Contextualising Performance Audit
It is important that prior to introducing the subject of performance auditing that it be correctly contextualised in relation to its integration with other audits. The various types of auditing may inter alia be categorised as follows:
The assessment of whether the financial statements of an entity fairly present its financial position at a given point in time. To achieve this opinion, the entity’s accounting and financial management systems are interrogated and assessed against predetermined standards.
The process of determining whether a process or transaction executed by an entity has met the applicable legislative and/or regulatory guidelines that are applicable to the entity.
Audit of Predetermined Objectives
The process of determining whether reliance in all material aspects when measured against a set of predetermined criteria can be placed on the reported performance against predetermined objectives in the annual performance report of an entity.
Information Systems Auditing
The assessment of whether information technology investments made by an entity have contributed to the reduction of costs, enhanced service delivery and the quality of information being produced.
An examination and evaluation of an entity’s financial information and accounting procedures to collect evidence for the prosecution or investigation of financial crimes such as theft and fraud. Forensic audits may be conducted to determine if wrongdoing occurred, or to gather evidence for the case against an alleged criminal.
Now that we have been able to contextualise performance auditing within the audit matrix, we will attempt to provide more context to performance auditing, defining it in more detail, introducing the standards against which performance auditing is conducted and a brief chronology on how the performance auditing process is applied.
Definition of Performance Auditing
Performance auditing may thus be defined as an independent auditing process to evaluate the measures instituted by management to ensure that resources have been procured economically and are used efficiently and effectively.
The objective of performance auditing includes the following three assertions:
The main objective of performance auditing is to promote constructive economical, effective and efficient governance. It also contributes to accountability and transparency and promotes accountability by assisting those charged with governance and oversight responsibilities to improve performance. It promotes transparency by affording identified stakeholders an insight into the management and outcomes of different activities. It thus serves as a basis for learning and identifying potential improvements for the entity being audited.
Performance Audit Standards
Performance audits are benchmarked against the International Standards and Guidelines of Supreme Audit Institutions (ISSAI), which are issued by the International Organisation of Supreme Audit Institutions (INTOSAI). The following standards and guidance are normally complied with in conducting a performance audit:
- ISSAI 300 – Fundamental Principles of Performance Auditing
- ISSAI 3000 – Standards for Performance Auditing
- ISSAI 3100 – Central Concepts for Performance Auditing
Provides the framework, the general principles and an overview of the nature and the elements for performance audits. It is used as the basis from which to develop performance audit standards.
Provides the features and principles of performance auditing and a basis for good performance audit practices; 1.2 states that “performance auditing is not overly subject to specific requirements and expectations. While financial auditing tends to apply relatively fixed standards, performance auditing is more flexible in its choice of subjects, audit objects, methods, and opinions. Performance auditing is not a regular audit with formalised opinions. It is an independent examination made on a non-recurring basis. It is by nature wide ranging and open to interpretations. It must have at its disposal a wide selection of investigative and evaluative methods and operate from a quite different knowledge base to that of traditional auditing. It is not a checklist-based form of auditing.”
Provides the guidelines which outline a common understanding of what defines high quality work in performance auditing.
The Performance Audit Process
When preparing to conduct a performance audit, the following broad processes are generally applied to ensure that the standards as mentioned above are achieved.
Most audit types, including performance auditing, comprise of three main phases:
The starting point in the performance audit strategic planning process is deciding what to audit from a myriad of possible activities occurring within an entity. Performance auditing should be directed toward areas where an independent audit may support the oversight function in promoting accountability, economy, efficiency and effectiveness in the use of resources at its disposal.
In determining possible areas for audit, general criterion can be used to provide guidance for areas to be focussed on in selecting an area to be audited. This criterion may be inter alia broadly described as follows:
- Added value – where the subject has not been covered previously or in earlier audits, the greater the chance of the audit subject adding value to the entity;
- Important problems or known problem areas – the greater the risk of consequences in terms of economy, efficiency and effectiveness the more important the problems tend to be;
- Risk or uncertainty – the financial or budgetary amounts involved are substantial, areas which are traditionally prone to risk such as for example procurement, new or urgent activities, management structures are complex, no reliable and updated information, etc.
Once the strategic planning process has been completed, it is important that an annual plan be compiled for performance audit activities to be carried out during a financial year.
Audit Considerations for the Planning of a Performance Audit
- Identification of important aspects of the environment in which the entity operates
- Developing an understanding of the accountability relationships
- Specifying the audit objectives and the tests necessary to meet them
- Identifying key management systems and controls and carrying out a preliminary assessment to identify both strengths and weaknesses
- Determining the materiality (both quantitative and qualitative) of matters to be considered
- Assessing the extent of reliance that might be placed on other auditors, for example internal auditors
- Determining the most efficient and effective audit approach
Planning Steps Included in the Audit
- Collect information about entity and its organisation
- Define the objectives and scope of the audit
- Undertake a preliminary analysis to determine the approach to be adopted and the nature and extent of enquiries to be undertaken at a later stage
- Highlight special problems anticipated during the planning of the audit
- Familiarise the entity with the scope, objectives and assessment criteria of the audit and where necessary discuss it with them
- Assess compliance with applicable laws and regulations when necessary to satisfy the audit objectives
- Obtain sound understanding and knowledge of the business;
- Identify symptoms
- Select a potential focus area
- Motivate the potential focus area
- Prepare an audit planning memorandum
- Prepare audit questions
- Prepare audit criteria
The planning phase of a performance audit is critical to its success and at least 40 to 45% of the audit time should be spent on this phase.
During the execution phase, the auditor designs tests and procedures to obtain evidence in the most cost-effective manner. Information is gathered, evaluated for its appropriateness and it is then determined whether it is sufficient to support observations about the entity’s performance.
Execution Phase Activities
- Design audit procedures and tests
- Carry out audit procedures and tests (audit evidence)
- Analyse the evidence and draw conclusions – evaluate actual performance against the audit criteria that were developed
- Evaluate the existence of sufficient and appropriate evidence
- Develop audit findings, causes and effects
The execution phase of a performance audit should not exceed 30% of the total audit time spent on the audit.
A written report should be prepared at the end of each audit; its content should be easy to understand and free from vagueness and ambiguity and include information which is supported by competent and relevant evidence. Regarding performance audits, the report should include all significant instances of non-compliance that are pertinent to the audit objectives.
In order to recognise reasonable user needs, the report may need to have regard to expanded reporting periods or cycles.
In a performance audit, the auditor reports on economy and efficiency with which resources are acquired and used, and the effectiveness with which objectives are met. The report should not concentrate solely on criticism of the past but should be constructive.
The reporting phase of a performance audit should not exceed 25% of the total audit time spent on the audit.
In the next publication, we will provide a real-life example of a performance audit that was conducted by Nexia SAB&T, which will demonstrate how these concepts were applied
Nexia SAB&T’s Performance Audit Offering
Nexia SAB&T looks forward to assisting you with your performance audit needs. For more information please do not hesitate to contact us.
Contact: +27 12 682 8800
Contact: +27 12 682 8800