Performance Audit Guidelines: ISSAI 3000 – 3100

Introduction

Performance auditors can be faced with considerable variety and ambiguity in their work. They require skills in analyzing activities and management practices. They can be faced with the need to become familiar with a wide range of organizational contexts and subject matters. They need the ability to write logically and thoroughly on complex issues. These guidelines can provide some assistance in these areas, but much is incumbent on the performance auditors themselves to develop their skills in these areas by other means.

The guidelines take into account relevant INTOSAI auditing standards and are based on generally accepted principles of performance auditing, distilled from the experience of INTOSAI members.^[1] In order to produce experience-based implementation guidelines, a study has been made of standards and guidelines from a number of SAIs with many years’ experience of performance auditing. Their experience of conducting performance audits and implementing the Auditing Standards has added valuable information, not least with respect to the practical interpretation of the Auditing Standards.

It is not possible to produce guidelines applicable to all kinds of performance auditing, since comparisons between the practices of performance auditing in different countries show considerable variations in mandate, organisation, and methods used. Guidelines in performance auditing cannot comprehensively embrace all possible approaches, methods and techniques, since in practice that would include everything in the social sciences. Furthermore, performance audits deal with a multitude of topics and perspectives covering the entire government sector, and it would not be possible to develop detailed standards and procedures that work equally well in all these situations. In performance auditing it is not possible to produce a ‘cookbook’ type of manual that can universally be followed for good results.

Consequently, some SAIs will fi nd guidelines of this type of limited value. For instance, they might be considered too ambitious for auditors with little or no experience of dedicated performance audit projects or program evaluations. As stated in the Auditing Standards, paragraph 1.0.6: ‘The SAI should apply its own judgments to the diverse situations that arise in the course of government auditing.’ Moreover, paragraph 1.0.13 states: ‘Because of the approach and structure of some SAIs, not all auditing standards apply to all aspects of their work. For example, the collegial and juridical nature of the reviews conducted by Courts of Account make aspects of their work fundamentally different from the fi nancial and performance audits conducted by SAIs, which are organized under a hierarchic system led by an Auditor-General or a Comptroller General.’ This means that the SAI itself should decide how and to what extent the guidelines are to be used in its own audit practices and development work.^[2]

What has been said above must not be taken as an argument against any standardisation or guidelines, but when it comes to standardisation in performance auditing it is mostly a question of what to do, rather than how to do it. For example, in designing a study one would expect the auditors to make certain considerations and cover particular aspects. How that is done must be decided on a case-by-case basis and with consideration of the fact that methods and techniques have to be applied with the necessary care that is commonly considered to be the best practice in social sciences and auditing.

This document refl ects the experience of SAIs with a long tradition and well-established standards of performance auditing. It deals with performance auditing carried out as separate examinations or investigations; i.e. performance auditing as a separate and professional activity that requires specialised skills, separate standards, special planning, special reports, etc.^[3] Consequently, this document is aimed mainly at

those SAIs that are carrying out – or are planning to carry out – this type of performance auditing.^[4]

These guidelines consist of fi ve main parts.

Part 1 sets out the general framework for performance auditing, Part 2 defi nes application of auditing principles to performance auditing,

Part 3 provides standards and guidance for planning performance audits,

Part 4 provides standards and guidance for conducting performance audits,

Part 5 provides standards and guidance for presenting the audit results.

The Appendices contain further information on how to plan and conduct performance audits. The appendices also include information on performance auditing in relation to information technology (IT) and on conducting performance audits with an environmental perspective. Further, a framework of system-oriented approaches in performance auditing is presented.

Part 1: What is performance auditing?

1.1 What is performance auditing according to INTOSAI?

INTOSAI’s Auditing Standards (AS 1.0.38 and 1.0.40) state the following:

‘The full scope of government auditing includes regularity and performance audit’, and ‘Performance auditing is concerned with the audit of economy, effi ciency and effectiveness and embraces:

audit of the economy of administrative activities in accordancewith sound administrative principles and practices, and management policies;
audit of the effi ciency of utilisation of human, fi nancial and other resources, including examination of information systems, performance measures and monitoring arrangements, and procedures followed by audited entities for remedying identifi ed defi ciencies; and (c) audit of the effectiveness of performance in relation to achievement of the objectiveness of the audited entity, and audit of the actual impact of activities compared with the intended impact’. Performance auditing is based on decisions made or goals established by the legislature, and it may be carried out throughout the whole public sector.

Performance auditing is an independent examination of the effi ciency and effectiveness of government undertakings, programs or organizations, with due regard to economy, and the aim of leading to improvements.

What is the special feature of performance auditing?

As stated in the Auditing Standards, performance auditing is not overly subject to specifi c requirements and expectations. While fi nancial auditing tends to apply relatively fi xed standards, performance auditing is more fl exible in its choice of subjects, audit objects, methods, and opinions. Performance auditing is not a regular audit with formalized opinions, and it does not have its roots in private auditing. It is an independent examination made on a non-recurring basis. It is by nature wide-ranging and open to judgments and interpretations. It must have at its disposal a wide selection of investigative and evaluative methods and operate from a quite different knowledge base to that of traditional auditing. It is not a checklist-based form of auditing. The special feature of performance auditing is due to the variety and complexity of questions relating to its work. Within its legal mandate, performance auditing must be free to examine all government activities from different perspectives (AS 4.0.4, 4.0.21-23 and 2.2.16). The character of performance auditing must not, of course, be taken as an argument for undermining collaboration between the two types of auditing.

Performance auditing does not have its roots in the form of auditing common to the private sector. Its roots lie in the need for independent, wide-ranging analyses of the economy, effi ciency, and effectiveness of government programs and agencies made on non-recurring basis.

What ideas form the basis of performance auditing?

Public accountability means that those in charge of a government program or ministry are held responsible for the effi cient and effective running of such. Accountability presupposes public insight into the activities of the program or ministry. Performance auditing is a way for taxpayers, fi nanciers, legislatures, executives, ordinary citizens and the media to ‘execute control’ and to obtain insight into the running and outcome of different government activities. Performance auditing also provides answers to questions such as: Do we get value for money or is it possible to spend the money better or more wisely? A criterion of good governance is that all public services (or all government programs) are subjected to auditing

Legitimacy and trust are essential values in all government undertakings, and performance auditing may contribute to strengthening these values by pro ducing public and reliable information on the economy, effi ciency, and effectiveness of government programs. This is facilitated by the fact that performance auditing is independent of the government ministries whose activities are subject to the audit. In this way, an independent and reliable view of the performance of the audited program or objects is obtained. The performance audit does not represent any vested interest and has no ties, fi nancial or otherwise, to the audited objects. By producing independent assessments, performance auditing may also serve as a basis for decisions on future investments and activities. The basis for this instrument – providing incentives for change by conducting independent analyses and assessments of public sector performance – is the importance of learning and reliable information. In a rapidly changing, complex world with limited resources and many uncertainties, there is a need for performance auditing.

Certain ideas form the basis of performance auditing:

One starting point is that it is important to assess the economy, effi ciency, and effectiveness in all government activities and, for that purpose, an audit is needed, which examines and evaluate such matters and which may contribute to better government spending, better public services and better public accountability and management.
Secondly, it is important to have reliable and independent information. An examiner is needed who represents the public interest; who can think and act independently in order to show and question the current situation.
Finally, an overview and insights into government activities and the ability to infl uence and improve its performance are important. A competent examiner is needed who can fulfi l this role, who will promote incentives for learning and change and improved conditions for decision-making.

1.4 What are the basic questions in performance auditing?

All government programs or undertakings (and most processes they generate) can, at least in theory, be analysed with the use of a formula that describes how to move from one position to another by certain means in order to achieve specifi c objectives. In performance auditing, this is often done by trying to answer two basic questions:

Are things being done in the right way?
Are the right things being done?

The fi rst question is primarily aimed at the ‘producer’ and is concerned with whether policy decisions are being carried out properly. This question is usually associated with a normative perspective, i.e. the auditor wants to know whether the executive has observed the rules or the requirements. In order to widen the analysis, the question may be extended to whether the activities carried out are also considered the most appropriate – provided that the right things are being done. Until this stage in the process, performance auditing has been mainly concerned with different aspects of the economy or the effi ciency of operations.

The scope for analysis becomes considerably wider when the second question – whether the right things are being done – is asked. In other words, whether the adopted policies have been suitably implemented or whether adequate means have been employed.

This kind of question refers to effectiveness or impact on society.

In fact, the question might even imply that a government undertaking – or a chosen measure to achieve a certain objective – runs the risk of being contested. A performance auditor might, for instance, fi nd a chosen measure ineffective and inconsistent with objectives. However, the moment auditors start asking whether the public commitment itself is feasible at all they will also have to be cautious not to go beyond their mandate by crossing the borderline into political territory. The so-called input–output model is another means of illustrating these interactions. The model assumes a fl ow as shown below.

What does auditing of economy, efficiency and effectiveness

mean?

As stated above, performance auditing is mainly concerned with the examination of economy, effi ciency, and effectiveness.^[1] According to the Auditing Standards (AS 1.0.40), an individual performance audit

[1] Standards concerning ‘environmental considerations’ and ‘equity requirements’ are also taken into account in performance auditing. (See Appendix 6.)

may have the objective of examining one or more of these three aspects.

Economy – keeping the costs low

According to the Auditing Standards, ‘economy’ means minimising the cost of resources used for an activity, having regard to appropriate quality.

Audits of economy may provide answers to questions such as:

Do the means chosen or the equipment obtained – the inputs – represent the most economical use of public funds?
Have the human, fi nancial or material resources been used economically?
Are the management activities performed in accordance with sound administrative principles and good management policies? Even though the concept of economy is well defi ned, an audit of economy is not that easy to conduct. It is often a challenging task for an auditor to assess whether the inputs chosen represent the most economical use of public funds, whether the resources available have been used economically, and if the quality and the quantity of the ‘inputs’ are optimal and suitably co-ordinated. It may prove even more diffi cult to be able to provide recommendations that will reduce the costs without affecting the quality and the quantity of services.

Efficiency – making the most of available resources

Effi ciency is related to economy. Here, too, the central issue concerns the resources deployed. The main question is whether these resources have been put to optimal or satisfactory use or whether the same or similar results in terms of quality and turn-around time could have been achieved with fewer resources. Are we getting the most output – in terms of quantity and quality – from our inputs and actions? The question refers to the relationship between the quality and quantity of services provided and the activities and cost of resources used to produce them, in order to achieve results.

Clearly, any opinion or fi nding on effi ciency is usually only relative, while occasionally ineffi ciency is immediately apparent. A fi nding on effi ciency can be formulated by means of a comparison with similar activities, with other periods, or with a standard that has explicitly been adopted. Sometimes standards, such as best practices, are applicable. Assessments of effi ciency might also be based on conditions that are not related to specifi c standards – when matters are so complex that there are no standards. In such cases, assessments must be based on the best available information and arguments and in compliance with the analysis carried out in the audit.

Auditing effi ciency embraces aspects such as whether:

human, fi nancial, and other resources are effi ciently used;
government programs, entities and activities effi ciently managed, regulated, organised, executed, monitored and evaluated;
activities in government entities are consistent with stipulated objectives and requirements;
public services are of good quality, client-oriented and delivered on time; and
the objectives of government programs are reached cost effectively. The concept of cost-effectiveness concerns the ability or potential of an audited entity, activity, program or operation to achieve certain outcomes at a reasonable cost. Cost-effectiveness analyses are studies of the relationship between project cost and outcomes, expressed as cost per unit of outcome achieved. Cost effectiveness is just one element in the overall examination of effi ciency, which might also include analyses of, for example, the time in which outputs were delivered. This, however, does not always coincide with the optimal timing with a view to optimising impact.

In some cases it may prove diffi cult to totally separate the two concepts – effi ciency and economy – from each other. They may both directly or indirectly, concern whether, for instance, the audited entity:

is following sound procurement practices;
is acquiring the appropriate type, quality, and amount of resources at an appropriate cost;
is properly maintaining its resources;
is using the optimum amount of resources (staff, equipment and facilities) in producing or delivering the appropriate quantity and quality of goods or services on time;
is complying with requirements of regulations that govern/affect the acquisition, maintenance and use of the entity’s resources; and

has established a system of management controls.

In reality, audits of economy tend to focus on the fi rst three points. The concept of effi ciency is mainly restricted to the question of whether the resources have been put to optimal or satisfactory use. Consequently, effi ciency is mostly specifi ed in two possible ways: whether the same output could have been achieved with fewer resources, or, in other words, if the same resources could have been used to achieve better results (in terms of quantity and quality of the output). Financial auditing is also engaged in these issues, for instance when auditing procurement practices. However, in fi nancial auditing the scope is more limited. Unlike performance auditing, the objective strictly relates to fi nancial accountability.

Effectiveness – achieving the stipulated aims or objectives

Effectiveness is essentially a goal-attainment concept.^[1] It is concerned with the relationship between goals or objectives, outputs and impacts. Are the stipulated aims being met by the means employed, the outputs produced and the impacts observed? Are the impacts observed really the result of the policy rather than other circumstances?

The question of effectiveness consists of two parts: fi rst, if the policy objectives have been achieved, and second, if this can be attributed to the policy pursued. In order to judge the extent to which the aims have been achieved, they need to be formulated in a way that makes an assessment of this type possible. This cannot easily be done with vague or abstract goals. In order to judge the extent to which observed events could be traced back to the policy, a comparison will be needed. Ideally, this consists of a measurement before and after the introduction of the policy and a measurement involving a control group, which has not been subject to the policy.^[2]

In practice, such comparisons are usually diffi cult to make, partly because comparative material is often lacking. In such cases, one alternative is to assess the plausibility of the assumptions on which the policy is based. Often a less ambitious audit objective will

[1] That is, the extent to which a program or entity is achieving its goals and objectives.

[2] The term policy covers both government policy and agency policy (see section 2.1 and footnote 25). There are always diffi culties involved in conducting performance audits when the policy objectives are vague and abstract. For more information, see Appendix 2.

That is, the extent to which a program or entity is achieving its goals and objectives.

[1] The term policy covers both government policy and agency policy (see section 2.1 and footnote 25). There are always diffi culties involved in conducting performance audits when the policy objectives are vague and abstract. For more information, see Appendix 2.

have to be chosen, such as assessing to what extent objectives have been achieved, target groups have been reached, or the level of performance.

The auditor might seek to assess or measure effectiveness by comparing outcomes – or ‘impact’, or ‘state of things’ – with the goals set down in the policy objectives. This approach is often described as ‘goal achievement’ analysis. However, when auditing effectiveness, one should usually try also to determine to what extent the instruments used have in fact contributed towards the achievement of the policy objectives. This is effectiveness auditing in its ‘true’ application and requires evidence that the outcomes, which have been observed, have actually been caused by the action in question rather than by some other factors. For example, if the policy objective is to reduce unemployment, is an observed reduction in the numbers of unemployed the result of the actions of the audited entity, or is it the result of a general improvement in the economic climate over which the audited entity had no infl uence? Here, the design of the audit must include questions of attribution and be able to cope with the problem of effectively excluding external, intermediary variables.

Side effects – a separate aspect of performance auditing is the unintended side effects of policy. The study of side effects is complicated by the fact that they can be very diverse, since they are not limited by the policy objectives. One possible way of limiting the scope of the investigation is to focus on those side effects, which, in other situations, one tries to avoid (e.g. unfavourable environmental effects of economic policy). This does not mean, however, that all side effects are undesirable.

