Blog Details

AUDIT COMPLIANCE

Audit Compliances means an examination of financial operations and work of a company and to ensure the necessary compliances are in accordance with the policies, standards, rules and regulations and also recommend the essential changes, policies required. It helps in evaluating the economy, risk assessment and efficiency of the company and reviews the internal control.

There can be two types of audit compliances: Internal and External. Internal audit is an independent operation conducted under the direction of the management of the company to access the effectiveness of the internal accounting. Whereas external audit is conducted by a person outside the company to ensure that the relevant compliances have been adhered to.

It is basically a systematic review of an organization’s adherence to predefined benchmarks set by a governing body. They are performed by an auditing team to help the organization in complying with the standardized processes, identify organizational gaps, and mitigate risks.

Objectives of Audit Compliances-

• It helps in improving the Data integrity of the company.
•  Improves the effectiveness of the operations.
• Safeguards the assets of the company.
• Ensure that the company adheres to the necessary standard, norms, rules and regulations.
• It helps in Risk assessment.
• Analyze and identify the past performance with the present and also sets the future expectations.

 Purpose of Audit Compliances-

Audit Compliances are essential for the businesses to ensure that they follow the legal requirements and adhere to the necessary rules, regulations required for the company which is enforced by the regulatory authority.

• Promote a safe working environment – comply with government requirements and help in promoting stress-free working.
• Avoid penalties – Proper audit compliances, practising with legal standards helps to avoid penalties and restrictions.
• Increase productivity –helps in boosting production and improving output.
• Non-Compliance– non-compliance with the rules and regulations can lead to penalties, restrictions and sometimes even operation cessation as well.
• Establish Goodwill – It helps in gaining the market trust, by sticking to the industry protocols and helps in establishing goodwill. 

Essential elements for Preparation of Audit Compliance-

Ø  Stay updated with new regulations- It is very essential to stay updated with all the new rules, regulations and compliances enforced by the regulatory authorities. 

Ø  Be prepared with the necessary documentations- Auditors often expect from the company to produce the relevant documents required for the audit process, therefore being handy with the papers and documents is a smart move to avoid the last time hazels.

Ø  Perform a self -Compliance Audit- It helps to determine the organization’s compliance with the necessary regulations, industry standards and policies. It is important to perform an internal audit by appointing internal team members for self-evaluation and to check upon the deficiencies.

Ø Preparing Audit program- Once the internal audit is completed and develops their understanding of the process and risks involved. They must create an audit programme. An audit program should contain the Audit process objectives, process risks, Mitigating process and other necessary attributes.

General Principles for Compliances Audit-

These are the general principle that is followed during the course of the audit process-

1- Auditors should notice the code of ethics- IA has adopted a code of ethics which should be noticed by auditors at all times. The auditor promotes trust, confidence and credibility by adopting and applying the ethical requirements of the concepts embodied in the key principles of the code - Integrity, Independence and Objectivity, Confidentiality and Competence.

2- Auditors should prepare a report based on the principles of completeness, objectivity, timeliness- The principle of completeness requires the auditor to consider all relevant audit evidence before preparing a report. The principle of objectivity requires the auditor to apply professional judgement in order to ensure that all reports are factually correct and that findings or conclusions are presented in a relevant and balanced manner. The principle of timeliness implies preparing the report in due time. 

3- Auditors should possess the necessary and relevant skills- The audit team should possess the knowledge, skills and expertise necessary. This includes an understanding and practical experience and the knowledge of the applicable standards and authorities. The confidentiality of the specific information/records made available by the auditable entity should be maintained in such an interface with external experts. Auditors should evaluate and document before passing any judgment.

4- Risk Assessment by Auditor- Audits should be conducted in such a way as to manage, or reduce or to mitigate the risk involved in the process. The auditor should consider the inherent risk, control risk in relation to the subject matter and the reporting.

5- Auditors should prepare the necessary audit documentation. Documentation should be sufficiently detailed to enable an experienced auditor to understand the relationship between the subject matter, the evidence obtained in support of the auditor’s conclusion, the reasoning behind all significant matters that required the exercise of professional judgement; and the related conclusions. Documentation should be prepared within a reasonable period before the issue of the audit report.

6- Auditors should develop an audit strategy and plan- Audit planning should involve discussion among members of the audit team with a view to developing an overall audit strategy and an audit plan. The purpose of the audit strategy is to devise an effective response to the risk of non-compliance. It should include plans for specific risks throughout the audit plan process.

7-Auditors should determine the audit scope- The audit scope is a clear statement of the focus, extent and limits of the audit in terms of the subject matter’s compliance with the criteria. The scoping of an audit is done by calculating risk and legal requirements.

Therefore, These guidelines contain the framework for the process of compliance auditing within the Indian Audit and Accounts Department headed by the Comptroller and Auditor General (CAG) of India referred to as IA&AD. They must follow these guidelines in planning, implementation, reporting, observing and obtaining quality assurance in compliance audits.

Definitions of Compliance Auditing objectives by various regulatory authorities as follows- 

The main aim of the regulatory authorities is to check up on the deviations from accepted standards and violations of the principles of legality, efficiency, effectiveness and make it possible to take corrective actions in adverse situations. Compliance Audit may be defined by different regulatory authorities as-

1- ISSAI 4100 defines as-

Compliance audit deals with the degree to which the audited entity follows rules, laws and regulations, policies, established codes, or agreed-upon terms and conditions, etc.

2- The CAG’s Regulations on Audit and Accounts, 2007-

A compliance audit is an assessment as to whether the provisions of the Constitution of India, applicable laws, rules and regulations made thereunder and various orders and instructions issued by the competent authority are being complied with.

