Preface. ISSAI 4000: A general introduction to guidelines on compliance audit presenting an overall view on compliance audit

INTOSAI Compliance Audit Guidelines Court Model ISSAI 4300 1

Preface This document provides guidance on compliance audits performed by Supreme Audit Institutions (hereafter SAIs) which have a jurisdictional as well as an audit function ( the court model ). It forms part of a wider set of guidelines for compliance audit consisting of: ISSAI 4000: A general introduction to guidelines on compliance audit presenting an overall view on compliance audit ISSAI 4100: Compliance audit guidelines for audits performed separately from the audit of financial statements ISSAI 4200: Compliance audit guidelines related to the audit of financial statements ISSAI 4300: Compliance audit guidelines for audits performed by SAIs representing the court model. 2

1 Introduction 1. Compliance audits in the context of SAIs with jurisdictional as well as audit functions (the Court model ) have significant and different specificities compared to those performed by SAIs without jurisdictional functions (the General Auditor model ). These specificities have highlighted a need for further guidance on compliance audit in the context of the Court model. 2. For ease of reference in this document, SAIs with a jurisdictional capacity will be referred to as Court(s) of Accounts whereas those SAIs which have no jurisdictional function will be referred to as Audit Office(s). This does not imply a rank or seniority between these institutions and the use of the word Court does not indicate a particular constitutional basis. 3. Courts of Accounts perform different types of compliance audits. They may perform compliance audits in connection with audits of financial statements, in connection with performance audits or as a separate compliance audit task. They may perform compliance audits of: accounts of responsible persons, including accountants, authorising officers and managers of public funds; transactions related to the revenues, expenditures, assets and liabilities of public administrations. These transactions may be performed by public entities, state-owned companies or enterprises, semi-governmental organisations or non-governmental public enterprises, or by the Central Bank The nature of jurisdictional audits depends upon the status of each organisation and the legal framework that governs its activity. 4. The following guidelines provide public sector auditors with further guidance on key issues related to Courts of Accounts which have not been covered by ISSAI 4100 and ISSAI 4200. 5. These guidelines cover only the audit phase of work carried out by Courts of Accounts but do not cover either the instruction or the judgment phase. As Courts of Accounts perform specific compliance audits within the jurisdictional power granted to them, not all parts of these guidelines may be applicable. 2 Scope of the Guidelines 6. Compliance audit of public accounts or the general state accounts consists of the assessment of whether the financial transactions and information reflected in the accounts prepared by the responsible persons (including accountants, authorising officers and managers of public funds) and the management of the state s public and private patrimony are in compliance with the authorities which govern them. 7. Audit of individual public accounts and audit of the general state accounts may be interrelated. Compliance of general state budget requires that public accounts whose balances are reflected in the state budget, should be individually in compliance. When a non compliance act occurs in one public account, it may be reflected in the general state budget accounts. 3

8. For the purposes of these guidelines, compliance audit and compliance reporting are regarded as related to the audit of public accounts and transactions reflected therein. 9. For the purposes of these guidelines, the audit report should include proposals in relation to the liability of responsible persons. 10.For the purposes of these guidelines, the audit conclusion on the compliance of the general state budget accounts may form part of the auditor s report on the audit of the outturn statement which the government is required to prepare at or after the end of the financial year. 11. References to 'compliance audit' throughout this document are understood to be in the context of work carried out by Courts of Accounts on public accounts or on general state budget accounts. Some specific considerations related to other types of compliance audit are additionally set out in these guidelines. 3 Objectives of the Audit 12. Because of the jurisdictional status conferred on SAIs that operate in a Court of Accounts environment, such SAIs have the power to exercise judgements and decisions over the accounts and over responsible persons, including public accountants, authorising officers and managers of public funds (ISSAI 100, 1.0.21) 13. For Courts of Accounts, the objective is to communicate compliance deviations to the appropriate bodies or open the process leading to a formal judgement on aspects related to the jurisdictional function of the court such as identification of the responsible persons and determination of any potential offence (Issai4100 25). 14. The jurisdictional status of the SAI may give rise to the need for additional considerations by public sector auditors operating in a Court of Accounts environment when planning, performing and reporting on compliance audits. 15. The objective of a compliance audit in the context of a Court of Accounts is to obtain sufficient and appropriate evidence to enable the auditor to provide proposals on the liability of the responsible persons. When dealing with the general state accounts, the objective of an audit is to obtain reasonable assurance to enable the auditor to provide a conclusion as to whether the general state budget is prepared and executed, in all material respects, in accordance with the general budgetary act or similar legislation. 16. The objective of such an audit is also to communicate compliance deviations, or other specific aspects that may relate to the judgement function of a Court of Accounts. Examples may be the identification of the responsible persons, determination of any potential damages and circumstances related to any potential criminal offence or notification to the appropriate bodies for judgements on such matters. 4 Definitions For the purposes of these guidelines the following terms shall have the meanings set out below: 17. Authorities Relevant acts or resolutions of the legislature or other statutory instruments, directions and guidance issued by public sector bodies with powers provided for by statute, with 4

