Provide Guidance on Compliance Auditing

Leave a comment

Comments are closed.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 54
It might be convenient to clarify what is meant by “unlawful law”.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 53
Consider that this might not be a requirement in all countries.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 49
It might be convenient to clarify what is meant by “sound financial judgment”.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 46
In Peru, it is customary to that prior to the start of the compliance audit the criteria must be put to the consideration of the auditees to express their opinion.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 45
It might be convenient to replace with the following text: “which requires considerable professional judgement by the auditor and knowledge both of the relevant authorities and its sources of interpretation, which requires a level of experience in the exercise of the audit.”

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 44
It might be convenient to specify the term “PROCESS OF DERIVING THE CRITERIA". Derive from where?

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 40
It might be convenient to clarify what is meant by “arm’s-length” principles

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 40
When using terms in Latin, it might be convenient to define them in a footnote.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 40
It might be convenient to clarify what is meant by “if the management used their senses”

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 32
It might be convenient to define in a footnote what is meant by “fiduciary duty”

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 31
Reaching conclusions without having established criteria and based only on professional judgment is highly debatable in the context of a compliance audit; furthermore, if disciplinary or other sanctions are suggested, the possibility of succeeding is almost nil.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 30
It might be convenient to evaluate the possibility of moving the examples to footnotes. This comment applies to all further examples mentioned in the body of the text. In the case of this specific example, the auditor might be restricted by local law to the criteria which they may use to evaluate the situation.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 26
it is mentioned that "(...) audits based on criteria of propriety may be more subjective (...)", which would reduce the technical nature of the compliance audit, and would also be questioned in administrative and judicial instances

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 25
It might be convenient to address in more detail what is meant by "(...) expectations of the three parties (...)" In the ISSAI 100/25 to which the footnote refer does not mention these "three parts". Be explicit and specify which are these 3 parties: The Auditor, the Party responsible and Intended Users. It might also be convenient to explain what is meant by the term “extravagance”, or remove it.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 23
In the Peruvian case, these policies would be embodied in the Operational Law of the Executive Branch (LOPE) and the operational laws that regulate each sector, which govern their operation on the basis of Government Policy. If that is the context, it might be convenient to adapt the paragraph.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 19
It is suggested that the circumstances under which such discretion could be exercised be better specified. In the case of Peru, for example, we are governed by the principle of legality, which requires express regulation.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 17
In order to cover the wide range of regulations governing public administration, "Public procurement rules" could be replaced by "Regulations governing the administrative and functional systems of a State or country".

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 17
It might be convenient to change “Constitutional budgetary laws and resolutions, the annual budgetary laws;” for "The annual budget laws".

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 15
Since there are principles such as Hiring, Budget or others, of the administrative systems that should be considered as part of the criteria of propriety, it might be convenient that paragraph N° 15 read: “15) Criteria are considered to be formal, where they are derived from formal authorities – laws, rules, regulations and agreements, while propriety criteria are considered to be principle-based, where they derive from general principles governing sound administrative, budgetary and financial management and the conduct of public officials.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 14
It might be convenient to go into more detail about what is meant by “specific constitutional arrangement”.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 13
What is meant by "misunderstanding", it is a very colloquial term; it is suggested to be more precise or to use a formal term, it can be "possibly wrong".

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 12
It might be convenient to replace the following text: “perform compliance audit with regularity criteria as well as propriety criteria.” With “perform compliance audit with regularity and propriety criteria.”  

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 10
It might be convenient to go into more detail about what is meant by “wisdom”, or replace with “discipline”.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 9
It might be convenient to replace the paragraph with the following: “9) "Sound financial and operational management refers to the administration of public resources, observing generally accepted principles in the execution of financial and operational transactions".”

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 9
It might be convenient to include an additional between paragraphs 8 and 9 of the current document that reads: “Administrative management refers to the principles that govern the operation of the rules that regulate the administrative systems for the provision of public services.”

