€¦ · web viewthe topic "purpose" mentioned that knowledge and skills will be...

Competency framework for public sector audit professionals at supreme audit institutions

TRACKING OF COMMENTS FROM TASK GROUP MEMBERS

Task group member

Reference Comment Response

1 Jan van Schalkwyk

General Align with other documents Done

2 Jan van Schalkwyk

General Rework on document for INCOSAI submission – one cover sheet, with this document as an annexure to that

Flagged for September 2016

3 Jan van Schalkwyk

General Craft concluding section Done

4 Neil Usher Section 4, key principles

Reflect reference to ISSAI 100 in first key principles, ISSAI alignment

Done

5 Archana Shirsat CAC 5.3 Remove this competency description, as this requirements is not applicable at the level of an audit professional

Done

6 Brazilian Federal Court of Accounts / incoming PSC chair

General Is the “explanation” the observable behavior? If the "explanation" is not the observable behavior, we understood that there is a problem, because there are some items dealing with different things. They refer to the same competence and it shows that there are more elements in this competence that an assessment cannot be considered. For example: "communicates effectively with stakeholders" (CC 2.2), there are 5 completely different items related to this competence. It would only be possible to have an accurate gap in this competence if it were possible to separately evaluate each of these items.

The explanations are indeed the observable behaviours. One specific competency may defined at hand of 4 or 5 different observable behaviours. For example, in testing “communicate effectively with stakeholders”, there will indeed be a need to evaluate 5 different behaviours.

7 Brazilian Federal Court of Accounts /

Purpose section The topic "Purpose" mentioned that knowledge and skills will be evaluated. We understood that knowledge and skills would be described from the

Clarification and examples sought

1

incoming PSC chair

observable behaviors, in other words, it would be a detailing of what is already declared. We considered to avoid this situation, because in many cases it could be redundant;


General We understood that some parts of "explanation" could be reviewed, because of the high level of subjectivity and multiple understanding, for example, "Transparent Manner", "Display willingness" mainly items more "soft" and related to behavioral aspects.

These are open for review, either as part of us confirming this core framework while being developed or, after its adoption, as part of each SAI tailoring the framework to its own circumstances. If the reference is aimed at improving the current explanations, the task group will appreciate specific examples of how these can be improved.


Success profiles Taking into account the illustration (layout and colors of the arrows) used in section 3.2 (page 6 of Competency Framework), the concept of "success profile" was ambiguous, because it is not clear if it is contained in the concept of "competency framework "or if it is an independent concept. For clarity, we suggest that the illustrations used to explain these concepts should be integrated allowing to view them within the same context.

We have rephrased the section (and a couple of related ones) to try and be clearer on what is intended. The idea with introducing the definition of a success profile is to confirm the option of SAIs confirming different combinations of competencies in a specific profile to fit their needs. It is not up to this document to describe what a success profile would be – it would be up to regions or individual SAIs to take the work of this document further to develop these unique profiles.

10 SAI Austria / INTOSAI GS

In my understanding, we are ultimately working in the (proposed) framework for professional pronouncements in an area where SAIs will be expected to comply if they want to claim ISSAI compliance. Thus, the framework and content is of significant relevance. In other words, we need to get it right.

You rightly mention a certain “unease” to significantly build pressure on SAIs, but I believe this is not necessarily due to not wanting to have rules on the side of the SAIs, but also due to some problems in the concepts:

I think we are still unclear in at least three important areas that in our opinion we have been asked to look

These documents are part of the foundation of what will ultimately become part of the “standards for auditor competence” section of the newly proposed ISSAI framework and the team share your view that we have to get it right. All that the task group can say about these two documents is that they recognise a fair share of traveling along the road towards ISSAI inclusion, but that they do not yet “pretend” to be the final documents that will go into that space. We hope that the use of the term “unease” (albeit in a slightly different context of how it was used in the document) does indeed represent people’s ambition to make sure that this core framework can work as an enabler, and that it does not imply resistance to core requirements.

2

into under the mandate of further research by the Governing Board and that still are not done:

How do different SAIs actually do it? (i.e. respond to the need for a competent staff) What do they teach? What do they require prior to staffing? How does that depend on the level of development of the country, the SAI; on the mandate (focus on financial or performance audit) or on the type of SAI (Westminster, French, German type)?

I want to emphasize that INTOSAI comes from the sharing of experiences and only starts to develop into standard setting, i.e. the tradition has been to first gather documents of how individual SAIs do things, discuss and share these documents and then carefully consider if common elements are useful for everybody. Thus it is ensured, that only concepts that go through each individual SAI´s full quality control and cost/benefit considerations are used. In other words, we don't use ideas of members of INTOSAI (sub)committees as such, but ideas that have proven useful in national use by whole SAIs.