In auditing effectiveness, performance auditing may, for instance,

assess whether government programs have been effectively prepared and designed and whether they are clear and consistent;
assess whether the objectives and the means provided (legal, fi nancial, etc.) for a new or ongoing government program are proper, consistent, suitable, or relevant;
assess the effectiveness of the organizational structure, decisionmaking process and management system for program implementation;
assess whether the program supplements, duplicates, overlaps, or counteracts other related programs;
assess whether the quality of the public services meets the people’s expectations or the stipulated objectives;
assess the adequacy of the system for measuring, monitoring and reporting a program’s effectiveness;

assess the effectiveness of government investments and programs and/or their individual components, i.e. ascertain whether goals and objectives are met;

assess whether the observed direct or indirect social, economic and environmental impacts of a policy are due to the policy or to other causes;
identify factors that inhibit satisfactory performance or goal fulfi llment;
analyse causes of fi ndings and observed problems in identifying ways of making government activities and programs work more effectively; and
identify the relative utility of alternative approaches to yield better performance or eliminate factors that inhibit program effectiveness. While a particular audit will not necessarily seek to reach conclusions on all three aspects (i.e. economy, effi ciency, and effectiveness), it may be of limited benefi t to examine aspects of economy or effi ciency of activities in isolation without also considering, at least briefl y, their effectiveness. Conversely, in an audit of effectiveness, the auditor may also wish to consider aspects of economy and effi ciency: the outcomes of an audited entity, activity, program or operation may have had the desired impact, but were the resources employed to achieve this used economically and effi ciently?

For the examination of effectiveness, it is generally necessary to assess the outcome or impact of an activity. Thus, while a ‘systembased approach’ may be useful (to assess, e.g. how the audited entity measures and monitors its impact), the auditor will usually also need to obtain suffi cient substantive evidence of the impact of the activity or the program. Likewise, in order to assess the impact of an activity or a government reform, it is in general always necessary to collect information not only on the audited institutions and their activities and interactions, but also on other stakeholders in the area. This is of course of special interest when it is believed that actions of other stakeholders may infl uence the impact.^[1]

One specifi c aspect is the study of unintentional effects, especially if these effects were negative. There is a problem of demarcation here, because these effects may spread into areas beyond the competence and powers of the SAI. One way of limiting the scope might be to look at those unintentional effects that are being combated in other programs, environmental side effects of an economic stimulation program, for example.^[2]

All other things being equal, economy is about keeping the cost low, effi ciency is about getting the most or best output from available resources, and effectiveness is about achieving the stipulated aims or objectives.

1.6 How does public management affect performance auditing?

The form of public management employed will necessarily infl uence priorities in performance auditing. In countries where public management is mainly concerned with means and less involved with ends, audits also tend to focus on whether rules have been observed and enforced rather than whether the rules serve or are seen to serve their intended purpose. In countries that have acknowledged management by objectives and results, the audit focus is different. Public sector management generally displays a combination of these philosophies. As mentioned above, management by objectives and results tends to promote interest in auditing effi ciency and effectiveness. As a result, the auditor might not have to confront a traditional, rule-bound government administration but an administration whose mandate has been widened considerably in terms of how the intentions of the legislature should be put into

[1] The scope must be limited. The analyses, however, should not be too limited.

[2] For more information: Auditing Effi ciency, Offi ce of Auditor General (Canada), 1995 and Auditing Policy Results Manual, Algemene Rekenkamer (Netherlands), 1997.

The scope must be limited. The analyses, however, should not be too limited.

[1] For more information: Auditing Effi ciency, Offi ce of Auditor General (Canada), 1995 and Auditing Policy Results Manual, Algemene Rekenkamer (Netherlands), 1997.

operation and which means should be employed in order to achieve them.

Typically, the following questions would be of interest to a performance auditor:

Is there a clear structure of performance goals and have the appropriate priorities and instruments been chosen for the use of public funds?
Is there a clear distribution of responsibility between the different levels of authority, bearing in mind the principle of subsidiarity?
Is there a general cost awareness and an orientation towards production of services, putting citizens’ needs in focus?

Is there an adequate emphasis on management controls and reporting requirements?

The ministries and their subordinate bodies are responsible for ensuring that good internal control routines are established. In this context, it is the particular task of the performance auditor to keep an eye on whether this responsibility has been properly taken care of. The extent to which it has in fact also been observed by the auditee or the auditees in their operations is for the fi nancial auditor to judge.^[1] In addition, a common objective of most governments today is to improve the quality of public services, particularly as people’s expectations (often with reference to the service they receive from the private sector) of what constitutes quality continue to increase. To promote improvements of this type, many governments have embarked on modernisation programs to deliver better services that are, for instance, more easily accessible and convenient, provide citizens with more choice, and are delivered more quickly. The quality of public services is an increasingly important issue, which members of parliaments and governments across the world expect the SAIs to address in their performance audit reports.

Countries that have acknowledged management by objectives and results tend to focus more on performance than before. The form of public management employed will infl uence the interest in performance auditing.

1.7 How does performance auditing relate to performance measurement and program evaluation?

Both the executive branch and the legislature need evaluative information to help them make decisions about the programs they are responsible for-information that tells them whether, and in what important ways, a government undertaking or program is working well or poorly, and why. Many analytical approaches have been employed over the years by agencies and others to assess the operations and results of government programs, policies, activities, and organizations. Performance audit and evaluation studies are designed to judge how specifi c programs are working and thus may differ a great deal. One particular aspect is the relationship between performance measurement, program evaluation, and performance auditing.

Performance measurement

Performance measurement normally means the ongoing process of monitoring and reporting on program accomplishments, particularly progress towards pre-established goals. Performance measures may address the type or level of program activities conducted (process), the direct products and services delivered by a program (outputs), and/or the results of those outputs (outcomes). Performance measurement focuses on whether a program has achieved its objectives or requirements, expressed as measurable performance standards. Performance measurement, because of its ongoing nature, can serve as an early warning system to management and as a vehicle for improving accountability to the public.

The ongoing process of ensuring that a government program or body has met the targets set is a matter of internal management and control, not a task for external auditors. It is the responsibility of the fi nancial auditors – not the performance auditors – to confi rm that the accounts are correct. However, in the area of performance measurement – the check on the quality of performance-related information produced by the executive branch for the legislature – both fi nancial and performance auditors might be involved, either in separate activities or in joint audits.^[2] Performance indicators can sometimes also be used as indicators or references in planning individual performance audits. One topic for performance auditing is whether performance measurement systems in government programs are effi cient and effective. For example, questions could be developed that address whether the performance indicators measure the right things or whether the performance measurement systems involved are capable of providing credible measured results.^[3]

[1] In recent years, experience of auditing government administration policies and administrative reforms has been frequently discussed by SAIs.

[2] Ad hoc and in-depth studies of performance measurement systems are typically a task for performance auditing in any SAI. The ongoing or regular performance reports of different government institutions, however, may just as well be an audit task for the fi nancial auditors (sometimes in co-operation with performance auditors, for instance if the fi nancial auditors have not been trained to conduct audits of this type).

[3] See, e.g. AS 1.0.27 and 1.0.45.

[1] Ad hoc and in-depth studies of performance measurement systems are typically a task for performance auditing in any SAI. The ongoing or regular performance reports of different government institutions, however, may just as well be an audit task for the fi nancial auditors (sometimes in co-operation with performance auditors, for instance if the fi nancial auditors have not been trained to conduct audits of this type).

[1] See, e.g. AS 1.0.27 and 1.0.45.

Program evaluation and performance auditing

Program evaluations are individual systematic studies conducted to assess how well a program is working. Program evaluations typically examine a broader range of information on program performance and context than is feasible to monitor on an ongoing basis. A program evaluation may thus allow for an overall assessment of whether the program works and what can be done to improve its results. Program evaluations are one type of study that might be executed by a SAI under the general heading of performance audits.

In recent years, the concept of program evaluation has been a growing subject of discussion amongst SAIs. Whether or not program evaluation is an important task for a SAI has been discussed. A special group (INTOSAI Working Group on Program Evaluation) has been set up to promote principles and guidance in this area. It is generally accepted that program evaluation has objectives identical or similar to those of performance auditing in that it seeks to analyse the relationship between the objectives, resources, and results of a policy or program. It has also been agreed that program evaluation is an important task for a SAI that has the authority and competence to carry out such studies.

Program evaluation has been described as an epitome of activities and methods that have aim to make exhaustive assessments of an issue, using more or less sophisticated scientifi c approaches. Although performance auditing may use the same approaches and methodologies as program evaluation, it does not, according to the INTOSAI Working Group on Program Evaluation, necessarily engage in assessing policy effectiveness or policy alternatives. In addition to examining the impact of outputs, program evaluation may include issues such as whether the stipulated aims are consistent with general policy. This issue has been the subject of discussion among SAIs. Some SAIs have the right to evaluate government and/or agency policy effectiveness and include program evaluation in their performance audit mandate.

Others are not required to conduct such audits.

According to INTOSAI’s Working Group on Program Evaluation, auditing and evaluation may be divided into the following seven categories:^[1]

Regularity audit: are regulations complied with?
Economy audit: do the means chosen represent the most economical use of public funds for the given performance?
Effi ciency audit: are the results obtained commensurate with the resources employed?
Effectiveness audit: are the results consistent with the policy?
Evaluation of the consistency of the policy: are the means employed by the policy consistent with the set objectives?
Evaluation of the impact of the policy: what is the economic and social impact of the policy?
Evaluation of the effectiveness of the policy and analysis of causality:

are the observed results due to the policy, or are there other causes? In practice classifi cations vary. One SAI with many years’ experience of program evaluation is the General Accounting Offi ce of the US. It defi nes four common types of program evaluations in performance auditing:^[2]

Process evaluation

This assesses the extent to which a program is operating as intended. Typically, it is concerned with the program activities’ conformity with statutory and regulatory requirements, program design, and professional standards or customer expectations. It is increasingly important to assess whether the quality of the operations – for instance application forms, processing times, service deliveries and other client-oriented activities – meets the people’s expectations.

Outcome evaluation

This assesses the extent to which a program achieves its outcomeoriented – and client-oriented – objectives. It focuses on outputs and outcomes (including side effects and unintended effects) in order to judge program effectiveness, but it may also put emphasis on quality issues and client perspectives. An outcome evaluation may also assess program processes in order to fully understand a program and how outcomes are produced.

Impact evaluation

This assesses the net effect of a program by comparing program outcomes with an estimate of what would have happened in the absence of the program. This form of evaluation is employed when external factors are known to infl uence the program’s outcomes, in order to isolate the program’s contribution to the achievement of its objectives.

Cost-benefit and cost-effectiveness evaluations

These are analyses that compare a program’s outputs or outcomes with the costs (resources expended) to produce them. When applied to existing programs, they are also considered a form of program evaluation. Cost-effectiveness analysis assesses the cost of meeting a single goal or objective, and can be used to identify the least costly alternative to meet that goal. Cost-benefi t analysis aims at identifying all relevant costs and benefi ts.^[3]

In the area of performance measurement both fi nancial and performance auditors might be involved. In some countries, an individual performance audit may include many different kinds of studies and even several program evaluations. In that sense program evaluation may be considered one of many possible ‘tools’ that performance auditing uses. Program evaluation is one type of study that might be executed by the SAI under the general heading of performance auditing. It is an activity of increasing interest and importance.^[4]

1.8 Are there differences in analytical ambitions and approaches?

The mandate and orientation of performance auditing may, as stated above, vary in different countries. A number of SAIs are not required to execute performance audits or may consider themselves somewhat limited in their capacity and experience in respect of these audits. Other SAIs may have a long tradition of carrying out both advanced performance audits and complex program evaluations. One of the characteristics of auditing is the normative perspective where discrepancies between ‘the norms and the reality’ – the actual fi ndings – are expressed explicitly, and assessments and recommendations are provided as ‘normative’. However, as well as

[1] INTOSAI Working Group on Program Evaluation (1995), draft summary report.

[2] Performance Measurement and Evaluation: Defi nitions and Relationships (GAO/GGD-98-26), General Accounting Offi ce (USA), 1998.

[3] Some SAIs may as part of their mandate also include ‘Policy evaluation’ (the effectiveness of the policies set), and a few SAIs conduct what they defi ne as ‘System evaluation’ (the appropriateness of the systems adopted).

[4] Other areas of increasing interest are performance audits of activities with an environmental perspective and performance auditing concerning information technology. (See Appendices 5 and 6.)

[1] Some SAIs may as part of their mandate also include ‘Policy evaluation’ (the effectiveness of the policies set), and a few SAIs conduct what they defi ne as ‘System evaluation’ (the appropriateness of the systems adopted).

[1] Other areas of increasing interest are performance audits of activities with an environmental perspective and performance auditing concerning information technology. (See Appendices 5 and 6.)

being normative, performance auditing is usually descriptive, and may also include analytical elements. (A performance audit may, for instance, ascertain the causes of the difference between the conditions and the criteria.)

The results-oriented and the problem-oriented approaches

Performance auditing has various traditions and ambitions. Two approaches differ quite signifi cantly, although each is based on national standards for performance auditing. They are called the results-oriented and the problem-oriented approaches.

The results-oriented approach deals mainly with questions such as: ‘What is the performance or what results have been achieved, and have the requirements or the objectives been met?’ In this approach, the auditor studies performance (concerning economy, effi ciency, and effectiveness) and relates observations to the given norms (goals, objectives, regulations, etc.) or the audit criteria (more or less precisely defi ned before the main study begins). If the criteria are diffi cult to determine, the auditor may need to work with experts in the fi eld to develop credible criteria that, when applied, are objective, relevant, reasonable and attainable. The audit criteria make it possible to provide assessments on the fi ndings. In this approach, shortcomings are likely to be defi ned as deviations from norms or criteria. Recommendations, if presented, are often aimed at eliminating such deviations. The perspective is in that sense basically normative.

The problem-oriented approach, on the other hand, deals primarily with problem verifi cation and problem analysis, normally without reference to predefi ned audit criteria.^[1] In this approach, shortcomings and problems – or at least indications of problems – are the starting point of an audit, not the conclusion.^[2] A major task in the audit is to verify the existence of stated problems and to analyse their causes from different

[1] In order to assess a problem one must fi rst understand it (and its possible intricate causes and implications). When it comes to analyses of complex problems of effi ciency and effectiveness, it is not always possible to defi ne the audit criteria in the planning stage.

[2] Indications of problems concerning effi ciency and effectiveness are often vague, subjective, and diffi cult to defi ne and understand. Examples of possible indications of problems concerning the three Es (economy, effi ciency, and effectiveness) are: rising costs resulting in demands for more resources; stated imbalances between inputs and goals; lack of clarity in the allocation of responsibility between executive bodies involved; ambiguities and contradictions in regulation; long waiting times or large backlogs; stated lack of competence, criticism of management style, shortcomings in services and client-orientation; large numbers of complaints or appeals by the public; changes in external conditions; and indications of negative side effects of government programs.

[1] Indications of problems concerning effi ciency and effectiveness are often vague, subjective, and diffi cult to defi ne and understand. Examples of possible indications of problems concerning the three Es (economy, effi ciency, and effectiveness) are: rising costs resulting in demands for more resources; stated imbalances between inputs and goals; lack of clarity in the allocation of responsibility between executive bodies involved; ambiguities and contradictions in regulation; long waiting times or large backlogs; stated lack of competence, criticism of management style, shortcomings in services and client-orientation; large numbers of complaints or appeals by the public; changes in external conditions; and indications of negative side effects of government programs.

perspectives (problems related to economy, effi ciency, and effectiveness of government undertakings or programs). The problemoriented approach deals with questions such as: ‘Do the stated problems really exist and, if so, how can they be understood and what are the causes?’ Hypotheses about possible causes and consequences are formulated and tested.^[1] The perspective is analytical and instrumental; the aim is to deliver updated information on the stated problems and how to deal with them. The auditors are not restricted in their analyses.^[2] All possible material causes are considered (only general goals are taken for granted), so proposals to amend laws, regulations, and structural design of government undertakings are not excluded, if is shown that the existing structure give rise to severe and verifi ed problems.^[3]

Thus, assessment in these two performance audit approaches might be derived normatively (based on deviations from norms or criteria) or analytically (based on analyses of the specifi c causes of problems). In fact, it is the independent analysis that characterizes the problemoriented approach, while the results-oriented approach is mainly characterized by its impartial assessment of whether given norms or criteria have been met (even though it may involve analytical elements as well). On the one hand, the results-oriented and the problem-oriented approaches represent different audit traditions.^[4] On the other, the approaches may also serve to illustrate the fact that performance auditing includes various types of practical methods.^[5]

Top-down and bottom-up perspectives

The perspectives of the two objectives may also vary. Performance auditing is normally based on an overall owner perspective, that is, a top-down perspective. It concentrates mainly on the requirements, intentions, objectives and expectations of the legislature and central government. In

[1] A hypothesis is a well-founded (testable) statement regarding causes and consequences of the problem to be audited (based on the assumption that the problem exists).

