Guidance Note on “Types of Audit”
Guidance Note on “Types of Audit”
Reference No. III/J/19-328-PPG/23-2013 dated 17th October, 2013
Audit methodology is how the office of the CAG of India codifies the standards and practices to be followed by auditors in carrying out their work. It gives rigour and discipline to our work and provides the structure within which audit teams exercise professional judgement. It is – what we do, why we do it, and how we do it. SAI India has been committed to follow a structured approach to its functioning, to ensure quality, standardisation and transparency. CAG’s Auditing Standards and Regulations on Audit and Accounts provide the desired direction in this regard.
The issue presented here is about the terminologies being used in the audit reports or in the annual audit plans for the types of audits undertaken/ to be undertaken. We have been using the following terminologies in the documentation to indicate types of audits:
Audit of transactions
CCO based audits
A need is being felt to clarify the use of terminologies. Regulations on Audit and Accounts, 2007 clearly define types of audit as financial, compliance and performance audits. Further, ISSAI 100 – Fundamental Principles of Public Sector Auditing discusses types of public sector auditing giving definitions of financial, compliance and performance audits and discriminating among these types.
Defining the types of audits has some clear purposes:
It helps in determining the purpose for which the audit is being undertaken. Essence of “Compliance Audit” is in assessing the extent to which laws and regulations (authorities) have been respected. “Financial Audit” provides assurance that the financial statements properly present the financial situation. Financial and compliance auditing may be performed together where the auditor also gives an assurance that funds have been spent in accordance with the laws and regulations, in addition to true and fair view of the financial statements. Properly prepared financial statements and compliance with applicable authorities does not, of itself guarantee that public programmes deliver value for money to the taxpayers, which gives rise to the third key area of activity for SAIs. “Performance Auditing” is focused on improving good performance in public administration by examining whether public programmes and services achieve the principles of economy, efficiency and effectiveness and identifying conditions or practices that hamper performance and enable the auditor to make suitable recommendations.
Different types of audit require different set of guidelines, standards, and rigour and quality assurance requirements. As the parameters against which the functioning of the audited entities is to be judged in the audit would differ in financial, compliance and performance audit, the audit procedures are designed differently. For example, in compliance audits, normally the parameters are available as part of rules governing the audited entities, but in the case of performance audits, the benchmarks against which the performance of the programme or the entity is to be judged may not be available in such a straight forward manner.
The types of audits are determined by objectives. Audits are conducted to achieve either assurance on financial statements or assurance on compliance with rules and regulations or achievement of intended objectives. These are different dimensions of the public sector audits.
International best practices require that each audit indicates the methodology and the standards adopted. It is only possible if there is clarity about the audit types.
However, it is not to say that a combination of types of audits is not possible. It is possible to conduct audit having objectives of financial + compliance or compliance + performance or any other combination. In case of such audits, discipline of the dominant type of the audit has to be maintained.
Keeping the above differences in mind, it is essential that while designing the audit plan these distinctions are kept in mind and allocation of audit resources is done accordingly. It is also essential to clearly state the type of audit to make the process transparent and easily understandable to the external stakeholders.
With the commitment of adapting ISSAIs appropriately in SAI India and being the participant of designing SAI Performance Measurement Framework, maintaining discipline of audit methodology has become imperative
The specific terminologies being presently used in the Department are:
Audit of transactions – is normally being used to denote compliance audit
CCO based audits – are mainly compliance audits, or what we have been calling transaction audit. The crucial difference in these audits from the earlier DDO based audits is that it is a top down approach and an effort towards integrated audit. These audits may also include certain features of performance audits
District audit –Audit of a district, combining features of compliance as well as performance audits, is taken up to provide the audit profile of a district.
Thematic audit – This is the terminology which is being used for audits which may have both compliance and performance audit objectives. The objectives of such audits are to focus on a particular audit objective across sectors or audited entities. These audits could be basically compliance or performance audits. Presently however, thematic audits are being shown as a different class of audit while designing the annual audit plan and also in the final Audit Reports, which gives an erroneous impression that thematic audits are a different type of audit.
IT audit –Audits done in the IT enabled environment or audit of IT based system are termed as IT audits. Most of the IT audits are, by their very nature, compliance audits.
The above analysis has been presented to bring the focus on the use of appropriate terminologies in the audit documentation in the Department. The following guidance is being provided to all internal stakeholders, for proper application:
There are three types of audits in public sector auditing, viz., financial, compliance and performance. There are specific standards applicable to each of these types of audits, which need to be applied.
However, it is possible to have combinations of these audits. In those cases, standards applicable to the dominant type would be applicable, unless specific guidance for the combination audits is available.
IT audits, environment audit etc., are audits conducted in those particular sectors or using a particular methodology. It is possible to conduct compliance and performance audit in the IT sector or environmental sector. IT audit techniques can be used for financial, compliance or performance audits.
While allocating resources during the Strategic Audit Plan or the Annual Audit Plan, the types of audits should be kept in the view. The total resources should be divided among financial, compliance and performance audits as per the priorities.
Performance measurement and peer reviews expect a clear demarcation among types of audits. Quality assurance and quality control procedures are also more effective if there is clarity about types of audits, as applicable standards are different as per types of audit.
The determination of the type of audit is to be guided by the objectives of the audit assignment and the kind of audit assurance it strives to provide.
Use of alternative terminologies like, thematic audits, CCO based audits or District audits, should be avoided while preparing Audit Plans or in the structure of the Report, in the interest of professionalism and clarity
However, it is not necessary that the title of the Audit Report or the Audit Topic (if it is part of a Report) should carry the words – financial, compliance or performance audit. The title of the Report or the Topic should be indicating the subject matter of the audit.