which the audited entity is expected to comply. These elements are sometimes collectively referred to as 'legislative authorities' or just 'authorities'. This should not be confused with 'authorities' in the sense of bodies or persons exercising power or command such as 'law enforcement authorities' or 'regulatory authorities'. Where the intention is to refer to such bodies or persons, they are referred to specifically as 'law enforcement authorities, 'regulatory authorities,' etc. 18. Compliance audit As per ISSAI 4000, compliance audit deals with the degree to which the audited entity follows rules, laws and regulations, policy, established codes, or agreed upon terms and conditions, etc. Compliance auditing may cover a wide range of subject matters. In general, the purpose of a compliance audit is to provide assurance to intended users about the outcome of the evaluation or measurement of a subject matter against suitable criteria. 19. Compliance deviation - As per ISSAI 4100, compliance deviation means the audited entity's failure to comply with: a) Authorities for compliance audits of regularity; or b) General principles for sound public sector financial management and conduct of public sector officials for compliance audits of propriety. 20. Conclusions As per ISSAI 4100, the auditor's report on compliance subject matters normally contains a conclusion based on the audit work performed. When compliance audit is performed together with the audit of financial statements, the conclusion may take the form of an opinion. The conclusion may also be expressed as a more elaborated answer to specific audit questions. 21. Injunction - A court order that instructs the public accountant to do or refrain from implementing a certain act (or acts). Injunctions are issued to require compliance with authorities. The audit of individual public accounts may involve issuing injunctions to correct non-compliance issues, unless the public accountant may be held personally liable. 22. Legislature The law-making authority of a country or group of countries, for example a parliament. In the context of compliance audit, the legislature may also include other public sector bodies with authority for budget legislation or resolutions. 23. Non-compliance act failure of a responsible person to comply with authorities and principles of sound public sector management leading to their liability for loss, misuse or waste of public funds or assets. 24. Objectivity - the audit of individual public accounts and general state accounts is carried out in an impartial and fair manner without favour or prejudice. Conclusions are based on facts. 25. Personal liability - Responsible persons may be held personally liable for the loss, misuse or waste of public funds or assets, i.e. they may be required to repay the full amount related to the noncompliance acts and they may be subject to sanctions or penalties. They may be obliged either individually or jointly to compensate the public loss. In addition, possible unlawful acts may lead to penal procedures. 26. Prescription - Laws may set out for each action a time period after which the cause of action ceases. This cause of action fails if it was not started within the prescribed time period. For example the responsible persons cannot be held liable for non-compliance acts, if these acts had occurred before a prescribed time period 5

27. Public officials Accounting officers, authorising officers and managers of the public sector are obliged to ensure that financial transactions and information reflected in the annual accounts are in accordance with the authorities that govern them. In some jurisdictions they may be held personally liable concerning the impact of compliance deviations. 28. Unlawful act - failure of a responsible person to comply with authorities and principles of sound public sector management leading to their liability for loss, misuse or waste of public funds or assets which may lead to criminal prosecution of the responsible person. 5 Planning and Designing the Audit 5.1 The Scope and the Nature of the Audit 29. In general, the mandates of the SAIs determine whether the SAI may carry out compliance audit over the public accounts and/or over the general state budget accounts. The scope and the nature of such audits are generally determined by laws, resolutions and guidance governing the audit procedures. 30. When the SAI has a legislative mandate to exercise a jurisdictional function through judgments and decisions, the mandate can be only over public accountants or over public accountants and other responsible civil servants. Laws, resolutions and guidance governing the audit procedures should indicate with explicit wordings the persons who may be subject to jurisdictional powers. 31. When the SAIs are given jurisdictional powers in auditing the state budget, mandates can involve providing assistance to the Parliament. Providing assistance to the Parliament has to be indicated explicitly. 32. In general, when the SAI has legislative jurisdictional function over accountants, other officials or the state budget, no other organisations are entitled with the same powers. When other organisations are involved in dealing with jurisdictional audits over public officials, these organisations provide the SAI with reports, judgements and decisions. The SAI may have the power to review reports, judgements and decisions provided by these organisations. 33. The Court of Accounts can be given different mandates to undertake its jurisdictional function of governmental and non-governmental organisations (national, provincial or regional government, local municipal or community bodies). 34. Courts of Accounts can also get access to state-owned companies or enterprises, semigovernmental organisations or non-governmental public enterprises or to the Central Bank. The nature of compliance audits depends upon the status of each organisation and the legal framework that governs its activity. 35. When the Court of Accounts can get access to private sector enterprises or organisations, the audit remains related exclusively to public funds. The responsible persons concerned may be declared in facto public officials and a special procedure may be launched. 36. In performing a compliance audit of the general state budget accounts, the scope of the audit coincides with the budget framework. However, it is for the Court of Accounts to determine the 6

