Procedures for the execution of compliance audits in Cuba

Diagnosis Results

When carrying out the diagnosis to identify the current state of the audit in the territory, empirical methods were used, such as: scientific observation (Annex No. 3), interviews (Annex No. 2) and surveys (Annex No. 1).

procedure-to-execute-compliance-audit-in-cuba

As a result of the application of the scientific observation guide, it was found that:

The heads of units, supervisors, group heads and auditors present a respectful and cordial treatment towards the auditees, and show an adequate use of the working day Specialized personnel are significantly young, although with experience, verifying that they are motivated and show interest to continue forward in the audit activity; however, they must further exploit the use of information technologies in order to streamline and humanize the work that is carried out.

In interviews with four officials from the Las Tunas Provincial Comptroller's Office and one from the Jesús Menéndez Municipality Labor Section, it was found that:

Even when the Compliance Audit is identified as a type of control action, there are no established procedures for its execution. They do not have the necessary methodological support on this issue, to train supervisors, group heads and auditors of the Organizational Unit or of the National Audit System. To date, this type of audit has not been carried out in the province. In general, they only know about the subject, the definition reflected in the NCA and in the Regulation of Law No. 107 issued, both by the Comptroller General of the Republic of Cuba They consider it appropriate that audits of this type be carried out in the territory, since these can define whether the entities comply with the laws, regulations and other important requirements for the achievement of their objectives.

The survey was applied to 52 auditors, and according to their affiliation, 29 belong to the Provincial Comptroller's Office, of them 24 reside in the province and 5 in the Labor Section based in the municipality of Jesús Menéndez; 5 are from the Central Internal Audit Unit of the Council of the Provincial Administration of Las Tunas and 18 Internal Auditors from entities of national subordination.

Taking into account the answer given by the respondents to the question about the years of experience in the audit activity, it is evident that the situation is favorable for the assimilation of the system of procedures proposed to carry out Compliance Audits, since with respect to seniority and therefore experience of them 79 percent are between 6 and 20 years, the above is illustrated in the following table.

Table No. 1. Years of seniority as auditors of the respondents
Years of antiguaty	2 to 5	6 to 10	11 to 15	16 to 20	Total
Number of Auditors	eleven	27	10	4	52

Source: Surveys carried out by the author.

Regarding the answers provided to the question of whether or not they know about Compliance Auditing, 19 percent, equivalent to 10 auditors, answered negatively, by stating that they did not know it.

When asked if they have read any document on the subject, 30 of them, representing 58 percent, claim to have studied or at least to see what it consists of, as established in the Cuban Auditing Standards.

Regarding whether they have any documentation on how to apply procedures to carry out this type of control action, 49 of the respondents, for 94 percent, state that they do not have a document, while 6 percent state that they do.

However, when indicating the document by which they claim to know it, they do not do it correctly, because they expose indications or documents that do not correspond to the subject in question, these being:

4 percent, equivalent to 2 auditors, refers to a program of the defunct Ministry of Audit and Control, and 1, representing 2 percent, mentions the Cuban Auditing Standards.

To the question related to the causes that limit the auditors for the possible execution of this type of control action, the ones most indicated by the respondents are the following:

Lack of knowledge about this type of audit, mentioned by 41 auditors who represent 79 percent. Lack of methodological support to carry them out, raised by 35 of the respondents who constitute 67 percent. Little knowledge about this type of audit action. control, exposed by 27 auditors equivalent to 52 percent. They give the impression of being very complex, it is referred by 5 respondents that mean 10 percent.

Regarding whether they had received any training on procedures to carry out Compliance Audits, it should be noted that 50 of the respondents that constitute 96 percent state that they have not received training given the novelty of this type of control action, which, attentive against the quality and depth in the disclosure of the findings in the event that these audits are carried out in future.

Regarding whether topics concerning this type of control action are included in the preparation plans, 100 percent of the respondents state that they do not and the same percent declare that they would like to deepen the study on this topic, denoting interest, motivation and the Perhaps the auditors' need for a system of procedures for audits of this type.

From the result of the evaluation of the diagnosis, a summary was prepared, from which it can be concluded that the Audit activity in the current situation and in relation to the subject under investigation presents strengths and weaknesses, confirming the need to investigate on the subject, which are illustrated by the following table.

Table No. 2. Strengths and Weaknesses detected as a result of the diagnosis.
STRENGTHS	WEAKNESSES
1. Identification by the auditors of the causes that affect the effectiveness of the audit activity. 2. Need for procedures that serve as a basis for the preparation of auditors to carry out Compliance Audits. 3. Favorable situation for the assimilation of the procedures proposed for Compliance Audits with respect to the seniority and experience of the auditors. 4. Interest and motivation to delve into	1. Little command of the auditors of how to perform Audits of Compliance. 2. Insufficient methodology of how to execute this type of control action. 3. Failure to include issues related to this type of audit in the preparation plans. 4. Failure to carry out these types of audits to provide reasonable assurance that entities comply with laws, regulations and other requirements.
Table No. 2. Strengths and Weaknesses detected as a result of the diagnosis.
STRENGTHS	WEAKNESSES
the subject through training plans to strengthen the professional level of auditors.	important to achieving your goals.