[2] They are not limited to analyses of differences between conditions and audit criteria.

[3] For more information on the problem-oriented approach, see for instance Handbook on Performance Auditing, RRV (Sweden), 1998.

[4] They can be said to represent different levels of ambition.

[5] The two methodological approaches can also been seen as linked to each other in terms of different steps in an audit. Even if the problem-oriented approach by nature goes wider and deeper in its analytical ambition, the results-oriented approach may in its advanced form also allow for sophisticated analyses.

[1] A hypothesis is a well-founded (testable) statement regarding causes and consequences of the problem to be audited (based on the assumption that the problem exists).

[1] They are not limited to analyses of differences between conditions and audit criteria.

[1] For more information on the problem-oriented approach, see for instance Handbook on Performance Auditing, RRV (Sweden), 1998.

[1] They can be said to represent different levels of ambition.

[1] The two methodological approaches can also been seen as linked to each other in terms of different steps in an audit. Even if the problem-oriented approach by nature goes wider and deeper in its analytical ambition, the results-oriented approach may in its advanced form also allow for sophisticated analyses.

some countries, however, it is also possible – within the framework of given objectives and premises – to add a ‘client-oriented perspective’ (a focus on service-management, waiting-time, and other issues relevant to the ultimate clients or consumers involved).

This might be viewed as an interpretation of the audit mission in order to meet citizens’ interest in having SAIs focus on problems of real signifi cance to the people and the community – a kind of bottom-up perspective.

Focus on accountability or causes to the problems

Auditing is normally associated with accountability, but in performance auditing this is not always the case. Auditing accountability can be described as judging how well those responsible at different levels have reached relevant goals and met other requirements for which they are fully accountable, (factors outside the control of the auditees are not expected to infl uence the outcome). An alternative approach is to focus on understanding and explaining the actual observations that have been made during the audit. Instead of trying to fi nd out who is at fault, it is possible to analyse the factors behind the problems uncovered and to discuss what may be done about these problems. This approach refl ects the idea that the overall aim of performance auditing is to promote economy, effi ciency and effectiveness. The two approaches represent different ideas to performance auditing; one in which accountability (as in compliance and fi nancial auditing) is at the centre of attention of the audit, while the other – which put emphasis on economy, effi ciency and effectiveness – primarily concerns itself with the subject matter of the audit causes of problems observed. (Even if the main area of focus is not accountability, recommendations arising from the audit as a rule encompass the question of division of responsibility.)

Accountability auditing has the advantage that it is often easier to carry out and that it corresponds to the conventional picture of auditing. The problem, however, is that effi ciency and effectiveness are complex issues which demand more comprehensive analyses (of conditions and circumstances outside the control of the auditees). Accountability auditing also involves risks – the perspective and scope must be limited, which in turn unduly limits the possibility of making an independent analysis. If, on the other hand, focus is placed on problems observed and possible causes, this facilitates audits covering the areas of responsibility of several different parties. Conditions are thereby created for comprehensive analyses. It must be stated, however, that this approach makes greater demands in terms of the skills of auditors.

The message of this section is that there are also differences in methodological approaches with respect to analytical ambitions. Generally speaking, there are SAIs that have established high analytical ambitions in their performance auditing, while others have settled for a lower level.

Performance auditing should not be streamlined. Advanced performance auditing is complex investigatory work that requires fl exibility, imagination and high levels of analytical skills. Streamlined procedures, methods and standards may in fact hamper the functioning and the progress of performance auditing. Consequently, standards – as well as quality assurance systems – that are too detailed should be avoided. Progress and practices must be built on learning from experience.

The orientation of performance auditing varies between SAIs. Two approaches differ more signifi cantly, namely the results-oriented and the problem-oriented approaches. The results-oriented approach deals with questions such as: ‘What is the performance, and have the objectives been met?’ The problem-oriented approach deals primarily with problem analysis. It deals with questions such as: ‘Do the stated problems really exist and, if so, what are the causes to the problems?’ Performance auditing may apply both top-down and bottom-up perspectives. Auditing is normally associated with accountability, but in performance auditing this is not always the case. Performance auditing should not be guided by standards that are too detailed and streamlined. This may hamper creativity and professionalism.

1.9 Summary

Performance auditing examines the economy, the effi ciency and the effectiveness of government programs and organizations and answers questions such as: Do the inputs chosen represent the most economical use of public funds? Are we getting the best services from available resources? Are the aims of the policy being fully met, and are the impacts the result of the policy? The perspectives and the objects to be audited may vary, i.e. both individual agencies as well as government-wide undertakings may be audited. Performance auditing is based on decisions made and goals set by the legislature, and it may be carried out throughout the whole public sector.
Performance auditing is not a regular audit with formalized opinions. It is an examination made on an ad hoc basis. It is an audit that focuses on performance, rather than expenditure and accounting. It has its roots in the requirements for independent analyses of the economy, effi ciency, and effectiveness of government programs and organizations. The special feature of performance auditing is partly due to the variety and complexity of questions related to its work.
All government activities can be analysed with the use of a formula that describes how to move from one position to another by certain means in order to achieve specifi c objectives. In performance auditing, this is often done by trying to answer two basic questions: Are things being done in the right way? Are the right things being done?
The ongoing process of ensuring that a government program or body has met the targets set is a matter of internal management and control. However, in the area of performance measurement, both fi nancial and performance auditors might be involved.
Apart from examining the impact of outputs, program evaluation may include issues such as whether the objectives are consistent with the policy or with the options given for changing the policy in order to achieve outcomes that are more effective. In some countries, performance audits may include many kinds of studies and even several program evaluations. In that sense program evaluation may be considered one of many possible ‘tools’ that performance auditing uses.
Performance auditing has various traditions. Two approaches differ quite signifi cantly. The results-oriented approach deals mainly with questions such as: ‘What is the performance or what results have been achieved, and have the requirements or the objectives been met?’ The problem-oriented approach deals primarily with questions such as: ‘Do the stated problems really exist and what causes them?’ Auditing is usually associated with accountability, but in performance auditing this does not always have to be the case.
Performance auditing should not be streamlined. It is investigatory work that requires fl exibility, imagination and analytical skill. Streamlined and detailed procedures, methods and standards may in fact hamper the functioning of performance auditing.

Part 2: Government auditing principles applied to performance Auditing

In conducting a performance audit the auditors should follow the

INTOSAI Code of Ethics and Auditing Standards as well as relevant

SAI standards and guidelines applicable to performance auditing. The INTOSAI general auditing standards states that the audit and the SAI must be independent, possess required competence and exercise due care (AS 1.0.6 and 2.2.1.). ^[1]

2.1 How do the auditing principles apply to performance auditing?

The audit mandate and the general goals should be properly defined

Statutes generally lay down the audit mandate. Among other things it regulates the extent to which a SAI can audit public sector programs and organizations. Special regulations are often needed that specify the

[1] For more information see these INTOSAI-documents: The Lima Declaration, The Code of Ethics and Auditing Standards, and Independence of Supreme Audit Institutions.

Focus on accountability or causes to the problems

1.9 Summary

Performance auditing examines the economy, the effi ciency and the effectiveness of government programs and organizations and answers questions such as: Do the inputs chosen represent the most economical use of public funds? Are we getting the best services from available resources? Are the aims of the policy being fully met, and are the impacts the result of the policy? The perspectives and the objects to be audited may vary, i.e. both individual agencies as well as government-wide undertakings may be audited. Performance auditing is based on decisions made and goals set by the legislature, and it may be carried out throughout the whole public sector.
Performance auditing is not a regular audit with formalized opinions. It is an examination made on an ad hoc basis. It is an audit that focuses on performance, rather than expenditure and accounting. It has its roots in the requirements for independent analyses of the economy, effi ciency, and effectiveness of government programs and organizations. The special feature of performance auditing is partly due to the variety and complexity of questions related to its work.
All government activities can be analysed with the use of a formula that describes how to move from one position to another by certain means in order to achieve specifi c objectives. In performance auditing, this is often done by trying to answer two basic questions: Are things being done in the right way? Are the right things being done?
The ongoing process of ensuring that a government program or body has met the targets set is a matter of internal management and control. However, in the area of performance measurement, both fi nancial and performance auditors might be involved.
Apart from examining the impact of outputs, program evaluation may include issues such as whether the objectives are consistent with the policy or with the options given for changing the policy in order to achieve outcomes that are more effective. In some countries, performance audits may include many kinds of studies and even several program evaluations. In that sense program evaluation may be considered one of many possible ‘tools’ that performance auditing uses.
Performance auditing has various traditions. Two approaches differ quite signifi cantly. The results-oriented approach deals mainly with questions such as: ‘What is the performance or what results have been achieved, and have the requirements or the objectives been met?’ The problem-oriented approach deals primarily with questions such as: ‘Do the stated problems really exist and what causes them?’ Auditing is usually associated with accountability, but in performance auditing this does not always have to be the case.
Performance auditing should not be streamlined. It is investigatory work that requires fl exibility, imagination and analytical skill. Streamlined and detailed procedures, methods and standards may in fact hamper the functioning of performance auditing.

Part 2: Government auditing principles applied to performance Auditing

In conducting a performance audit the auditors should follow the

INTOSAI Code of Ethics and Auditing Standards as well as relevant

2.1 How do the auditing principles apply to performance auditing?

The audit mandate and the general goals should be properly defined

[1] For more information see these INTOSAI-documents: The Lima Declaration, The Code of Ethics and Auditing Standards, and Independence of Supreme Audit Institutions.

conditions for performance auditing, for example, access to information from sources other than the auditees, the ability to give recommendations, the mandate to scrutinize government undertakings and programs, and the effectiveness of legislation. The mandate ordinarily specifi es the minimum audit and reporting requirements, specifi es what is required of the auditor, and provides the auditor with authority to carry out the work and report the results (AS 2.2.12, 2.2.19, 1.0.32-38, 1.0.42 and 1.0.47).

If possible, the mandate should cover the whole state budget, including all relevant executive bodies and all corresponding government programs or public services. Without suffi cient legal support, it might even be considered illegal to publish justifi ed criticism of the effi ciency and effectiveness of government programs, at least in respect to issues that are politically sensitive. To avoid this situation – and suspicion of self-censorship – the mandate needs to be both politically and publicly supported (AS 2.2.18-20 and 2.2.23)

The audit objects (those that might be subjected to performance audits by the SAI according to the mandate) can be described as ‘policy’,’ programs’, ‘organization’ and ‘management’. ‘Policy’ is usually defi ned as an effort to achieve certain aims with certain resources and perhaps within a certain time.^[1] A ‘program’ can be described as a set of interrelated means – legal, fi nancial, etc.– to implement a given government or agency policy. ‘Organization’ can be defi ned in different ways, but mostly it is taken to mean the aggregate of people, structures, and processes that have the aim of achieving particular objectives. ‘Management’ is generally taken to mean all the decisions, actions, and rules for the steering, accounting and deployment of human, fi nancial, and material resources. Management is often related to the internal operations of an organization. Policies and programs–decided by the legislature, the executive or executive offi cials–may also have an internal focus, relating to a specifi c organization (and its internal activities and performance). But mostly their focus is wider and more external and relates to activities of even non-governmental organizations (NGOs) (and the impacts of the policies and programs in society, etc.).^[2] In many countries, the constitution or legislation gives the SAI the explicit right to undertake

[1] The term policy covers in this guidelines – if nothing else is said – both government and agency policy. The term policy can be used as equivalent to agency policy for SAIs who do not have the right to review or evaluate government policy. (The term government undertaking covers both policy and program.)

[2] See for instance Manual of Performance Auditing, AG (The Netherlands), 1996.

[1] See for instance Manual of Performance Auditing, AG (The Netherlands), 1996.

some form of performance auditing. Some SAIs may carry out examinations of the effi ciency and effectiveness of complex government policies or undertakings, perhaps by in-depth analyses of stated problems. Others are more limited in their approach. As part of the explanation of standards, the Auditing Standards (AS 1.0.42) state: ‘In many countries, the mandate of performance auditing will stop short of review of the policy bases of government programs.’ In these cases, performance auditing does not question the merits of policy objectives but rather involves examinations of actions taken to design, implement, or evaluate the results of these policies, and may imply an examination of the adequacy of information leading to policy decisions. Even in countries where the constitution or legislation does not require the SAI to carry out audits of economy, effi ciency, and effectiveness, current practice shows a tendency to include this sort of work as part of fi nancial or regularity audits (AS 1.0.13, 1.0.42-43). The general goals of performance auditing should also be defi ned in the legislation or be decided on by the SAI. In general, SAIs may seek to achieve one or more of the following general goals:

To provide the legislature with independent examination of the economical, effi cient, or effective implementation practices of government policies or programs.
To provide the legislature with independent, ad hoc analyses of the validity and reliability of performance measurement systems, or statements or self-evaluations about performance that are published by executive entities.
To provide the legislature with independent analyses of problems of economy, effi ciency, and effectiveness in government activities and thus contribute to improvements.
To provide the legislature with independent assessments of the intended and unintended direct or indirect impact of government and agency programs and whether, and to what extent, stated aims or objectives have been met or why they have not been met.

One common objective of performance auditing in many countries – set by the legislator or the SAI itself – is to assess and improve the functioning of government programs, central government itself and any connected bodies (AS 1.0.20, 1.0.27, 1.0.40 and 4.0.25). Providing recommendations is important in most countries. In others, recommendations are not given at all, due to legal conditions and historical traditions.^[1]

Performance auditing must be free to select audit areas within its mandate

According to the Auditing Standards (AS 2.2.10-19), a SAI must be free to determine the areas covered by its performance audits. AS 2.2.8 states: ‘The SAI may give members of legislature factual briefi ngs on audit reports, but it is important that the SAI maintain its independence from political infl uence, in order to preserve an impartial approach to its audit responsibilities. This implies that the SAI should not be responsive, nor give the appearance of being responsive, to the wishes of particular political interest.’ In paragraph 2.2.10 it is stated: ‘In some countries the audit of the executive’s fi nancial management is the prerogative of the Parliament or elected Assembly; this may also apply to the audit of expenditure and receipts at a regional level, where external audit is the responsibility of a legislative assembly. In these cases audits are conducted on behalf of that body and it is appropriate for the SAI to take account of its requests for specifi c investigations in programming audit tasks. It is nevertheless important that the SAI remains free to determine the manner in which it conducts all its work, including those tasks requested by the Parliament.’ It is also important ‘that there be no power of direction by the executive in relation to the SAIs performance of its mandate’ (AS 2.2.14).

Performance audits should in general be ex post audits

The earliest point at which a SAI can examine effi ciency and effectiveness is after the government has made a decision on the policy concerned (this is more ore less implied in AS 4.0.22 and 4.0.25). An analysis of objectives or an audit of policy preparation activities may be carried out in some countries before the policy itself is implemented. Even so, the problems that performance auditing focuses on – or aims to eliminate – should be current problems in order to add value for the user of the audit reports.