appropriate approach to be employed in order to provide the Parliament with assurance concerning the budget execution. 37. The audit of public accounts and the audit of the general state budget accounts are interrelated. The general state budget accounts must be in compliance with authorities and with the individual public accounts (i.e. they are the result of their consolidation). 5.2 Developing the Audit Strategy and Programme 38. The principles applied by the Courts of Accounts in developing the audit strategy and programme for performing audits of individual public accounts or the general state budget accounts are similar to those of the compliance audit related to audit of financial statements carried out by Audit Offices. There may, however, be additional considerations in the Court of Accounts context in relation to compliance audits of individual public accounts. These considerations are addressed in the following sections. 5.2.1. Considerations with regard to Audit Strategy and Programme 39. Courts of Accounts develop audit strategies and audit programmes ( annual and/or multi-annual programmes ) that may entail a wide range of audit tasks. Development of audit programmes may be imposed by law governing the audit procedures of these SAIs and can be developed with regard to the applicable prescriptive period. The audit programmes may contain certain audits to be performed on a yearly basis. The audit plan may be modified to reflect changing circumstances, the final decisions being made by the collegiums or equivalent. 40. In some cases Courts of Accounts develop audit programmes with regard to the prescriptive period to ensure the audit of each public entity within the prescription period so that corrective measures may be taken. This is because public accountants and other officials may not be held liable for noncompliance acts (deficiencies in collecting and using public funds or in managing the state public and private patrimony) if these acts had occurred before the prescribed time period. The auditing of each public entity should be determined in order to avoid the failure of action. 41. Courts of Accounts may select and perform audits with complete discretion. In other cases, they may be constrained by authorities to perform certain compliance audits. 42. In establishing the annual audit programme, auditors in Court of Accounts consider: a) the scope and characteristics of the compliance audit, taking, in particular, into account the procedures for selecting the individual public accounts or entities to be audited; b) amendments made by the collegiums; c) records and documentations of the discussions and decisions on audit risk, materiality and timing of the audit; d) changes in the initial circumstances which may lead to program adjustments. 5.2.2 Considerations with regard to Processes in Various Court Models 7

43. Some SAIs operating in a Court of Accounts environment follow the audit process as it is described in the present guidelines. However, following the planning, performance and evidence gathering phases, additional and specific issues may lead to opening the process of instruction and to a final formal judgement. (ISSAI 4100 190). 44. In the event that it is decided to instruct a case, the objective of instruction is to gather sufficient and appropriate evidence on the liability of the public official who allegedly caused a damage, so as to allow a judgement to be made. 45. In the Court of Accounts context, the audit planning and execution and evidence gathering may be part of the instruction phase. This is particularly important for SAIs where auditors may also act as judges. 5.2.3 Considerations with regard to Prescription 46. Public officials may not be held indefinitely liable for deficiencies in collecting and utilising public goods, funds or assets or in managing debts and liabilities. Misdemeanours may be time limited. Auditors in Courts of Accounts take into account temporal limitation issues in order to establish the liability of the public officials involved. 47. In performing audits and establishing the personal liability of the responsible persons, auditors in Courts of Accounts need to identify and gather evidence regarding: a) the applicable prescriptive period; b) any actions interrupting, suspending or extending prescription of personal liability; c) the exact time period for which each public official might be held liable (for more details on prescription considerations, see appendix 1) 5.2.4 Considerations with regard to the Submission of Public Accounts or other Relevant Documents and Identification of Responsible Public Officials 48. Court(s) of Accounts may plan to take into account public accounts submission. In this case, auditors in Courts of Accounts identify the list of entities that have submitted or should submit their accounts before deciding whether an entity is to be included or not in the audit programme. 49. When an entity fails to comply with the obligation to submit the accounts or other relevant documents, sanctions may be imposed. 50. When planning and performing compliance audits, auditors in Courts of Accounts should take into consideration the need to: a) identify the person(s) who may be held liable for acts of non-compliance (see paragraphs 25 and 30) b) take into consideration the applicable prescriptive period (see paragraphs 46 and 47). 8

