Developing Pronouncements on Auditor Competence

SAI Norway Representative: ISSAI 100 related to new ISSAI 150 Para 36: add “in accordance with their mandate” to the first sentence to read “Each SAI should establish and maintain procedures for competency management on an organisational level that will provide it with reasonable assurance that the SAI’s auditors have the competencies required to fulfil their function in accordance with their mandate”. ISSAI 150 Para 15: Suggested text to make the requirement more focused – “A SAI shall determine and document what is relevant competencies required for all auditors to fulfil the SAI mandate.” ISSAI 150 Para 24: It is advisable to explain what the processes and practices are in the requirement, not only in the application text. The paragraph should then be: “A SAI shall have appropriate human resource management processes and practices in order to attract, recruit, develop and retain auditors with relevant competencies determined by the SAI” ISSAI 150 para 34: the use of the word monitor can be perceived as rather strict. It is maybe better to use the word ‘follow-up’. Maybe also use the word ‘tools’ instead of ‘means’ to make it broader. The paragraph should then be: “A SAI shall develop and implement the tools for assessment of competencies and follow up on auditor development progression or self-development on a periodic basis.” Consolidated feedback from Compliance Audit Subcommittee SAI Azerbaijan Representative: The documents were reviewed and we consider these documents acceptable and useful for the future activities of Supreme Audit Institutions

SAI Lithuania supports all three documents and appreciates effort, that was put into drafting those. While seeing documents as being prepared in a very professional manner, we further provide some comments / suggestions on those three documents: ISSAI 150: Overall, we would find very useful, if more detailed reference to GUID 1950 and 1951 would be provided where they provide guidance to certain requirement of the standard. Would make it easier to look it up. All three documents include explanation of same terms, so we would suggest to have those main terms in ISSAI 150, and only include references to this ISSAI in GUID1950 and 1951 as to avoid repetition of the same information. Paragraph 36 talks about providing the SAI with reliable information about the success of development interventions undertaken and the impact of these interventions on the work of the SAI. At the moment in our SAI we feel like we need more information as to what is considered reliable information and whether it is always possible to reliably assess impact of each individual development intervention (e.g. training course). GUID 1950: Paragraph 7(c) refers to paragraph 6(b). Should it be 7(b) instead? Or is it about some other document – which then should be mentioned. We think the reader might find it useful if paragraph 16 would contain certain overlook of what will be presented further in the document – maybe by simply listing titles A, B and C? Formatting of the title “Alignment to the INTOSAI Framework of Professional Pronouncements“ should be changed in order to align it to the following titles (“Ongoing relevance”, “Core consistency”, etc) Should paragraph 53 belong in page 20, rather than in ANNEX (page 21)? Reg. 1950th GUID: Numbers of guidelines (7500 ir 7600) should be corrected in the 5th paragraph, table on page 18 as well as table on page 27.

Dear Colleagues,The Audit Office of Hungary essentially agrees with the content of the draft ISSAI 150 standard and the GUID 1950 and 1951 guidelines, and is able to fully comply with the guidelines set out in the draft ISSAI 150 standard by the expected date of entry into force (1 January 2023).We recommend that the development of the competency framework, and in particular the establishment of the related recruitment and performance evaluation methods, and the use of its results in the allocation of resources shall be carried out by the SAI in accordance with the applicable labor law and data protection regulations in their up-to-date version. Furthermore, we recommend to draw attention to the legal risks of defining and measuring certain competencies related to psychological or personality traits.In addition to labor law and data protection aspects, we recommend not including personal competencies in the appendix to the GUID 1950 guide, which in our opinion do not fall within the factors determining the professionalism of a public finance auditor (for example the assessment of emotional intelligence may reveal specific psychological and health features of a given person or the assessment of the respect of diversity may relate to specific data on philosophical beliefs). It is recommended that the competencies imposed on public financial auditors formulate objective requirements for suitability for work and professionalism.With respect to the accelerated digitalisation processes and the introduction of technological innovations concerning the management of human resources, it is proposed to emphasize that IT systems supporting decision making are acceptable, but decision-making automation should be avoided. During the measurement of basic skills, creating related database, and then in the phase of utilisation and application in practice, it is extremely important to bear in mind the full compliance with the labor law and data protection regulations in force in their up-to-date version.It is also recommended that digitization skills and competencies shall be included at the basic level of skills in the draft GUID 1950 guide.With best regards,

