provides that the salary and other conditions of service as well as the duties and powers of CAG may be determined by Parliament by law. In pursuance of these provisions, the Parliament enacted the CAG’s (Duties, Powers and Conditions of Service) Act, 1971 (DPC Act) to determine the conditions of service of the CAG and to prescribe his duties and powers. In exercise of powers conferred by the DPC Act, as amended from time to time, the CAG framed the Regulations on Audit and Accounts, 2007, which provide the overarching governance framework for both accounting and auditing functions. The CAG’s Auditing Standards constitute the next layer of the audit governance framework and set out the professional standards of auditing for the organisation as well as for its personnel - the individual auditors. As an ongoing initiative for continuous improvement and benchmarking, these standards are periodically reviewed, restructured and updated.

1.2 Purpose and Authority of the Standards

These standards establish the norms which are applicable to all public sector audit engagements, irrespective of their form or context. These standards incorporate the Prerequisites for the functioning of Supreme Audit Institutions and Fundamental Auditing Principles of the International Standards of Supreme Audit Institutions, which have been suitably adapted with due consideration of the audit mandate and rules applicable to SAI India. These standards determine the audit procedures that shall be applied in audit and constitute the criteria or benchmark against which the quality of audit results is evaluated. These Auditing Standards are effective from 1 April 2017. All audit engagements as per the audit mandate of SAI India on or after this date shall be conducted in accordance with these standards.

1.3 Audit Mandate

The audit mandate is laid down in the Constitution of India, DPC Act and specific legislations enacted over time by the Parliament and State Legislatures.

1.3.1 Article 149 of the Constitution of India envisages that CAG shall perform such duties and exercise such powers in relation to the accounts of the Union and of the States and of any other authority or body as may be prescribed by or under any law made by Parliament. Article 151 envisages that the reports of the CAG relating to the accounts of the Union shall be submitted to the President, who shall cause them to be laid before each House of Parliament and that the reports relating to the accounts of a State shall be submitted to the Governor, who shall cause them to be laid before the Legislature of the State. Additionally, Article 279 envisages that ‘net proceeds’ in relation to any tax or duty means the proceeds thereof reduced by the cost of collection and that the net proceeds of any tax or duty, or of any part of any tax or duty, in or attributable to any area shall be ascertained and certified by the CAG, whose certificate shall be final. Further, the Sixth Schedule of the Constitution of India also envisages audit of accounts of District and Regional Councils of autonomous regions.

1.3.2 The general provisions relating to audit are elaborated in Sections 13 to 21 and 24 of the DPC Act. There are also other legislations providing for audit of specific entities by the CAG. The audit mandate of CAG extends to bodies or authorities such as statutory corporations, government companies, autonomous bodies constituted as societies, trusts or not for profit companies, urban and rural local bodies and also to any other body or authority whose audit may be entrusted to CAG under law. To fulfil its mandate, SAI India undertakes financial audit, compliance audit, performance audit and combination of such audits.

1.4 Prerequisites for functioning

The pre-requisites constitute the principles that are essential for the functioning of SAI, India and for proper practice of public sector auditing within the SAI.

  1. Independence
  2. Accountability and Transparency
  3. Ethics
  4. Quality assurance

1.4.1 Independence

An adequate degree of independence from both the Legislative and Executive branch of the Government is essential for the conduct of audit and for the credibility of its results. Independence of a Supreme Audit Institution (SAI) is secured through certain principles and conditions that are institutionalised through established mechanisms and processes. The principles and conditions that define an independent SAI are elaborated below. The existence of an appropriate and effective constitutional/statutory/legal framework and its application. This framework shall establish provisions that secure the functional independence of the Head of the SAI including security of tenure. The Constitution of India stipulates that the CAG shall only be removed from office in like manner and on like grounds as a Judge of the Supreme Court of India. The other terms for appointment and demitting of office of the CAG are provided under the DPC Act that ensures due autonomy and security of tenure. SAI shall have a sufficiently broad mandate and full discretion in the discharge of its functions

While conforming to the Constitutional provisions and laws enacted by the legislatures, SAI India has the functional and organisational autonomy required for carrying out its mandate and is free from direction or interference from the Legislature or the Executive in the:

  1. selection of audit issues;
  2. planning, programing, conduct, reporting and follow up of audits; and
  3. organisation and management of its office.