I think we still need this information and this discussion. How do we all do auditor education and - if at all - certification? Do we do it the same way? How much of our education is process, or content? Which content? How strongly is it standardized, how much do we want diversity in our team members?

I think a lot of “unease” would go away if the task force would first research and offer this information in a well structured way and observe if some principles strengthen themselves on a voluntary basis before deciding to create rules.

What role does education really play in the concept of

When the Governing Board asked the CBC and the TGIAC to take on the work that we have done in the original whitepaper further, the scope of work channelled to the team was quite ambitious! It had to seriously prioritise within the mandate given and decided to focus on just two core areas – making the discussion on competencies a tangible one (hence the proposed core competency framework) and positioning the project better (hence the enabling mechanisms documents). The positioning focus does perhaps require further explanation – not only did we have to step back from certification to the broader concept of professional development, but we also had to bring some structure to a sometimes overwhelming set of work on professionalization that was being done in INTOSAI in anticipation of the theme 2 discussions at INCOSAI later this year. We do not pretend to have scratched the surface on many issues listed here and fully agree that many of these issue still require attention. At the same time, we should not undersell the amount of work and feedback that has gone into some of these developments. Many of the projects in the enabling mechanisms document represents immense work over many years – the SAI PMF has been developed and tested over the better part of a decade, while something like the framework for regional professionalism represents direct inputs from all regions both at last year’s CBC meeting in Stockholm and in their theme 2 submissions for INCOSAI.

As much as the TGIAC has not done a lot to document the detailed experiences and practices of the many INTOSAI members regarding professional development, one should not unnecessarily pretend that this presents a totally unknown body of knowledge. In working on these documents, we were amazed at the extent of work done and the fact that this was easily accessible. What is clear to us, even

3

professionalism and how does that interact with the other elements?

We believe that limiting the concept of professionalism (p. 2) is too narrow. As mentioned a few times in the working group, it is my conviction that for many SAIs appointment to an office and the resulting constitutional rights and obligations (like a judge) or political “election” (e.g. by parliament) is at least as significant for the standing of a SAI and the definition of the competencies of individual auditors. The INTOSAI framework recognizes this by stressing the relevance of independence and institutional aspects. I don't know how “arrangements regarding working environment” is to be understood, but I don't think it gives enough emphasis on these important aspects.

This, I believe is highly relevant in distinguishing the audits of SAIs from “contracted” work from private sector auditors in the public sphere. This is a matter of competition and is relevant for a cost/benefit analysis.

What is the real cost/benefit/risk analysis? (Not of educated vs. uneducated auditors, but of “centralized, uniform” educational standards in a world full of diversity) Before creating a rule on what SAIs need to be doing we should actually estimate costs, risks and benefits.

What if we formulate rules and then see “con - compliance”? (i.e., emphasis on different aspects than those envisioned in the INTOSAI papers). Will that undermine the credibility of SAIS? Or of INTOSAI? What if we see compliance but resulting lack of education needed?

at this early stage of research, is that INTOSAI regional bodies and SAIs are – at heart – all public sector auditors, as defined in the ISSAIs. At the same time, it is also abundantly clear that, despite this “similar core” that binds us together, we have very different mandates, legislation, methodology, practices, etc. Our talking about the concepts of “international profession, local solution” in the enabling mechanisms document and “core consistency” in the competency framework, are recognition of this realisation. We are deeply under the impression that in moving beyond this year’s INCOSAI, a lot more work needs to be done to surface similarities in requirements, practices and needs and use these to build our requirements to the level of possible standards of auditor competence. A lot of what is mentioned here is critically important, but will only get attention post 2016 INCOSAI. As to unease – at the moment, we are not writing any rules of regulations relating to the competency framework. We are only defining building block that we believe should be in place to pave the way towards the discussion on standards and guidance. And, as to the content, we have created nothing new, we have just structured the requirements of the ISSAIs into individual “can do” statements for an auditor…..

Reading the web-sites and documents of many INTOSA regional organisations will convince the reader that these structures and their member SAIs actually have a very good grasp on what the processes around professional development mean, generically and in the context of their own needs. Similarly, reading the web-sites of the IIA, IAESB and others will convince the reader that there pretty well-researched thinking on these issues in the market place. All these bodies had to deal with the same challenges of balancing international requirements, with local requirements and needs.

4

We do certainly take the comment on the definition of professionalism as it relates to work environment to heart – it would make sense to expand that description.