Comments to ISSAI 150 General comment on table of contents - another numbering to make structure of content easier to follow The paragraphs in this present draft, run from 1 to 38 without reference to chapter or which organisational requirement the paragraph relates to. The structure would be easier to understand and follow if the numbering would originate from a chapter and relate to a specific requirement. General comment on graphic design – recommendation to use illustrations to highlight key statements Discrete illustrations to single out key statements, would add value to make the content more user-friendly. An example: paragraph (6) states the purpose of the document and a highlight, like a background of a different colour, would make the content stand out and add to the design. A different graphic could also apply to the headlines/organisational requirements 1-4. Illustration as part of an introduction Chapter 5  It would add value if a graphic illustration would be added at the beginning of chapter 5. It would add to the understanding of what the chapter contains if a graphic illustration would show the headlines connected to the organisational requirements. A good example of how illustrations help the understanding of the content, are page 8-9 in the CBC Competency Framework for public sector audit professionals at Supreme Audit institutions (updated July 19). Clarification where the GUIDs apply - refer to “further reading and support” in an illustrated “box” An illustration of a box, which includes text that directs reader to a GUID can be helpful to understand the organisational requirement and the application material. An example: next to the text “organisational requirement 1”, have a box that informs the reader that GUID 150 is applicable. Specific comment regarding paragraph (13) – broaden definition of competency framework to include groups/teams A competency framework is described/defined as a model that defines the competencies expected of an individual auditor. This is applicable to how Swedish NAO works with competency development. There is a clear pathway how to develop and ensure that every auditor holds the required competency to perform the audit. As explained in paragraph (21), the competency framework can also be applied to groups or teams. An approach at the Swedish NAO is to define the required competences to perform audit based on a team, not only on individual auditors. This is more frequent within performance audit. A recommendation is to add this application to paragraph (13). Specific comment regarding paragraph (25) – a description of what HR contains As previously commented: the GUIDs do not give adequate support and guidance on how to deal with organisational requirement 2 (“A SAI shall have appropriate human resource management processes and practices to ensure that its auditors have the relevant competencies determined by the SAI”). The strategies and processes which paragraph 25 refers to, are extensive and contain most HR strategies/policies which characterizes a well-developed HR function. The two GUIDS do not address these strategies and processes enough to support the application of this requirement. A recommendation is to refer to material which offer further support how to develop and implement that which paragraph 25 refers to (CBC HR Manual or regional HR handbooks?). To make the list of processes complete, add to the list in paragraph 25: Induction, Leadership development, Staff wellness and Exit.   Comments to GUID 1950 General comment on graphic design – use illustrations  A general suggestion to the GUID is to include as many illustrations as possible, to improve and help understanding. The content is quite complex (even for someone well acquainted with HR) and any design that helps to highlight, summarise, or illustrate processes step-by-step - would add value. An idea is to highlight parts which help readers to a categorization like “must have”, “need to have” or “nice to have”. This would help SAIs with less developed HR functions to know what to prioritise to get a competency framework in place. General comment on disposition of content Chapter 5 and onwards When reading about the T-bar (paragraph 17-20), it would be logical for the reader to get a continuation and an explaining of the methodology of how to, step-by step. A more user-friendly continuation would be to go on reading paragraph 31-43 and continue with paragraph 27-30 and a final chapter about assessment paragraph 44-52. This would create a flow of going from general instruction to more specific information (that may not be applicable to all SAIs). Paragraph 21-26 feels like a side-track in this flow of “step-by-step-guide”. General comment – add introduction about competency framework It would be useful to get an introduction of the competency framework and its purpose in chapter 3, before unpacking it into definitions and methodology. A reference is chapter 2, in the CBC Competency Framework for Public Audit Professionals at Supreme Audit institutions (updated July 2019). That kind of HR-related introduction, showing the benefits of a competency framework, gives the reader a good overview of how the competency framework is a useful platform for a variety of HR-related processes. An introduction about the competency framework would improve the understanding of paragraph 17 and onwards. It would also add to the understanding of how the processes in paragraph (25), ISSAI 150, are connected to one another. Specific comment regarding paragraph (26) – give example work task connected to competency Recommendation to add a work-related task for an auditor, for each competency. This will clarify what the competency is needed for and how the competency will be demonstrated. Specific comment regarding paragraph (31) to (37) – summarize this section Recommendation to use graphic design/illustrations to summarize paragraphs 31-37 and make the section less extensive. Have illustration to show “Abilities and skills to perform well” and summarize the text. Specific comment regarding chapter 6 – annex Is there a template/form that could be included, with no text, but only headlines to use when getting started and documenting their framework?      