c) distinguish personal liability for acts of non-compliance from the liability for unlawful acts (suspected fraud and corruption) (see paragraphs 79-81). 5.3 Materiality and Risk Assessment 51. When performing compliance audits of public accounts or of the general state budget accounts, auditors in Courts of Accounts also need to: a) Obtain reasonable assurance as to whether the information presented in the public accounts and the underlying transactions are in compliance, in all material respects, with the authorities that govern them b) Determine whether the execution of the state budget and the management of the state s public and private patrimony have been carried out in compliance, in all material respects, with the governing authorities and with individual public accounts (ISSAI 4100, 185) 52. In performing compliance audit of the general state budget accounts, auditors in Courts of Accounts shall plan and perform suitable procedures to determine, whether budgetary transactions and the management of the state s public and private patrimony are in compliance, in all material respects, with the authorities governing the budget execution. They shall also determine whether the general state budget accounts are, in all material respects, in compliance with the individual public accounts. 53. In performing an audit of individual public accounts, auditors in Courts of Accounts shall determine the appropriate materiality level that allow them to conclude, whether, in all material respects, the activities, financial transactions and information regarding the establishment and use of public funds and the management of the state s public and private patrimony are in compliance with the authorities which govern the audited entity. 54. Considerations in regard to determining appropriate materiality may include the following: a) the consequences of the non-compliance/unlawful act on the individual public accounts and in relation to budget appropriations or the entity s patrimony, b) the significance in relation to legislative oversight of executive bodies, or other principles concerning the roles of different public sector bodies, c) the significance in relation to fundamental principles of law, d) the significance in relation to guaranteed rights of citizens and communities in relation to public sector bodies, e) the significance in relation to legality, transparency and accountability in public administration and other principles of good governance. 55. Auditors in Courts of Accounts should assess risks of non-compliance acts. In assessing such risks, they should consider the possibility that inappropriate proposals may be made in relation to the liability of the responsible persons which may lead to the report being subject to an appeal. 9

56. In assessing the risk of material non-compliance, auditors in Courts of Accounts shall assess the possibility that an inappropriate conclusion could be given on the compliance of the general state budget execution with authorities which may result in an inadequate decision of the Parliament. 6 Performing Compliance Audits and Gathering Evidence 6.1 Understanding Internal Control related to the Audited Entity 57. The Fundamental Auditing Principles explain that in performing an audit, public sector auditors should understand and evaluate the reliability of internal control (ISSAI 300, 3.3.1). In the compliance audit of public accounts or the general state budget accounts, this includes understanding and evaluating controls which assist public accountants and other officials in complying with laws and regulations. 58. Internal control of public accounts may be exercised by officials who are external to the entity being audited. Such officials are nevertheless considered to be part of internal control in the sense that they are internal to the government. 59. In evaluating internal control, auditors in Courts of Accounts shall check that the public accounts submitted to the Court of Accounts are officially certified by a competent body and are reliable. 6.2 Gathering and Evaluating Evidence 61. In gathering evidence, auditors in Courts of Accounts also consider the provisions of ISSAI 4100 and ISSAI 4200 as appropriate. 62. Auditors in Courts of Accounts shall gather evidence to formulate their conclusions on public accounts and to assess the risk factors concerning the entity under audit. 63. In auditing compliance of the public accounts auditors in Courts of Accounts should apply the same principles as for the compliance audit related to audit of financial statements. There may, however, be additional considerations in relation to compliance audit of public accounts. 64. Auditors in Courts of Accounts should determine who is/are responsible for noncompliance/unlawful acts. Establishing personal liability requires that gathering and evaluating evidence must be in all cases performed in relation to the public accountant/official involved. 65. In planning and performing audits, auditors in Courts of Accounts need to gather sufficient and appropriate evidence regarding the liability of the public official who might be held responsible for non-compliance/unlawful acts in relation to: a) the establishment and use of public funds resulting in their loss, waste or misuse, b) the management of the state s public and private patrimony, c) the information in the financial statements. 66. In evaluating the evidence, auditors in Courts of Accounts need to consider: 10