Based on the results derived from the diagnosis, the author applies the design of a procedure, which is referred to in the following section.

2.3. Procedure for the execution of Compliance Audits

objective

Provide the auditors of the National Control and Supervision System with a tool for the execution of the Compliance Audit.

Scope

This procedure will be applied by auditors of the State Organizational Units that constitute the National Control and Supervision System, in accordance with their functional competence, to agencies, national offices, companies, agencies or national entities of production or provision of services, budgeted units, natural or legal persons subject to a tax obligation generated in the national territory who receive, administer, guard, use or dispose, by any title or concept of public funds, as well as joint ventures or associations, whatever their modality, to the that funds or resources of the same origin have been contributed and that they have become part of their own patrimony. And the others that are determined by the SAI of the country.

Responsibility

The supervisor and the group leader must ensure compliance with the proposed procedure, and the acting auditors ensure its application.

Legal base

It is assumed as theoretical referents; Law No. 107 of 2009 of the National Assembly of People's Power, and Resolutions No. 36 of 2012 "Methodology for the evaluation and qualification of audits", No. 60 of 2011 "Standards for the Internal Control System" and No. 340 of 2013 "Cuban Auditing Standards", all of the Comptroller General of the

Republic of Cuba. Likewise, the International Standards of Supreme Audit Institutions (ISSAI) issued by the International Organization of Supreme Audit Institutions (INTOSAI), specifically No. 4100 "Guidelines for Audit of Compliance".

Structure

The Compliance Audit is carried out in stages similar to the other types of audit, already addressed in chapter I. In this investigation the structure of the proposed procedure consists of four phases and seven steps, remaining as shown in Figure 1, which For its better interpretation, its objectives, sources of information and audit techniques are defined.

Figure 1. Stages of the compliance audit execution process.

Source: Own elaboration

The designed procedure is organized as follows:

Objective: Exposes the end or purpose of the stage that is carried out.

Information sources: It proposes the documents to be requested to obtain the necessary information regarding the subject or subjects that will be analyzed in the control action to be carried out.

Audit techniques to be used: Provides the selection of the audit techniques to be used to collect the information to obtain evidence.

Procedures: It addresses the design of the procedure to follow with a logical and organized process, explaining how to proceed in each case, which documents to request for the development of each of the objectives that respond to the end sought, as well as the instruments to apply to obtain evidence that can be surveys, interviews, among others. In addition, the essential regulations to study when conducting the audit are indicated.

Stage No. 1: Planning the Compliance Audit

It is very important to keep in mind that planning is the primary moment of the audit process, since the achievement of the proposed objectives depends on its result. In a Compliance Audit, the origin of the same must be taken into account, which may be derived from: complaints made, control services performed, monitoring of corrective measures, evaluation of the Internal Control System, as well as requests from the senior management of the country or indications of the highest control entity, within the framework of its powers.

Objective: Define the objectives and scope of the audit, as well as the strategy to follow so that it is carried out with quality.

Information sources:Legal document that approves the constitution of the subject to be audited, its corporate purpose, state commission (and where appropriate, its modifications). Provisions that approve the constitution of the management and advisory bodies, File of Control Actions, Regulations and Minutes of the Board of Directors, Provisions that approve the post template (approved and covered), appointments resolutions of the main managers, Plan of Risk Prevention, Organization chart, organic regulation and operating manual, financial statements and their notes, balances verification of balances, level of centralization of accounting; Affidavit of taxes and if they have been fined for non-compliance with the tax system, List of existing economic contracts with other entities, Lawsuits presented to the courts,Certificate of registration in the Registry of companies and budgeted units and that of taxpayers, License or document that approves operating bank accounts by types of currencies, bank branch, Resolution that approves the authorized signatures necessary for the transactions and operations that require it, Updated certification of the inscription in the General Registry of Jurists of the Republic of Cuba of the legal advisor of the entity, updated Certificate of the Financial Accounting System (s) used. Appointment of the head of the entity and of the officials of the first level of management; Internal Disciplinary Regulations and Collective Bargaining Agreement. Carry out a discussion with the Director and other specialists responsible for the matter that will be verified. Work order,Objectives of the audit, Knowledge of the subject to be audited and Legislation associated with the matter to be examined.

Audit techniques to use: From the verbal techniques to use the interview; of the eyepieces the observation and selective revision; of the documentaries the general study; physical inspection and written analysis, conciliation and confirmation.