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 7
According to the text, propriety refers to compliance with "general principles" governing financial management (it should be public management) and " the conduct" of public officials, which would include "conventionally accepted standards of behavior in public sector management and the delivery of public services". In this respect, the auditor would have to verify compliance with "general principles", which by their nature are general and universal norms; likewise, compliance with "norms of behavior" of public managers, of which there would be no previous experience of their verification in a compliance audit; moreover, not all human activities in public management are regulated with codes of conduct or behavior; and persons exercising public functions have discretion to act in those cases where no regulations exist. Furthermore, not all human activities in public administration are regulated by codes of conduct or behavior, and public officials have discretion to act in cases where no regulations exist. The document itself points out that the criteria of propriety are subjective; how then are subjective criteria of propriety included in a compliance audit that by its nature is objective. This situation, thus presented, generates confusion for its application. Certainly there is subjectivity, the same document points out that the criteria of propriety are conventionally accepted norms of a moral and ethical nature, and are closely linked to the values and social conventions that have wide support among citizens. Consequently, without adequate criteria, any result or conclusion of a compliance audit would be open to interpretation and misunderstanding, the document also states. It is also noted that due to different legal frameworks of Supreme Audit Institutions - SAIs, they may interpret the criteria of propriety differently; also, that best management practices or good conduct may change over time due to new knowledge, but the obligation of officials to follow good practices does not change. Given this situation of subjective and changing criteria over time, it is noted that the auditor will have to exercise professional judgment to assess whether a particular transaction meets such a broad and general criterion of propriety. The professional criterion or judgment of the auditor is applied in the context of a certain situation in relation to existing regulations, and the case is submitted to the interpretation of the auditor based on his professional training, knowledge and experience. Professional judgment does not replace standards. In this respect, given the subjective nature of the criteria of propriety, it might be advisable to review the development of such criteria, in order to limit their use in the execution of a compliance audit, only when there are previously approved standards in the audited entity.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 7
Because of the principles governing administrative systems, it might be convenient that paragraph N° 7 read:   “7) Propriety refers to compliance with general principles governing sound financial and administrative management and conduct of public officials. In the context of public sector audit, this would include conventionally accepted standards of behaviour in public sector management and delivering of public services.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 6
It might be convenient to move the reference to (contracts in the petroleum operations) to a footnote.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 4
It might be convenient to replace the term “etc.” for “and other”, in order to lend the document a more technical language.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 4
The term "authorities" may cause confusion, so it might be convenient to that it be changed to "rules". It might also be convenient to apply this change to all further references in the document to "authorities".

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 3
The control standards in Peru consider four (4) types of audits: Compliance Audit, Financial Audit, Performance Audit and Forensic Audit. It might be convenient to modify this part to go straight into defining what "compliance audit" is, so as to avoid any conflict with national definitions. It might be convenient to start the concept as follows: "Compliance Audit: It is an objective, technical and professional examination that allows (...)"

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 2
It is suggested to modify by "(...) norms of regularity and criteria of propriety (...)", to better understand the differences and relations between both concepts. It should be taken into account that the SAI of Peru evaluates the legality of management actions; it is not clear whether the criteria of regularity and decency are combined.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 1
It might be convenient to substitute for this text: “While regularity is the main focus of compliance auditing, propriety may also be pertinent given the public-sector context, in which there are certain expectations concerning financial, administrative and budgetary management and the conduct of officials.” It might also be convenient to apply this change to all further references in the document to “financial management”.

Office of the Comptroller General of the Republic of Peru

27/08/2020
Paragraph: 1
It might be convenient to substitute for this text:   “(observance of the general principles governing sound financial and operational management as well as the conduct of public officials).

Bahrain National Audit Office

27/08/2020
Paragraph:
Paragraph (29) and (33) should be merged, as follows: Some of the common authorities from which propriety criteria can be derived, include: General guidance for public officials in incurring expenditure on public goods and services; Codes of conduct laying down broad principles to guide the conduct of public officials, etc. National or international good practices.   Paragraph (39) needs more clarification and an example related to “The authorities and criteria pertaining to propriety are also more context-sensitive than those relating to regularity” The Guidance on Authorities and Criteria to be Considered While Examining the Regularity and Propriety Aspects in Compliance Audit: paragraph (41) states that “propriety criteria in a compliance audit differs from criteria in a performance audit”; it only states the definitions of both types of audits, with no more guidance. Paragraph (46) and (53) has the same topic: Paragraph (46) is in the right section, (53) can be deleted. “Regulatory criteria” used in paragraph 24 and 36 instead of “Regularity criteria”.

Bulgarian National Audit Office

26/08/2020
Paragraph: Explanatory Memorandum, Question 4
Bulgarian National Audit Office proposes more examples to be included in the field of public procurements for better understanding of the difference between regularity and propriety criteria.  