I am unclear about the meaning of process/content principles on P. 9 of the “enabling” document and especially the last paragraph on p. 9, first on P. 10 (“It would appear that INTOSAI should limit its global profession efforts to process principles” (not on content). Does that mean we want to make rules on training structure and certification but not on competency frameworks and curricula? Why then, do we produce a competency framework? (defined as a content element above)

The principle in the document indicates that one should only deal with matters are “universally true” at the level of standards. While the document does argue that this would in all probability mean a focus on process requirements, it also specifically indicates that it believes that there is value in guiding on competencies for public sector auditing at the level of core consistency (competencies that are true for a public sector auditor regardless where he/she would operate). This principle also explains why we have limited our core competency framework descriptions to only matters that we picked up from the ISSAIs. In response to this and other comments, we have tried to improve the wording here to reflect exactly this principle – which is also in line with the statement regarding page 10, supporting the view that we should just deal with the uniqueness of public sector auditing in competency work at international level.


In light of the points mentioned above I strongly support the idea (p. 10) that it may be necessary to reflect on the uniqueness of the public sector and public sector auditing.

See comment on item 11


I am still unclear on the section on key definitions if each individual needs to have the required competencies or the team in total. What does it mean to argue that a framework is not limited to an individual but may exist for teams or organisations (p. 13)?

The whole idea of a core competency framework is that, at a specific level, there would be a set of generic competencies that all staff at that level may share. As SAIs add to this core competencies (reflecting their unique needs) they can add other competencies that may differ from individual to individual – hence the term success profile. For example, Person A and Person B may share the same core competencies for financial auditing at the heart of their profiles, but in the add-on part, Person

5

A may have some abilities related to international work, while Person B may have some abilities related to academia. While they share the same core, their success profiles (the full combination of what they require for their jobs) will differ. It does therefor mean that in team composition, you would be combining certain different success profiles to make sure that you have a strong team. When you combine person A and Person B in a team, you may find the combined value of their different success profiles as the key enabler for making the project on which we partner, work out. The term competency modelling is intended as a way to describe the matching of success profiles at team or organisational level, depending on the task at hand. There is therefore flexibility to decide whether the full set of competencies is pitched at individual or team level, although we do believe that there should be a basic level of similar knowledge and skill within all individual staff. The whole notion of competency modelling (allowing for flexibility around determining competency requirements at individual, team or organisational level) stems from the comment SAI Austria regarding the importance of audit teams, made at the time of the finalisation of the original whitepaper. We do acknowledge that, in the draft for consultation the moment, these concepts are just contained in the definition section of the document and have, accordingly, expanded the narrative in this section.


In terms of process, since the document ends with tasking I am unclear what exactly we want from INCOSAI XXII? We have not yet reached a level where we seek approval of the competency framework as an ISSAI or a document in the proposed IFPP, I presume?

The task group have been silent on what it wants from INCOSAI when it gets to the competency framework. This is different from the enabling mechanisms document where the drafters have been quite specific on what they want. The reason for this difference lies purely in the fact that the team has very recently completed the competency framework and it will judge the “strength” of the request to INCOSAI from the comments that come in in the

6

coming months. Just based on discussion with the broader TGIAC (the current commenting process), one could say that the TGIAC would want INCOSAI to take note of this framework as a basis for further discussion and refinement of concepts related to professional development to the point where we would see a set of professional pronouncements on auditor competence in another 3 to 6 years’ time.

The framework has been updated accordingly.


CBC and IDI with structuring and guiding the process of further developments of professional pronouncements, does that mean we propose abolishing the Task Force?

The CBC do not envisage the abolishment of the TGIAC at all, but are quite specific that it wants to reposition this as a full CBC subcommittee / work-stream with a broader mandate to deal with further work on the competency framework, including some initial reflections on the utilisation of this in the various ways of professional development.


I am a bit concerned about a general mandate to unnamed “appropriate INTOSAI organs” to enable partnerships with, e.g. IFAC; because I think this is a highly strategic ISSAI. Who in INTOSAI should structure the relationship with partnering organisations?

The idea in mandating specific INTOSAI organs to forge formal relationships with bodies that can contribute to the professionlisation discussion, is to empower the CBC chair to handle this responsibility on behalf of INTOSAI, as indicated in the responsibility matrix. In the reworked document, we have deleted the matrix and have, accordingly, added wording to indicate this specific intention to the “looking forward” section.


We support the idea of the competency framework to be ISSAI based and - given the close relation of the competencies mentioned to the ISSAI level three - it is hard to argue that any of the competencies in the framework are not relevant.