[1] Most SAIs provide recommendations in their performance audit reports. It has been claimed that such a policy has inherent disadvantages. It could compromise the SAI’s independence and make further examinations diffi cult. However, a SAI cannot be hold accountable for its recommendations, and performance auditors can never claim to have found the only rational solutions (even if the recommendations put forward are both logical and well founded, there are always other options). A SAI’s recommendation can only be based on an assessment of what appeared at the time to be a rational, or possibly the most rational, solution. Moreover, performance auditing is by nature a non-recurrent activity. It is therefore unlikely that a subject will be audited in the same way twice. For more information, see Performance Auditing at the Swedish National Audit Bureau, 1993, pp 51.

General aims of legislature should be taken for granted

Political decisions and goals established by the legislature are in general the frame of reference, which form the basis of the audit criteria used in performance auditing. It is not the role of a SAI to question these decisions and goals. However, a SAI may, as a result of its fi ndings, make critical comments on the goals, for example if they are inconsistent or if it proves impossible to follow up the extent to which they have been achieved. Consequently, a performance audit report may in fact question the merits of existing policies or decisions. The goals or objectives may be too vague, in confl ict with other objectives, or based on insuffi cient information. The policy may be ineffi cient and ineffective, and changes might be required if existing shortcomings are to be overcome. On the other hand, it is defi nitely the role of performance auditing to assess the economy, effi ciency and effectiveness of more specifi c objectives and regulations established, for example, by government agencies. (See AS 2.2.5 and 2.2.9.)

While performance auditing does not question political goals, it can highlight the consequences of a given policy. It may also identify and illustrate shortcomings resulting from confl icting goals. Thus, performance auditing does not for example question the level of compensation in social welfare systems. The auditors must have, as a starting point, a set of problems that are related to economy, effi ciency, and effectiveness in the welfare systems being audited. This might be the case when, for example, a level of compensation in a given area has unintended marginal effects in another area. The performance auditor can then study the lack of coordination between different systems and point out the resulting problems. If the actual level of compensation is demonstrably different from the level that was originally set, the performance audit can examine the reasons for this development.

High professional quality of work should be promoted and secured

INTOSAI’s Auditing Standards and its Code of Ethics states that all government auditors should act with integrity, impartiality, objectivity, competence and professionalism. High ethical standards must be exercised in order to serve the public interest best, and in AS 2.2.36 it is stated, ‘Since the duties and responsibilities thus borne by the SAI are crucial to the concept of public accountability, the SAI must apply to its audits, methodologies and practices of the highest quality. It is incumbent upon it to formulate procedures to secure effective exercise of its responsibilities for audit reports, unimpaired by less than full adherence by personnel or external experts to its standards, planning procedures, methodologies and supervision.’

Performance audits are often complex undertakings, requiring a wide range of skills, expertise, and experience. AS 2.1.26 states ‘Because of the importance of ensuring a high standard of work by the SAI, it should pay particular attention to quality assurance programs in order to improve audit performance and results.’ It is also stated that the SAI should establish systems and procedures in order to ‘(a) confi rm [that] the integral quality assurance processes have operated satisfactorily; (b) ensure the quality of the audit report; and (c) secure improvements and avoid repetition of weaknesses’ (AS 2.1.27). However, no system for quality assurance can guarantee high quality performance audit reports. It is, simply put, more important to have competent and motivated staff than advanced systems for quality assurance. In other words, systems for quality assurance should be relevant and easy to manage, rather than complex and overly sophisticated. According to INTOSAI, quality issues must be integrated in the execution process. Even in the early planning stages, systems of quality assurance might prove indispensable to ensure that the problems to be addressed are material and well defi ned. The objectives, problems, audit questions, and selected areas largely determine the quality of the audit. The process of planning, and the various stages that make up the decision-making process, ensure that quality is regularly assessed, since certain conditions must be met before the audit can move forward. Meticulous preparations are important to defi ne the audit questions, the information needed, and the audit design (AS 2.1.27 and 3.1.1). For more information, see Appendices 3 and 4.

The mandate of performance auditing should cover the state budget and all corresponding government programs. The auditor must be free to select audit areas within its mandate. Political decisions and goals established by the legislature are the basic frame of reference. A performance audit may, as a result of its fi ndings, question the merits of existing policies. Performance audits are in general ex post audits that deal with current issues. High levels of quality in the work must be promoted and secured.

2.2 What are the general requirements for a performance auditor?

Performance auditors must posses specific professional skill

Performance auditing is an information-based activity, with professional values occupying a central position. These values include the importance of auditors being given the opportunity to develop their skills and attain good quality of results in their audits. This includes creating an environment that is stimulating and that furthers quality improvements (AS 1.0.45 and 2.1.9).

All auditors should possess adequate professional profi ciency to perform their tasks (AS 2.2.1 and 2.2.33-38). The SAIs should recruit personnel with suitable qualifi cations, adopt policies and procedures to develop and train SAI employees to performance their tasks effectively, prepare written guidance concerning the conduct of audits, support

the skills and experience available with the SAI and review the internal procedures (AS 2.1.2).

The ability to recruit the right staff is a decisive factor in performance auditing. Each staff member is a unique investment. A performance auditor must be well educated, and in general it is required that the auditor should have a university degree and experience in investigative/evaluation work. Personal qualities are also of considerable importance (analytical ability, creativity, receptiveness, social skills, integrity, judgment, endurance, good oral and writing skills etc.). (AS

2.1.4 and 2.1.10.)

To become a performance auditor, a performance audit team-leader or a performance audit manager, certain distinctive qualifi cations have to be met. For instance, a performance auditor should be well educated in the social sciences and in scientifi c investigation/evaluation methods. Special knowledge of the different functional areas to be audited might also prove essential, but advanced skills in accounting and fi nancial auditing are not always needed in performance auditing or program evaluation. Where SAIs have organized their performance auditing separately from fi nancial auditing, it is quite acceptable that personnel selected for performance auditing have different backgrounds and skills than those selected for fi nancial auditing.^[1]To meet the quality requirements specifi ed in the Auditing Standards (AS 2.2.36-39), the SAI should have a program to ensure that its staff maintains professional profi ciency through continuous education and training. A key factor in

[1] Unless being well experienced in performance auditing or similar work, a performance audit teamleader or manager might run the risk of not being totally accepted (or respected) by the performance auditors.

development process is learning through practical auditing work (AS 2.1.2, 2.2.37-38 and 2.1.16).

Continuous education and training may include such topics as current developments in performance audit methodology, management or supervision, qualitative investigation methods, case study analysis, statistical sampling, quantitative data-gathering techniques, evaluation design, data analysis, and reader-based writing. It may also include subjects related to auditors’ fi eldwork, such as public administration, public policy and structure, government administration policy, economics, social sciences, or Information Technology science (AS 2.1.6-10).

Qualifi cations for staff members who conduct performance audits include

knowledge of the methods applicable to performance auditing and the education, skills, and experience needed to apply such knowledge;
knowledge of government organizations, programs, and functions;
skills to communicate clearly and effectively, orally and in writing; and
special skills depending on the nature of the specifi c audit (e.g. statistics, information technology (IT), engineering etc, or expert knowledge of the subject matter concerned (AS 2.2.33-38 and 2.1.11-12).

Performance auditing should be a team effort, since the issues involved are complex. Consequently, not all members need to possess every skill mentioned above. Furthermore, it may not always be possible for a SAI to recruit people who meet all the requirements. The required skills may therefore be developed once a person is in service, as long as candidates for appointment have clearly demonstrated the potential and attitude for the kind of work that performance auditing entails.

Effectiveness, professionalism and care must guide the audit work

The performance audit should be suffi ciently well defi ned and the audit approach functional. The organization of the audit should satisfy the general requirements of good project management (AS 3.0.2-3 and 3.1.1-3).

The performance audit must be carried out thoroughly, with the aim of collecting relevant, reliable and suffi cient evidence in order to enable anyone else to arrive at the same conclusions as the performance audit report. This calls for exercising sound judgment when deciding the audit objective, what and when to audit, the approach and methodology, the scope of the audit, the issues to be reported, and the overall audit conclusion.

Good communication with the auditee(s) and experts from different backgrounds is important during the entire audit process. Similarly, performance audit managers must also be vigilant. It is important that the factual basis of fi nal descriptions, analyses and recommendations is accurate. The report should be objective and balanced and have a sober tone, with the purpose of adding value for the government. (AS 2.2.39, 3.5.1-2 and 4.0.22-25.)

The principles of proper administration should be observed. The audit process should be well recorded. Important decisions made during the course of the audit and the underlying considerations should be recorded in writing. Accessible fi les and a logbook should be kept. The main objectives of documentation – besides helping the auditing team – are to record the audit evidence in support of conclusions and decisions, to provide records to assist audit management and monitoring, and to enable work to be reviewed by senior offi cers. Information obtained during the audit should be treated as confi dential until the report has been tabled (AS 2.2.39-40, 3.0.2-3, 3.1.1, 3.2.1, 3.5.2-7, and 4.0.24).

All government auditors should act with integrity, impartiality, objectivity, competence and professionalism. To meet these standards the performance auditor must be adequately educated and have experience of investigative/evaluation work. Personal qualities are also of considerable importance. Effectiveness, professionalism and care must guide the audit work.

2.3 Are there other important safeguards?

Although these guidelines set out a coherent basis for conducting a performance audit, professional judgment (applied on the basis of relevant rules and procedures) remains the most important ingredient in performance audit work. The auditor should adopt an attitude of professional scepticism throughout the audit, recognizing that circumstances may exist that could cause the information relating to performance to be materially misstated.

Various safeguards, both principal and practical, might have to be applied in order to prevent material misstatements.

Reasonable assurance on the quality of information should be provided A performance audit conducted in accordance with applicable auditing standards must examine the quality of the information provided. Performance auditing is increasingly dependent on the quality of information produced by the auditees and others, often stored on electronic media. What is ‘reasonable’ depends on the situation, i.e. on the kind of evidence at hand and the conclusions that can be drawn from it. (AS 3.5.2)

The institutions concerned should be properly informed

The SAI should notify the government institutions responsible for or involved in the audited program of the details of the audit, preferably before it starts (AS 3.1.4). Due to the character of performance auditing, it is important that senior offi cials are well acquainted with the purpose of the audit.

The work performed should be properly supervised

The INTOSAI auditing standards state: ‘The work of the audit staff at each level and audit phase should be properly supervised during the audit, and documented work should be reviewed by a senior member of the audit staff’ (AS 3.2.1). When work is delegated to a member of the audit team, the project manager should carefully direct, supervise, and review the work delegated. All team members should understand the objectives of the audit, the terms of reference of the work assigned to them, and the nature of obligations imposed on them by applicable auditing standards (AS 3.2.2).

Supervision of the performance audit team by senior members of the audit staff involves directing, supporting and monitoring their work to ensure that the audit objectives are met. (See Appendix 4.) According to the Auditing Standards (AS 3.2.3), this involves ensuring that

all team members fully understand the audit objectives,
audit procedures are adequate and properly carried out,
international and national auditing standards are followed,
audit evidence is relevant, reliable, suffi cient and documented, and supports the audit fi ndings and conclusions; and
audit budgets, timetables and schedules are met.

The use of experts requires special care

Experts are often used in performance auditing. Before using experts, the auditor should ensure that the export has the necessary competence required for the purposes of the audit. An expert, if needed, is a person or fi rm possessing special skills, knowledge, and experience in a particular fi eld other than auditing. The auditor must ensure that the expert is independent of the activity/program, and the experts should be informed about the conditions and the ethics required. Although the performance auditor may use the work of an expert as evidence, the auditor retains full responsibility for the conclusions in the audit report (AS 2.1.18, 2.2.43-45).

The auditors should notify the government institutions involved in the audited program of the details of the engagement. They should provide reasonable assurance that the information relating to performance is reliable. Although the auditor may use the work of expert, the auditor retains full responsibility for the conclusions.

2.4 Summary

The mandate of performance auditing should be defi ned in the legislation, and special regulations are often needed that specify the conditions for performance auditing. The mandate should cover the whole state budget, including all relevant government undertaking and all relevant public services. The mandate should allow for audits of both individual government institutions and large state-owned enterprises of public interest as well as government-wide programs from different perspectives. The performance auditor must be given the freedom to select audit areas within the performance audit mandate.
Political decisions and goals established by the legislature should be the starting point for performance auditing. However, a SAI may, as a result of its fi ndings, also make critical comments on them, for example if goals are inconsistent or if it proves impossible to follow up the extent to which they have been achieved.
Performance audits should in general be ex post audits, but in some countries an audit of policy preparation activities may be carried out before the policy itself is implemented.
All government auditors should act with integrity, impartiality, objectivity, competence and professionalism but, due to its features, this is of special importance in performance auditing. The performance auditor must be well educated and have experience of investigative/ evaluation work. Personal qualities are also of considerable importance (analytical ability, creativity, receptiveness, social skills, integrity, judgment and patience, as well as having good oral and written skills).
Performance auditing is a knowledge-based activity, and due to its special features – and its close links to politics – high quality of work is perhaps the most important single factor for recognition. To ensure high quality of work, the SAI should pay particular attention to creating an environment for performance auditing that ensures incentives for good quality and quality improvements. A properly functioning system for quality assurance is one of the important elements in this context.
Effectiveness, professionalism and care must guide the audit work, and the principles of proper administration should be observed. The auditors should notify the government institutions involved in the audited program of the details of the engagement.

Before using experts, the auditor should ensure both that this is necessary and that the experts are competent and independent. Although the auditor may use the work of experts as evidence, the auditor retains full responsibility for the conclusions.

Part 3: Field standards and guidance: Initiating and

planning the performance audit

3.1 What are the overall steps in the performance audit cycle?

As stated in AS 3.0.1:‘The purpose of fi eld standards is to establish the criteria or overall framework for the purposeful, systematic and balanced steps or actions that the auditor has to follow.’ The fi eld standards establish the framework for planning, conducting and managing audit work (AS 3.0.2).

The performance audit cycle covers several steps. Broadly speaking, it comprises the planning process, the execution process and the follow-up process. The planning process is often divided into different stages. The fi rst stage is strategic planning, where potential themes and topics are analysed. Once a topic has been selected for performance audit, a pre-study – resulting in a work plan for the main study – may be undertaken to gather information in order to be able to design a proposal for the main study.

Throughout the main study, the emphasis should be on the production of a fi nal report to be considered by the government, the legislature, the executive bodies concerned, and the public. The report-writing process should, based on experience, be viewed as a continuous one of formulating, testing and revising ideas about the topic. Issues, such as the expected impact and value of the audit, should be considered throughout the audit. By setting deadlines for the writing process, timely reporting may be enhanced.

Follow-up procedures identify and document audit impact and the progress made in implementing audit recommendations. Such processes are vital to provide feedback to the SAI and the legislature. (AS

2.2.5-6)

The performance audit cycle involves several steps: strategic planning, preparation work, the main study and follow-up activities.

3.2 What does strategic planning involve?

Performance auditing should be directed towards areas where an external, independent audit may add value in promoting economy, effi ciency, and effectiveness. In fi nancial auditing, the audit objects (and the perspectives to be applied) are often defi ned for the SAI by its own basic legislation. As noted above, the SAI usually has greater freedom in the choice of performance audit objects and audit approaches. The SAI must carefully consider the strategy for selecting subjects for performance audits that help to set priorities and make selections. Interest in change shown by, for instance, the government may contribute to this process (AS 2.1.21-22 and 3.1.1-2).

The choice of audit areas should take place without any outside pressure (AS 2.2.14). The SAI must maintain its political neutrality, but maintenance of the SAI’s independence does not preclude requests to the SAI from the executive, proposing matters for audit. However, if it is to enjoy adequate independence, the SAI must be able to decline any such request (AS 2.2.16).