Step #.1: Knowledge of the subject to be audited

An important element of planning a compliance audit is to carry out a prior evaluation of the entity and / or activity that will be verified, therefore, before starting the control action in the field, it is investigated with personnel from the System Service Department Territorial Audit and Planning of the Provincial Comptroller's Office to know general data of the entity such as: name, address, REEUP code, subordination, Tax Identification Number, type of entity and if they have received control actions in the last year and the results obtained in them. Likewise, the head of the group or auditor designated by the latter, must be informed in the area of Attention to the population about whether there have been complaints, reports or anonymous complaints against cadres or workers of the entity to be audited.The preliminary study will allow the acting auditors to gather relevant information to become familiar with the activities, processes, procedures, risks and controls, as well as to identify the laws, regulations and areas in which more emphasis should be placed, as well as to use the existing study of the corporate purpose or state commission of the subject to be verified. In specific cases the auditors can use the knowledge acquired in the referred study to decide if continuing with an audit is feasible.In specific cases the auditors can use the knowledge acquired in the referred study to decide if continuing with an audit is feasible.In specific cases the auditors can use the knowledge acquired in the referred study to decide if continuing with an audit is feasible.

In this step the acting auditors review, study and compile the regulations described above; through the use of audit techniques, such as observation, interview and analysis, to achieve a better knowledge and understanding of the entity, its environment and the matter to be examined.

Another way to be used to collect information on the main activity of the entity under investigation and identify the legal regulations by which they must be governed, and if the matter to be reviewed is implemented, may be through surveys of cadres, officials or other workers.

Violation of laws and regulations may cause the entity to cease its operations, put its continuity in question or be subject to transcendental judicial sanctions. It is important that the audit group achieve a general knowledge of the matter to be examined.

The time necessary to use to carry out the preliminary study will depend, among other factors: by the size of the existing information, the complexity of the matter or if it is a new one on which the auditor has little information, or if it is a follow-up on a topic that the auditor is well trained and has performed prior analyzes.

With the information derived from the previous study, the on-site audit begins, through a meeting with the main managers and factors of the political organizations, the masses of the center and others that for their interest are required to convene, where the content is communicated of the Cover Letter, that is, the matter to be examined, objectives, scope, duties and rights of the auditors and auditees, updating those aspects that may have changed.

From the information gathered and the previous study carried out, we proceed to identify the risks and / or limitations that lead to non-compliance with laws or other regulations.

Risk analysis is a fundamental part of a compliance audit. Due to their inherent limitations, these control actions, like other types of audits, do not provide absolute guarantees that all cases of non-compliance will be detected. However, if this is carried out obtaining security, it increases the confidence of the auditees in the information provided by the group of auditors and experts, for this, it is important and obligatory to understand the matter to be examined, to obtain sufficient and appropriate evidence.

Among the inherent limitations of a compliance audit are:

Management discretion when interpreting laws and regulations Committing human errors Improper conception or ineffective operation of systems Circumvention of controls Concealment or retention of evidence

In a compliance audit, the risks will vary in relation to the matter controlled, the analysis of the same is carried out according to professional judgment by the supervisor, group leader and the rest of the audit work group, identifying the inherent and control risks according to its priority in high, medium and low. To obtain more information on this aspect, study the NCA 500 established by the Comptroller General of the Republic of Cuba, through Resolution No. 340 of October 11, 2012.

The information obtained in this study will also be useful in drawing up the audit program and carrying out follow-up actions.

Step # 2: Accuracy of audit objectives and scope

In the execution of this stage, the supervisor, the group leader, auditors and experts take part, as established in NCA 410.

The fundamental principles of auditing state that the auditor should plan his tasks in such a way as to ensure a high quality audit. In planning a Compliance Audit, they will ensure that the preconditions are met to execute it effectively, so it is necessary to know the audited entity and the circumstances surrounding the audit in order to have a frame of reference. for the application of their professional judgment throughout the audit process.

Determining what the objectives of the compliance audit will be and the matters to be controlled, as well as the information about it, is one of the first steps in planning and executing a compliance audit. In most cases it will respond to a strategic decision of the SAI, based on the information obtained in the previous study, applying the professional judgment of the auditor. These objectives make it possible to guide the execution of the control action in the field and the results to be achieved in it. The Head of the Organizational Audit Unit, the supervisor and the audit group are responsible for its compliance.

They can be classified as general and specific. The general objectives must be consistent with those previously included for each work contained in the Annual Audit Plan and must be fulfilled by the officials described above, in the execution of the compliance audit through the specific objectives.

Once the critical risks and key controls associated with the matter to be controlled have been identified and analyzed, the specific objectives are defined (particular objectives to be achieved at work), which will be incorporated by the group leader and supervisor in the program to guide the application of audit tests.

The objectives of a compliance audit represent instructions to be followed by the personnel in charge of executing it, they limit the collection of unnecessary information and control the scope, methodology, time and nature of the work to be carried out, making it possible to obtain sufficient evidence on the corresponding information. to substantiate the conclusions.

In formulating them, the following principles must be complied with:

Be stated as questions or points to be determined. Eliminate abstract or unfocused terms. Identify the person responsible for the operational activity. Define them so that they consider a realistic scope or methodology.