Agreed


However, I wonder how helpful the current framework will truly be in shaping the education of auditors - is it possible to develop actual training according to the framework? Our domestic example in the Austria Court of Auditors (with its emphasis on performance

As indicated in the framework document, the team believes that understanding specific competency requirements is at the heart of many human resource decisions, including the appropriate education requirements, on the job requirements,

7

audit) might exemplify this: We currently require academic education from prospective auditors as well as five years of professional experience. We also (generally) expect new employees to complete a tailored MBA Programm within four years after entrance to the Court of Audit. Yet, most of what is taught there (administrative law, economics, statistics, theories on regulation, etc.) is not mentioned in the proposed competency framework. On the other hand, many of the things mentioned (documentation, materiality) are taught in Austria outside of formal education “on the job” and influence the required evaluation of the work people do and thus their career. However, obviously the knowledge of economics, statistics, etc. strongly influences a persons capability to evaluate materiality (and many other aspects of auditing, risks, etc.).

etc. From a very practical point of view, we know of many SAIs and at least one INTOSAI regional organisation where they do use competencies as the basis of developing actual training interventions, with huge success. One has to be careful to try and equate the competencies in total to an education or a training program. Competencies can be gained (and assessed) in a variety of ways. Similarly, the specific education route that underpins a SAI’s requirements (such as the MBA that SAI Austria require) may address a lot more than what is in the framework. The comment that this “broader” educational base strongly influences a person’s capability to deal with some of the concepts in the framework, certainly holds true.


General I want to conclude by emphasizing that we strongly agree that highly qualified staff are an essential element of a strong public sector auditing function and that helping SAIs achieving that is an important field of work for INTOSAI.

Noted – wording also reflected in the introductory section of this document

20 SAI India / KSC General The competency framework will be more useful if it clearly differentiates between large and small SAIs, thus, acting on the professed principle of ‘Global Profession, Local Solution’, as there are significant human and financial resource differentials among SAIs.

For instance, SAI India has a strength of over 50000 personnel managed by an IAAS cadre of about 600 people. SAI Bhutan in comparison has 245 personnel. Recruitment by SAI India is for the entire career span of an individual, while for some SAIs lifelong employment need not be the general practice. Moreover there can be lateral entrants from both the civil services and the open market.SAI India has a geographically extensive network of

Agreed. Although this principle is contained in the document, it will need to be expanded upon in the work post XXII INCOSAI.

8

training institutions catering to capacity building right from induction training for the different entry levels, as well as technical and professional development courses required at different stages through the career span. The required technical trainings are identified through regular, periodic Training Needs Analysis and the inputs are imparted using Structured Training Modules to ensure consistency of training.

21 SAI India / KSC Vertical bars The competency framework utilizes the concept of ’T shaped individuals’, with the horizontal bar related to core competencies and the vertical bars relating to Compliance Audit, Financial Audit and Performance Audit, competencies of the individuals.

In view of the evolving requirement of competencies and the paradigm shift in technologies, a separate vertical bar competency in ‘Information Systems & Technology Audit’, is suggested.

Agreed and flagged for development post XXII INCOSAI

22 SAI India / KSC Vertical bars In addition to the core competency of Information Technology Audit in the horizontal bar, vertical bar domain competencies require distinct and varied knowledge in Information Technology. For example, Financial Audit requires knowledge in Advanced Information Technology based ERP systems like SAP and Oracle Financials whereas Performance Audit would require use of advance skillsets in Data Anlaytics

In keeping with the principles of describing only core competencies at the level of an audit professional, we believe that adding knowledge of IT specific systems should be left up to the SAI or INTOSAI Regional Organisation, as part of the work to add to this core framework (principle of core consistency).

23 SAI India / KSC General The competency framework should also recognize the need for regularly incorporating emerging areas of audit. It should not be a static document based on the past but should be dynamic and wholly attuned to emerging practices and trends

Reflected in a new key principle – 4.6, as well as an update to the explanations to CC4.3

24 SAI India / KSC General The framework should also dwell upon training methodology and usage. It should prescribe best practices in the training realm such as periodic Training Needs Analysis, adoption of Adult learning

Agreed and, as indicated in the concluding section, flagged for development post XXII INCOSAI

9

practices, Just in time Technical Trainings, Structured Training Modules and e-Learning initiatives.

25 GAO General Prepare a cross-walk to authoritative sources and standards

Final version of the framework will be cross-referenced to the ISSAI framework.

26 GAO General Prepare a timelines that displays the various work-streams to show where the task-group is with regard to the end goals

Will be done in the final submission papers for XXII INCOSAI

27 GAO Key principles Need to consider emphasising independence and ethical behaviour as a key principle

Not applicable to statements under key principles, but requires reflection in the detailed competency statements

Ethical behaviour for an individual – reflected in CC 1.1; Independence in thinking and behaviour – reflected in various competency statements, but specific reference added in CC2.1

28 GAO “How to read”, par 4

Not sure what we are trying to say here or what our point is?

Sentence deleted

29 GAO Section 6, general Where will we discuss independence and objectivity? See 27 above, and slight addition to CC3.3

30 GAO CC1.4 Added new leadership competency Added as CC1.4

31 GAO CC4.1, explanation 2

Need to discuss as should it point to the ISSAIs also Updated as proposed

32 GAO CC4.3, explanation 2

Should this also be weaved into the key principles? Believe that it is implicit in the statement under key principles that require ISSAI alignment.

33 GAO CAC 2 (section before table)

Should this specifically refer to the legal and regulatory environment?