Auditor General Office of Maldives

25/08/2020
Paragraph:
Overall the Guide is well structured, easy to follow and substantial. However, in the area of propriety criteria the guide suggests auditors to use general norms and accepted behaviors of public official, which might be challenging for the auditors to determine on the criteria as this will be very subjective. So in our view, it would be helpful, if the guide provides some examples on how auditors can develop propriety criteria’s in circumstances where there are no written authorities.

European Court of Auditors

25/08/2020
Paragraph:
Whether the proposed GUID 4900 makes the difference clearer between the regularity and propriety criteria, and if it clarifies the two concepts?   The exposure draft of GUID 4900 confirms that SAIs interpret propriety differently and extend it to concepts such as public interest, financial prudence, prevention of wasteful expenditure, the system of law, equity or discipline. Also, the translation of the very term “propriety” is often vague, unclear or inconsistent. An element of propriety, according to ISSAIs 400 and 4000 is the sound financial management, which relates to the performance audit, which is well covered in ISSAI 3000. The inclusion of this concept in the definition of propriety does not help clarify this concept, it only creates confusion as it can be considered an element of performance audit. According to the exposure draft, the same criteria can be considered as regularity or as propriety criteria, the only difference being whether they are included or not in the legal framework of the jurisdiction concerned. Therefore, it is a more a difference of legal framework than of two different concepts.   In our view, the exposure draft does not achieve the objective of clarifying the difference between the two concepts. We would eventually be in favour of a much shorter document discussing the sources of audit criteria for compliance audit, without distinction between regularity and propriety. An alternative would be to expand the GUID (subject to agreement from the relevant authority) to cover criteria for all types of audit, rather than simply ‘compliance’ ones. This would also expand its usefulness to financial and performance audit engagements.     Whether there are any key concepts that should be added, to further elaborate on or could be deleted from, the proposed document? If yes, please explain which and give explanations and preferably text for the understanding. Based on the reply to question 1 we would suggest to review the definitions of propriety and compliance audit in both ISSAI 400 and ISSAI 4000.   If there are shortcomings in the text, it would be preferable to have suggestions for additional text.   If there are examples that can clarify the similarities/differences between the regularity and/ or propriety criteria, please submit them.   For questions 3 and 4 please see specific comments below.   Specific comments: Paragraph number Comment 2 The objective and scope of the GUID should be clarified. Is it meant to provide guidance on the sources for criteria in compliance audit (as it tries in paragraphs 13 to 47) or to explain the difference between regularity and propriety criteria. 7 We consider that this definition of propriety is not precise enough. Also, what one SAI would consider regularity, could be interpreted by other SAIs as propriety. The use of the term ‘general principles governing sound financial management’ adds to the imprecision, as this term is usually associated with performance audit. The exposure draft states that in the context of public sector audit, propriety would according to the Oxford English Dictionary “include conventionally accepted standards of behaviour in public sector management and delivering of public services”. We found that the Oxford English Dictionary only confirms the former (https://www.oed.com/view/Entry/152846?redirectedFrom=propriety#eid (see example 7a). So, notwithstanding that the definition of auditing concepts are not usually taken from dictionaries, it does not support sound financial management as being part of the concept of propriety as currently defined by IFPP. 9 The definition of sound financial management seems to focus only on the conduct of public officials. However, in footnote 12 the principles of sound financial management are defined as spending funds in accordance with the principles of economy, efficiency and effectiveness. Therefore, this term encompasses much more and, depending on its use, can include internal controls, economy, efficiency, effectiveness of operations, etc. as the GUID itself highlights in paragraph 28. 12 See comment to paragraph 2. 15 According to this paragraph the regularity criteria are formal, while propriety criteria are principle based. However, paragraph 20 states that “unwritten law” may also be consider in a regularity audit. Therefore there is no clear distinction between the two. 25 Some of the examples provided in this paragraph may be included in rules and regulations, e.g. avoiding conflicts of interests. In this case the propriety criteria transforms into regularity criteria. 30 The example of the airport is a performance audit case. We suggest to remove it from the GUID. 37 This provides a much broader definition of propriety than the one in paragraph 7: ‘expectations about the way in which public business should be or should not be conducted’. 39 A more detailed explanation of this paragraph would be helpful. 40 Some of the principles listed (confict of interest, non-discrimination) are part of the laws and regulations of the jurisdictions of many SAIs. Footnote 17: It would be useful to include the definition. 41 Seems to contradict previous paragraph 28. 47 We consider that not all information in this paragraph is required for the purposed of the GUID. First bullet point - it should be clarified what is meant by ‘operationalised’ Third and fourth bullet points – We do not consider that the fact that legal provisions are not yet developed or not consistent requires such an important part of this section. 48 The paragraphs states very clearly that ‘the sources of criteria for propriety in one jurisdiction could be the same as that for regularity in another’. One can conclude that the difference between regularity or propriety is due to whether the criteria are included in the legal framework or not. Therefore, the difference is not in the criteria, but in the jurisdiction. Furthermore, the example given can be subject to interpretation as using the term ‘deliberate bias’ could be assimilated to fraud. 49 The paragraph brings even more argument to the interpretation above, that there is no difference between the criteria, but it is the legal framework that is different. The example of the allowance granted to the government employee provides only a limited analysis of the case. There may be other considerations, such as the allowances rate being too high, or paying a lump sum reduces cost of controls and processing of documents. Also, the decision for which pronouncement to use when addressing the conduct of officials should depend what exactly is assessed, or which element prevails. If looking into their adherence to rules, then this represents the compliance aspect. If assessing whether their actions or results of their action can be considered effective, efficient or done with economy in mind, then this addresses the performance objectives, as covered by ISSAI 3000.      