When the compliance audit refers to laws or other applicable resolutions in budgetary matters, it will cover the income and financing of the entity, as well as its expenses.

The SAI, and failing that, the Head of the Organizational Audit Unit, supervisor or head of the audit group, define the scope or period that the control action will cover; they set what or what will be the subjects to examine.

In this type of audit, the auditor must review and evaluate a selective sample of the entity's operations, processes or activities, as well as the use and destination of material and financial resources, for a specified period and in compliance with the laws and regulations. For this, it must use the existing knowledge about the main activity of the company and identify the regulations by which they must be governed and which fundamentally contribute to the achievement of the objectives and goals of the entity to be audited, since the criteria of this type of audit are the legal, administrative and regulations, both internal and external, that regulate all the operations and activities of the entity that are found in sources such as Constitution, Tax Laws, Accounting Legislation, National Decrees,Agreements, Exchange or Customs Laws, Resolutions, Statutes, Circulars, among others.

When informing the controlled entity of the scope and general objectives of the audit, the group leader must explain that these may change depending on the findings detected, provided that the result of an investigation requested by the competent levels is not compromised., complying with what is indicated in the NCA 100.

Once the objectives and scope of the compliance audit have been defined, the auditor will determine the sample to be verified, especially taking into account that not all the elements of the matter to be examined are reviewed. To define the sample, non-statistical sampling can be used, putting into practice professional expertise and judgment, the selection of the sample will then be random, ensuring that all operations have the same possibility of being chosen.

The size of the sample will be in correspondence with the level of operations of the subject to be audited, and must be greater than 15 percent, as it must be representative to reduce the risk of detection.

In this step it is important to check if the audited subject has conceived in the self-control actions on compliance with the regulations or established provisions, by which they must be governed and which basically contribute to the achievement of their objectives and goals, and if the result Its application is analyzed in the Prevention and Control Committee and the Boards of Directors, as well as if they are made known to the workers.

Stage No. 2: Compliance audit program

Objective: Design the program to be used to fulfill the objectives set.

Information sources: Knowledge of the subject to be audited, General and specific objectives of the audit and legislation associated with the subject to be examined.

Audit techniques to be used: From the eyepieces, observation and selective review; of the documentaries the general study and of the written ones the analysis.

Step # 1: Details about the program

For the preparation of the program to be applied in said control action, the main legal regulations that are mandatory for the auditing entity must be taken into account, mainly those associated with the subject matter or subjects under analysis; as well as its validity so as not to err in the qualification with which the audit is concluded. The purpose of this audit program is to guide the work to comply with the general and specific audit objectives, it must be approved before starting the execution in the field and can be modified during the course of the work, said document is prepared by the Group Leader, reviewed by the Supervisor and

approved by the Head of the Organizational Audit Unit or by whoever he or she designates. In formulating the program to carry out Compliance Audits, the group leader must:

Establish general and specific audit objectives Determine the scope of the work Identify the existing audit sources, as well as the matters or areas to be examined Establish the nature and extent of the required audit tests Include the methodologies to be used, such as, for example; computer-assisted audit techniques or sampling techniques.

The aspects included in a program for compliance audits may vary in each entity, depending on the work objective (s), level of complexity, structure of the entity or activity to be verified, and the degree of experience of the audit staff..

Step # 2: Structure a Compliance Audit Program

The purpose of this step is to specify the structure of the audit program so that the group of acting auditors can fulfill the proposed objectives, the aforementioned document must contain the data shown in figure No. 2.

Once the audit program has been drawn up and approved, by the corresponding levels, before starting the execution stage, the group leader together with the auditors and the supervisor must analyze the points to be verified, to verify that all the members of the group understood what is the goal set to achieve the objectives proposed in the control action.

Figure No. 2: Structure of the compliance audit program.

Source: Own elaboration

Stage No. 3: Execution and obtaining of evidence

Objective: to obtain the audit evidence to support the findings detected.

Information sources: Laws, regulations, procedures and other documents associated with the matters that will be subject to verification.

Audit techniques to be used: Observation and comparison or confrontation, selective review and, if necessary, tracking are used from the eyepieces; of the documentaries the analytical review, verification, computation and the general study; the physical inspection and the written analysis, confirmation, reconciliation, calculation and tabulation. In this phase, substantive and compliance tests are applied, sufficient and appropriate evidence is collected, the audit findings are determined, and the partial results of the audit are reported.

It is important for the auditor to bear in mind that management is responsible for ensuring that the entity's operations are carried out in accordance with established laws and regulations, which can assist management in the anticipation and disclosure of non-compliance. Therefore, they must hire legal advisors to support them in monitoring legal obligations, for their proper execution, as well as having a compendium with the main laws that are of compliance for the entity.

Step # 1: Working papers (PT)

All PT constitutes the support of the findings and recommendations contained in the audit reports, therefore, they must be sufficiently complete and detailed to achieve a global understanding of the audit.