According to CAG’s regulations on Audit & Accounts 2007, it lies down the rules to check the legality, adequacy, transparency, and effectiveness whether these contain-

Legality-

a) intra vires the provisions of the Constitution of India and the laws.

Adequacy-

b)ensure effective control over government receipts, expenditure, assets and liabilities with the safeguards against loss due to mismanagement, errors, frauds and other irregularities.

Transparency-

c) clear and free from ambiguity and promotes transparency.

Effectiveness-

d) effective and achieve the intended objectives and aim.

Risk Profiling- 

Risk profiling of the Apex Auditable Entities and their Audit Units has to be done considering their structures, roles they are expected to perform. As governments and other organisations transition into a digital environment, they generate, process and store the data. Useful and relevant data in diversified forms produced by various government and non-government agencies.The design integrates data from various sources and in various formats to transform data into actionable information. This aims to enhance the efficiency and effectiveness of audits. IA&AD has adopted a Data Management Policies. These policies are expected to facilitate greater and deeper insights into the Apex Auditable Entity’s environment to identify the risk areas.

Risk assessment- 

Risk assessment is an essential part of performing a compliance audit. A compliance audit does not provide a guarantee or absolute assurance that all situations of non-compliance will be detected. These are the certain limitations in a compliance audit may include such as-

a) Judgement may be applied by interpreting laws and regulations.

b) Human errors.

c) Systems may be improperly designed or ineffectively.

d) Controls may be circumvented

e) Evidence may be concealed.

Compliance Audit Design Matrix-

After determination of the scope of audit, objectives, identification of relevant criteria for measuring the selected subject matters. Auditors should prepare a Compliance Audit Design Matrix for the identified apex Auditable entity in the following formats such as-

Compliance auditing in the digital environment-

Sectors where e-governance prevails and transactions are being conducted in virtualized environments, digital auditing is an option that can also be adopted by the audit teams. Digital auditing facilitates looking at the whole of the population for outliers or unexpected variations. Data analytical tools can be of crucial help in digital environment auditing.

Audit evidence- 

It is the information used by the auditor in the whole auditing process for preparing the audit report. To obtain sufficient and appropriate audit evidence in order to form an opinion as to whether a subject matter complies with the established criteria or not.

The CAG’s Regulations on Audit and Accounts, 2007 state that the auditor shall verify compliance with applicable laws, rules and regulations and highlight deviations if any (Regulation 29(4)).

Essential elements of audit evidence- 

These are the factors which include auditor’s professional judgment as to what constitutes sufficient and appropriate evidence such as-

1-Significance of a potential non-compliance or compliance deviations.

2-Effectiveness of the responsible party’s responses to address the known risk of non-compliance.

3-Experience gained during the previous audit with respect to similar potential non-compliance.

4-Results of procedures performed, including whether such procedures identified specific non-compliance.

Documentations and Importance-

Documentations of audit evidence supports audit reports and confirms that the audit was carried out in accordance with relevant rules, regulations and standards. It should contain sufficient information to enable an experienced auditor, having no previous connection with the audit, to ascertain from them the evidence that supports the auditor’s significant findings and conclusions.

Importance of Documentations-

1-Confirm and support the auditor’s report.

2-Increase the efficiency and effectiveness of the audit.

3- Serve as a source of information for preparing reports.

4- Serve as evidence of the auditor’s compliance with Auditing Standards.

Reporting Compliance Audit/ Contents-

It is very essential to contain certain contents while reporting a final report of compliance audit by the auditors.As the compliance audit is conducted at various levels of the organisational hierarchy and needs to be reported to the responsible party, those charged with governance, and the legislature, Therefore, Auditors shall prepare the results of compliance audit in the following reports such as-

1- Inspection Report- On completion of the audit, an Inspection Report should be prepared which should contain all the true findings of the audit whether these findings are good or bad. It shall be issued within 30 days of completion of an audit to each of the selected Audit Units with a copy to the next higher level in the organisational hierarchy. A period of four weeks may be allowed to the Audit Units to provide responses to the audit findings contained in the Inspection Report. It shall be reviewed during the conduct of the audit and shall be pursued by regular reminders to the respective audit units.

2-Compliance Audit Report- It is prepared on the final stage of the audit process and evaluates the strength and weakness of the organization and warns for the future risks, analyzes and compares the past performance with the present. It develops the security policies, user access controls and risk management procedures over the course of a compliance audit process. Therefore, it is prepared by the auditor reflecting the auditor's opinion on the company’s financial statements and displays the end results of the whole audit process.

It shall be carried forward for reporting in the form of a Compliance Audit Report of the CAG of India. Auditors shall, therefore, ensure that facts and figures are accepted by the Apex Auditable entity and shall pursue responses from the Apex Auditable Entity.

3-Departmental Appreciation- This note may be issued to the Apex Auditable Entity where a specific subject matter has been selected to assess the extent of compliance from a departmental perspective. It forms the basis for the Auditor's opinion on compliance by departments.It shall be issued to the Head of the Department i.e the Principal Secretary, for initiating remedial measures with a copy provided for information to the Secretary Finance, Chief Secretary.

*Disclaimer- These Compliance Auditing Guidelines are subjected to the guidelines issued by the Comptroller & Auditor General of India ( C&AG). The information described in this report is based on our research through various official Gazette by (C&AG) of India. Nothing in these reports constitutes a warranty of audit compliance content herein described and are intended for informational purpose only. It is subjected to variations from time to time. Viewers are advised to use this information at your own risk.  Definitions and format mentioned above can vary from the regulatory authority to authority.