Performance Audit Subcommittee (PAS)

11/08/2020
Paragraph:
General comments:  Overall, the GUID covers the topic in a clear, well-organized and convincing form. The guidance seems to allow auditors to use broad cultural norms and practices as criteria, and then to define what these are based on the auditor`s own interpretation and judgement. It would be helpful to unpack further, how auditors should go about developing or asserting criteria. Below is some more specific language [adapted] that US GAO has used that hopefully conveys the point that developing/asserting criteria has to be done carefully and anchored in a sound approach: Sometimes, criteria do not exist or are not readily measurable. In those cases, auditors may assert or seek acceptable criteria. When auditors assert criteria, they need to be convincing to a reasonable reader. For example, an auditor can look for existing criteria in similar programs or operations; review existing literature and identify the measurement criteria used by experts in the field; and/or meet with agency officials, experts, consultants, or focus groups to develop criteria. Once criteria are selected or developed, auditors should assess the criteria. Suitable criteria should be logical, relevant, valid, reliable, and convincing to and accepted by others. Auditors may obtain advance concurrence and agreement on the appropriateness of the criteria with agency officials, and possibly experts who will consider the auditor’s work. Auditors may consider these parties’ views on the adequacy of criteria and make modifications as appropriate. However, the auditor/SAI is responsible for the adequacy and relevance of the criteria used for its audits. It should be made clear in the GUID that the same requirements are to be applied for regularity and propriety criteria, especially because the notion of “subjective” criteria may be somewhat controversial. The two other types of audit (PA and FA) deserves some attention in the GUID - it is mentioned but not elaborated on (see for example PAS` comment to para 41).  Some points are mentioned more than one time; see for example paragraphs 33, 34, 50. Specific comments:  Para 3, Are some words missing in the beginning of the para? “This Compliance Audit - one of the three..." Para 6, we suggest rephrasing, new phrase: “Regularity refers to adherence to formal authorities such as relevant laws or resolutions of the legislature or other statutory instruments, directions issued by public authorities…”  Para 17, we suggest adding one last bullet point: "Case law elaborated by jurisdictions". Para 28: Is "prevention of wasteful expenditure" typically related to compliance? Para 30, Is the airport example a typical compliance audit? (See also comment to para 41). Consider if the example is too close to PA. Alternatively, make the distinction clear.   Para 41, Performance audit is more than just examining government programmes. In ISSAI 3000.17, the definition refers to “government undertakings, systems, operations, programmes, activities or organizations”. Consider rephrasing PA definition - broader, and more in line with definitions in PA standards. Para 41:The para mentions how propriety criteria in compliance audit would differ from those in a performance audit. However, there is no enabling illustration of this point in the text, to further the reader´s comprehension. If kept, we suggest that the para could use an illustration of the distinction between the two sets of criteria, possibly with examples. This concern has arisen partially because of the example of construction of airports in para 30, which illustrates that predictability is an important benchmark for determining criteria. In this illustration, the auditor determines whether the size of the airport is justified based on predicted or current levels of air traffic in the absence of norms, etc. If this had been a performance audit, the auditor would be looking at the effectiveness component in determining if an airport was actually justified, or meeting the intended public service delivery goal, however, the criteria adopted would have been similar. Similar concerns would arise in performance audits examining ethical issues such as conflicts of interests in appointment of consultants. Please consider adding an illustration of the distinction between CA and PA in this respect, as there could be considerable overlap in the criteria adopted in a CA and a PA of a given area (the difference is how these criteria are applied).  Consider providing some more concrete examples in Section 6.  Para 47, 2nd bullet: Including by the SAI itself when it has jurisdictional powers; 3rd bullet: In addition to declaring that there may be insufficient clarity, and that auditors should state how they interpreted the relevant legislation, another alternative could be mentioned, namely, the option to develop criteria in cooperation with the auditee and perform the audit against those criteria.   Para 49, Stated by whom (what authority)? This is perhaps not clear (could provide more examples). Could it be for example a professional practice, or an industry standard? Could one example be linked to the airport case in para 30? (Using the same examples throughout would help). 

