Auditing Forests: Guidance for Supreme Audit Institutions

          conducting the audit. The following figure shows a flow chart of a risk-based audit approach, on the basis of whether a general or
          specific audit is required.


            Table 3.1
            Flow chart of risk-based audit approach

                       STAKEHOLDER REQUEST*                                                                 input



                                                   No
                               Specified                                GENERAL ISSUES
                        Yes
                                                                       PHASE I: identify risks


                           SPECIFIC ISSUES
                                                              PHASE II: understand the actions by the forest
    28                                                         management entity to mitigating those risks
                PHASE I: understanding stakeholders’ expectations                                           process
                                                            PHASE III: evaluate and test the efforts undertaken
                                                             by the forest management entity to mitigate risks
                    PHASE II: Aligning topic and sub-topic
                 with the risk and vice versa (audit design matrix)
                                                              PHASE IV: choose audit topics and priorities





                                                 AUDIT PROGRAM                                              output

                                                  DESIGN MATRIX                                             tools

            * it could also be a government or an auditor general or other relevant office/person



          General issues
          when audit topic(s) or sub-topic(s) are not clearly specified, the SAI should approach the audit by considering the existing risks,
          the capacity of the management in mitigating those risks, and then prioritizing topics and sub-topics to be audited.



          The Phases of General Issues are described as follows:


          PHASE I: Identify risks
          At this stage, the SAI is expected to be able to identify risks pertinent to each sub-topic in the audit. In identifying the risks, auditors
          should take into consideration the special characteristics of forest in question and the key players involved.



            Threats/Risks                      Characteristic to consider         Key players

            •  Biodiversity and ecosystem lost  •  Type of forest                 •  The government
            •  Forest fire risk                •  Tropical rainforest                National forest service
            •  Illegal logging risk            •  Type of ownership               •  Other
            •  Conflict risk                      State owned                        Private companies
            •  Revenue risk                       Privately owned                    Local community
            •  Illegal use of lands,              Concessions                        International community
            •  etc                                Traditional community
                                               •  Function of forest
                                               •  Status of forest
                                                  Protected forest
                                                  Productive forest
                                                  Hunting ground