SAI India may accept specific requests for audits made by Legislature as expressed as a whole or through one of its committees or by the Government while retaining its right to decline such requests. SAI India may be consulted by the Executive in matters such as financial legislations, accounting standards and policies, public accounts, form of financial statements and for draft laws or rules affecting its competence or authority ensuring, however, that rendering such advice or assistance does not either implicitly or explicitly impair independent exercise of its audit mandate. SAI shall have unrestricted access to information

The DPC Act empowers SAI India to inspect any office of accounts under the control of the Executive and to require the production of all necessary documents and information necessary for the proper discharge of its statutory responsibilities. SAI India thus shall have access to premises, operations, systems including Information Technology systems and records of auditable entities1 which include the implementing arms of Government and to obtain relevant information from persons or entities possessing it. SAI shall have the freedom to decide the form, content and timing of audit reports, to publish and disseminate them SAI India shall be free to decide the form and content of its audit reports and to make observations and recommendations therein, taking into consideration, the views of the audited entity. SAI shall be free to decide the timing of its audit reports except where specific reporting requirements are prescribed by law. It is also free to disseminate its reports once they have been formally tabled in the appropriate legislature as required by law. There shall exist effective follow up mechanisms on SAI’s recommendations

SAI India may submit its reports to the Legislature or an audited entity’s governing body as appropriate for follow up of specific recommendations for corrective action. SAI India shall have its own follow up procedures to monitor and report on the action taken by the Executive on its observations and implementation of recommendations made in its reports as well as those made by the Legislature or the audited entity’s governing board, as appropriate. SAI shall have financial and managerial/administrative autonomy and the availability of appropriate human, material and monetary resources

The Constitution provides that the conditions of service of persons serving in the Indian Audit and Accounts Department and the administrative powers of the CAG shall be such as may be prescribed by rules made by the President after consultation with the CAG. Thus, SAI India shall have the necessary empowerment to manage the human and budgetary resources available to it. The Legislature is responsible for ensuring that SAI India has the resources necessary to fulfil its mandate.

SAI India’s functional autonomy does not preclude arrangements with auditable entities in regard to matters such as personnel management, property management or common purchasing of equipment and stores.

1.4.2 Accountability and Transparency

Accountability and transparency are two important elements of good governance. Accountability refers to the legal and reporting framework, organisational structure, strategy, procedures and actions to ensure that the SAI meets its legal obligations with regard to its audit mandate and reporting and that the SAI and its personnel can be held responsible for their actions.

Transparency refers to the SAI’s timely, reliable, clear and relevant public reporting on its status, mandate, strategy, activities and performance as also of the audit findings, conclusions and public access to information about the SAI. The principles of accountability and transparency are as under: SAI shall perform its duties under a legal framework that provides for accountability and transparency.

SAI India shall perform its duties in accordance with the constitutional and statutory framework which cover the audit authority, jurisdiction and responsibilities, conditions for appointment and removal of the CAG, publishing of audit reports, oversight of activities and balance between public access to information and confidentiality of audit evidence and other information. SAI shall make public its mandate, mission and responsibilities.

The mandate, mission and responsibilities of SAI India shall be in public domain. SAI shall adopt audit standards, processes and methods that are objective and transparent.

The standards and methodologies adopted by SAI India shall be consistent with the fundamental auditing principles elaborated under the International Standards of Supreme Audit Institutions (ISSAIs) of International Organisation of Supreme Audit Institutions (INTOSAI). While conducting its audits, SAI India shall communicate the criteria on which opinions would be based to the auditable entities and keep them informed about the audit objectives, methodology and findings. SAI India shall also communicate the scope of audits undertaken as part of the reporting process. Its audit findings and recommendations shall be subject to procedures of comment, discussion and responses from the audited entity. SAI shall manage its operations economically, efficiently, effectively and in accordance with laws and regulations and report publicly on these matters.

SAI India shall employ sound management practices including appropriate internal controls over its financial management and performance and reports on all areas of performance including various audits carried out covering compliance, performance and financial audits. SAI India’s financial statements are open to Parliamentary review and its budget, financial resources and use of resources are in the public domain. SAI shall report publicly on the results of audits and on conclusions regarding overall public sector activities

The audit reports of SAI India that include its conclusions and recommendations resulting from its audits shall be tabled in the concerned Legislature or presented to the audited entity’s governing body as required and shall thereafter be in the public domain. SAI shall communicate timely and widely on its activities and audit results through the website, media and other means.

Once the Audit Reports are tabled in the concerned legislature, SAI India shall communicate audit results through website and other means and may communicate with the media or other stakeholders on matters included in the reports thereby enhancing transparency and accountability of the audit work. Public and academic interest in important conclusions shall be encouraged. Its reports shall be made understandable to the wide public through various means e.g. summaries, graphics, video presentations and press releases.