a) sufficiency (quantity) and appropriateness (quality) of the obtained evidence, b) relevance to personal liability of the responsible person and, c) prescription of the evidence. 67. The evidence gathering process continues until the auditor in a Court of Accounts is satisfied that sufficient and appropriate evidence exist to provide a basis for the auditor's conclusion to be proposed on whether the responsible persons are liable for the loss, misuse or waste of public funds or are discharged for their management. 68. Courts of Accounts may, in particular, use the method of inquiry as set out in the laws governing the procedures of the audit of public accounts. The inquiry must be in written form. This may involve preparing and sending a written communication to the relevant responsible persons asking for specific information which the audit team considers to be indispensable to support conclusions related to the liability of the responsible persons. 69. In case compliance audits reveal facts that may involve public officials liability, the auditor in Court of Accounts considers that gathering and evaluating evidence should bring sufficient elements concerning the following aspects: a) relevance related to the faults made; b) estimation of financial loss or waste of public funds or assets (for more details, see appendix 2); c) identification of the liable public officials. 6.3 Documentation 70. The entire audit process shall be documented. 71. The Fundamental Auditing Principles state that audit evidence gathered must be adequately documented (ISSAI 300, 3.5.5 and 3.5.6) and be sufficiently complete and detailed to enable an experienced auditor, having no previous connection with the audit, to understand what work was performed in support of the conclusions (ISSAI 300, 3.5.7). 72. The audit documentation should be sufficiently complete and detailed to enable the reviewer to examine the conclusions made by the initial audit team. The reviewer may suggest that certain conclusions be amended or dropped if there is a lack of documentation to support the initial conclusion. 73. In auditing public accounts, the accounts and underlying documents are considered to be prime supporting evidence and thus should be retained (originals or copies as appropriate) for an adequate period of time to enable the public officials to ask for the conclusions to be reviewed, in case they have been held liable by the audit team. 74. Public officials are allowed to present further documentation to support requests to have the initial conclusions reviewed. 11

6.4 Communicating with auditees 75. Communication between Courts of Accounts and public accountants and other public officials who have been subject to audit procedures may be set out by laws that define precisely when and how the audit team can communicate with the audited person. Communication may take place at various phases, for example: a) before the audit mission this may include informing the audited entity about the upcoming audit and asking the public officials to make sure that all documents and necessary information should be prepared for the beginning of the audit. b) during the submission of the public accounts and underlying documents. This phase includes asking the public officials to complete documentation if any document is detected to be missing. c) during the performance phase, including gathering evidence and sending letters to collect further information. Auditors in Court of Accounts should privilege written communication, because correspondence can be useful to support a conclusion in particular when they receive no answer to communications they have sent d) during the reporting phase, including issuing written reports on a timely basis to the intended users. The list of the intended users may be determined by the law which identifies to whom the final report must be sent for reply. This may include the relevant public accountant, other officials or the relevant public entity. e) during the follow-up phase. The list of intended users may include the Parliament, the Government or local authorities. 6.5 Considerations relating to the Reporting of Suspected Unlawful Acts 76. Issues that may result in legal action or prosecution for a criminal offence are communicated to the judge, attorney or department responsible for dealing with judgement issues within the Court of Accounts or within other bodies, as appropriate. 77. When enforcing the law regarding public officials, decisions taken by Courts of Accounts are subject to: a) Due process of law and public hearing; b) Public disclosure; and c) Communication to appropriate law enforcement authorities when there is evidence of a criminal offence. 78. Whilst detecting potential unlawful acts, including fraud and corruption, is normally not the main objective of performing a compliance audit of public accounts, auditors in Courts of Accounts do include fraud and corruption risk factors in their risk assessments, and shall remain alert for indications of unlawful acts in carrying out their work. 12

79. Auditors in Courts of Accounts need to consider that personal liability of non-compliance acts is distinct from liability for unlawful acts. These two types of irregular acts may be subject to different reporting and follow-up procedures. 80. Auditors in Courts of Accounts need to remain aware that personal liability for a non compliance act can be linked to an unlawful act. The Court of Accounts must inform the prosecution body who decides whether or not the case should be treated in a court of justice. 81. Courts of Accounts should perform compliance audits and judge non-compliance acts within different structures in order to avoid conflict of interest. Transmission of the case from one structure to the next is normally made through the prosecution body within the Court. 6.6 Considerations relating to the Prosecution Procedures in Jurisdictional Audit 82. Some Courts of Accounts comprise a public prosecutor service, whose duties cover a wide range of activities that may include, but not exclusively, prosecuting judgement phase, forming conclusions or opinions on audit reports 83. The public prosecutor service verifies whether the evidence gathered on personal liability is sufficient and appropriate for prosecution. When the public prosecutor decides that no jurisdictional procedure is required, this decision should be explained. The public prosecutor should explain his/her conclusions on liability or on discharge. 84. When the prosecutor has no power to decide on the jurisdictional procedure that is required, (s)he provides comments and conclusions presented for each issue in the final audit report. In that case, it is the Court of Accounts who will decide on the personal liability of the public official in order to charge or to discharge him. 7 Evaluating Evidence and Forming Conclusions 7.1 Specific Considerations on Evaluating Evidence and Forming Conclusions in auditing Public Accounts 85. In addition to the concept of materiality as set out in ISSAI 4100 and ISSAI 4200, evidence obtained shall be evaluated based on the concept of personal liability of the public official under audit. 86. Auditors in Courts of Accounts evaluate, based on their professional judgement, whether there is sufficient and appropriate evidence that the public official can be held personally liable for acts of non compliance 87. Professional judgement in determining whether or not the public official is personally liable for non-compliance acts may include: a) an assessment of the way the responsibilities mentioned by the law or included in the public official s job description were carried out; 13

