3.3.1 Performance audit is an independent, objective and reliable examination of whether public sector undertakings, systems, operations, programmes, activities or organizations are operating in accordance with the principles of economy, efficiency and effectiveness.The main objective of performance audit is to constructively promote economical, effective and efficient governance. It also contributes to accountability and transparency. Performance audit promotes accountability by assisting those charged with governance and oversight responsibilities to improve performance through an examination of whether:
a) decisions by the legislature or the executive are efficiently and effectively prepared and implemented and
b) tax payers or citizens have received value for money.
It does not question the intentions and decisions of the legislature, but examines whether any shortcomings in the implementation of the law and framing of regulations have prevented the specified objectives from being achieved. Performance audit focuses on areas in which it can add value for citizens and which have the greatest potential for improvement.It provides constructive incentives for the responsible parties to take appropriate action.
Performance audit promotes transparency by affording all stakeholders an insight into the management and outcomes of different public sector activities. It thereby directly contributes to providing useful information to the citizen, while also serving as a basis for learning and improvements.
3.3.2 Perspective of Performance Audit
Performance audits undertaken by SAI, India may have overlaps with other audit types(or combined audits)and
in such circumstances the following points shall be considered:
a) Elements of performance audit can be part of a more extensive audit that also covers compliance and financial auditing aspects.
b) In the event of an overlap, the primary objective of the audit shall guide the auditors as to which standards to apply.
In determining whether performance considerations form the primary objective of the audit engagement, it should be borne in mind that performance auditing focuses on activity and results rather than reports or accounts, and that its main objective is to promote economy, efficiency and effectiveness rather than report on compliance.
3.3.3 Type of Engagement and Assurance
Performance audits are essentially direct reporting engagements where the auditor measures or evaluates the subject matter against the criteria. Performance audits are not normally expected to provide an overall opinion, comparable to the opinion on financial statements, on the audited entity’s achievement of economy, efficiency and effectiveness.The degree of economy, efficiency and effectiveness achieved may be conveyed in the performance audit report in different ways:
a) either through an overall view on aspects of economy,efficiency and effectiveness, where the audit objective, the subject matter, the evidence obtained and the findings reached allow for such a conclusion;
b) or by providing specific information on a range of points including the audit objective, the questions asked, the evidence obtained, the criteria used, the findings reached and the specific conclusions. Performance audits are designed to provide a reasonable assurance with a set of conclusions and,if applicable,a single overall conclusion and to present a balanced report by taking into account all relevant viewpoints.
3.3.4 Audit Risk
Auditors shall actively manage audit risk, which is the risk of obtaining incorrect or incomplete conclusions, providing unbalanced information or failing to add value for users.Many topics in performance auditing are complex and sensitive. The risk that an audit will fail to add value ranges from the likelihood of not being able to provide new information or perspectives to the risk of neglecting important factors and consequently not being able to provide users of the audit report with knowledge or recommendations that would make a real contribution to better performance. Important aspects of risk may include not possessing the competence to conduct sufficiently broad or deep analysis, lacking access to quality information, obtaining inaccurate information (e.g. because of fraud or irregular practices), being unable to put all findings in perspective, and failing to collect or address the most relevant arguments. Auditors shall therefore actively manage risk. Dealing with audit risk is embedded in the whole process and methodology of performance audit.
3.3.5 Selection of topics
Auditors shall select audit topics through the strategic planning process by analysing potential topics and conducting research to identify risks and problems.Determining which audits will be pursued is usually part of SAI India’s strategic planning process. If appropriate, auditors shall contribute to this process in their respective fields of expertise. They may share knowledge from previous audits, and information from the strategic planning process may be relevant for the auditor’s subsequent work.
In this process, auditors shall consider that audit topics are sufficiently significant as well as auditable and in keeping with SAI India’s mandate. The topic selection process shall aim to maximise the expected impact of the audit while taking account of audit capacities (e.g. human resources and professional skills). Formal techniques to prepare the strategic planning process, such as risk analysis or problem assessments, can help structure the process but need to be complemented by professional judgement to avoid one-sided assessments. Performance auditing generally requires that audit-specific, substantive and methodological knowledge be acquired before the audit is launched (“pre-study/ pilot study”).