1.4.3 SAI shall apply high standards of integrity and ethics for staff of all levels.

SAI India shall have a Code of Ethics that is aligned with the Code of Ethics (ISSAI 30) elaborated under the ISSAIs. The fundamental principles of ethics are integrity, independence, objectivity and impartiality, confidentiality and competence. SAI India shall ensure transparency and legality of its operations and actively promotes ethical behaviour throughout the organisation.

1.4.4 Quality Assurance and Quality Control

As an over-riding objective SAI India shall consider the risks to the quality of its work and establish a system of quality control that is designed to mitigate such identified risks. The risks to quality control depend upon the mandate and functions, conditions and environment under which it operates. SAI shall establish policies and procedures designed to promote an internal culture recognising that quality is essential in performing all of its work. The Head of SAI shall retain overall responsibility for the system of quality control.

SAI India shall strive to achieve a culture that recognises and rewards high quality work throughout the SAI. It shall ensure that sufficient resources are available within the organisation to maintain the system of quality control. SAI shall establish policies and procedures designed to provide it with reasonable assurance that the SAI, including all personnel and any parties contracted to carry out work for the SAI comply with the relevant ethical requirements.

SAI India shall recognize the importance of meeting relevant ethical requirements in carrying out its work. Policies and procedures shall be in place to reinforce the fundamental principles of ethics as defined in the code of ethics including rotation of key audit personnel to reduce the risk of familiarity with the entity being audited and to ensure that they remain and appear to remain objective obviating any possibility of conflict of interests. All personnel of SAI India and any parties engaged to carry out any task for the SAI shall have to demonstrate appropriate ethical behaviour. SAI shall establish policies and procedures designed to provide reasonable assurance that its audits and other work are carried out in accordance with relevant standards, applicable legal and regulatory requirements, that SAI issues reports that are appropriate in the circumstances and that it has sufficient resources with the competence, capabilities and commitment to ethical principles as required to carry out its range of work.

SAI India shall have an Audit Quality Management Framework that establishes appropriate quality control policies and procedures such as supervision and review responsibilities and ensures tools such as audit methodologies for all work carried out. It shall ensure that applicable standards are followed in all work carried out and if any requirement in a standard is not followed, the reasons are appropriately documented, approved and reported.

SAI India may draw on a number of different sources to ensure that it has the necessary skills and expertise to carry out its range of work. It may collaborate with academic/ research institutions in order to avail of the experienced members of the profession at large and may enter into formal relationships with professional bodies provided the relationships do not inhibit its independence and objectivity. As resources are limited, SAI India may prioritise its work in a manner that takes into account the need to maintain quality. SAI shall establish a monitoring process designed to provide it with reasonable assurance that the policies and procedures relating to the system of quality control are relevant and adequate and is operating effectively.

SAI India shall ensure that its quality control system includes independent monitoring of the range of controls within the SAI.

SAI India may invite external independent assessment of its activities and implementation of standards through a peer review. Where appropriate, SAI India may consider other means of monitoring the quality of its work which may include but not be limited to independent academic review, stakeholder surveys and follow up reviews of recommendations or feedback from audited entities. There are procedures for dealing with complaints about the quality of work performed by SAI.

General Standards

Public Sector Auditing and its Objectives

2.1.1 Public sector2 audit environment is that in which governments and other entities exercise responsibility for the use of national wealth, natural resources, resources derived from taxation and other sources in the delivery of services to citizens and other recipients. These entities are accountable for their management, performance and use of resources, both to those providing the resources and to those, including citizens, who depend on the services delivered using those resources. Public sector auditing helps to create suitable conditions and reinforce the expectation that public sector entities and public servants will perform their functions effectively, efficiently, ethically and in accordance with the applicable laws and regulations.

2.1.2 In general, public sector auditing can be described as a systematic process of objectively obtaining and evaluating evidence to determine whether information or actual conditions conform to established criteria. Public sector auditing is essential in that it provides legislature and oversight bodies, those charged with governance and the general public with information, independent and objective assessments concerning the stewardship and performance of public sector policies, programmes or operations.

2.1.3 All public sector audits start from objectives, which may differ depending on the type of audit being conducted. However, public sector auditing contributes to good governance by:

  1. providing the intended users with independent, objective and reliable information, conclusions or opinions based on sufficient and appropriate evidence relating to public sector entities;
  2. enhancing accountability and transparency, encouraging continuous improvement and sustained confidence in the appropriate use of public funds and assets and the performance of public administration;
  3. reinforcing the effectiveness of those bodies that exercise general monitoring and corrective functions over public sector and those responsible for the management of publicly funded activities; and
  4. creating incentives for change by providing knowledge, comprehensive analysis and well-founded recommendations for improvement.