Strategic planning is the basis for the selection of audit topics and possible pre-studies. The planning might be carried out with the following steps:

Determining the potential audit areas from which the strategic choices are to be made. The selection of audit areas involves strategic choices with consequences for the SAI. The number of potential areas is considerable and the SAI’s capacity is limited. This means that choices must be made with care (AS 2.1.21 and 2.2.38).
Establishing the selection criteria to be used for these choices. The main selection criterion is probably the audit’s primary contribution to the assessment and improvement of the functioning of central government and the bodies connected with it. (AS 3.0.1.)

As for step 2, the general selection criteria would be as follows:

Added value: The better the prospects of carrying out a useful audit of good quality, and the less the policy fi eld or subject has been covered earlier by audits or other reviews, the greater the added value might be. Adding value is about providing new knowledge and perspectives.
Important problems or problem areas: The greater the risk for consequences in terms of economy, effi ciency, and effectiveness or public trust, the more important the problems tend to be. A problem may be judged important or material if knowledge about it would be

likely to infl uence the user of the performance audit report. Active and problem-oriented monitoring makes it easier to identify areas for audits.^[1]

Risks or uncertainties: The strategic planning may be based on risk analysis, or – less theoretical – analysis of indications of existing or potential problems. The stronger the public interest involved where there is reason to suspect ineffi ciency, the greater the risks (the less the knowledge), and the greater the uncertainty. The accumulation of such indicators or factors linked to an entity or a government program may represent an important signal to SAIs and should induce them to plan audits whose range and scope will depend on the indices detected. Factors that may indicate higher risk (or uncertainty) could be the following:
The fi nancial or budgetary amounts involved are substantial, or there have been signifi cant changes in the amounts involved.
Areas traditionally prone to risk (procurement, technology, environment issues, health, etc, or areas of unacceptable risk) are involved.
New or urgent activities or changes in conditions (requirements, demands) are involved.
Management structures are complex, and there might be some confusion about responsibilities.
There is no reliable, independent, and updated information on the effi ciency or the effectiveness of a government program. Some SAIs may choose topics based on strategic choices rather than selection criteria (for example, with regard to the type of performance audit, policy spheres, relationship with reforms within the public sector etc). Sometimes these strategic choices may refl ect the constitutional and legal conditions and the established traditions. The may also refl ect ‘political realities’ (i.e. certain topics are not expected to be subjected to auditing).

Consequently, strategic planning allows for different ambitions and decisions. Linked to a SAI’s annual planning system, strategic planning may be a useful tool in setting priorities and selecting potential audits to be executed. In another context, it may serve as a mechanism to select future audit themes, as a basis for more detailed planning. It may also serve as an instrument for strategic policy decisions on the

[1] For further discussion on the selection of problems, see Handbook in Performance Auditing RRV (Sweden), 1999, and Picking the winners, NAO (United Kingdom) 1997.

future direction of the audit. As an illustration, a SAI might outline the following options for its future audit orientation.

One possible strategic choice is to decide to contribute to the modernisation of the government administration and focus on auditing government programs with material effectiveness problems. An alternative choice might be to simply focus on auditing individual government agencies and their compliance with administrative/economic regulations.

In a changing society, it is quite natural that public activities are regularly reviewed to see whether they fulfi l the goals and solve the problems for which they were created. As time proceeds, new demands replace old. Since demands and conditions constantly change, performance auditing will have to be prepared to monitor and follow developments and trends, review priorities, and use new approaches and methods. If a SAI is defi ned – or defi nes itself – as an instrument for change, it is important that its priorities for performance auditing refl ect the need for improvement in the public sector. For example, in a situation with a large budget defi cit or old-fashioned management style, performance auditing may provide contributions to savings, better use of resources, or modernization of management. If, on the other hand, problems concerning unemployment, environment, equity, transparency, services to the clients, etc. are in focus in the public debate, performance auditing may prefer to give priority to such issues. In other words, strategic planning may aim to do more than produce viable subjects for audits. Ideally it should integrate audit topics – or audit themes – in an overall perspective.^[1] Some SAIs conduct special studies to build up knowledge or skills – either within a single area of government or in an area defi ned by an audit theme – to assist the strategic planning process. ^[2]

[1] Auditing work on a particular theme has become more common in recent years. This is longer-term work, which usually produces a number of interrelated audit reports.

[2] For an example, see Strategy for Performance Audits in the Chemical Sector, Swedish National Offi ce, 2002.

Strategic planning is the basis for the selection of audit topics. Linked to a SAI’s annual planning system, it may be a useful tool in setting priorities and selecting audits. It may serve as a mechanism for selecting future audit themes, and a basis for detailed planning. Finally, it may serve as an instrument for strategic policy decisions on the future direction of the audit. Planning might be carried out in the following steps: determining potential audit areas; establishing the selection criteria to be used; and identifying the main sources of information for the potential audits. The strategic planning exercise would normally result in a coherent and cogent audit program for the SAI and serve as a basis for operational planning and resource allocation.

This kind of question refers to effectiveness or impact on society.

Commitment Input Action/production Output Outcome

Purpose Resources Action Services Objectives defined assigned done provided met

Outputs are the result of inputs and actions taken to achieve specifi c goals. Theoretically, it should be possible for performance auditing to scrutinize all components and relations in the input-output model, except for the component on the far left. The two basic questions given above are still relevant, as is the wide range of perspectives that can be applied to answer them.

1.5 What does auditing of economy, efficiency and effectiveness

mean?

As stated above, performance auditing is mainly concerned with the examination of economy, effi ciency, and effectiveness.^[5] According to the Auditing Standards (AS 1.0.40), an individual performance audit may have the objective of examining one or more of these three aspects.

Economy – keeping the costs low

According to the Auditing Standards, ‘economy’ means minimising the cost of resources used for an activity, having regard to appropriate quality.

Audits of economy may provide answers to questions such as:

Do the means chosen or the equipment obtained – the inputs – represent the most economical use of public funds?
Have the human, fi nancial or material resources been used economically?
Are the management activities performed in accordance with sound administrative principles and good management policies? Even though the concept of economy is well defi ned, an audit of economy is not that easy to conduct. It is often a challenging task for an auditor to assess whether the inputs chosen represent the most economical use of public funds, whether the resources available have been used economically, and if the quality and the quantity of the ‘inputs’ are optimal and suitably co-ordinated. It may prove even more diffi cult to be able to provide recommendations that will reduce the costs without affecting the quality and the quantity of services.

Efficiency – making the most of available resources

[1] Audit Director Tony Angleryd (Sweden) prepared the guidelines, but many INTOSAI members have assisted in the processes. Performance Audit Standards from members and regional working groups have been studied. The ‘Performance Auditing Guidelines’, approved at the 8th ASOSAI Assembly in October 2000, should explicitly be mentioned.

IMPLEMENTATION GUIDELINES FOR PERFORMANCE AUDITING 7

[2] In this paper, the various paragraphs of the Auditing Standards (2001) have been referred to as ‘AS’ followed by the respective paragraph number(s). The references are in italics. The term ‘regularity

(fi nancial) auditing’ has been abbreviated to ‘fi nancial auditing.’

[3] This document provides general guidelines. Since performance auditing varies considerably between different countries, it was considered sensible to make the guidelines less normative and detailed than is traditionally the case.

[4] This would, for instance, to some extent exclude the kind of continuous monitoring exercise that is based on the concept of so-called performance indicators. However, non-regular (in-depth) studies on topics such as whether performance measurement systems in government programs are effective and valid or not are not excluded. (See section 1.7.)

IMPLEMENTATION GUIDELINES FOR PERFORMANCE AUDITING 9

[5] Standards concerning ‘environmental considerations’ and ‘equity requirements’ are also taken into account in performance auditing. (See Appendix 6.)

3 What does planning of individual performance audits involve?

According to the INTOSAI auditing standards (AS 3.1.1), the auditor should plan the audit in a manner, which ensures that an audit of high quality is carried out in an economic, effi cient and effective way and in a timely manner. A well thought-out plan is in general indispensable in performance auditing. Before starting the main study, it is consequently important to defi ne the audit objectives, the scope, and the methodology to achieve the objectives. This is often done in the form of a pre-study.^[1]

The purpose of a pre-study is to establish whether the conditions for a main study exist and, if they do exist, to produce an audit proposal with a work plan. Primarily, operational planning should be a tool for

[1] Some SAIs use the term ‘preliminary study’.

directing the execution process. In addition, it provides background knowledge and information needed to understand the entity, program, or function. An appropriate audit work plan makes it easier, for instance, to ensure that the performance audit coverage is comprehensive and realistic. The pre-study should normally be carried out in a fairly short period.

Three important steps

The most important steps in drawing up an audit proposal are the following:

Defi ning the specifi c issue to be studied and the audit objectives,
Developing the scope and the design of the audit,
Determining the quality assurance, the timetable, and the resources. In practice, these steps cannot always be strictly separated and they do not necessarily take place in the same order.

Defining the specific issue to be studied and the audit objectives One initial step is the more precise defi nition of the topic or the problems to be audited. The motives and the objectives for the study must be elaborated upon. This is a diffi cult and important step that involves examining the subject matter in depth, by studying relevant literature, documents and statistics, conducting interviews with major stakeholders and experts etc, and analysing potential problem indications from various viewpoints. It is important that the defi nitions are distinct. Ambiguous or vague defi nitions must be avoided.^[1] Even minor changes to the audit question or the problem to be studied may have a major impact on the general scope of the audit.

In short, this step involves elaborating on the following two questions:

What? What is the audit question or the problem to be studied?

Why? What are the audit objectives?

The wording of the basic audit question is an aspect in the examination process that is of great importance: it is a decisive factor for the results of the audit. It can be thought of as the fundamental research question into a government program that the auditors seek the answer to. Consequently, it is important that it is based on rational and objective considerations. In general, a SAI must apply a holistic perspective that best favours the public interest and the general mission for its performance auditing.

Audit objectives relate to the reasons for conducting the audit and should be established early in the execution process to assist in identifying the matters to be audited and reported on. In determining objectives, the audit team must take into account the roles and responsibilities of the SAI and the expected net impact of the audit as defined in the strategic audit plan. The audit objectives and scope are interrelated

and should be considered together. It is good management practice to discuss the scope of the audit scope with the audited entities at the earliest opportunity.^[2] When defi ning the audit objectives, one criterion might be to optimise the contribution made by the audit. A possible tool in determining this contribution is to outline the expected conclusions. If an audit takes place on request, the audit objectives might be more or less determined or obvious (AS 3.1.3).

The detail in which the audit is to be planned is another decision to be made. Careful advance planning will prevent problems in the way the audit should be handled arising at a later stage. At the same time, planning that is too detailed may sometimes inhibit innovative thinking and openness. Audits are carried out in a complex world, and it is therefore rarely possible to devise a comprehensive audit design that predicts the progress of a performance audit in every detail.

Defining the scope and the design of the audit

The next step in the design phase is the development of the scope and design of the audit. As in fi nancial auditing, the audit approach for performance auditing needs to be structured.^[3]

Defining the scope and the specific questions or hypotheses to examined

The scope defi nes the boundary of the audit. It addresses such things as specifi c questions to be asked, the type of study to be conducted and the character of the investigation.^[4] Further, it comprises the work of collecting information and the analyses to be executed (AS 3.1.3-4). ^[5] The scope of an audit is determined by answering the following questions:

[1] For more information, see, e.g. Handbook on Performance Auditing, RRV, 1999.

[2] In some cases it may also prove useful to explicitly clarify what is not going to be audited in the actual study (what is not intended to be covered). This may contribute to reduce misconceptions or false expectations among stakeholders.

[3] In this step, it may sometimes be a good idea to study scientifi c work and theories concerning the area to be audited or the questions to be answered.

[4] See section 4.2 below. For more information, see Performance Audit Manual, CAG, Bangladesh, 2000 and Government Auditing Standards, GAO (US), 2002.

[5] Sometimes a SAI may limit its performance audit to a ‘meta-evaluation’ (an evaluation of self-evaluations). It must be understood, however, that such an approach is only feasible when the SAI auditor is fully satisfi ed that the internal evaluation processes provide objective, timely, and comprehensive assessments of the programs concerned.

What? What specifi c questions or hypotheses are to be examined? What kind of study seems to be appropriate?^[1]Who? Who are the key players involved and the auditee(s)?

Where? Are there limitations in the number of locations to be covered?

When? Are there limitations on the time frame to be covered? Having defi ned the motives and the objectives for the study as well as the general audit question or the problems to be considered, it is important to defi ne the specifi c questions to be answered or the hypotheses to be examined (the plausible causes of the problem). In practice, they will form the basis for the selection of data collection methods. The auditor must also defi ne the character of the study: what kind of study is needed to highlight the questions? (Some common methods in performance auditing are presented in appendix 1.)

It must be stated, however, that conducting fi eldwork is a more of a continuous learning process than a matter of simply collecting data. And questions (or hypotheses) may have to be changed as the auditors become more knowledgeable during the audit. However, during the planning stage, the purpose is to systematically direct attention to what the auditors need to know, and from where and how they can obtain the information.

Auditability is an important requirement in the operational planning process. It defi nes whether a topic is suitable for a main study. As objectives and scope vary from one audit to another, the audit team needs to assess whether an audit can be carried out. An issue must be both auditable and worth auditing in order to be included in the audit scope. The auditor might, have to consider, for instance, whether there are relevant approaches, methodologies, and criteria available and whether the information or evidence required is likely to be available and can be obtained effi ciently. Furthermore, reliable and objective information should exist and there should be reasonable chances of obtaining this information. Other aspects to be considered are compliance with the audit mandate, resources, professional skills required, and conditions in

[1] The study design (goal-attainment study, time-management study etc.). See Appendix 1.

timing. Personnel with relevant skills must be available, and an audit should not be overruled by other studies already being made by other bodies (AS 2.1.23, 2.2.39, 3.0.3 and 3.1.1-4).

Understanding the program

It is important to develop a sound understanding of the audited program or the auditee’s business that is suffi cient to achieve the audit objectives, facilitate the identifi cation of signifi cant audit issues and fulfi l assigned audit responsibilities. This knowledge includes an understanding of:

the character of the government program being audited (role and function, activities and processes in general, development trends etc);
legislation and general programs and performance goals;
organizational structure and accountability relationships,
internal and external environment and the stakeholders;^[1]
external constraints affecting program delivery;
earlier investigations in the fi eld; and
management processes and resources.

The aim in the design phase is to develop a basic understanding of the audited program. Obtaining the required knowledge is a continuous and cumulative process of gathering and assessing information, and relating the resultant knowledge to audit evidence at all stages of the audit. It is important that auditors weigh the costs of obtaining information and the additional value of the information to the audit.

Sources of information may include:

enabling legislation and legislative speeches;
ministerial statements, government submissions, and decisions;
recent audit reports, reviews, evaluations, and inquiries;
scientifi c studies and research (including that from other countries);
strategic and corporate plans, mission statements, and annual reports;
policy fi les and management committee and board minutes;
organization charts, internal guidelines, and operating manuals;
program evaluation and internal audit plans and reports;
conference reports and minutes;
viewpoints from experts in the fi eld;
discussions with auditee management and key stakeholders;
management information systems; and
other relevant information systems as well as offi cial statistics.

Past reviews are often a useful source of information. They can help avoid unnecessary work in examining areas that have been under recent scrutiny and highlight defi ciencies that have not yet been remedied. Discussions with senior program management to gain an overall program perspective may also prove important. Other relevant sources of information are:

[1] Some SAIs may, if required, conduct stakeholder analyses at this stage in order to get a clear picture of the actual situation from different perspectives.

studies by industry and professional or special interest groups;
inquiries or previous reviews by the legislature;
information held by coordinating agencies or government committees;
work undertaken by other governments; and
press coverage.