b) determining whether the public official s non-compliance or unlawful act determined the identified loss, misuse or waste of public funds or goods; c) an assessment of the possible liability exemption circumstances (force majeure, unforeseeable circumstances ), d) an assessment of the relationships between public accountants and public managers, and e) the possible effects and consequences non-compliance acts may have. 7.2 Subsequent Events 88. Information contained in public accounts may be affected by subsequent events. These events may have a substantive effect on the auditor s conclusions on the liability of the public officials under audit. Auditors in Courts of Accounts should consider subsequent events to ensure that subject matter information still complies, in all material respects, with the information available at the date when the individual public accounts were submitted. 89. Due to the time elapsed between the date of submission of public accounts and the issuance of the report, auditors in Courts of Accounts may consider to: a) obtain further information on the public accounts, and b) review the initial conclusion. 8 Reporting 90. The Fundamental Auditing Principles state that a written report, setting out findings in an appropriate form, should be prepared at the end of each audit (ISSAI 400, 4.0.7a). 91. The principles of completeness, objectivity and timeliness are important in reporting on compliance audit of public accounts. 8.1 Form and Content of the Compliance Audit Report 92. The form of the report should explain the methodology applied by the auditor in determining whether each responsible person involved in collecting, administering, managing or utilising public funds or assets registered in the public accounts is liable for acts of non- compliance or not. 93. In general, the compliance audit report includes the following elements: 1) name of the entity; 2) the timeframe of the audit; 3) the scope, the subject matter and the audit method 14

4) the identified criteria 5) the public officials involved and their responsibilities, 6) identification of the auditing standards applied in performing the work, 7) transactions affected by non-compliance acts and/or possible unlawful acts. This should include, as appropriate: a) a description of the finding and of its cause, b) the legal act which has been infringed ( the audit criteria ), c) the consequences of the non-compliance acts and/or possible unlawful acts; d) the responsible persons and their explanations regarding their non-compliance acts and /or possible unlawful acts, e) the auditor s professional judgement which determines whether the public official is or not personally liable for non-compliance acts, f) the value of the loss/misuse/waste created and the amount to be paid due to personal liability g) any measures taken by responsible persons during the audit to repair the loss/misuse/waste created, h) sanctions applied by auditors during the audit. 8) the management s arguments on the non-compliance/unlawful acts, 9) conclusions, 10) proposals for decisions, 11) report date 12) signature. 8.2 Identified Criteria 94. The criteria against which the subject matter is assessed should be presented in the auditor's report. Auditors in Courts of Accounts should explicitly identify the list of authorities with which responsible persons are expected to comply. Clear identification of the criteria in the compliance audit report is important so that the public official concerned can understand the basis for the conclusions or decisions contained within the report. The identified criteria must show clearly why responsible persons are held personally liable. 95. The report must explicitly identify the criteria used to determine the amount of loss, misuse or waste of public funds due to transactions affected by non compliance acts. 15

96. The public accountant and other public officials can request that the report be reviewed due to the inclusion or use of non-relevant criteria. 8.3 Conclusions 97. Courts of Accounts may conclude in different forms. A public official may be discharged or held personally liable for non-compliance acts (see appendix 3). These audit conclusions are merely proposals. Final decisions are made in the judgement phase. 98. Where no material instances of non-compliance have been identified, the conclusion may be to discharge the public official. An example of the form for such a discharge may be as follows: " the transactions/use of public funds/management of public patrimony is in compliance, in all material respects, with [the applied criteria]."an example of an auditor s report with discharge of a public official is set out in appendix 4. 99. Where material non-compliance acts have been identified, the conclusion may be to charge the public official and recover from him / her amounts resulting from the loss, misuse or waste of public funds due to the non-compliance acts. An example of an auditor s report with charge of a public official is set out in appendix 5. 100. Where performing compliance audit in which more than one public official is involved, conclusions must be expressed in a distinct way so as to specify the personal liability of each one. Likewise, penalties should be determined separately for each responsible person. An example of an auditor s report with conclusions charging one public official and discharging another is set out in appendix 6. 101. When the Court of Accounts performs a compliance audit on the general state budget, two forms may be involved: certification or general compliance act. 102. Courts of Accounts may provide annually a specific report on compliance of the general state budget execution with the budgetary act. In this report the findings identified by auditing the individual public accounts may be taken into consideration. 103. The Court of Accounts prepares each year a report on the state budget. This report includes but is not limited to the following aspects: a) Compliance with the Framework Law of the state budget, and other complementary legislation concerning financial administration; b) Comparison between the budgeted and implemented revenue and expenditure; c) The inventory and balance sheet of the State s assets and liabilities; d) The financial flows between the State Budget and the business sector of the State; e) Treasury operations, identified by type of operation; f) Use of public borrowing, or indirect responsibilities such as the granting of guarantees; 16