2.2.1 Financial Audit: focuses on determining whether an entity’s financial information is presented in accordance with the applicable financial reporting and regulatory framework. This is accomplished by obtaining sufficient and appropriate audit evidence to enable the auditor to express an opinion as to whether the financial information is free from material misstatement due to fraud or error.

2.2.2 Compliance Audit: focuses on whether a particular subject matter is in compliance with the criteria. Compliance auditing is performed by assessing whether activities, financial transactions and information are, in all material aspects, in compliance with the applicable authorities which include the Constitution, Acts, Laws, rules and regulations, budgetary resolutions, policy, contracts, agreements, established codes, sanctions, supply orders, agreed terms or the general principles governing sound public sector financial management and the conduct of public officials.

2.2.3 Performance Audit: focuses on whether interventions, programmes and institutions are performing in accordance with the principles of economy, efficiency and effectiveness and whether there is room for improvement. Performance is examined against suitable criteria and the causes of deviations from those criteria or other problems are analysed. The aim is to answer key audit questions and to provide recommendations for improvement.

SAI, India may carry out audits or engagements on any subject of relevance to the responsibilities of executive and those charged with governance and the appropriate use of public resources, within its given mandate. These engagements may include, but not be restricted to, reporting on the quantitative outputs and outcomes of the auditable entity’s service delivery activities, sustainability reports, future resource requirements, and adherence to internal control standards, near real time audits or other matters. It may also conduct combined audits incorporating financial, performance and /or compliance aspects.

2.3 Elements of Public Sector Auditing

Public sector auditing is indispensable for the public administration, as the management of public resources is a matter of trust. Responsibility for the management of public resources in line with intended purposes is entrusted to an entity or person who acts on behalf of the public. Public sector auditing enhances the confidence of the intended users by providing information and independent and objective assessments concerning deviations from accepted standards or principles of good governance. All public sector audits have the same basic elements:

  1. The three parties
  2. Subject matter, criteria and subject matter information
  3. Types of engagement

2.3.1 The Three Parties

Public sector audits involve at least three separate parties: the auditor, the responsible party and intended users. The relationship between the parties should be viewed within the context of the specific arrangements for each type of audit.

The auditor: In public sector auditing the role of auditor is fulfilled by SAI, India and by its personnel delegated with the task of conducting audits.

The responsible party: In public sector auditing, the relevant responsibilities are determined by constitutional or legislative arrangement. The responsible parties may be responsible for the subject matter information, for managing the subject matter or for addressing recommendations and may be individuals or organizations. Generally, auditable entities and those charged with governance of the auditable entities would be the responsible parties.

Intended users: The intended users are the individuals, organizations or classes thereof for whom the auditor prepares the audit report. The intended users may be legislative or oversight bodies, those charged with governance or the general public. The intended user is primarily the Parliament or the Legislature which represents the citizens by determining the priorities of public finance, purpose and content of public spending and income.

2.3.2 Subject Matter, Criteria and Subject Matter Information Subject matter refers to the information, condition or activity that is measured or evaluated against certain criteria. It can take many forms and have different characteristics depending on the audit objective. An appropriate subject matter is identifiable and capable of consistent evaluation or measurement against the criteria, such that it can be subjected to procedures for gathering sufficient and appropriate audit evidence to support the audit opinion or conclusion.

The criteria are the benchmarks used to evaluate the subject matter. Each audit shall have criteria suitable to the circumstances of that audit. In determining the suitability of criteria the auditor considers their relevance and understandability for the intended users, as well as their completeness, reliability and objectivity (neutrality, general acceptance and comparability with criteria used in similar audits). The criteria used may depend on a range of factors, including the objectives and the type of audit. Criteria can be specific or more general and may be drawn from various sources, including the Constitution of India, laws, regulations, standards, sound principles and best practices. They shall be made available to the intended users to enable them to understand how the subject matter has been evaluated or measured.

Subject matter information refers to the outcome of evaluating or measuring the subject matter against the criteria. It can take many forms and have different characteristics depending on the audit objective and audit scope.

2.3.3 Types of Engagement

There are two types of engagement: Attestation Engagements and Direct Reporting Engagements.