In a compliance audit, the PT can be issued by the auditors in printed models or in electronic files, they must contain verifications or follow-ups of an operation or transaction through each step described by current legislation on the controlled matter or established procedures by the subject to be audited, in order to determine if the information is processed in the manner described and in order to detect an error or defect in the description or application made thereof. The PT will detail all the tests carried out and the conclusions reached. They must be prepared with care, with clear and precise wording; no smudges, amendments or erasures; legible handwriting; no mathematical errors in the calculations made;use sign that identifies the type of currency and double stripes for totals. For more information on this aspect, see NCA 900: “Work papers”.

To ensure that these can be easily identified, they must clearly contain the following:

Figure 3. Structure of the PT for the execution of the Compliance Audit.

Source. Own elaboration.

The PT heading is divided into two sections (left and right):

The left section reflects in descending order: Name of the subject to be audited; Subject, matter or subject to be audited; Audited period and Objective of the PT. In the right section it is reflected in descending order: Number of the work paper; Start and end dates and Signature or initials of the person who made them.

In the body of the PT the auditor shows sufficient and appropriate evidence of the aspects reviewed and that support the qualification of the action taken. It also reflects the stamp or signature of the group leader and the supervisor and the review date, as well as cross references for other support PTs, the source of information, procedures used to achieve the proposed objectives and conclusions derived from the results of the verification performed.

In the lower part of the PT (footnote), the description of the audit marks, abbreviations or symbols used by the auditors and their meaning are identified as a legend, in addition, cross references can be reflected, as well as explanatory or complementary notes, to make any concept established in the body of the PT more concise or simple, in order to clarify or expand information or point out special situations that do not mean observations or irregularities and internal control failures.

Step # 2: Assessment of the evidence

For the performance of the compliance audit, the auditor applies and documents the audit program in order to obtain evidence, which must be evaluated by each auditor in order to reduce the risk of the audit and to serve as a basis for the conclusions.. Said assessment consists of the use of the auditor's professional judgment and suspicion to determine if the evidence derived from the work performed is sufficient, competent, relevant and appropriate, considering the elements that support or challenge the information on the subject (s) reviewed.

A compliance audit, even when properly planned by the group leader and the supervisor, is subject to the risk that some significant violations or non-compliances are not found, due to factors such as:

The presence of various laws related to the entity's operations that are not captured by the accounting and internal control systems Conduct that is intended to hide the breach, such as complicity, falsification, intentional failure to register documents or erroneous statements made intentionally to the auditor.

Por lo antes expuesto, el grupo de auditores deberá obtener evidencia suficiente y apropiada sobre el cumplimiento de las leyes y regulaciones que le son aplicables a la entidad. Si en el transcurso de la acción de control el grupo de auditores se topase con situaciones que los estimulen a pensar en la existencia de irregularidades significativas que estén derivadas de fraudes o errores, se deben ampliar los procedimientos, técnicas e instrumentos a emplear. Como resultado de la investigación llevada a cabo dándole respuesta a los puntos del programa de auditoría, el grupo de auditores identifican, redactan y dan a conocer las desviaciones de cumplimiento, evaluando las acotaciones dadas por las personas vinculadas en los hechos detectados.

The deviations detected by each auditor constitute the result of the work carried out by means of which the sufficient and appropriate audit evidence is obtained to support the auditor's conclusion, establishing the degree of compliance with the regulations applicable to the entity, as well as the provisions internal and contractual requirements. And if this is the case, the existing internal control irregularities are indicated, detailing the non-compliance, including the causes and consequences that affect it and those responsible.

When the auditor discovers non-compliance with regulations, he writes the non-compliance, using an understandable and simple wording, whose content is explained in an objective, concrete and concise manner; In addition, it must verify that the findings comply with its four attributes, these being: the condition, the criteria, the effect and the cause, its concepts detailed in the NCA 700: “Evidence and audit findings”.

On the other hand, if in the execution of the control action the auditor needs to use documentation or other means that contain information, he must use an Occupancy Act, whose format can be seen in NCA 700-1. And for the return of the same

must do so using a Return Act, as established in the

NCA 700-2. Likewise, if it is necessary to leave a written record of the statements made to the auditor by workers, officials, managers of the subject to be audited or other personnel who are related to the audit findings, the document indicated for this in NCA 590-1 is used., this being the Declaration Act.

In due course, the head of the group informs the head of the entity of the proposed date to report the partial results, with the aim that he or she coordinates the place where the meeting will be held and summons the workers of the areas covered in the audited matters, as well as the personnel of the political organizations, of the masses, and others that for their interest it is required to be summoned; noting compliance deviations and other deficiencies detected. The notification of these results is made in writing by means of an act signed by the parties. See format in NCA 330-1: “Report of partial results and final audit results”.