French cour des comptes

29/07/2020
Paragraph:
3- Definitions §3 « This Compliance audit - one of the three types of public sector audit, independent assessment of whether a given subject matter complies with applicable authorities identified as criteria. »     Compliance audit (…). It is an independant assesment. 3- Definitions §3 Compliance audits are carried out by assessing whether activities, financial transactions and information comply, in all material respects, with the authorities that govern the audited entity.1   X   Compliance audits may include regularity and/or propriety2 criteria, depending on the mandate of the SAI and the jurisdiction. Addition between the two paragraphs : "They identify evidence which can be used further a basis for jurisdictional decisions or sanctions taken by adequate authorities. 3- Definitions §4 Authorities – laws, rules, regulations, policies, established codes, agreed terms or general principles governing sound public sector financial management and the conduct of public officials, code of ethic etc. from which ‘criteria’ for verification of compliance is derived while carrying out a compliance audit.3 Replace Authorities with Reglementations throughout the document. 3- Definitions §5 Criteria benchmarks used to evaluate a subject matter. Each audit shall have criteria suitable to the circumstances of that audit. Criteria can be specific or more general, and may be derived from various authorities. Add : "Criteria are often made of rules issued from laws delivered by governements an other public authorities, including internal regulations adopted within an audited entity. 3- Definitions §6 Regularity refers to adherence to formal authorities such as relevant acts or resolutions of the legislature or other statutory instruments, directions issued by public sector bodies with powers provided for in the law, with which the audited entity is obliged/bound to comply. Binding terms for the auditee, for example agreements and contracts (contracts in the petroleum operations) may also be considered as formal authorities.   Instead : Regularity refers to adherence to formal authorities such as relevant LAWS or resolutions of the legislature or other statutory instruments, directions issued by public AUTHORITIES 3- Definitions §6 Binding terms for the auditee, for example agreements and contracts (contracts in the petroleum operations) may also be considered as formal authorities. Complying with instead of "Binding terms" 3- Definitions §6 Binding terms for the auditee, for example agreements and contracts (contracts in the petroleum operations) may also be considered as formal authorities. May also be considered as a part of regularity 3- Definitions §9 9) Sound financial management means generally accepted principles governing conduct of public officials in executing financial transactions. Sound financial management means generally accepted principles governing conduct of public officials in taking executing financial decisions and operations. 3- Definitions §10 Conduct of public officials refers to an ethical behaviour and wisdom where norms and moral in a society is followed. Conduct of public officials refers to an ethical behaviour and wisdom where standards in a society are followed. 5-Definitions §17 17) Authorities as the sources for regularity criteria may include: • Parliamentary plenary resolutions, including policies; • Laws and regulations, rules, other legislative acts; • Internal rules, procedures and processes issued by audited entity (applicable depending on jurisdictions); • Constitutional budgetary laws and resolutions, the annual budgetary laws; • Regulations with financial effect in the public management; and • Public procurement rules. Adding a last point: "Case law elaborated by jurisdictions"   • Parliamentary plenary resolutions, including policies; Doubt on the use of the term "resolutions" 5-Sources for criteria in complance audit §18 • Secondary Legislation – The authorities may also be codal provisions, orders issued by regulatory authorities in government or by regulatory bodies. These may be categorized together as Secondary Legislation governing an activity or information, which is subject matter of audit Secondary Legislation – The authorities may also be codal provisions, orders issued by regulatory authorities in government or by regulatory bodies and jurisdictional decisions and their case law. 5-Sources for criteria in compliance audit §25 Whereas regularity is concerned with compliance with authorities stemming from rules and regulations etc, propriety is concerned more with expectations from the three parties11 and standards of conduct, behaviour and corporate governance. Depending on the jurisdiction, it may include values and principles generally accepted such as fairness and integrity, the avoidance of personal profit from public business, even-handedness in the appointment of staff, avoid nepotism by not giving opportunities to family and friends, open competition in the letting of contracts and the avoidance of waste and extravagance. This is a matter of