In attestation engagements, the responsible party measures the subject matter against the criteria and presents the subject matter information, on which the auditor then gathers sufficient and appropriate audit evidence to provide a reasonable basis for expressing a conclusion.

In direct reporting engagements, it is the auditor who measures or evaluates the subject matter against the criteria. The auditor selects the subject matter and criteria, taking into consideration risk and materiality. The outcome of measuring the subject matter against the criteria is presented in the audit report in the form of findings, conclusions, recommendations or an opinion. The audit of the subject matter may also provide new information, analyses or insights.

Financial audits are always attestation engagements, as they are based on financial information presented by the responsible party. Performance audits and compliance audits are generally direct reporting engagements.

2.4 Confidence and Assurance in Public Sector Auditing

Audit has to provide reliable and relevant information to the intended users based on sufficient and appropriate evidence. Auditors shall perform procedures to reduce or manage the risk of reaching inappropriate conclusions.

2.4.1 Forms of providing assurance

Depending on the audit and the users’ needs, assurance can be communicated in two ways:

  1. Through opinions and conclusions: which explicitly convey the level of assurance. This applies to all attestation engagements and certain direct reporting engagements.
  2. In other forms: In some direct reporting engagements the auditor does not give an explicit statement of assurance on the subject matter. In such cases, the auditor provides the users with the necessary degree of confidence by explicitly explaining how findings, criteria and conclusions were developed in a balanced and reasoned manner, and why the combinations of findings and criteria result in a certain overall conclusion or recommendation.

2.4.2 Levels of assurance

Assurance can be either reasonable or limited. Reasonable assurance is high, but not absolute, given the inherent limitations of an audit, the result of which is that most of the audit evidence obtained by the auditor will be persuasive rather than conclusive. In reasonable assurance the audit conclusion is expressed positively, either explicitly or in other forms conveying the necessary degree of confidence as stated at para 2.4.1 above.

A limited assurance conveys the limited nature of the assurance provided and the audit conclusion is expressed in a negative manner stating that based on the procedures performed, nothing has come to the auditor’s attention to cause the auditor to believe that the subject matter is not in compliance with the applicable criteria. The procedures performed in a limited assurance audit are limited compared with what is necessary to obtain reasonable assurance, but the level of assurance is expected, in the auditor's professional judgement, to be meaningful to the intended users.

Principles of Public Sector Auditing

Auditing is a cumulative and iterative process. The principles of public sector auditing constitute the general standards that apply to SAI India’s personnel as auditors and are fundamental to the conduct of all types of public sector audits. The principles to be observed by all individual auditors are categorized into two distinct groups as shown in the diagram below.

  • General principles
  • Principles related to the audit process

2.5.1 General Principles

General principles relate to the basic audit concepts, which shall be considered by auditors prior to commencement and at more than one point during the audit process and comprise the following: Ethics and Independence

Auditors hall comply with the relevant ethical requirements and be independent

Ethical principles shall be embodied in an auditor’s professional behaviour and the auditors shall comply with SAI India’s code of ethics. Auditors shall remain independent so that their reports are impartial and be seen as such by the intended users. Professional Judgement, Due Care and Scepticism

Auditors shall maintain appropriate professional behaviour by applying professional scepticism, professional judgment and due care throughout the audit

The auditor’s attitude shall be characterised by professional scepticism and professional judgement, which are to be applied when forming decisions about the appropriate course of action. Auditors shall exercise due care to ensure that their professional behaviour is appropriate.

Professional scepticism refers to maintaining professional distance, an alert and questioning attitude when assessing the sufficiency and appropriateness of evidence obtained throughout the audit. It also entails remaining open-minded and receptive to all views and arguments. Professional judgement implies the application of collective knowledge, skills and experience to the audit process. Due care denotes that auditors shall plan and conduct audits in a diligent manner. Auditors shall avoid any conduct that might discredit their work. Quality Control

Auditors shall perform the audit in accordance with professional standards on quality control

Auditors shall comply with professional standards on quality control, the aim being to ensure that audits are conducted at a consistently high level. Quality control procedures shall cover matters such as the direction, review and supervision of the audit process and the need for consultation in order to reach decisions on difficult or contentious matters. Audit Team Management and Skills

Auditors shall possess or have access to the necessary skills

The audit team shall collectively possess the knowledge, skills expertise and competence necessary to successfully complete the audit. This includes an understanding and practical experience of the type of audit being conducted, familiarity with the applicable standards and legislation, an understanding of the entity’s operations and the ability and experience to exercise professional judgement. Auditors shall maintain their professional competence through ongoing professional development.