Once the partial results have been released, the audit group proceeds to return the original documentation provided for the performance of the work, including the one that covers compliance deviations, to the official or worker responsible for the entity that provided it, ensuring first, to have legalized copies of those that support the breaches. In the event that said official or worker is directly responsible for the deviations detected, the documentation will be dispatched to the entity's top leader to safeguard the evidence, and if the latter is also involved, look for another variant that allows the information to be safeguarded.

In this type of audit, for the compliance deviations detected, those responsible must show comments or annotations (see Annex No. 4) to be evaluated by the personnel who participated in the control action. Comments are submitted, in writing, by each of the persons included in the Report on the partial results as responsible for the deviations from compliance, and if applicable, they attach the pertinent documentation. The delivery of the aforementioned document must not exceed ten (10) business days after the discussion of the aforementioned record, specifying that, if no response has been received upon expiration, such situation must be recorded in the report together with the alleged facts.

Once the observations or tests are received, they are evaluated by the group of auditors, a legal specialist from the Organizational Unit and an expert who participated in the control action, exhaustively, sensibly, and impartially; leaving a documentary record of the assessment made, in the control action file, for this purpose a proforma or model is proposed by the author of the investigation to be filled out by the group leader (see Annex No. 5). The evaluation must be written in the third person, being reviewed by the supervisor and approved by the head of the Organizational Unit or the department. Each deviation is evaluated and recorded separately.

If when carrying out the evaluation of the annotations (see Annex No. 4) delivered by the persons included (see Annex No. 4) in the reported facts, it is decided to reject the deviation, said conclusion is included in the last line of the said evaluation in a sustained way; and if, on the contrary, there are no changes in the compliance deviations, then the latter are included in the audit report, specifying the functional or criminal administrative responsibility (see Annex No. 4), as appropriate.

And in cases where there are non-compliances and the causes are not disclosed by the persons responsible for the deviations or the pertinent observations are not made, this is also indicated in the audit report.

If, as a result of the evaluation of the annotations, it is necessary to obtain more evidence or to corroborate information, the group of auditors may return to the controlled entity, with the prior approval of the head of the organizational unit in charge of the control action. At the end of the presentation and evaluation of the clarifications or tests, all the information obtained is immediately taken to the stage of preparing the audit report.

If necessary, the Audit Group may have the participation of a natural or legal person who has skills, knowledge and experience in a particular field other than accounting and auditing, known as experts. The technical reports issued must be supported by sufficient and appropriate evidence, since those results are used to support the opinions or conclusions of the audit report, which also contribute to the rating of the control action carried out.

Stage No. 4: Results of the compliance audit

Objective: To state in writing the results to which the auditor arrives. Communicate the final results obtained in the compliance audit. Assess and expose criteria for the project of disciplinary measures to be adopted by the audited subject, as well as the plan of measures and the disciplinary applied to the direct and collateral responsible.

Information sources: Minutes of the partial information with the summaries of the reviewed subjects, working papers with sufficient and appropriate evidence, as well as evaluations of the annotations presented by those responsible for the deviations from compliance detected. Proposals for disciplinary measures to those directly or collaterally responsible, a plan of measures to eradicate deficiencies or deviations, disciplinary measures applied and an audit report.

Audit techniques to be used: From the eyepieces, observation, comparison or confrontation and tracking are used; of the documentaries the verification, analytical review and the general study and of the written ones the analysis, calculation, the reconciliation and tabulation.

Once the execution stage is concluded, the group of auditors begins the preparation of the report with the results of the control action carried out, identifying the most relevant compliance deviations, which will promote the basis for granting the rating.

Step # 1: Audit report

The group of auditors must prepare a written report, in which they reflect the detected deficiencies of internal control, the compliance deviations, as well as the conclusions and recommendations to improve the management of the auditee. Its preparation is in charge of the group leader, auditors and supervisor, and it must be sent to the corresponding higher levels for review and approval.

The content of a compliance audit report is exposed in correspondence with its objectives, in a clear, concise, objective, timely and easy to understand manner, avoiding excessive repetition of words and the use of offensive or vulgar terms; Acronyms or abbreviations that have not been previously declared should not be used; Unless they are well known, such as those used in measurement units. It should be written in an impersonal way, use common and widely used words, as well as properly use punctuation marks, specifying, in addition, that the control action was carried out in accordance with the Cuban Auditing Standards and the approved procedures.

The group leader must divide the aforementioned document into sections (objectives or topics) to provide the reader (auditee) with a quick location of the content of each one of them. All titles are highlighted in “bold”. In the communication of non-compliance, the group of auditors must report in an orderly and objective manner the evidenced facts and include in the report, as an annex, the functional administrative responsibility, identifying the people involved in the facts.

Likewise, the group leader and auditors verify that everything included in the report is supported by the working papers and that it responds to relevant findings with sufficient and appropriate evidence. And that the rating granted is in correspondence with the conclusions derived from the results of the audit, and in accordance with the provisions of Article 8 of Resolution No. 36, issued on February 9, 2012 by the Office of the Comptroller General of the Republic of Cuba, or legislation in force at the time of the control action.