3.3.6 Audit design
Auditors shall plan the audit in a manner that contributes to a high-quality audit that will be carried out in an economical,efficient, effective and timely manner and in accordance with the principles of good project management.
In planning an audit, it is important to consider:
a) the background knowledge and information required for an understanding of the audited entities so as to allow an assessment of the problem and risk, possible sources of evidence, auditability and the significance of the area considered for audit, consultation with stakeholders,if necessary,including domain specialists or experts in the field to build up proper knowledge
b) the audit objectives, questions, criteria, subject matter and methodology (including techniques to be used for gathering evidence and conducting the audit analysis);
c) the necessary activities, staffing and skills requirements (including the independence of the audit team, human resources and possible external expertise), the key project timeframes and milestones and the main points for control.
The planning phase shall also involve research work aimed at building knowledge, testing various audit designs and checking whether the necessary data are available. This may involve combining and comparing data from different sources, drawing preliminary conclusions and compiling findings in order to build hypotheses that can be tested, if necessary, against additional data. This makes it easier to choose the most appropriate audit method. Technology and data analytics may be optimally utilised to facilitate this process.
3.3.7 Audit approach
Auditors shall choose a result, problem or system-oriented approach, or a combination thereof, to facilitate the soundness of audit design.
It determines the nature of the examination to be made and defines the necessary knowledge, information,data and the audit procedures needed to obtain and analyse them.Performance auditing generally follows one of three approaches:
a) a system-oriented approach, which examines the proper functioning of management systems, e.g. financial management systems;
b) a result-oriented approach, which assesses whether outcome or output objectives have been achieved as intended or programmes and services are operating as intended;
c) a problem-oriented approach, which examines, verifies and analyses the causes of particular problems or deviations from criteria.
All three approaches can be pursued from a top-down or bottom-up perspective. Top-down audits concentrate mainly on the requirements, intentions, objectives and expectations of the legislature and central public sector. A bottom-up perspective focuses on problems of significance to people and the community.
3.3.8 Audit procedures
When planning the audit, the auditor shall design the audit procedures to be used for gathering sufficient and appropriate audit evidence.
The methods chosen shall e those which best allow evidence to be gathered in an efficient and effective manner. This can be approached in several stages:
a) deciding on the overall audit design (which questions to ask, e.g. explanatory/descriptive/evaluative);
b) determining the level of observation (e.g. looking at a process or individual files) and methodology (e.g. full analysis or sample);
c) specific data-collection techniques (e.g. analysis of records, questionnaire, interview or focus group). Data-collection methods and sampling techniques shall be carefully chosen. While the auditors shall aim to adopt best practices, practical considerations such as the availability of data may restrict the choice of methods. It is therefore advisable that planning be flexible and pragmatic. For this reason, performance audit procedures shall not be overly standardised. Excessive prescriptiveness may hamper the flexibility, professional judgement and high levels of analytical skills that are required in a performance audit. In certain cases–where, for example, the audit requires data to be gathered in many different regions or areas or the audit is to be conducted by a large number of auditors –there may be a need for a more detailed audit plan in which audit questions and procedures are explicitly defined. When planning an audit, auditors shall also assess the risk of fraud. If this is significant within the context of the audit objectives, the auditors shall obtain an understanding of the relevant internal control systems and examine whether there are signs of irregularities that hamper performance. The overall aim at the planning stage is to decide, by building up knowledge and considering a variety of strategies, how best to conduct the audit. Auditors shall establish suitable criteria which correspond to the audit questions and are related to the principles of economy, efficiency and effectiveness. Diverse sources can be used to identify criteria, including performance measurement frameworks. The criteria shall be discussed with the auditable entities, but it is ultimately the auditor’s responsibility to select suitable criteria. While defining and communicating suitable criteria during the planning phase may enhance their reliability and general acceptance, in audits covering complex issues it is not always possible to set criteria in advance and instead they will be defined during the audit process.