Where relevant or necessary, and in line with SAI India’s mandate and applicable legislation, the auditor may use the work of internal auditors, other auditors or experts. The auditor’s procedures shall provide a sufficient basis for using the work of others, and in all cases the auditor shall obtain evidence of other auditors’ or experts’ competence, independence and the quality of work performed. However, SAI, India has the sole responsibility for any audit opinion or report it might produce on the subject matter and that responsibility is not reduced by its use of work done by other parties.

SAI, India may use the work of other auditors at state, provincial, regional, district or local level, or of public accounting firms that have completed audit work related to the audit objective. Audits may require specialised techniques, methods or skills from disciplines not available within SAI, India. In such cases, experts may be used to provide knowledge or carry out specific tasks or for other purposes. Audit Risk

Auditors shall manage the risks of providing a report that is inappropriate in the circumstances of the audit

The audit risk is the risk that the audit report may be inappropriate. The auditor performs procedures to reduce or manage the risk of reaching inappropriate conclusions, recognising that the limitations inherent to all audits mean that an audit can never provide absolute certainty of the condition of the subject matter. When the objective is to provide reasonable assurance, the auditor shall reduce audit risk to an acceptably low level given the circumstances of the audit. The audit may also aim to provide limited assurance, in which case the acceptable risk that criteria are not complied with is greater than in a reasonable assurance audit. A limited assurance audit provides a level of assurance that, in the auditor’s professional judgment, will be meaningful to the intended users. Materiality

Auditors shall consider materiality throughout the audit process

Materiality is relevant in all audits. A matter can be judged material if knowledge of it would be likely to influence the decisions of the intended users. Determining materiality is a matter of professional judgement and depends on the auditor’s interpretation of the users’ needs. This judgement may relate to an individual item or to a group of items taken together. Materiality is often considered in terms of value, but it also has other quantitative as well as qualitative aspects. The inherent characteristics of an item or group of items may render a matter material by its very nature. A matter may also be material because of the context in which it occurs. Materiality shall be considered for the purposes of planning, evaluating the evidence obtained and reporting, though the materiality levels could differ for each of the processes. Materiality considerations affect decisions concerning the nature, timing and extent of audit procedures and the evaluation of audit results. Considerations may include stakeholder concerns, public interest, regulatory requirements and consequences for society. Documentation

Auditors shall prepare audit documentation that is sufficiently detailed to provide a clear understanding of the work performed, evidence obtained and conclusions reached.

Audit documentation shall include an audit strategy and audit plan. It shall record the procedures performed and evidence obtained and support the communicated results of the audit. Documentation shall be sufficiently detailed to enable an experienced auditor, with no prior knowledge of the audit, to understand the nature, timing, scope and results of the procedures performed, the evidence obtained in support of the audit conclusions and recommendations, the reasoning behind all significant matters that required the exercise of professional judgement and the related conclusions. Adequate audit documentation is important for several reasons. It will:

  1. confirm and support the auditor’s opinions and reports;
  2. serve as a source of information for preparing reports or answering any enquiries from the audited entity or any other party;
  3. serve as evidence of the auditor's compliance with the auditing standards;
  4. facilitate planning, supervision and review; help with the auditor’s professional development;
  5. help to ensure that delegated work has been satisfactorily executed; and
  6. provide evidence of work done for future reference.

Further requirements relating to documentation in the following areas also need to be met:

  1. the timely preparation of documentation;
  2. the form, content and extent of documentation;
  3. documentation requirements where the auditor judges it necessary to depart from a relevant requirement in the applied auditing standards;
  4. documentation requirements where the auditor performs new or additional audit procedures or draws new conclusions after the date of the auditor’s report; and
  5. the assembly of the final audit file. Communication

Auditors shall establish effective communication throughout the audit process

It is essential that the entity being audited be kept informed of all matters relating to the audit. This is key to developing a constructive working relationship. Communication shall include obtaining information relevant to the audit and providing management/ those charged with governance with timely observations and findings throughout the engagement. It is important to promote effective two-way communication throughout the engagement. Written communication is vital for significant audit findings, which auditors are required to communicate to those charged with governance. The auditor may also have a responsibility to communicate audit-related matters to other stakeholders, such as legislative and oversight bodies.