regularity, there are written rules and not only good principles in this field 5-Sources for criteria in compliance audit §26 Forming audit conclusions based on propriety criteria can be more subjective compared to regularity criteria that are more objective. Hence, the need to rely on the professional judgment of the auditor is also likely to be higher in the case of propriety criteria than in the case of regularity criteria. "can be more subjective" : that is the real problem : no subjectivity can be admitted in written law countries 5-Sources for criteria in compliance audit §27 Furthermore, propriety criteria may refer to conventionally accepted normative behaviour in public sector financial management and in the conduct of public officials "conventionally accepted normative behaviour" : notion which do not exist in many countries 5-Sources for criteria in compliance audit §28 Propriety is generally understood as the principles governing sound financial management and the conduct of public officials, but in some jurisdictions SAIs may also assimilate into it concepts such as financial prudence, public interest, prevention of wasteful expenditure, constitutional legitimacy and integrity, expand on the system of law, equity (even or just) and discipline. "prevention of wasteful expenditure" : this is not related to compliance. 5-Sources for criteria in compliance audit §30 An example of this is when constructing an airport in a jurisdiction where norms for determining the size of the airport like volume of passenger traffic and corresponding size and number of terminals does not exist. The auditor while carrying out the compliance audit of the expenditure relating to construction of the airport, will have to use the professional judgment to form an audit conclusion on whether the size of the airport constructed is justified by the present or predicted future level of air traffic in the area. The auditor can also use standards available in other countries to form a conclusion since these standards normally have general applicability. If the auditor finds material deviation, the auditor may conclude that the size of the airport was more than what the occasion demanded. The second part of the paragraph beginning with "an example of this is …" has nothing to do with performance audit or compliance 5-Sources for criteria in compliance audit §31 • Another example of propriety criteria derived from a code of conduct for public officials is that public officials recuse themselves from transactions involving conflicts of interest. This is a matter of regularity 5-Sources for criteria in compliance audit §32 The person who holds a legal or ethical relationship of trust with one or several other parties. Ill-constructed sentence with invalid elements for some countries 5-Sources for criteria in compliance audit §33 Authorities as the sources for propriety criteria are general principles, codes of conduct and/or national or international good practices. Repetition 5-Sources for criteria in compliance audit §34 ) Depending on jurisdiction, this may include conventionally accepted values and norms, such as fairness and integrity, and exercising of prudence. Criteria relating to propriety may also relate to expectations regarding behaviour, for example what may be considered acceptable in regard to class of travel or levels of hospitality and entertainment at government expense if such limits are not explicitly stated by regulations. Repetition 5-Sources for criteria in compliance audit §35 In some cases propriety criteria may be uncodified, implicit or based on overriding principles of law.16 "Dangerous" 5-Sources for criteria in compliance audit §36 While regulatory criteria are legally binding for audited entities, the sources of propriety criteria are conventionally accepted norms of a moral and ethical nature, and are closely linked to the values and social conventions in a society to which there is a broad support among citizens. "conventionally accepted normative behaviour" : notion which do not exist in many countries 5-Sources for criteria in compliance audit §37 Propriety is a wide concept capable of varying interpretations and influenced by multiple factors including cultural differences. No, legislation issues laws and not behavior expectations 5-Sources for criteria in compliance audit §38 Then the criteria for compliance of actions by public officials change along with that development. This is a big problem "conventionally accepted may change gradually over the time without being tracked." 5-Sources for criteria in compliance audit §40 "The expenditure should not prima facie17 be more than what the occasion demands;" Inapplicable 5-Sources for criteria in compliance audit §40 Every public officials should exercise the same vigilance in respect of expenditure incurred from public money as a person of ordinary prudence would exercise in respect of expenditure of his/her own money; : "gestion de bon père de famille" : subjective 5-Sources for criteria in compliance audit §40 No authority should exercise power of authorizing the expenditure, which will be directly or indirectly to own advantage; : regularity 5-Sources for criteria in compliance audit §40 Fairness, integrity, the avoidance of personal profit from public business, like even- handedness in the appointment of staff; regularity 5-Sources for criteria in compliance audit §40 The same level of prudence that a man of ordinary prudence would exercise in incurring such expenditure who will determine this private level of prudence ? 