Defining the audit criteria

The audit criteria are intended to give direction to the assessment (helping the auditor to answer questions such as ‘On what grounds is it possible to assess actual behaviour?’ ‘What is required or expected?’ ‘What results are to be achieved – and how?’ – by program?) Audit criteria are standards used to determine whether a program meets or exceeds expectations.^[1]

In fi nancial audits, transactions that are examined tend to be judged by the auditor as being ‘correct’ or ‘incorrect,’ ‘legal’ or ‘illegal,’ etc. Such criteria tend to be relatively closed and are usually prefi xed by, for example, the legislation establishing the audited entity. (For more information, see appendix 2.) For performance audits, however, the choice of audit criteria is normally relatively open and formulated by the auditor, and as mentioned earlier, criteria are often less important in the problem-oriented approach. In the problem-oriented approach it is more important to formulate testable (verifi able) hypotheses on possible causes to the audit problem.^[2]

Thus, in performance auditing, the general concepts of economy, effi ciency, and effectiveness need to be interpreted in relation to the subject matter, and the resulting criteria will vary from one audit to another. In defi ning audit criteria, auditors must ensure that they are relevant, reasonable, and attainable. Finally, every criterion is elaborated in

[1] Audit criteria should be reliable, objective, useful, complete and accepted.

[2] For information on how to defi ne audit problems, and how to formulate and test hypotheses, see e.g. Handbook in Performance Auditing: Theory and practice , The Swedish National Audit Offi ce, 1999.

the form of questions. These questions are factual in character and intended to describe or measure the practical situation to be audited.

Audit criteria can, for instance, be obtained from the following sources:

laws and regulations governing the operation of the audited entity;
decisions made by the legislature or the executive;
references to historical comparisons or comparisons with best practice;
professional standards, experiences, and values;
key performance indicators set by the auditee or the government
independent expert advice and know-how;
new or established scientifi c knowledge and other reliable information,
criteria used previously in similar audits or by other SAIs;
organizations (inside or outside the country) carrying out similar activities or having similar programs;
performance standards or previous inquiries by the legislature; and
general management and subject-matter literature.

The basis of the audit criteria may be considered from different angles:

depending on the case in point, the most authoritative sources will either be offi cial standards (such as goals laid down in laws and regulation, decisions and policies taken by the legislature or the executive branch), or
on the basis of the scientifi c grounds of the standards, greater emphasis will be placed on specialist scientifi c literature and other sources such as professional standards and best practices. Sometimes audit criteria are easy to defi ne, for example when the goals set by the legislature or the executive branches are clear, precise and relevant. However, this is often not the case. The goals may be vague, confl icting or non-existent. Under such conditions, the auditors might have to reconstruct the criteria. One possibility is to apply a ‘theoretical’ approach, by allowing experts in the fi eld to answer questions such as: ‘what ought to be the ideal results under perfect conditions according to rational thinking or best-known comparable practice?’ Alternatively, to defi ne and obtain support for well-founded and realistic criteria, it may prove helpful to apply an ‘empirical’ approach, involving discussions with stakeholders and decision makers.^[1]

Methodological planning

Methodological planning involves many different activities. For instance, it is important to distinguish between the audit program (the type of investigation that is needed for the data collection) and the data-collection techniques. Performance audits can draw upon a large variety of data-gathering techniques that are commonly used in the social sciences, such as surveys, interviews, observations, and studying written documents.^[2] The aim is to adopt best practices, but practical reasons such as availability of data may restrict the choice of methods, i.e. the auditors may often have to settle for the second-best solution. As a general rule, it is advisable to be fl exible and pragmatic in the choice of methods.^[3] Practical considerations will also have to infl uence the audit program. Sampling methods and surveys might allow general conclusions to be drawn and case studies provide an opportunity for in-depth studies.^[4]

Even though the nature of performance audits requires careful choices and combinations of methodologies for examining variables, it is important to have an open mind during the execution process. The selection of sources must not be rigid at this stage (AS 3.0.3, 3.1.1-4, 3.5.2-4, and 4.0.4). For more information, see Appendix 1.^[5] For performance audits in particular, the auditor will be concerned about the validity and the reliability of methods to be used to collect and analyse data:

[1] It is sometimes advisable to avoid setting precise and detailed audit criteria in the design phase (since the knowledge is limited). For more information, see appendix 2.

[2] This implies that the performance auditors should take an active interest in, and be given time for, continuous improvement of their methodological skills, and follow methodological developments in various research institutions, etc. This could, for instance, be done by arranging in-house seminars with external professionals, and by reading articles and literature. In choosing methods for data collection, the auditors should be guided by the purpose of the audit and the specifi c questions or hypotheses to be answered. For an overview on using different techniques for collecting audit evidence and for analysis of information, see Evidence-Gathering Techniques, OAG (Canada), 1994. For further discussion on methodology, techniques and concepts in social research, see The Research Methods Knowledge Base, Trochim, 2002. See also Evaluation, Rossi et al. 1999, and Case Study Research, Design and methods, Yin et al, 1994.

[3] The reasons for being pragmatic in the choice of methods are elaborated in Designing Evaluations, GAO (USA), 1991, chapter 2.

[4] See Case Study Research, Design and Methods, Yin et al, 1994. Ways of selecting cases can be used in Case Study Evaluation, GAO, (USA), 1990. For surveys, see Conducting Surveys, OAG (Canada), 1998.

Using statistical sampling, GAO (USA), 1992 and The Research Methods Knowledge Base, Trochim, 2002.

[5] For designing performance audits, see Handbook in Performance Auditing, RRV (Sweden) and Designing vfm studies, a guide, NAO (United Kingdom), 1997.

Validity: methods should measure what they are intended to measure.
Reliability: fi ndings should remain consistent if studies are made repeatedly in the same environment^[1]

Determining quality assurance, timetable, and resources

The fi nal step is the determination of the quality assurance measures to be taken in the audit, the timetable and the fi nancial budget.

Quality assurance

The INTOSAI Auditing Standards (AS 2.1.27) state that the SAI should establish systems and procedures for quality assurance. Quality control procedures should be designed to ensure that all audits are conducted in accordance with relevant standards and policies.

A distinction might be made between ex ante (ongoing quality arrangements while work is in progress for example through peer review, ‘co-readers’, use of expert panels, special committees and specialists or experts in the fi eld concerned, and techniques such as issue analysis) and ex post arrangements (such as independent reviews of published reports to identify lessons learned and how reports are received by key stakeholders and the benefi ts they drive from them). Some SAIs have engaged individual scientists or scientifi c institutions to conduct ex post assessments. Both ex ante, intermediate and ex post arrangements have to be planned.^[2]

[1] For a further discussion, see e.g. The Research Method Knowledge Base, Trochim, 2002.

[2] Building quality into the performance audit examinations requires many considerations. See for instance Value for money handbook: a guide for building quality into VFM examinations, NAO, United Kingdom, 2003.

The audit manager is responsible for the day-to-day management of the audit, including detailed planning, execution of the audit, supervision of staff, reporting to SAI management and overseeing preparation of the audit report. Where more complex performance audits are concerned, the SAI may consider appointing a steering committee to guide the audit team and to monitor the progress of the audit. (See appendix 4.)

Administrative planning

The audit team and a team leader have to be selected, and an activity plan is required. It is important to determine the timetable and the resources needed. Relevant factors include the manner in which the audit is organized, the expected costs (for both staff, on the basis of predetermined rates, and equipment), and the expected completion time. The budget and timetable should be documented. Progress against these targets should be monitored. The audit manager and SAI management are responsible for ensuring that performance audit is completed within budget and on time (AS 2.1.26-28, 2.2.36 and 3.1.4).

Compliance with laws and regulations

When laws, regulations, and other compliance requirements pertaining to the auditee are signifi cant to audit objectives, auditors should design the audit to provide reasonable assurance of compliance with these requirements. In performance audits, auditors should be alert to situations or transactions that could be indicative of illegal acts or abuse. They may need to determine the extent to which such acts affect the audit results. In complicated cases, specialists on these matters might be required (AS 3.4.1-7).

The result of the pre-study – the main study proposal

The audit design phase results in a consistent audit proposal with a work plan (AS 3.0.1-3). The quality of the work must be secured before the decision to start a main study is taken.

Before starting the main study in performance auditing, it is important to defi ne the audit objectives, the scope, and the methodology to achieve the objectives. This is done in a form of a pre-study. The purpose of a pre-study is to establish whether the conditions for a main study exist and, if they exist, to produce an audit proposal with a work plan. The most important steps in drawing up audit proposals are: defi ning the specifi c issue to be studied and the audit objectives; developing the audit framework and the audit design; and determining quality assurance, the audit team, the timetable, and the resources. The auditee(s) should be informed of the objectives, scope, and time schedule of the audit.

3.4 Summary

The performance audit cycle involves strategic planning, preparation work, main study and follow-up activities. Strategic planning is the basis for the selection of audit topics or audits themes to be executed. It may also serve as an instrument for strategic decisions concerning the direction of the audit. Planning might be carried out in these steps: determining potential audit areas, establishing the selection criteria, and identifying the main sources of information for the potential audits.
Before starting the main study in performance auditing, it is important to defi ne the audit objectives, the scope, and the methodology to achieve the objectives. This is done in form of a pre-study. The purpose of a pre-study is to establish whether the conditions for a main study exist and, if they exist, to produce an audit proposal with a work plan.
In planning performance audits, auditors should observe the following:
Consider the signifi cance and the needs of potential users of the audit report as well as other interested parties.

Obtain an understanding of the entity to be audited and of the problems to be scrutinized, including the context of the activities in question.

Identify signifi cant fi ndings from previous audits and other investigations and reports that could affect the audit objectives (even ongoing studies).
Consider political objectives and the legal and regulatory environments.
Defi ne the topics or the problems to be studied, the entity to be audited and the audit objectives, i.e. the expected effect of the audit.
Defi ne the basic audit questions – as well as the more specifi c questions – to be answered or the hypothesis to be tested.
Establish the audit criteria. The audit criteria represent the normative standards against which the audit evidence is judged. The criteria will vary according to the specifi c audit subject and objectives, the legislation governing the undertaking or the audited entity, the stated objectives, and the specifi c conditions that the SAI deems relevant and important for the case.
Determine the audit evidence that will answer the audit question: the relevance, reliability and suffi ciency of any data available within the audited entities should be evaluated. The possibility of collecting the required evidence (data) should be tested.
Identify potential sources of information that should be used in order to verify hypotheses, gain better knowledge of the subject, or obtain answers to audit questions, i.e., information that may be used as evidence.
Consider, if needed, help from experts (consultants, other auditors) concerning how to secure quality in the audit. It is important to evaluate the professional knowledge and skills required by the audit team to carry out the audit.
Provide suffi cient staff and other resources to perform the audit and prepare a written plan. Select a suitable audit team. Decide upon a budget for the resources needed to carry out the examination and the timetable.
Consider the possible conclusions and impacts of the examination. The proposed outcome should be judged in terms of ‘usefulness’ and ‘feasibility’. The auditor should consider the views and interests of the stakeholders.

Part 4: Field standards and guidance:

Conducting the performance audit

4.1 What characterizes the main study process?

The purpose of the main study is to implement the work plan, conduct the audit and produce a high quality audit report.^[1]A performance audit does not consist of a series of clearly defi ned measures, operations, or sub-processes that are carried out separately and in sequence. In practice, the processes evolve gradually through interaction with one another, and are carried out simultaneously, allowing the methods to develop in depth and become increasingly sophisticated (AS 2.2.39, 3.0.1 and 4.0.21).

Carrying out an audit may be seen as both an analytical and a communicative process. In the analytical process, data are collected, interpreted, and analysed. The communication process begins when the audit is fi rst presented to the auditee, and continues as the audit proceeds, as different fi ndings, arguments and perspectives are assessed, and continues until the report has been fi nalized.^[2] An open and constructive dialogue is the ideal, but an audit may provoke negative reactions. The auditor may face varying situations, from openness and willingness to cooperate, to evasiveness and secrecy. It is therefore important that the auditors inform the auditee of the audit’s objectives and methods. This does not mean that the audit object should dictate conditions or in any other way control the execution process. Instead, it involves establishing a constructive process of interaction. As a rule, the assistance of individuals from the auditee is essential to an effective audit. An active dialogue during the audit with the auditee, experts and others makes it easier, for instance, to make continuous checks of preliminary fi ndings (AS 2.2.25-26). It is also important to conduct the audit with integrity. The work plan must be followed (resources, time, and quality) and the audit must be

[1] The main study shall be carried out in compliance with the best practices with respect to techniques and methodologies (AS 2.2.36-37, 1.0.14 and 1.0.46).

[2] For more information, see for instance Performance Auditing at the Swedish National Audit Bureau, RRV, (Sweden), 1994.

carried out in accordance with relevant decisions and standards (AS 2.2.39 and 3.0.2).

The purpose of the main study is to implement the work plan, conduct the audit and produce an audit report. Performance audits must be carried out in compliance with the best practices. Carrying out an audit may be seen as both an analytical and a communicative process. An open and constructive dialogue is the ideal, but integrity is also important. The work plan must be followed and the relevant standards met.

4.2 What has to be considered in the data collection process?

Quality in data collection and documentation is vital, since performance audit is open to judgment. The Auditing Standards state that ‘Competent, relevant and reasonable evidence should be obtained to support the auditor’s judgment and conclusion regarding the organization, program, activity or function under audit’ (AS 3.5.1). While evidence in fi nancial audits tends towards being conclusive (yes/no or right/wrong), this is seldom the case in performance audits. More typically, performance audit evidence is persuasive (‘points towards the conclusion that…’).^[1]

The auditors must be creative, fl exible and careful in their search for evidence. When working in areas where evidence is persuasive rather than conclusive, it is sometimes useful to hold discussions in advance with the experts in the fi eld the nature of the evidence to be obtained and the way it will be analysed and interpreted by the auditor. This approach reduces the risk of misunderstanding and may speed up the process. It is also important that the auditors seek information from different sources, since organizations, individuals in an organization, experts, and interested parties have different perspectives and arguments to put forward (AS 2.2.39, 3.4.5 and 4.0.24).

Data, information, and knowledge are, broadly speaking, similar, linked concepts. Data is the primary tool. Data, which has been

[1] For more information see Government Auditing Standards, GAO (USA), 2002.

compiled, is transformed into information. Information, which is analysed and understood, will become knowledge. Both qualitative and quantitative data may be collected for different purposes during an audit, whether as part of the learning process, or in order to describe and analyse an outcome or a problem.^[1]

Based on general experience, it is important to distinguish between the following components in the information gathering process:

Questions formulated to be answered by the study.
Study design, i.e. the type of study that is needed to answer the questions set (time management, cost-benefi t, goal attainment studies, etc.).
Audit programs, i.e. the type of investigation that is needed for the data-collection (such as sampling, case studies, secondary analysis, inquiries, ‘before- and after analysis’, comparable evaluations, etc.).
Data-collection techniques needed in order to answer the questions set (study of documentation, meetings, questionnaires, interviews etc.).
Quantitative and qualitative analysis, applied to the data collected (for deeper analysis of the information collected).

Data collection may be performed once or through ongoing measurements (such as time series design, longitudinal analysis etc.). Information may be gathered on the basis of physical evidence, documents (including written statements), oral testimonies (interviews), or by other means depending on the objectives of the audit. It will often be necessary to collect both quantitative and qualitative data. The types of data to be obtained should be explainable and justifi able in terms of suffi ciency, validity, reliability, relevance, and reasonableness. Performance auditing may produce primary data (its own source material) with the aid of questionnaires, surveys and direct observation. However, a great deal of secondary data (material produced by others) is also often used. The best available information should be gathered. The auditors, however, must not be rigid in their requirements for exactness. It might prove costly and unnecessary, i.e. a second-best solution is

[1] See Handbook on Performance Auditing, RRV (Sweden), 1998.

often quite suffi cient and appropriate (AS 3.4.5 and 3.5.1-4).^[1] It is vital that the auditors adopt a critical approach and maintain an objective distance to the information put forward. At the same time, they must be receptive to views and arguments. The auditors must be able to see things from different perspectives and maintain an open and objective attitude to various views and arguments. If they are not receptive, the auditors may miss the best arguments. This also underscores the importance of making rational assessments, in that the auditors discount their own personal preferences and those of others. It is therefore important for the auditor’s involvement to be expressed in a process of refl ection and objective analysis rather than in a conviction that certain standpoints are correct (AS 2.2.40, 3.5.1 and 4.0.24). Where computer-processed data are signifi cant to the fi ndings of the audit, it may be wise to take extra precautions in order to obtain suffi cient, competent, and relevant evidence that the data are valid and reliable. Additionally, when assessment of the reliability of an information system is the primary objective of the audit, the auditors should review the system’s general and application controls. Adding to this, during a main study the auditors may obtain sensitive information (such as opinions on management or politics). Consequently, they should guarantee anonymity and not divulge people’s opinions (AS 2.2.37, 2.2.46 and 3.3.4).