2.5.2 Principles related to the audit process

Principles related to the audit process relate to the specific steps in the audit process and comprise the following: Planning an audit

Auditors shall ensure that the terms of the audit have been clearly established. Most of the audits undertaken by SAI, India are as per the constitutional mandate, which may not require formal agreement with the auditable entities on terms of audit. In some cases, such as in case of an entrusted audit, there is a need for arriving at an agreement on the terms of audit with the auditable entity. Important information like the subject, scope and objectives of audit, access to data, the audit process, roles and responsibilities of different parties to the engagement shall be firmed up before audit is carried out.

This includes understanding the relevant objectives, operations, regulatory environment, internal controls, financial and other systems and business processes, and researching the potential sources of audit evidence. Knowledge can be obtained from interaction with management, other relevant stakeholders and experts. Documents (including earlier studies and other sources) shall be examined in order to gain a broad understanding of the subject matter to be audited and its context.

The nature of the risks identified will vary according to the audit objectives. The auditor shall consider and assess the risk of different types of deficiencies, deviations or misstatements that may occur in relation to the subject matter. Both general and specific risks shall be considered. This can be achieved through procedures that serve to obtain an understanding of the entity or programme and its environment, including the relevant internal controls. The auditor shall assess the management’s response to identified risks, including its implementation and design of internal controls to address them. In a problem analysis the auditor shall consider actual indications of problems or deviations from what should be or is expected. This process involves examining various problem indicators in order to define the audit objectives. To facilitate the process of risk assessment or problem analysis data from multiple sources may be collated and/or combined to gain insights and discern patterns. Technology and data analytical techniques may be appropriately utilised in the process. The identification of risks and their impact on the audit shall be considered throughout the audit process.

The primary responsibility for the prevention and detection of fraud rests with the entity’s management and those charged with governance. It is important that management, under the oversight of those charged with governance, strongly emphasise fraud prevention (limiting opportunities for fraud to take place) and fraud deterrence (dissuading individuals from committing fraud because of the likelihood of detection). Fraud is a broad legal concept and the auditor does not make legal determination of fraud. Auditors shall make enquiries and perform procedures to identify and respond to the risks of fraud relevant to the audit objectives. They shall maintain an attitude of professional scepticism and be alert to the possibility of fraud throughout the audit process.

  1. Auditors shall obtain an understanding of the nature of the entity/programme to be audited
  2. Auditors shall conduct a risk assessment or problem analysis and revise this as necessary in response to the audit findings
  3. Auditors shall identify and assess the risks of fraud relevant to the audit objectives
  4. Auditors shall plan their work to ensure that the audit is conducted in an effective and efficient manner

Planning for a specific audit includes strategic and operational aspects. Strategically, planning shall define the audit scope, objectives and approach. The objectives refer to what the audit is intended to accomplish. The scope relates to the subject matter and the criteria which the auditors will use to assess and report on the subject matter and is directly related to the objectives. The approach will describe the nature and extent of the procedures to be used for gathering audit evidence. The audit shall be planned to reduce audit risk to an acceptably low level. Professional judgement shall be exercised to decide on a suitable sampling methodology depending upon the subject matters, audit objectives being pursued and the envisaged scope of audit.

Operationally, planning entails setting a timetable for audit and defining the nature, timing and extent of the audit procedures. During planning, auditors shall assign the members of their team as appropriate and identify other resources that may be required, such as subject experts. Audit planning shall be responsive to significant changes in circumstances and conditions. It is an iterative process that takes place throughout the audit. Conducting an Audit

The auditor’s decisions on the nature, timing and extent of audit procedures will impact on the evidence to be obtained. The choice of procedures will depend on the risk assessment or problem analysis. Audit evidence is any information used by the auditor to determine whether the subject matter complies with the applicable criteria. Evidence may take many forms, such as electronic and paper records of transactions, written and electronic communication with outsiders, and observations by the auditor and oral or written testimony by the audited entity. Methods of obtaining audit evidence can include inspection, observation, inquiry, confirmation, recalculation, re-performance, analytical procedures and/or other research techniques.

After completing the audit procedures, the auditor will review the audit documentation in order to determine whether the subject matter has been sufficiently and appropriately audited. Before drawing conclusions, the auditor reconsiders the initial assessment of risk and materiality in the light of the evidence collected and determines whether additional audit procedures need to be performed. The auditor shall evaluate the audit evidence with a view to obtaining audit findings. When evaluating the audit evidence and assessing materiality of findings the auditor shall take both quantitative and qualitative factors into consideration. Based on the findings, the auditor shall exercise professional judgement to reach a conclusion on the subject matter or subject matter information.