The report must have recommendations that establish specific, clear and possible actions to eradicate the causes of internal control deficiencies, and deviations from compliance, in addition, they must promote the improvement of the entity's management; All will be directed for adoption, to the highest leader of the entity or, if applicable, to other cadres or officials who have the authority to guide its application.

See the NCA 1200-1 on the declaration of said responsibility and the NCA 1 200: “Audit report”, to learn more about the general guidelines for the presentation of said document.

In the event of a criminal responsibility, derived from an alleged criminal act, a special report is prepared in accordance with the provisions of Resolution No. 248 of September 25, 2007 of the defunct Ministry of Audit and Control; However, the author of the investigation proposes that in accordance with the provisions of the aforementioned legislation , a legal foundation be made by the lawyer or legal adviser of the compliance audit team, with the aim of achieving a better understanding of what has been expressed at

Special Report (see model for the justification in Annex No. 6)

In said foundation, the elements, both objective and subjective, of the identified deviations are exposed, which will be previously coordinated with the Attorney General's Office and / or its provincial or municipal headquarters, and sent through the corresponding level for the respective procedure.; and initiate legal actions. This rationale must be included in the documentation of the control action.

In the aforementioned NCA 1 200, the form and content of the aforementioned document is established (see structure in figure No. 4), however, as indicated, in the Compliance Audit report the group leader, auditors and other members of the working group, should include:

Origin of the Compliance Audit (according to plan, request or complaint) Legal basis: refer to the legislation or authorization on which the control action is based. Exceptions found: Comments from the persons involved in the events (if no response has been given to the communication of deviations from compliance or if it was untimely, said circumstance will be exposed in the report for reference purposes), and the evaluation of the comments presented Use an emphasis section or paragraph, when the auditor considers that the reader will not have an adequate understanding of reality. Deviations from the applicable regulations and / or limitations, which must be assessed if they imply lack of collaboration of the controlled subject with the auditor or incorrect custody of the documentation.Recommendations for the entity to improve in the management of compliance with legality. In addition, the qualification of the audit should be indicated, which according to the legislation, may be:
- Complies: the auditor observes that the legal provisions and the regulations in the legal documents, inherent to the activity or subject subject to review, or the deficiencies detected are not repetitive and their effect does not jeopardize the objectives and goals of the entity. Non-compliant : when the legal provisions or the regulations in the legal documents inherent to the activity or subject subject to review are not complied with, or the deficiencies detected related to non-compliance with those provisions and documents or part of their content, are repetitive and their effect puts at risk the objectives and goals of the entity.

Figure No. 4: Structure of a compliance audit report.

Source: Own elaboration

Annexes to the report of a Compliance Audit:

Functional Administrative Responsibility Act. Criminal Liability Act. Evaluation of the comments submitted by the persons involved in the facts. Legal Foundation.

Step # 2: Communication of the results.

For this step, the group of auditors must carry out what is stipulated in subsections e), f) and j) related in NCA 330: “Communication to managers of important matters in the audit process”.

They also monitor the presentation, by the verified subject, of the plan of measures, as well as the disciplinary measures proposed and adopted with the direct and collateral responsible for the deficiencies or deviations detected in the compliance audit, within the established deadlines. in Annex No. II of the NCA: General Provisions that regulate the activity of Internal Audit and Civil Service Societies and other Organizations that practice independent auditing. Chapter 3, Section 3.1, Subsections L) and M).

Once the project of disciplinary measures is received, the group of auditors must make an assessment of them and issue the relevant criteria and send them to the audited subject within the term established for it, the same procedure is used for the plan of measures presented by the audited subject, and for the disciplinary measures adopted with the direct and collateral responsible.

Although the limits between the audit phases are not defined: Planning, Execution, Reporting and Monitoring, it is important for the auditor to acknowledge their existence and carry out their tasks according to each one of them, which allows an adequate review and supervision from the start to the approval of the audit report.

2.4. Example of a Program to be applied in a Compliance Audit General Objectives:

Check if the procedures used, in the matters to be examined, are in accordance with the laws, rules, regulations and other legal provisions, and if they are being applied effectively and are appropriate to achieve their objectives Determine the level of reliability of the internal controls implemented by the entity in the processes, administrative and management systems, linked to the matters to be reviewed Identification of possible infractions in the legal system of the administrative, economic or other actions carried out by the entity subject to control, of compliance with the regulations and regulations that govern it.

Specific Objectives:

Verify if they have an internal auditor and a legal one for a better development of their functions Verify that they comply with the provisions of Resolution No. 42/2002 of the Minister of Justice, regarding the preparation and content of the Legal File of the entity.Compliance with the contracting, status of collections and payments, billing, reconciliations, claims and demands. Analysis of compliance with the plans and their main economic indicators, production or services in the first quarter of 2015, causes of deviations. Verify compliance with the application of Resolution No. 17/2014 of the Ministry of Labor and Social Security (MTSS) Evaluate the system for capturing, analyzing and reporting corruption events, as well as the treatment given to complaints and complaints.Check the effectiveness of the internal control system implemented, associated with the specific objectives.