3.3.9 Quality Control
Auditors shall apply procedures to safeguard quality, ensuring that the applicable requirements are met and placing emphasis on appropriate, balanced and fair reports that add value and answer the audit questions.In the conduct of performance audits the following specific issues need to be addressed:
a) Performance audit is a process in which the audit team gathers a large amount of audit-specific information and exercises a high degree of professional judgement and discretion concerning the relevant issues. This must be taken into account in quality control.The need to establish a working atmosphere of mutual trust and responsibility and provide support for audit teams shallbe seen as part of quality management.
b) In performance auditing, even if the report is evidence-based, well-documented and accurate, it might still be inappropriate or insufficient if it fails to give a balanced and unbiased view, includes too few relevant viewpoints or unsatisfactorily addresses the audit questions. These considerations shall therefore be an essential part of measures to safeguard quality.
c) As audit objectives vary widely between different audit engagements, it is important to define clearly what constitutes a high-quality report in the specific context of an audit engagement. General quality control measures shall therefore be complemented by audit-specific measures.
No quality control procedures at the level of the individual audit can guarantee high-quality performance audit reports. It is equally important for auditors to be –and remain –competent,motivated and willing to innovate. Control mechanisms shall
therefore be complemented by support, such as on-the-job training and guidance for the audit team.
Auditors shall strive to provide audit reports which are comprehensive, convincing, timely, reader-friendly and balanced.
To be comprehensive, the report shall include information about the audit objective, audit questions and answers to those questions, the subject matter, criteria, methodology, sources of data, any limitations to the data used, and audit findings. The audit findings shall be put into perspective.It shall clearly answer the audit questions or explain why this was not possible. To be convincing, it shall be logically structured and present a clear relationship between the audit objective, criteria, findings, conclusions and recommendations. All relevant arguments shall be addressed. The report shall explain why and how problems observed in the findings hamper performance in order to encourage the audited entity or the user to initiate corrective action. It shall, where appropriate, include recommendations for improvements to performance. The report shall be as clear and concise as the subject matter permits and phrased inunambiguous language. As a whole it shall be constructive, contribute to better knowledge and highlight any necessary improvements.
Being balanced means that preparation of the report needs to be impartial in content and tone. In preparing a balanced and constructivereport the auditors shall strive to present (i) findings objectively and fairly. The facts shall be presented and interpreted in neutral terms, avoiding biased information or language that can generate defensiveness and opposition (ii) different perspectives and viewpoints. Where different interpretations of the evidence can legitimately be made, they need to be presented to ensure fairness and balance and (iii) both positive and negative aspects and give credit where it is due.
Auditors shall seek to provide constructive recommendations that are likely to contribute significantly to addressing the weaknesses or problems identified by the audit. Recommendations shall be well-founded and add value. They shall address the causes of problems and/or weaknesses. However, they shall be phrased in such a way that avoids truisms or simply inverting the audit conclusions and they shall not encroach on the management’s responsibilities.
It shall be clear who and what is addressed by eachrecommendation, who is responsible for taking any initiative and what the recommendations mean –i .e. how they will contribute to better performance. Recommendations shall be practical and be addressed to the entities which have responsibility and competence for implementing them. Recommendations shall be presented in a logical and reasoned fashion. They shall be linked to the audit objectives, findings and conclusions. Together with the full text of the report,they shall convince the reader that they are likely to significantly improve the conduct of public sector operations and programmes, e.g. by lowering costs,simplifying administration, enhancing the quality and volume of services, or improving effectiveness, impact or the benefits to society.
Auditors shall follow up previous audit findings and recommendations wherever appropriate. Follow-up shallbe reported appropriately in order to provide feedback to the legislature together, if possible, with the conclusions and impacts of all relevant corrective action.
Follow-up refers to the auditors’ examination of corrective action taken by the audited entity, or another responsible party, on the basis of the results of a performance audit. It is an independent activity that increases the value of the audit process bystrengthening the impact of the audit and laying the basis for improvements to future audit work. Follow-up is not restricted to the implementation of recommendations but focuses on whether the audited entity has adequately addressed the problems and remedied the underlying situation after a reasonable period of time.
When conducting follow-up of an audit report, the auditor shall concentrate on findingsand recommendations that are still relevant at the time of the follow-up and adopt an unbiased and independent approach. Follow-up results may be reported individually or as a consolidated report, which may in turn include an analysis of different audits, possibly highlighting common trends and themes across a number of reporting areas.