g) Allowances, subsidies, tax benefits, credits, bonuses and financial guarantees; h) Contingent assets. 104. Parliament may rely on this report to grant discharge of responsibility to the government where the budget has been executed in compliance with the applicable law, for instance the budgetary act. The conclusions on the compliance of the execution of the general state budget may be used to support the general compliance act. An example of this act is set out in appendix 7. 8.4 Injunctions and Recommendations 105. Reports on compliance audit of public accounts may include injunctions and recommendations. Personal liability is concluded only in relation to injunctions. Recommendations have no effect on the personal liability of the public officials. 106. Injunctions shall be clear so that the public official knows precisely what action is required. Injunctions must be specific enough to give explicit notice of precisely what is forbidden and what is prescribed. 8.5 Responses from the Audited Entity 107. Incorporating responses from the auditees by reporting the views of public accountants or other public officials is included in the principle of contradiction. 108. In performing the audit of public accounts or the general state budget accounts, the response given by the public officials is important when deciding whether they are definitely liable of noncompliance acts or not. Auditors in Courts of Accounts take into account the information contained in the response provided to modify or to approve the initial conclusions formed within the initial report. 109. In some Courts of Accounts a final report is prepared in the light of the response provided by the public accountants or other public officials. Auditors in Courts of Accounts form the final conclusions and propose the final decisions to be made by the senior staff. 110. Courts of Accounts may have the power to exercise judgements and decisions over the accounts and over responsible persons, including accountants, authorising officers and managers of public funds (ISSAI 100, 1.0.21). 111. Auditors in Courts of Accounts may communicate compliance issues that may result in legal action or prosecution for a criminal offence to the judge, attorney or department responsible for dealing with judgement issues within the Court, and to other bodies, such as the legislature or relevant ministers as appropriate. In addition, Courts of Accounts may also communicate remarks of a more general or informative nature resulting from the audit work to appropriate officials of the audited entity. 112. When reinforcing the law regarding public officials, decisions taken by Courts of Accounts are subject to: 17

a) due process of law and public hearing; b) public disclosure, and; c) communication to appropriate law enforcement authorities where there is evidence of a criminal offence. 18

Appendix 1 Prescription The audit of each public entity should be determined in order to avoid the failure of action if it was not started within the prescribed time period. The right to action, having a patrimony object, is cancelled by prescription if it was not exercised within the legal period. Together with the cancellation of the right to action pertaining to a main right, the right to action related to accessory rights is also cancelled. Generally, the prescription of the right to action pertaining to the damage caused by the noncompliance act starts the day when the damaged party knew or should have known about the loss as well as about the person responsible for it. The prescription period may be interrupted if the responsible person decides to cover partially or totally the loss or if the damaged party has started legal action against the responsible person in order to recover the loss. The prescription period may be suspended as long as the responsible person is prevented, by force majeure, to compensate the damage. Where the need for compensation derives from an unlawful act and the criminal law establishes a longer prescription period than the civil law, the prescription deadline of the criminal liability is also applied to the right to action under civil liability. Appendix 2 - Estimation of financial loss or waste of public funds or assets Any loss or waste of public funds or assets should give entitlement to repair. In establishing the value of the loss or waste caused by a non-compliance act auditors need to make sure that this is patrimonial, present and not future, undoubtful and it was not yet compensated. In determining the compensation, if the law is not specifying otherwise, the auditor should identify the date when the injury occurred. Generally, the right to compensation exists from the day when the damage ( financial loss or waste ) was done, even though this right cannot be immediately put into practice. The damage should be fully compensated, if the law does not specify otherwise. The compensation should cover the loss, the gain that the liable public official could have generated under normal circumstances, as well as the costs for avoiding or limiting the damage. If the non-compliance act also caused the waste of an opportunity to obtain a benefit or to avoid a loss, the compensation should be proportional to the probability of getting the respective benefit or, as appropriate, to avoid the damage. The compensation of the damage should be done by restoring the previous situation and, if this is not possible, by payment of a remedy established through parties agreement (the public entity s management and the liable public official ) or, failing that, by court order. 19