5-Sources for criteria in compliance audit §40 "The auditor should therefore use his professional judgment based on the expected behaviour of a man of ordinary prudence to arrive at audit conclusion on whether…" : it can be treated in the regularity ideas with "circonstances atténuantes". 6-Process of deriving criteria from source §46 Communicating the criteria with the audited entity is crucial to allow the auditee to give feedback on the criteria. It is also important that the audited entity can relate the criteria to its work. No, the audit is supposed to know the authorities it has to comply with. This does not fit in our latin system. 6-Process of deriving criteria from source §46 In cases where the auditee does not agree with the criteria, the auditor considers whether the disagreement is due to the criteria not being suitable or that the auditee does not want to be measured using these criteria. This controversy does not have to appear at the beginning of the audit, but during the audit or at the end, through the contradictory process. 6-Process of deriving criteria from source §47 This is especially important when determining propriety criteria, and in communicating and explaining to the auditee. In determining suitable audit criteria, the following may be taken into account. Especially when they come from subjective « soft law » or « conventionally admitted principles » 6-Process of deriving criteria from source §47 The auditors may also consider relevant decisions made by judicial authorities. Including by the SAI itself when it has juridictionnel powers 7- The difference between regularity and propriety critter §49 but are stated merely as general principles of sound financial management and conduct of public officials prevalent in a jurisdiction, they should be considered as propriety criteria to be verified in compliance audits and further determined/explained by the auditor. Stated by whom ? where ? How ? With which value ? 7- The difference between regularity and propriety critter §49 These general principles could be reasonable expectations of transparent procurement procedures, expectations of accountability of public officials in public transactions, and expectations of reasonable quality in goods procured, works executed or services delivered. Such criteria can be termed as propriety criteria. This is not a legal basis to identify the evidence of wrong doing and appropriate sanctions 7- The difference between regularity and propriety critter §49 Where, however, there are no specific rules governing admissibility of any particular type of allowance, the auditor will have to exercise his professional judgment to conclude whether the allowance paid resulted in any profit to the individual. For instance, in respect of a travel expenditure where there are no specific guidelines on entitlement, the auditor may examine if there was profit by comparing the actual payment to that which would be admissible as per standard fares of travel by actual mode of travel used and the standard rates of room tariff for hotel where the official stayed. What is not forbidden is allowed 7- The difference between regularity and propriety critter §50 50) Each SAI has to take into consideration the system of laws, regulations and agreements, it is a part of, and thus being the sources of regularity criteria, as well as observance of the general principles governing sound financial management and the conduct of public officials in the context the particular jurisdiction. Already said many times 7- The difference between regularity and propriety critter §51 There may be SAIs that are not permitted to adopt criteria of propriety, either because of the legislation or their mandate, while there may be others where propriety becomes important because the audit mandate of the SAI as well as auditing conventions require examination of compliance with authorities governing propriety. Neverthless, this does not change the need for suitable criteria. In fact, it increases the need for them. The social conventions and context in countries can differ a lot that makes it important to look upon this document as a guiding tool for using regularity and/or propriety criteria. Or because they do not have enough regularity criteria  

Office of the Comptroller General of the State of Ecuador

13/07/2020
Paragraph: Section 5, Source for Criteria in Compliance Audit, Number 18
We suggest organizing the legal provisions according to the Kelsen Pyramid.

Office of the Comptroller General of the State of Ecuador

13/07/2020
Paragraph: Section 3 Definitions, Number 3
We suggest to change "This audit" to "The audit".