Different ways of implementing the ISSAIs
INTOSAI encourages all Supreme Audit Institutions to implement the ISSAIs in accordance with their national mandate and circumstances. [Congress declarations – especially the SA Declaration from 2010] The ISSAI 100 provides for the fundamental principles, which INTOSAI has defined as universally applicable professional standards. The auditing practices of all SAIs as well as any national standards for public sector auditing should be aligned to these. [Classification Principles]
The ISSAI 100 aims to safeguard the independence of SAIs and reflects that SAIs may be mandated to perform many types of engagements [ISSAI 100/13-14]. A SAI may take strategic decisions on which auditing standards are applicable, which engagements will be conducted and how they will be prioritized. [ISSAI 100/16]. This may include financial audits in accordance with ISSAI 200, performance audit in accordance with ISSAI 300 and/or compliance audits in accordance with ISSAI 400. It may also include engagements combining aspects of these three audit types as well as or other engagements. [ISSAI 100/22-23]. The ISSAI 100, therefore, provides for three different ways of implementing the ISSAIs [ISSAI 100/8]:
- Option 1: The SAI may develop standards based on ISSAI 100 and the relevant auditing principles of ISSAI 200, 300 and/or 400. In this case, the individual audits will need to comply with the requirements of the standards developed by the SAI. The SAI will need to ensure the standards comply with all relevant principles in ISSAIs 100, 200, 300 and 400, and maintain and update the standards as needed.
- Option 2: The SAI may adopt national standards that are consistent with ISSAI 100 and the relevant auditing principles of ISSAI 200, 300 and/or 400. In this case, the individual audits will need to comply with the requirements of the relevant national standards. The SAI will need to monitor that the national standards remain consistent with the relevant principles in ISSAIs 100, 200, 300 and 400.
- Option 3: The SAI may adopt the ISSAIs as their authoritative auditing standards. In this case, the individual audits will need to comply with the requirements, defined by the financial audit standards, performance audit standards and compliance audit standards of the ISSAIs 2000-4888. INTOSAI is responsible for developing and maintaining these standards as needed and ensuring they remain consistent with the ISSAIs 100, 200, 300 and 400.
When implementing the ISSAIs, the SAI will also need to define the relevant organizational requirements.
The ISSAI 100 provides that the SAI should establish and maintain appropriate procedures for ethics and quality control. The ISSAI 130 and 140 may be used as guidance for SAIs using option 1 above. [ISSAI 100/35].
In case the SAI chooses to adopt national auditing standards (option 2) or adopts the ISSAIs (option 3) as their auditing standards, they will need to ensure that their system of quality control and code of ethics meets the requirements defined by the relevant auditing standards. The ISSAIs cannot be applied directly as auditing standards (option 3) unless the SAI complies with (SAIs comply with / SAI complies with) the relevant ISSAI organizational requirements in ISSAIs 130 and ISSAI 140.
The INTOSAI Principles (INTOSAI-Ps) and INTOSAI Guidance (GUID) may also be useful for SAIs and auditors in the implementation process:
The INTOSAI-Ps outline the general prerequisites for the effective functioning of a SAI and may inform national legislators and stakeholders as well as the SAI. The INTOSAI-Ps may, therefore, be relevant for assessing and establishing the necessary legal, financial, and organizational preconditions for implementing the ISSAIs.
INTOSAI Guidance (GUID) aims at supporting the auditors in carrying out their audit work in a way that is in line with the principles, requirements, and application material provided by the ISSAIs.
Other INTOSAI Resources