Believe that this implicit in the fact that we are dealing with compliance audit competencies

34 GAO CAC1.1, explanation 1

There can also be linkages to financial and performance audit. Let’s discuss

Wording updated on all three profiles


I am not sure that I fully understand these concepts. Are they defined?

These are defined in par 24 of the newly produced ISSAI 4000 (endorsement at XXII INCOSAI)


Should we also state that the auditor ensures conformance with the SAIs quality assurance framework?

No change effected – the reference is a generic one based on standards. Anything beyond that at SAI level should be captured as a discretionary competency that should be added to these core statements


Do we need to talk about fraud, waste and abuse or do we feel that it is covered here and through the standards?

Has been covered in an update to CC3.1

10

38 GAO CAC2.1 And the SAI operates? This reference is specifically aimed at the auditee. The understanding of the environment in which the SAI operates, is covered in CC4.3

39 GAO CAC2.1 Should business culture be added? Wording updated, across all three areas (added new FAC2.2)

40 GAO CAC3.1 Probably need to discuss this in the context of a pure compliance audit versus performance or financial audit.

This is implicit in the fact that we describe this as a compliance audit competency – no change made

41 GAO CAC3.2 Earlier we only refer to risk so should we be describing the various typed of risk and their application within the various levels discussed?

It is described in the relevant auditing standards (note cross-referencing of the competency requirements to the ISSAIs will also assist in making this more prominent

42 GAO CAC4.1 These are examples but what about the scope within a regulation or legal mandate?

Changes made

43 GAO CAC4.2 Add - determines if the control is in operation and then tests…

…. And identifies deficiencies and causes?

Change effected in compliance and financial audit sections

44 GAO CAC4.4 Need to discuss as risk based can utilise a number of methods based on the nature of the areas at risk

Changes made


Maybe better to say “corroborates evidence”

Integrity and reliability?

Changes effected


Maybe better to say “to perform audit procedures using innovative methods to…”

Change made


To assess professional competency, independence and objectivity should be considered for addition

Not added, as this is spelt out in the related standard already

48 GAO CAC4.6 Just fraud? What about waste or abuse? Changes made

49 GAO CAC4.8 Stakeholders – “including those charged with governance”?

Changes made to all three areas of audit

50 GAO CAC5.2 Should these be combined or the second explanation put first?

Change made across all three areas of audit


Is it only at country level or should we be more inclusive or territories and localities also?

Let’s discuss - not sure I understand the concept

Section 5.3 was deleted as this “court model” competency will not be applicable to the level of an audit professional

52 GAO CAC5.3 Is this the responsibility of the auditor or some other Section 5.3 was deleted as this “court model”

11

authority and the auditor should be charged with making sure the proper level of management or oversight body has been informed or takes action?

competency will not be applicable to the level of an audit professional

53 GAO FAC and PAC, general

A number of comments from the compliance section also apply to the following section and have not been repeated

Done to the extent possible

54 GAO FAC1.1, explanation 1

Should we also include objectives?

Differentiated – and linked?

Done across all three areas of audit


Should we also have the concepts of effective and cost beneficial?

Done


OR – is this “or” or “and”? Taken directly from the ISSAI –thus an “OR” statement


Should this be stated as “demonstrates ability to determine that sufficient audit procedures have been performed?

Done

58 GAO FAC2.2 Principles and standards? Done

59 GAO FAC2.3 “effectively deals with” – not sure that this phrase is needed

Change not effected

60 GAO FAC3.3 What about not applying sufficient audit procedure or appropriately modifying audit procedures to address risk areas?

Change made

61 GAO Various other edits directly proposed in the text of the submitted comments

Accommodated where-ever possible

12

TRACKING OF COMMENTS FROM INTOSAI COMMUNITY (GENERAL CONSULTATION)

Note:

This commentary was provided on the cleaned-up version of the document, after task group inputs

Task group member

Reference Comment Response

1 European Court of Audit (ECA) (PSC vice chair)

Not applicable I am very happy and confident that the position paper proposes the key initiatives that will provide an adequate environment for structured and competence-based professional development to take place in INTOSAI. The competency framework describes very well the key principles necessary to underpinning its development.I would like to congratulate the Task Group on INTOSAI Auditor Certification for preparing bothdocuments and I can assure you that, as a Member of the CBC and Vice Chair of the PSC, we stand ready to support the Task Group in its future work.

Noted with appreciation

2 Representatives from INTOSAI regional organisations at 2016 IDI work-session for regions

Not applicable (OLACEFS) - One certification or three separate? This document does not yet touch on the topic of how certification will take place. At most this framework may inform the development of certification programs, most probably at the level of SAIs or INTOSAI regional organisations, and it will be up to that SAI or regional organisation to decide on the most appropriate way to structure this. Should the SAIs in a specific region believe that they are dealing with separately identifiable audit stream, it may imply three different certification processes. However (as indicated on pages 5 and 6) one may find situations where the SAI’s resource requirements or even mandate requirements dictates a level of integration between these three streams, in which case this need will determine the structuring of the certification program.