The results of the fi eldwork and analysis, along with the audit planning paperwork, need to be documented, fi led, and cross-referenced to permit audit mangers to review the work done and validate the conclusions reached. A record of the work should be retained in the form of working papers. Suffi cient, competent, and relevant evidence should be obtained to afford a reasonable basis for the fi ndings and the conclusions (AS 3.2.1 and 3.5.5-7).

Quality in data collection and documentation is vital. The auditors have to be creative, fl exible and careful in their search for suffi cient evidence. It is important to maintain an objective distance from information put forward, but the auditors must also be receptive to views and arguments and seek information from different sources and stakeholders.

[1] As the saying goes: ‘It is better to be vaguely right than exactly wrong’.

4.3 What characterizes the audit evidence and the audit findings?

Evidence may be categorized as physical, documentary, testimonial, or analytical. A direct inspection or observation of people, property, or events obtains physical evidence. Documentary evidence consists of information such as letters, contracts, accounting records, invoices, and management information on performance. Testimonial evidence is obtained through interviews or questionnaires. Analytical evidence includes computation, comparisons, separation of information into components, and rational arguments. Evidence should be suffi cient, competent, and relevant. It is suffi cient if there is enough of it to support the audit fi nding. Evidence used to support a fi nding is relevant if it has a logical, sensible relationship to that fi nding. It is competent if it is consistent with facts (AS 3.4.5 and 3.5.1).

Audit fi ndings are the specifi c evidence gathered by the auditor to satisfy the audit objectives, in order to be able to answer the audit questions and verify the stated hypothesis, etc. Conclusions are statements deduced by the auditor from those fi ndings, and recommendations are courses of action suggested by the auditor relating to the audit objectives. Audit fi ndings contain the following elements: criteria (‘what should be’), condition (‘what is’), and effect (‘what are the consequences’ – observed as well as ‘reasonable and logical future impact’), plus cause (‘why is there a deviation from norms or criteria’), when problems are found.^[1] However, all four elements are not always required in an audit; the element ‘criteria’ is for instance not always specifi cally addressed in the problem-oriented approach.⁵⁵ The process of analyzing evidence, developing fi ndings, and producing recommendations to resolve

[1] For more information, see Government Auditing Standards, GAO (USA), 2002. ⁵⁵ See section 1.8.

identifi ed areas of poor practice is summarized in the following diagram from ASOSAI guidelines.

Once an audit fi nding has been identifi ed, two complementary forms of assessment take place: the assessment of the signifi cance of the fi ndings and the determination of the causes (of increased performance or of the lack of performance where performance is below that expected).

The auditors may also try to assess the consequences of the fi nding. In many cases, the effect of a fi nding may be quantifi able. For example, the cost of expensive processes, expensive inputs, or unproductive facilities can be estimated. Additionally, the effect of ineffi cient processes, such as idle resources or poor management, may become apparent in terms of time delays or wasted physical resources. Qualitative effects as evidenced in a lack of control, poor decisions, or lack of concern for service may also be signifi cant. The effect should demonstrate the need for corrective action. The effect can also have occurred in the past, be occurring now, or possibly occur in the future. To make a fi nding stand, be certain that, if the effect occurred in the past, the situation has not already been remedied to prevent it from recurring. If the effects are not readily identifi ed, the performance auditor may need to assert potential effects.^[1]

[1] For more information, see Performance Auditing Guidelines, ASOSAI, 2000.

Evidence may be categorized as physical, documentary, testimonial, or analytical. Evidence should be suffi cient, competent, and relevant. Audit fi ndings provide answers to the audit questions. Conclusions are statements deduced from the fi ndings. Comparing audit observations (conditions) with audit criteria identifi es audit fi ndings. Once an audit fi nding has been identifi ed, two complementary forms of assessment take place: the assessment of the signifi cance of the fi ndings and the determination of the causes.

How should a changeable and conflicting environment

be handled?

A performance audit may run for a long time, and there may be changes in knowledge and reality from the point in time when it started. In performance auditing it is often diffi cult to make a choice between the directions set out in the work plan and the description of the audit’s structure on the one hand, and the interest in studying questions that arise at a later date on the other. To avoid getting caught up in details and a fl ood of data, detailed assessments of the need for information must be made both before and during the audit. Based on experience, this makes it easier to eliminate extraneous detail and irrelevant approaches, and to sort or structure the information gathered. Again, however, the auditors must not be rigid and avoid all unplanned data gathering.

AS 2.2.26 states ‘In contrast to private sector audit, where the auditor’s agreed task is specifi ed in an engagement letter, the audited entity is not in a client relationship with the SAI. The SAI has to discharge its mandate freely and impartially, taking management views into consideration in forming audit opinions, conclusions and recommendations, but owing no responsibility to the management of the audited entity for the scope or nature of the audits undertaken.’ However, auditors should always seek to create good relationships with the auditees and other interested parties.

To avoid unnecessary confl icts, auditors should listen and learn, and try to understand the particular nature of the activity under audit. To do so they must be able to look at an activity from different perspectives, and maintain an open and objective attitude to views and objections put forward. Regular meetings and discussions with the auditee are often a valuable part of the audit. If confl icts occur, efforts should be made to air contradictory opinions with a view to making the fi nal picture as true and fair as possible. The auditors should attempt to establish open co-operation and interaction and an atmosphere of confi dence with the auditee at the earliest opportunity. However, the very nature of auditing and the importance of its independence means that a clear limit must be set up to prevent the individual performance auditor from becoming involved in the practical work of implementing changes at the auditee (AS 2.2.25, 2.2.29, 4.0.24).

There are limits to how far a performance audit can go to corroborate statements and verify fi ndings. It is, generally speaking, impossible to avoid criticism, even when the most sophisticated scientifi c methods are used. The advantages of verifying an issue must, therefore, be weighed against time constraints and resource consumption. At the same time, the basic data must be of good quality (AS 3.1.1, 3.5.1, 4.0.23 and 2.1.26).

A well-designed work plan may help the auditors avoid getting caught up in details and a fl ood of data. To avoid unnecessary confl icts, auditors should try to understand the particular nature of the activity under audit. If confl icts occur, efforts should be made to air contradictory opinions with a view to making the fi nal picture as true and fair as possible.

5 What is important when analysing data and drawing conclusions?

Most audits involve some type of analysis in order to understand or explain what has been observed. A wide range of models or methods of analysis is used (AS 4.0.21). This could be done in the form of more detailed statistical analysis, discussions on the fi ndings within the audit team, studies of documentation and working papers etc. The analysis might sometimes also require comparisons of fi ndings between for instance subjects that work well and those that work less well; one or more subjects and an overview; and the audited area and a similar audit area in another country.

The fi nal stage in the analysis of data involves combining the results from different types of sources. There is no general method for doing this, but it is of central importance that the auditor works systematically and carefully in interpreting the data and arguments collected. This phase involves weighing up arguments and assertions, consulting experts, and making comparisons and analyses. As the work continues, the draft report gradually takes shape.^[1] The notes and observations are put into structured order, and as internal and external discussions progress, text is drafted, assessed and rewritten; details are checked and conclusions are discussed. There is a need for exchanges of information based on discussion papers to discuss major issues that have emerged during the course of the audit. These meetings may serve to confi rm facts with the audited entities and to promote the development of audit fi ndings and recommendations.

If possible, all the main arguments that can be envisioned should be covered, so that no entirely new and possibly decisive arguments –

or facts – may be introduced at the fi nal stage of the audit. In a properly conducted performance audit, the arguments put forward are balanced against the best possible counter arguments, and the various contrasting views are weighed against each other. Experienced colleagues and contracted external advisors etc. can assist in this process. The conclusions should be based on objectives, rationality and projectspecifi c criteria (AS 2.2.36, 2.2.39-40, 3.2.4, 3.5.2, 3.5.7 and 4.0.24). Recommendations, if provided, should be argued in a logical, knowledge-based and rational fashion. The cause of a fi nding forms the basis for the recommendation. The cause may be outside the control of the entity under audit, in which case the recommendation should direct attention outside the auditee. It is important to ensure that recommendations are practicable, add value and address the objectives of the audit. In some cases it is also important to present the arguments for and against various alternative proposals. By following the underlying arguments, the reader will be better able to understand the fi nal recommendations (AS 1.05 and 4.0.23-27).

[1] If the analyses are based on scientifi c knowledge and well-established theories, they will probably be more solid and interesting. It is also often easier to interpret observations in the light of a well-known theory. (‘There is nothing so practical as a good theory. ‘)

Before publishing a performance audit report, the auditee(s) involved should always be given the opportunity to examine its content. The draft report provides the fi rst opportunity for the auditee to see the full context of audit fi ndings, conclusions and recommendations in written form. Where responses provide new information, the auditor should assess this and be willing to modify the draft report, provided the usual standards of evidence are met. Oral and written responses, should, as far as possible, be documented. All disagreements must be analyzed. The fi nal report must be balanced and fair (AS 3.2.4 and 4.0.23-24).

The fi nal stage in the analysis of data consists in combining results from different types of sources. There is no general method for doing this. In a properly conducted performance audit, the arguments put forward are balanced against the best possible counter arguments, and the various contrasting views are weighed against each other. The conclusions should be based on objectives, rationality and project-specifi c standards and criteria. Before publishing a performance audit report, the auditee(s) should always be given the opportunity to examine its factual content. The recommendations, if provided, have to be argued in a logical, knowledge-based, and rational fashion. They should be directed to remedy root causes of problems

4.6 Summary

In brief, when conducting an audit, the following should be considered:

Execute the work plan with integrity and care in a timely manner, and in accordance with international and national standards for performance auditing. Planning should continue throughout the audit. Activities should be reviewed and modifi ed as the execution process evolves.
The project should be properly introduced to the auditee. An active, open and constructive dialogue should be maintained with the auditee and other interested parties during the audit. The auditee (or the main executive entities involved in the undertaking to be scrutinized) should be involved in the process.
Implement the audit scope with care. Quality in data collection, analysis, and documentation is vital.
Gather the best possible or most suitable information – facts as well as opinions, arguments and refl ections – from different sources and seek requisite knowledge and expertise. See that the work is characterized by objectivity, impartiality, and sensitivity. Critically evaluate information obtained and arguments put forward. All relevant facts and arguments must be collected.
Protect the integrity of persons providing information, ensure that working papers are not disseminated incorrectly and, in all other ways, observe high ethical standards.
Recommendations, if provided, should be directed to remedy root causes of problems. The results of the fi eldwork need to be documented, fi led, and cross-referenced. Evidence should be suffi cient, competent, and relevant.
Undertake adequate quantitative and qualitative analyses. Discuss the analyses with senior auditors, stakeholders and experts in the fi eld. Make analyses and assessments of observations on the basis of political intentions, rational considerations, and criteria specifi c to the audit. The fi ndings should form the basis for recommendations.
Ensure that the factual basis of descriptions, analyses and recommendations is accurate and that they are fair and well founded, balanced and correctly communicated to the auditee. The auditor should ensure that the recommendations, if provided, address the objectives of the audit.

Part 5: Reporting standards and guidance: Presenting the audit result

5.1 What does the need to focus on the final report involve?

According to the Auditing Standards, auditors should prepare written audit reports (AS 4.0.7). Written reports should communicate the results of audits to all levels of government, make the results less susceptible to misunderstanding, make the results available for public inspections, and facilitate follow-up to determine whether corrective actions have been taken. The performance audit report is the product on which the government, the legislature, and the public judge the SAI performance audit function.

Most SAIs with long experience of performance auditing publish individual reports, i.e. each performance audit is published separately. Other SAIs which are not required to execute such audit projects or are restricted from publishing all of their performance audit fi ndings, may publish their observations and conclusions in summarized form in their annual reports. The following guidelines are mainly applicable to SAIs which are not restricted in their reporting.

Given the amount of reporting required during an audit, the reporting process may be facilitated by the use of a continuous reportwriting process. This process may start at the beginning of the audit with an outline that develops into discussion papers, which are then brought together in the proposed report and further refi ned in the fi nal audit report (AS 3.2.4).

The auditors should prepare written audit reports. Given the amount of reporting required during an audit, the reporting process may be facilitated by the use of a continuous report-writing process.

5.2 What is required to make the reports reliable?

The audit report should be reliable and contain objectives, scope, methodology and sources used, as well as audit fi ndings, conclusions and recommendations.^[1] Any limitations on the scope of the work and the reasons for this should be described. It should be easy for the reader to understand the purposes of the audit and to properly interpret the results. The report should be complete, accurate, objective, convincing, and as clear and concise as the subject-matter permits (AS 4.0.8 and 4.0.24).

Being complete requires, for instance, that the report contains all information and arguments needed to satisfy the audit objectives, promote an adequate and correct understanding of matters and conditions reported, and meet the report content requirements.^[2] It is vital that the starting points of the audit and the methods used, as well as important source material and conclusions, are described in the fi nal audit report. The relationship between audit objectives, criteria, fi ndings and conclusions needs to be verifi able, complete and clearly expressed. If recommendations are to be provided, there needs to be a clear link between the analysis or conclusions and the recommendations. Auditors should, within the audit objectives, report all signifi cant instances of non-compliance and signifi cant instances of abuse that were found during or in connection with the audit (AS 4.0.87-8, 4.0.22).

Accuracy requires that the evidence presented should be true and comprehensive and that all fi ndings are correctly portrayed. The need for accuracy is based on the need to assure readers that what is reported is credible and reliable. One inaccuracy in a report can cast

[1] The report could, for instance, include comparisons with audit criteria, and contain an analysis of differences between what is observed and the audit criteria, including the causes and effects of the differences.

[2] Certain information may be prohibited from general disclosure by law or regulation. Such information may be provided on a ‘need-to-know basis’ only to persons authorized by law to receive it. However, it may be possible to include confi dential or sensitive material in a separate, unpublished report (AS 4.0.8).

doubt on the validity of an entire report and can divert attention from the substance of the report. In addition, inaccurate reports can damage the credibility of the SAI. In other words, a high standard of accuracy requires an effective system of quality assurance. Reported evidence should demonstrate the correctness and reasonableness of the matters reported. Correct portrayal means accurately describing the audit scope and methodology, and presenting fi ndings and conclusions in a manner consistent with the scope of audit work (AS 4.0.23-24).

Objectivity requires, as mentioned above, that the presentation of the entire report be balanced in content and tone. A report’s credibility is signifi cantly enhanced when it presents evidence in an unbiased manner. The report should be fair and not misleading, and should place the audit results in perspective. This means presenting the audit results impartially and guarding against the tendency to exaggerate or overemphasize defi cient performance. Interpretations should be based on insight and understanding of facts and conditions. One-sided presentations should be avoided. Even though auditing by its very nature has its focus on shortcomings, it is an advantage if the performance audit reports can make room for both positive and negative fi ndings and assessments (AS 4.0.7 and 4.0.23).