  1. Auditors shall perform audit procedures that provide sufficient and appropriate audit evidence to support the audit report
  2. Evidence shall be both sufficient (quantity) to persuade a knowledgeable person that the findings are reasonable, and appropriate (quality) – i.e. relevant, valid and reliable. The quantity of evidence required depends on the risk of material misstatement or non-compliance of the subject matter information (the greater the risk, the more evidence is likely to be required) and on the quality of such evidence (the higher the quality, the less may be required). Accordingly, the sufficiency and appropriateness of evidence are interrelated. However, merely obtaining more evidence does not compensate for its poor quality. The reliability of evidence is influenced by its source and nature, and is dependent on the specific circumstances in which the evidence was obtained. While recognizing that exceptions may exist, the following generalizations about the reliability of evidence may be useful:
    1. Evidence is more reliable when it is obtained from sources external to the responsible party.
    3. Evidence that is generated internally is more reliable when the related controls are effective
    4. Evidence obtained directly by the auditor (for example, through observation of the application of a control) is more reliable than evidence obtained indirectly or by inference (for example, through inquiry into the application of a control).
    5. Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a simultaneous written record of a meeting is more reliable than a subsequent oral report of what was discussed).
    6. Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.

    The auditor’s assessment of the evidence shall be objective, fair and balanced. Preliminary findings shall be communicated to and discussed with the entity being audited to confirm their validity. The auditor must respect all requirements regarding confidentiality.

  3. Auditors shall evaluate the audit evidence and draw conclusions Reporting and Follow-up

The audit process involves preparing a report to communicate the results of the audit to stakeholders, others responsible for governance and the general public. The purpose is also to facilitate follow-up and corrective action. Reports shall be easy to understand, free from vagueness or ambiguity and complete. They shall be objective and fair, only including information which is supported by sufficient and appropriate audit evidence and ensuring that findings are put into perspective and context. The form and content of a report will depend on the nature of the audit, the intended users, the applicable standards and legal requirements. The reports can appear in short form or long form. Long-form reports generally describe in detail the audit scope, audit findings and conclusions, including potential consequences and constructive recommendations to enable remedial action. Short-form reports are more condensed and generally in a more standardized format.

i. Attestation engagements

In attestation engagements the audit report may express an opinion as to whether the subject matter information is, in all material respects, free from misstatement and/or whether the subject matter complies, in all material respects, with the established criteria. In an attestation engagement the report is generally referred to as the Auditor’s Report.

ii. Direct reporting engagements

In direct reporting engagements the audit report needs to state the audit objectives and describe how they were addressed in the audit. It includes findings and conclusions on the subject matter and may also include recommendations. Additional information about criteria, methodology and sources of data may also be given, and any limitations to the audit scope shall be described. The audit report shall explain how the evidence obtained was used and why the resulting conclusions were drawn.

When an audit opinion or conclusion is used to convey the level of assurance, the opinion or conclusion shall be in a standardised format. It may be unmodified or modified. An unmodified opinion/conclusion is used when either limited or reasonable assurance has been obtained. A modified opinion or conclusion may be:

Where the opinion or conclusion is modified the reasons shall be put in perspective by clearly explaining, with reference to the applicable criteria, the nature and extent of the modification. Conveying an opinion is generally related to financial audits and expression of conclusion is relevant to compliance audits. Depending on the type of audit, recommendations for corrective action and any contributing internal control deficiencies may also be included in the report.

SAI India shall monitor action taken by the responsible party in response to the matters raised in an audit report. Follow-up focuses on whether the audited entity has adequately addressed the matters raised. Insufficient or unsatisfactory action by the audited entity may call for a further report by SAI India.

  1. Auditors shall prepare a report based on the conclusions reached.
  2. Opinion or conclusion
    1. Qualified (except for) – where the auditor disagrees with, or is unable to obtain sufficient and appropriate audit evidence about certain items in the subject matter which are, or could be, material but not pervasive;
    2. Adverse – where the auditor, having obtained sufficient and appropriate audit evidence, concludes that deviations or misstatements, whether individually or in the aggregate, are both material and pervasive;
    3. Disclaimed – where the auditor is unable to obtain sufficient and appropriate audit evidence due to an uncertainty or scope limitation which is both material and pervasive.
  3. Follow-up

Specific Standards

3.1 Introduction

The general principles relating to the basic audit concepts and those relating to the audit process applicable to all types of public sector audits constituting the general standards have been described in Chapter 2. In addition, this section contains the specific considerations regarding their applicability to financial, compliance and performance audits, which the auditors shall observe as specific standards during the conduct of these audits.

  • Financial Audit
  • Performance Audit
  • Compliance Audit
Back to Top