13

There is currently no intention from an INTOSAI level to try and develop a “one size fits all” certification program. In keeping with the “global profession, local solution” principle, the detailed development of certification programs is envisaged at SAI or INTOSAI regional level, either on their own or with the help of service providers, at most (in future) with some guiding principles on the development of such programs from an INTOSAI level


Not applicable Why not refer to levels 1 and 2 ISSAIs also? (See page 8, only referring to levels 3and 4?)

The references to levels 3 and 4 have been made as this is where the auditing standards talk about individual “can do” requirements. Levels 1 and 2 focus more on institutional capacity, rather than individual capacity. Having said that, the key requirements from these levels (quality assurance, ethics, etc) has all found a home in the competency framework.


Not applicable (EUROSAI) - Because this involves people, it will involve processes and many more actions after and in addition to this FW (refers to CBC HR document) - FW probably should not stands alone

Agreed. Such processes and support mechanisms should ideally be addressed in the future development around professional pronouncements (standards and guidance) on auditor competence.


Not applicable (AFROSAI-E) – This is the "how", but we are missing the "what" we are missing... We audit IPSAS and staff will also be have to be trained on IPSAS or they will not be adequately trained to audit. (Agree - see FAC 2.2, page 17).

Much of the descriptions are activities, and perhaps not competencies....

Agreed. FAC 2.2 was crafted as a very specific, albeit generic reference to the need to be fully competent in the field of public sector accounting.

Some of the description may very well be seen as activities. As indicated in the principles of development, the team tried to craft these descriptions in the sense of observable behaviours. The task team remains open for any detail commentary on how to enhance these descriptions.

6 Representatives from INTOSAI regional

Not applicable (UAE) - Went to see IFAC and COO made the following comments: a. They are also struggling in developing environments, and often see the GDP

This statement has been interpreted as an argument for a) partnering and b) for growing into the utilisation of the framework – principles confirmed in both the

14

organisations at 2016 IDI work-session for regions

e.g. As a driving force and a lever for cooperation between audit and PAO - it may be the same journey, and justifies further dialogue.

“enabling mechanisms” and “competency framework” documents.


Not applicable Maintaining a document such as this with all the changes that may take place, e.g. in relation to financial audit standards. We need a document explaining how this will be maintained.

Agreed. This has been acknowledged in the (new)principle 4.6 on page 7 of the document. The team accepts that this principle will require further unpacking post XXII INCOSAI in consultation with the INTOSAI PSC and FIPP.


Not applicable (AFROSAI) - Does this adequately cover court SAI's. (This document is aligned to ISSAIs and the audit process in the court, but not the judgement process)

It will be great to have more commentary from court model SAIs in this regard. As indicated, this framework has been developed in close correlation with the ISSAI requirements, which should cater for audit processes in court model SAIs. The judgement process has specifically been excluded from the framework, as the team believed that this type of process will be handled by levels more senior than an audit professional. Will provide a footnote to this effect in the framework to explain this thinking better.

Also note the commentary under the heading “application” at the bottom of page 8.


Not applicable (ASOSAI) - Not clear enough that the SAI can choose what to use.

Noted. Enhancements has already been made as a result of comment received from task group members (see enhanced principle 4,3 on page 6 and the reworked conclusion – section 7 on page 24)


Not applicable (ASEANSAI) - Performance audit: an interdisciplinary theme in our SAIs - there is a need for these to be competencies for teams.

The principle is recognised in the section dealing with principles (competency modelling – par 3.4 on page 5). By implications the concluding (page 24) does hint at the same principe, but the text will be enhanced to reflect the team principle better.

15


Not applicable (DSC) - Re AFROSAI question (see 8 above), the jurisdictional control / judgement is the core part of the Francophone countries (and differs from the South American approach) - invite them in earlier. Refer "Declaration of Rabat". We must make sure that the main purpose of this FW should be exclusive of judgement?

See reponse to item 8 above.

Will revisit need for commentary from regions / SAIs wit jurisdictional control judgement functions.


Not applicable (INTOSAI GS) - This project has immense implications for our SAIs and may need more research of various - have a bottom up approach and not top down.

Agreed. That principle has been acknowledged by INTOSAI regional organisations when they identified “professionalization support” as a key service offering for regional structures.

A focused effort to create room for this must receive attention post XXII INCOSAI, with regional organisations facilitating this process.


Not applicable Cost/risks benefit analysis should be borne in mind in the further work.

