The CAG’s Compliance Auditing Guidelines 2016 and Regulations on Audit and Accounts, 2007 define compliance audit as an assessment as to whether the provisions of the Constitution of India, applicable laws, rules and regulations made there under and various orders and instructions issued by the competent authority are being complied.
They also includes an examination of the rules, regulations, orders and instructions for their legality, adequacy, transparency, propriety and prudence and effectiveness that is whether these are:
a) Intra vires the provisions of the Constitution of India and the laws (legality);
b) sufficiently comprehensive and ensure effective control over government receipts, expenditure, assets and liabilities with sufficient safeguards against loss due to waste, misuse, mismanagement, errors, frauds and other irregularities (adequacy);
c) Clear and free from ambiguity and promote observance of probity in decision making (transparency);
d) Judicious and wise (propriety and prudence); and
e) Effective and achieve the intended objectives and aims (effectiveness).
They provide that the compliance audit also examines the rules, regulations, orders and instructions for their consistency with each other.
Seen from the perspective of public sector3 audit, compliance with rules, regulations and applicable authorities is the primary and most important requirement for ensuring accountability of the public executive, which primarily relate to safeguard and use of resources – financial, natural, human and other material resources. Compliance audit also performs the function of deterrence, especially in situations where internal controls are not as effective. The objective of public-sector compliance auditing, therefore, is to enable the CAG to assess whether the activities of public-sector entities are in accordance with the authorities governing those entities. Compliance audits are carried out by assessing whether activities, financial transactions and information comply, in all material respects, with the authorities, which govern the auditable entity. It is concerned with regularity and propriety audit.
Regularity–that the subject matter of the audit adheres to formal criteria emanating from the relevant laws, regulations and agreements which are applicable to the auditable entity. Propriety– that general principles of sound public sector financial management and ethical conduct have been adhered to, legality and competence are ensured.
As such compliance audit not only includes examination of rules, regulations, orders, instructions but also every matter which, in the judgment of the auditor, appears to involve significant unnecessary, excessive, extravagant or wasteful expenditure of public money and resources despite compliance with the rules, regulations and orders.
Elements of compliance audit
Compliance audit in Public Sector audits have certain basic elements
- Three parties in the audit i.e. the auditor, the responsible party, intended user,
- Subject matter and
- Authorities and criteria to assess the subject matter.
Three parties
The three parties involved in compliance audit are briefly described below:
The auditor: represents the Indian Audit & Accounts Department and the persons delegated with the task of conducting audits. However, clear cut demarcation of roles and responsibilities of officers and staff for various audit functions is done through a hierarchical structure. Auditors in compliance audits typically work as a team with different and complementing skills. The auditor is responsible for planning and implementation of audit and issuing a compliance audit report.
Responsible party: represents the executive branch of government and/or its underlying hierarchy of public officials and entities responsible for the management of public funds and the exercise of authority under the control of the legislature. The responsible party in compliance auditing is responsible for the subject matter of the audit.
The intended users: represent the individuals, organizations or classes thereof for whom the auditor prepares the audit report. In compliance auditing the users generally comprise the executive which includes auditable entity and those charged with Governance, the legislature and the citizens who are the ultimate users of compliance audit reports.
Subject matter
Subject matter refers to the information, condition or activity that is measured or evaluated against certain criteria while conducting an audit. Compliance auditing may cover a wide range of subject matters depending upon the audit scope. Subject matter may be general or specific in nature. Some of these may be easily measureable (for example – compliance with a specific requirement like adherence to environment laws) while others may be more subjective in nature (for example- financial prudence or ethical behaviour).
Authorities and criteria:
Authorities are the most fundamental element of compliance auditing, since the structure and content of authorities furnish the audit criteria and therefore form the basis of how the audit is to proceed under a specific constitutional arrangement. Authorities include the Constitution, Acts, Laws, rules and regulations, budgetary resolutions, policy, contracts, agreements, PPP contracts, established codes, sanctions, supply orders, agreed terms or the general principles governing sound public-sector financial management and the conduct of public officials. Most authorities originate in the basic premises and decisions of the legislature, but they may be issued at a lower level in the organisational structure of the public sector.
Criteria are the benchmarks used to evaluate or measure the subject matter consistently and reasonably. The auditor identifies criteria on the basis of the relevant authorities. To be suitable, compliance audit criteria must be relevant, reliable, complete, objective, understandable, comparable, acceptable and available. Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Where formal criteria are absent audits may also examine compliance with the general principles governing sound financial management. Suitable criteria are needed both in audits focusing on regularity and in audits focusing on propriety.