Appendix 3 - Example of an auditor s report with a potential personal liability This example reflects the situation where there has been non-compliance with authorities, in particular the relevant legislation and the purposes and intentions of the legislature. The auditor has determined that the effects are material, but not pervasive. The introductory sections of the report, and sections following the compliance opinion, are unchanged from the forms of auditor's report on compliance as explained in examples given in appendices of the 4100.... [appropriate introductory sections of the report] Report on Compliance... [appropriate introductory text] Basis for a non compliance act During the year, government agency ABC received budget appropriations through the Ministry of Education for national educational purposes. Our audit revealed that grant expenditure for the year included $10 million to overseas high tech manufacturers. Based on [the legislation governing the audited entity], the manager of the government agency ABC did not have the power to make grants to overseas bodies. The expenditure related to grants paid out to overseas bodies has not been applied to the purposes intended by the legislature and is therefore not in compliance with the authorities which govern it. During the audit phase no measures have been taken to damage. Questioned about the non compliance act, the manager said that even though he has no power to grant overseas body, he acted with the full intention to be effective. The $10 million granted to overseas high tech manufacturers was useful for implementing new social policy. Proposals on a potential personal liability The non compliance act of paying grants to overseas bodies may potentially lead to the personal liability of the manager of the government agency. For the purpose of assessing the personal liability it is suggested to prosecute the case for judgment phase. Appendix 4- Example of an auditor s report with a proposition of discharge of public accountant Given the public accounts submitted by the public accountants of the ABC related to the time period Given the documentations demonstrating the designation of the following persons as public accountants of the ABC 20

Given law n issued at...related to Given decree n issued at...related to Given the general prosecutor opinion Concerning the public accountants x1 and x2 Given no injunction has been issued against the public accountants x1 and x2 as accountants of the ABC during the time period Given the fact that the public accountants are in compliance, in all material respects, with authorities; Conclusion It is suggested to provide discharge to the public accountant x1 and x2 concerning their management as public accountants of the ABC; Appendix 5 - Example of an auditor s report with charge of a public official In this example, the compliance subject matter relates to the payment of public expenditures, and the audit revealed that some of the payments made by the public officials x 1 have been irregularly performed. Given the documentations demonstrating the designation of the following persons as public accountants of the ABC Given law n issued at...related to Given decree n issued at...related to Given the general prosecutor opinion Concerning the public accountant x1 Given the injunctions that have been issued against the public accountant x1 as accountant of the ABC during the time period ; Given the charge revealed against the public accountant x1 Conclusion It is suggested to consider the public accountant x1 liable of his management as public accountants of the ABC; The public accountant x1 is ordered to repair the damage occurred. 21

Appendix 6 - Example of an auditor s report with charge of a public accountant and discharge of another In this example, the compliance subject matter relates to the payment of public expenditures, and the audit revealed that some of the payments made by the public accountant x 1 have been irregularly performed. Given the public accounts submitted by the public accountants of the ABC related to the time period Given the documentations demonstrating the designation of the following persons as public accountants of the ABC Given law n issued at...related to Given decree n issued at...related to Given the general prosecutor opinion Given the explanations of the public accountant x regarding the non compliance acts. 1-Concerning the public accountant x1 Given the injunctions that have been issued against the public accountants x1 as accountant of the ABC during the time period ; Given the charge revealed against the public accountant x1 ; Given that no measure has been taken by the public accountant x1 to repair the damage; It is suggested to consider the public accountant x1 liable of his management as public accountants of the ABC; The public accountant x1 is ordered to repair the damage occurred. 2-Concerning the public accountant x2 Given that no injunctions have been issued against the public accountants x1 as accountant of the ABC during the time period ; Given the fact that the public accountant x2 is in compliance, in all material respects, with authorities; It is suggested to provide discharge to the public accountant x2 concerning his management as public accountants of the ABC. Appendix 7 - Example of a general compliance act 22

General Compliance Act by the SAI of XXX Given the general budgetary act Given the general budget statements related to year X Given the individual public accounts related to year X Given laws governing the SAI of XXX; The total amount of resources raised during the year is... The total amount of expenditures paid during the year... The final result of the budget execution is... Conclusion 1. The general state budget of year X has been executed in compliance, in all materiel respects, with the general budgetary act; 2. The general state budget of year X is in compliance, in all material respects, with the individual public accounts; 3. The final result of the general state budget of year X is adopted. Appendix 8 - Example of a general compliance act with Unqualified Opinion on the State Budget and Disclaimer on Compliance General Compliance Act by the SAI of XXX Given the general budgetary act Given the general budget statements related to year X Given the individual public accounts related to year X Given laws governing the SAI of XXX; The total amount of resources raised during the year is... The total amount of expenditures paid during the year... 23