A competency framework is a conceptual model that details and defines the main/relevant competencies expected of an individual auditor for a specific task and for a specific position within an organisation. Competency frameworks need to be largely stable and timeless at a broad level. At a more granular level, they need to be dynamic, reflecting the expectations of an everchanging world. They seek to define the elements needed to drive success and high performance, and will change depending on the circumstances.

Please notice that in some parts of the document there are references to GUID 7500 and 7600 instead of GUID 1950 and 1951.

In general terms, the SAI Brazil supports all three documents.

We would only like to emphasize that a complete competency framework is not necessarily enough. Even if we have adequate and well-defined competencies, the auditors might not get access to them in practice. Having a framework is different from using and applying it. When a SAI doesn´t apply the competencies in human resources management processes, there is more space for "political" arrangements in people management.

The SAIs must apply the mapped competencies in practice, which is probably quite simple for SAIs in developed countries. However, in the developing countries it is not the case. It would be good to make clear that the SAIs need to have a framework of competencies for the auditors, and stress that these need to be applied in the work processes.

In the TCU we have the competencies mapped since 2003, however they have not been taken into consideration in most management processes. Only recently the capacity building has addressed the gaps in the identified competencies. The departments carried out diagnosis about the gaps to ask for capacity building activities. This is a good example of the attitude change of the SAI. Nowadays the competencies are basis for decision-making, which is essential for the success of the framework.

Not related to the document as such, we would just like to share with you our experience in creating capacity building paths for auditors: we have not made a distinction between performance and compliance audit. There are 16 competencies that apply to both. Only the differences are addressed in separate courses. For financial audit, we have a specific learning path. As said, this is not related to these documents, rather it is aimed to contribute to the wider discussion in Intosai about the differences or similarities between the three audit types.

  The Romanian Court of Accounts appreciates the effort made by the Working Group for the Professionalization of Auditors (TFIAP) within the CBC and sends the following comments and proposals: General comments on ISSAI 150, GUID 1950 and GUID 1951 from the Romanian Court of Accounts:   Following the analysis of the materials exposed for comments by the CBC, it can be noticed a coherence of information between the three materials, correct reference introduced in order to avoid duplication of information, clarity of principles and flexibility of guidance provided, as well as fluidity of texts within their contents. The draft ISSAI 150 standard provides a complete and practical set of organizational requirements that the Romanian Court of Accounts has already taken into consideration in developing the job profile of the position, to ensure that auditors have the necessary competencies to perform audits in accordance with ISSAI standards and with the applicable legislation in the context of the audit missions in which they will be designated. The four organizational requirements of the ISSAI 150 standard, together with the application instructions, will allow the auditor to carry out his audit profession in an adjustable way, in accordance to the audit mandate of the Romanian Court of Accounts, the applicable legislation, and the size of the institution's audit capacity. The two GUIDs 1950 and 1951, come to support of the Romanian Court of Accounts on the framework for the development of competencies and guidance regarding professional development, as provided by the basic standard ISSAI 150. The intention to create a link between ISSAI 150 and ISSAI 100 and the introduction of the principle of management of auditors' competencies in the ISSAI 100 standard at points 36 and 40 can be considered appropriate. The Romanian Court of Accounts will ensure that ISSAI 100 and ISSAI 150 are taken over and reflected by its own standards, competency management procedures and audit practice, after the respective principles will be approved by INCOSAI. There are no observations from the Romanian Court of Accounts regarding the deadline provided by the standard (January 2023), which is reasonable for the adoption and implementation of the requirements of the ISSAI 150 standard by member SAIs of INTOSAI.   Proposals to improve GUID 1950 and GUID 195   Since the draft proposal regarding the professional competencies of the auditor is to elaborate some guides with coding 7500 and 7600, and the material exposed for comments has the coding 1950 and 1951, we propose to correct the references from paragraph 5, question no. 1/description, question no. 2/standards, question no. 3/standards and question no. 4/description, all from GUID 1951. We propose that the last paragraph of point 29, of GUID 1950, should be considered as letter (b). We propose that the text in point 35 of the GUID 1950 should contain only the competencies for performance auditing and that for compliance auditing should be taken as text in a new point 36.