Agreed. As this process develops and matures, more clarity on this will emerge. The task team, however, firmly believes that it would be irresponsible to express a view in this regard at a global level, and it may be a question best addressed at individual SAI level


Not applicable (PASAI) - We have members using different framework (yellow book system) and we're going to have to figure out how it would be applicable to them

Acknowledged. Hopefully the principles of “core consistency’ and “global profession, local solution” will allow for adequate flexibility to allow for this to be possible.


Not applicable (ASOSAI) - The FW seems fine, but there may be many SAIs who already have FWs that they use to evaluate their auditors. At regional level it is not so easy to do certification because of the wide variety and the language challenges - so at SAI level and perhaps not regional level (the supervisor is the only one to evaluate an auditor)

The fact that SAIs (and INTOSAI regional organisations) already have competency frameworks and the “cross-feeding” that may occur when the INTOSAI framework is compared with these existing frameworks, can only lead to a stronger reflection on required competencies. It also means that, if properly featured in that region (or even at INTOSAI level) these frameworks and the work that’s based on these

16

framework, can be shared with other SAIs as possible best practices.


Not applicable (ASEANSAI) - Very NB to also evaluate the integrity and honesty of the auditor (see CC1.1) Leadership includes mentoring others... If not covered could add mentor ship. Is it possible to have very general / common competencies, e.g. value adding, risks, etc, in each of the three areas

Agreed – see new CC1.4 as a “starting point’ for leadership competency development, defined as basic investment in people around the professional.


Not applicable (CREFIAF) - Only available in English which made it a little difficult to comment. Relevant in structure and content, except that the judgement process is not covered.

Noted – unfortunately the development process necessitated English as a working language. The team acknowledge the need for this to be available in all INTOSAI languages sooner rather than later and undertake to investigate options in this regard


Not applicable Propose that the introduction comments about the process as far as the organizing of the profession is concerned/processes to come.

Because of the risk of duplication between the different CBC and TGIAC documents, commentary in this regard has been limited to the two references in the block at the top of page 2. The team will explore ways to be more explicit regarding this, either in the background or the concluding comments


Not applicable (ARABOSAI) - It will be good for getting auditors to speak the same languages worldwide. There are risks to developing such as FW include that this should not lead to specialization - non-certified auditors may (mistakenly) appear more qualified.

Also, there are many international FWs that are attractive as they provide for careers also in the private sector. The FW should not lead to segregation between audits. It does not deal with judgement process competencies. Technical observations include to add "conflict management skills". Also, since ISSAI implementation is a priority everywhere, to add this skill area. The link to SDGs is not clear - as auditors will have to demonstrate an

Agreed – this talks to the very practical application of this framework and it may be necessary to be more explicit about the fact that the application of this framework is envisaged as an inclusive process designed to allow everybody (those already in the system and those entering the system) to evaluate whether they do indeed have the required competencies to deal with full ISSAI implementation and to guide development in that direction, where necessary.

Judgement process – see note 8 above

Conflict management – the team did consider this as a sub-element of both people engagement (CC 1.4)

17

understanding of the subject matter. Regarding the issue of critical - one needs to have certified teams and not auditors.

and communication (CC2.2), but felt that it was inappropriate to include this level of detail. To the extent that this may be an explicit SAI or regional need, this can be added to the framework (as envisaged in the concepts of “core consistency” and “global profession, local solution”.

SDG link – this reference under the performance audit competencies was intended as a contextual statement and will be rephrased to reflect this intention better.

Teams – see commentary regarding competency modelling (page 5)


Not applicable (OLACEFS) - Is this going to follow (PSC) due process?

Since this is not a PSC deliverable and it is not yet (in its current format) intended as a document for inclusion in the ISSAI framework, the PSC due process requirements are not applicable. The document will, however, be sent to the full INTOSAI community for comments and comments will be evaluated and inputs reflected, as appropriate. The document will also be considered in full at the 2016 INTOSAI CBC meeting with a view to obtain agreement from the Steering Committee to take this to XXII INCOSAI for consideration as a basis for further developments regarding professional pronouncements for auditor competence (see detailed recommendations in the “enabling mechanisms” document).


Not applicable (AFROSAI-E) - We deal with it on two dimensions - leadership and professsionalisation. In respect of the last, we are partnering with IFAC. As far as leadership and management development we have defined four levels in the SAI: qualified auditor, team leaders/manager, director and DAG. For these we've defined profiles/framework.

This TGIAC framework addresses our first level, but it is useful. we should be able to in a year or two to

This framework does indeed just focus on the technical competencies for audit professionals as per the relevant ISSAIs. Leadership competencies have specifically been excluded from this framework, although provision has been made in the core (cross-cutting) competencies (the horizontal bar) for the start of the leadership journey.

Fully agree on the need for regional organisations to take ownership of this model and to expand on it

18

provide an assessment service to our members (including online). Suggest that the regions take ownership and e.g. figure out how to cascade it into their systems.

further. The same applies to the need for partnering with bodies such as IFAC and others to make this a practical reality (see section on “partnering for success” in the “enabling mechanisms” document.