Aspects to verify:

Constituent and Functional part:

Verify if the internal auditor and the jurist are registered in the corresponding registries and if the corresponding updated certification appears in the labor file of both. Check that the Legal File of the entity contains the information and basic legal documentation of the entity in accordance with what is established in current legislation, such as:

Identification of the entity:

Name of the Entity, code and address; body, body or institution to which it is subordinate; activity it develops (corporate purpose or state commission); number of subordinate entities (when applicable); approved and covered staff (of the latter specify, number of men and women, as well as by type of occupational category).

Basic legal documentation:

Authorizing and constitutive or creation documents of the entity designation of the head of the entity and of the officials of the first level of management of the entity; licenses, permits and other commercial, banking, tax authorizations, among others, that the entity requires for the realization of its economic activity; regulations of the board of directors (verifying its legal functioning through the minutes and agreements adopted); internal disciplinary regulations and collective bargaining agreement.

Commercial and contractual activity:

To inquire about the entity's main clients and suppliers, as well as the contracts signed and the opinion of the contract by the Legal Advisor of the audited entity (when applicable). Make sure that the contract signed by the persons empowered to do so is updated and complies with the provisions of current legislation, prioritizing those related to its corporate purpose or approved state commission; Review levels of accounts receivable and payable, if the causes have expired; documentary evidence of the collection efforts carried out, payment agreements, claims, lawsuit before the competent Provincial Court (and if any, the status of the process); and in accounts payable (if applicable), verify compliance by the audited entity with the judgments issued by the competent court.Check the correspondence of the products or services contracted and received, with what was received or sold to third parties; (whenever it is possible to verify the final destination given to the resources) Verify and confirm payments made or received from third parties (through confirmations with customers and suppliers).

Labor elements:

Verify the existence, control and content of the Employment Contracts (in the case of relationships formalized by appointment, verify the Resolution or Appointment Document), mainly of the Internal Auditor and the Legal Advisor or Specialist. Verify the existence and control of the Labor Records Verify if they have the Collective Bargaining Agreement and if its content complies with the provisions in this regard, in current legislation Review the composition and operation, if any, of the Basic Labor Justice Body Investigate if they have applied disciplinary measures to workers, officials and cadres, as well as the processes of response to claims of the same, when they have been raised Check if they have applied material responsibility, if positive,verify if they were established under the current legislation.

Economic plans and indicators:

Verify compliance with the plans and their main economic indicators for production or services in the first quarter of 2015, and assess the causes of possible deviations with respect to the Plan and the same period of the previous year, meaning the Directors, Limits and Other indicators.

Application of the form of payment for economic performance:

Verify if the managers and specialists responsible for the application of the payment systems know and apply Resolution No. 17/2014 of the Ministry of Labor and Social Security (MTSS). (apply interviews and / or surveys) Check whether the following aspects were taken into account in the design of the payment for performance system approved by the head of the authorized entity: Objectives to be achieved Indicators to be met and evaluation period of the Indicators Base salary for calculation Training and distribution of salary Authorities empowered to certify compliance with indicators Authorities empowered to approve salary distribution and period of evaluation and control of the system in the Boards of Directors Check, if they were certified management indicators,and that the salary payment in the stage object of the action was made in correspondence with its compliance levels and that the salary expense by weight of gross added value planned for the period did not deteriorate. Investigate if payments have been made to workers without productive support, and if any, quantify the economic damage caused to the entity.

Analysis of criminal acts and corruption, and treatment of complaints and reports:

Inquire if criminal or corruption acts have occurred, as well as if they have received complaints and / or reports, check the analyzes carried out by the entity Check that the system exists and works for the detection, capture, analysis and reporting of acts of corruption, as of the implementation of Resolution No. 409/2011 issued by the Office of the Comptroller General of the Republic regarding: "Procedure for information on acts of administrative corruption." Make a comparison of criminal acts in relation to the first quarter of year 2015 with the same period of 2014 and determine if they increase or decrease. If there is an increase, determine the reason why. Check that both criminal acts and corruption are analyzed by the Board of Directors, and the analysis of collateral liability is carried out.And if the acts of corruption are reported in a timely manner to the corresponding management level. Evaluate whether the application and compliance with the disciplinary measures applied to those directly and collaterally responsible are in correspondence with the seriousness of the facts. Regarding the complaints and reports Inquire if they have established a procedure for their attention and processing, if so, verify compliance.

General features

According to the verifications carried out, quantify the economic damages or losses that are determined. Evaluate the effectiveness of the measures contained in the Risk Prevention Plan related to the matters subject to verification.

Prepared by: _________ Reviewed by: ____________ Approved by: ____________ Group Chief Supervisor Comptroller Chief of Dept.

Download the original file