22 IDI Not applicable Proposed the cross-referencing of the individual competencies to the relevant ISSAI requirements (to be driven by the technical specialists that crafted the original version of vertical legs of the competency frameworks.

To follow

23 General Not applicable Consider approaching SAI of France for commentary on this framework to address possible concerns on the applicability of this framework in court systems / other systems.

Detailed commentary to indicate this limitation has been added, including bringing back competency CAC 5.3 (see note 5 above) with an appropriate footnote.

Contact has been established with the SAI of France to deal with this further rework


Not applicable The framework needs to pronounce on application of this framework in more detail (PASAI).

How does the framework deal with the use of different accounting systems in certain regions (PASAI)?

The task team believes that it is important to first get a sense of agreement on the core framework before venturing into application – hence a decision to deal with agreement on the framework at XXII INCOSAI, with work on application flagged for post 2016.

The framework subscribes to the principle of “local profession, local solution” – while it requires knowledge of accounting systems (a generic international requirement), it allows the local flexibility of specifying accounting systems per region.


Not applicable Regional certification may not be possible – due to diverse nature of SAIs and also barriers to language – may be SAIs can conduct certification by itself (ASOSAI)?

Leadership process needs to be a part of competency framework (ASOSAI).

This is entirely appropriate in terms of the framework.

As indicated in the framework, it currently only deals with the key technical competencies (although the cross-cutting competencies does lie a basis for the development of managerial and leadership

19

competencies). Further developments will follow and will include emphasis on managerial and leadership competencies.


Not applicable Some SAIs conduct all three streams of audit – is this allowable in the framework and how will it be catered for (CAROSAI)?

Yes – it is allowable. In the section dealing with principles, the concepts of regional and SAI tailoring is confirmed, while a note has been added to indicate that combining between the three streams may also be possible.


Not applicable The framework should develop competencies for a team rather than individual – why can’t the competencies be written at team level (ASEANSAI)?

The task team found it more appropriate to develop competencies at individual level, as team composition can change form situation to situation. The principle of defining competencies at team level is acknowledged in the definition section – see competency modelling.


Not applicable Court model – different models – can be added in the vertical part of the competency framework or needs specific additional work (CREFIAF).

Agreed, although efforts are currently underway to get more commentary in this regard into the framework (over and above the efforts so far to involve court system SAIs in the development process).


Not applicable The benefits of this framework are that it can be customised at the SAI level (ARABOSAI).

The question of SDGs (“demonstrate an understanding of the SDGs”) is not clear in the framework (ARABOSAI).

The ideal is to have certified teams rather than certified auditors (ARABOSAI).

Agreed

The reference was included purely as context, and knowledge in an area of these goals will have to be specified as part of the tailoring of the framework.

The framework does allow for the determination of competencies at team level (see competency modelling)

30 Representatives from INTOSAI regional

Not applicable There should be one universal concept of certificate rather than for three types of audit (OLACEFS).

The framework only deals with competencies and not yet with the development of certification programs.

20

organisations at 2016 IDI work-session for regions

The whole framework of ISSAs should be considered rather than just level 3 and 4 (OLACEFS).

Given that SAIs often deal with three distinctly different audit types separately, the team focus on keeping the related competencies separate as well. Nothing prevents the combining of competencies to create a single certification program.

The level 1 and 2 ISSAI has – by implication been included as part of the cross-cutting competencies. The majority of the framework, though, deals with individual requirements, which comes from the level 3 and 4 ISSAIs. The process has not been one of exclusion, but rather picking based on relevance to the individual audit professional.


Not applicable Development is very slow (EUROSAI).

No decision as yet as to how the framework can proceed

There should be a section on how to use the competency framework

Training may be required for using the framework

Acknowledged (in line with the 2014 GB decision and available resources to deal with this type of project). The intention is to get a level of agreement on the core framework before any work in done on application guidance. Application guidance is flagged for post-2016.


Not applicable IFAC educational standards – 8 principles – whether this was taken into account (AFROSAI-E).

Partnering with IFAC and regional PAOs for professionalisation is required

Basic benchmarking with international bodies for accounting and auditing (such as IFAC and IIA) has been done (refer to the CBC enabling mechanisms document) and this does underpin the development of the framework to the extent possible, given where the project currently finds itself. These principles will again be considered once work commence on a) the development of INTOSAI pronouncements on auditor competence and b) the utilisation of this framework.

Utilisation of this framework, especially for professional development, will in all probability required partnerships with other bodies such as local PAOs – refer to the section dealing with “partnering

21

for success” in the CBC “enabling mechanisms document.

333435

22

€¦ · web viewthe topic "purpose" mentioned that knowledge and skills will be...

Documents