Being convincing requires that the audit results should be responsive to the audit objectives, the fi ndings presented persuasively, and the conclusions and recommendations follow logically or analytically from the facts and arguments presented. Facts should be presented separately from opinions. The language used should not be tendentious or suggestive, and the information presented suffi cient to convince the readers to recognize the validity of the fi ndings, the reasonableness of the conclusions, and the benefi t of implementing the recommendations. Different opinions and arguments should be represented (AS 4.0.7 and 4.0.24).

Clear requires that the report be easy to read and understand (as clear as the subject-matter permits). Technical terms and unfamiliar abbreviations must be defi ned. Logical organization of material, and accuracy in stating facts and in drawing conclusions, are essential to clarity and understanding. Although fi ndings should be presented clearly, the auditors must keep in mind that one of their objectives is to be persuasive, and this can best be done by avoiding language that generates defensiveness and opposition (AS 4.0.7-8).

Being concise requires that the report be no longer than needed to convey and support the message. Although scope may exist for considerable judgment in determining the content of reports, those that are complete, but still concise, are likely to achieve greater results. It must be stated, however, that advanced studies often require longer reports. One must also have in mind that the performance audit reports are not only written for those who have special knowledge; they are also written for those who need more information to understand the subjects.

A more comprehensive report might provide the reader with a better understanding of the basis for the conclusions drawn, and thus add value and creditability to the audit report. In a wider sense, comprehensive reports may strengthen a SAI’s capacity to serve the citizens’ interest in openness and transparency (AS 4.0.4).

The audit report should be reliable. The report should be informative and, if provided, have logical and clear recommendations that are linked to the audit objectives and the fi ndings. The auditors should report the audit objectives, scope, methodology and sources used, as well as audit fi ndings, conclusions, and recommendations. It should be easy to understand the purposes of the audit and interpret the results. The report should be complete, accurate, objective, convincing and as clear and concise as possible.

5.3 What characterises a good and usable performance audit report?

Good performance audit reports should add value to the stakeholders and meet the objectives set. They should provide accessible, concise, and up-to-date information, which the government, parliament, auditee, and other stakeholders can use to improve the economy, effi ciency, and effectiveness of the public sector: i.e. the report should contribute to better knowledge and adequate improvements.^[1] Good performance audit reports should be reader-based and well structured,

[1] The form and content of all audit reports are founded on the following general principles: a suitable title and a properly signed report, a clear presentation of objectives and scope, completeness, addressee and identifi cation of subject matter (AS 4.0.7-8).

and the language should not be ambiguous. They should present fi ndings objectively and fairly (AS 4.0.7). This requires that: • there are separate presentations of fi ndings and conclusions;

facts are presented and interpreted in neutral terms;
different perspectives and viewpoints are represented;
all relevant fi ndings, arguments, and evidence are included; and
reports are constructive, and positive conclusions are presented.^[1]

In a wider sense – and to sum up – the quality of a performance audit may be assessed by means of specifi c criteria, including those considered below:

Materiality, relevance and objectivity

The topics dealt with should be material. The information given should be relevant to the topic; the audit question or the problem studied. Objectivity can be defi ned as ‘impartiality, balance and neutrality’. When making decisions about scope, audit evidence, signifi cance of observations, and conclusions, the auditor must have an unbiased point of view and an objective state of mind. The audit design should ensure that the selection of facts to be investigated and presented in the report is balanced and unprejudiced. The fi ndings should be infl uenced by evidence obtained and assembled in accordance with relevant audit standards. Facts must not be suppressed, and the auditor must not exaggerate minor shortcomings. Explanations – especially from the auditee(s) – must always be sought and critically evaluated (AS 1.0.9, 2.2.40, 3.5.4, 4.0.7, and 4.0.24-26).

Reliability, validity and consistency

Users should be able to trust the reliability and validity of reported results. The data collection methods should be valid and reliable. The audit design should be such that conclusions arise from the fi ndings and the analysis, based on verifi ed facts and other information from various sources. All the documents in the process must be well

[1] One possible structure of performance reports is the following: (1) Executive summary, (2) Introduction and audit design (including background, motives for the study, objectives, scope, methods), (3) Description of the audit object, (4) Findings and analyses, (5) Conclusion and assessments, and (6) Recommendation and Appendix.

balanced in their perspectives and judgments (AS 2.2.36, 2.2.39, 3.2.3, 3.4.5, 3.5.2, 4.0.8, and 4.0.22-25).

Transparency, usability and timeliness

A SAI must not be forced to withhold fi ndings and should, within its legal mandate, be free to decide what to publish and how. The report should provide accessible, concise and up-to-date information, which the government, parliament, and government entities can use to improve the way they function, i.e. the information provided should add value. The audit questions should be answered. The points on which the SAI expects action to be taken, and by whom, should be clearly stated. Being timely requires that the report should be issued on time in order to make the information available for timely use by management, government, legislative offi cials and other interested parties (AS 2.2.10-11, 3.1.1, 4.0.4-5, 4.0.7-8 and 4.0.21-22).

Good performance audit reports add value to the stakeholders and meet the objectives set. They contribute to better knowledge and highlight improvements needed. They are reader-based and well structured, and the language is not ambiguous. Findings are presented objectively and fairly. There are separate presentations of fi ndings and conclusions, and facts are presented and interpreted in neutral terms. Different perspectives and viewpoints are represented, all relevant fi ndings, arguments and evidences are included, and the reports are constructive; i.e.

positive conclusions are presented.

5.4 How should the performance audit reports be distributed?

Comprehensive reports and wide distribution of every report are keys to the credibility of the audit function. In accordance with its fundamental role, each SAI must decide on how to best serve its own and the public interest in distributing the audit reports, both in general and for each report. If possible, all relevant audit fi ndings should be made public (in individual performance reports or in the annual report from the SAI). It is an advantage if the reports are available for public discussion and criticism (AS 2.2.11).

The report should, if possible, be distributed to the auditee, the government, legislative offi cials, the media and other interested parties. Appropriate offi cials who may be included in the distribution include those designated by law or regulation to receive such reports, those responsible for acting on the fi ndings and recommendations, those of other levels of government who have provided assistance to the auditee and legislators (AS 4.0.8).

Publishing audit reports may cause misunderstandings. The media may misinterpret and exaggerate fi ndings, and as a consequence frustrate the purpose of the audit. It is therefore – based on experience – recommended that one provides the media with adequate and wellbalanced information backed by factual evidence, for instance in the form of press releases.

Comprehensive reports and wide distribution of every report are keys to the credibility of the audit function. If possible, each performance audit should be published in a separate report.

5.5 What purposes do follow-up processes serve?

A follow-up process will facilitate the effective implementation of report recommendations and provide feedback to the SAI, the legislature and the government on performance audit effectiveness. In following up the report, the auditor should maintain objectivity and independence and thus focus on whether identifi ed weaknesses have been corrected rather than on whether specifi c recommendations have been implemented or not.^[1] The priority of follow-up tasks should be considered in the context of the overall audit strategy as determined by the strategic planning process (AS 4.0.26).

Following up on SAI recommendations may serve four main purposes:

increasing the effectiveness of audit reports–the prime reason for following up audit reports is to increase the probability that recommendations will be implemented;
assisting the government and the legislature – following up may be valuable in guiding the actions of the legislature;

[1] It is recognized that isolating the impact of an audit report in the context of other signifi cant changes is diffi cult. The key factor remains whether the audit recommendations have been carried out, and this may often be the only measurable indicator of impact.

evaluation of SAI performance – following up activity provides a basis for assessing and evaluating SAI performance; and
creating incentives for learning and development – following up activities may contribute to better knowledge and improved practice. When a performance audit is completed, there are various opportunities for obtaining information on how it has been received, for instance by observing reactions from audited bodies, parliament and in the media. Internal and external conferences can be arranged to help summarize experience and promote learning. Internal audit reviews and evaluations may also be useful. In addition, external critics (scientists, experts, and others) could be asked to scrutinize performance audit reports or to give their opinions on the quality of the work (AS 2.1.26-30).

Results from the follow-up of audit recommendations should be recorded. Defi ciencies and improvements identifi ed in the follow-up of audits should, if needed, be reported to the government or the legislature.

A follow-up process will facilitate the effective implementation of report recommendations and provide feedback to the SAI. There different ways of obtaining such information: internal reviews and evaluations, conferences and seminars, special follow-up audits etc.

5.6 Summary

In brief, some reporting principles to be considered are the following.

The results should be documented and the reporting should be timely.
The audit report should be well communicated to the auditee and provide well-founded, objective and complete information, analyses and assessments that add value for decision-makers and other stakeholders.
The report should be objective, well written, well structured, comprehensive, reliable, and contain relevant and usable conclusions.
The report should be published and followed up in an objective manner.

Appendix 1

Performance Audit Methodology

Introduction – performance auditing and the data collecting process

Performance auditors may deal with a multitude of topics and perspectives covering the entire government sector. Performance auditors may also use and combine a large variety of methods for collecting and processing information, and data may be collected for different purposes during an audit.

Information and data are usually collected to make it possible to understand and describe the audit object, assess and measure output, identify shortcomings, describe and analyze cause and effect relationships, test hypotheses and explain performance, and test arguments and proposals. Data collection may also be an important part of the learning process where the auditor tries to understand the studied area and its problems.

It is not possible to describe all approaches, models and methods used by performance auditors. The approaches vary and the restrictions are few. A short description is provided below of the most commonly used approaches and methods. Some of them aim to build knowledge and better understanding, while others are used to verify and extract basic facts.^[1]

Performance audits involve a number of different steps in the data collection process, such as:

Planning (the process of defining issues or problems to be studied)

Audit questions (the questions to be answered)

Study design (the information needed and the study to be done)

[1] The ambition here is to provide a general description of methods used in performance auditing. For practical implementation there is a need for more detailed information that would include the presentation of audit practices. Whether such guidance should be provided by INTOSAI is a question for the future. Much information is available on web-sides.

The ambition here is to provide a general description of methods used in performance auditing. For practical implementation there is a need for more detailed information that would include the presentation of audit practices. Whether such guidance should be provided by INTOSAI is a question for the future. Much information is available on web-sides.

Audit program (the type of investigations to be conducted)

Data collection (the techniques for data collection to be used)

Analyses (the explanations and the relationships to be explored)

Even though these steps constitute the performance audit methodology, it must be stated that a performance audit must also always be based on such things as individual insight, experience, imagination and creativity, in other word processes or events that cannot be ‘mechanically followed or applied’.

Planning the audit

Data collection starts in the planning phase, when possible topics for audits are monitored and selected. The search is more specifi c during the feasibility study, when the main study is prepared. Studies of documents and interviews with different stakeholders are probably the most common data-gathering techniques in this stage. There are several methods used by SAIs to assist the planning process, such as:

risk analysis;
SWOT analysis; and
problem analysis.^[1]

Formulating the audit question or defining the audit problem

Having decided the subjects and the objectives of the audit, the questions to be answered by the study have to be defi ned. A few examples of general audit questions common to performance auditing are the following:

Do the means chosen represent economical use of public funds?
What causes the rapid increases in costs?
Are the services provided of good quality and client-oriented?

[1] Risk Analysis is common in all forms of auditing, especially fi nancial auditing. It has always been an important tool in internal auditing. SWOT Analysis (analysis of Strengths, Weaknesses, Opportunities and Threats) is perhaps less common in government auditing, but some SAIs apply it in their planning processes. Problem Analysis is mainly a tool for SAIs that have adopted a more problem-oriented approach. For more information, see for instance: Auditing: A Risk Analysis Approach. 5th Ed. Konrath, Larry. F. Thomson Learning. 2002; Dynamic SWOT Analysis – the Developer’s guide. Richard Dealtry, IPC, UK, 1994; and Handbook in Performance Auditing, RRV, 1998.

Why are the services not delivered on time?
Are government programs implemented effi ciently?
Are the goals and objectives of the government program met?
What is the reason for the poor impact of the government program?

In formulating the audit question, performance auditors must rely on the information collected and their own skills and experience. Techniques such as mind-mapping, brainstorming etc. are sometimes used in this stage.^[1] The process requires both internal discussions within the audit team (and with senior auditors and mangers) as well as meetings with experts and stakeholders. After having formulated the general audit question, the auditors have to break it down into specifi c and testable sub-questions to be answered by the study, i.e. the more specifi c questions concerning what is or why is it? This is an iterative process.

In the problem-oriented approach, emphasis has to be put on how to defi ne the problem properly. Usually the audit begins with problem indicators of some kind (shortcomings in service, complaints, rising costs etc.). At the next stage, the auditors tries to relate and link the different problems to each other, and will then attempt to defi ne the problem to be audited as precisely as possible. They will also formulate testable hypotheses regarding possible causes of the problem.^[2]

Defining the study design

[1] See for instance: Brainstorming: How To Create Successful Ideas. Charles Clarke. Paperback. 1990, and Mapping the Mind. Rita Carter. Paperback. 2000.

[2] For practical information on how to defi ne problems and formulate hypothesis etc., see Handbook in Performance Auditing, Theory and practice. RRV. 1999.

The next step is to decide what kind of information is needed to answer the questions. To be able to choose an approach that refl ects reality and matches the questions set, a wide range of issues has to be considered. Some common approaches in performance auditing are the following:

Goal-attainment studies or out-come based studies^[1]

Basic question: Are the programs achieving their overall goals?

These studies assess the extent to which a program achieves its outcome-oriented – and client-oriented – goals or objectives. They focus on outputs and outcomes (including side effects and unintended effects) in order to judge program effectiveness, but may also put emphasis on quality issues and client perspectives. Common questions include: How were the program goals established? What is the status of the program’s progress? Will the goals be achieved within the times specifi ed? The general steps in goal attainment or outcome-based studies include: defi ning the major outputs and outcomes to be studied, specifying the measures to be observed that will suggest that the key outcomes for the targeted clients are being achieved, and identifying what information is needed to demonstrate this.

Studies of goal attainment are common in performance auditing. They are mainly used to examine whether set goals are reached and to establish, through a general assessment, whether there are any shortcomings in the work that has been done. Any deviations can be established by relating outcome and effects to the stated goals and demands. The performance auditor uses such studies primarily when the goals are clearly defi ned and are used as a management instrument, when there is only limited knowledge of the effects, and when more general assessments may be needed.

Examination of outcomes against objectives formulated in general terms may give an idea of the way these objectives have been met. However, this kind of information does not usually produce satisfactory guidelines for a more detailed assessment of the entities in question, or what is needed to improve the outcome. Under certain

[1] For more information, see Weiss, C. H. Evaluation research: Methods for assessing program effectiveness. Englewood Cliffs, N.J.: Prentice Hall. 1972; and Rossi, Peter H. Freeman Howard E. and Lipsey, Mark W., Evaluation: A Systematic Approach, 6th edn, Sage Publications Inc., Thousands Oaks, California, 1999.

circumstances, studies of goal attainment may, however, provide a basis on which to assess what changes are needed. This is the case, for example, where the objectives are few, compatible, concrete, and directly related to a specifi c means of control or single activity (a regulation, an information campaign etc.).

Occasionally, the goal-means analysis is used, to illuminate certain shortcomings between resources committed and goals attained. A goalmeans analysis may also be used when there is reason to believe that an audited entity has not acted effi ciently.

A program logic model (or a policy intervention theory) may help the auditor to conduct goal-attainment studies (and other studies). The model depicts the structure or logic of the program being audited. It shows the program hierarchy in terms of objectives and responsibilities. Starting with the highest-level program objectives and desired effects, the program logic model moves down through subprograms, subprogram components, and specifi c activities, with each lower level element being logically related to one at a higher level. A program logic model can help the auditor to obtain an understanding of the performance audit issues as it focuses attention on the relationship between the program’s objectives and sub-objectives and the outputs and outcomes (impacts and effects) that result from the program. It can help the auditor to identify and seek answers to questions such as:

Do the objectives provide a clear understanding of the rationale behind the program, of the products and services that are being provided, and of the recipients of these goods and services?
Do the objectives allow the identifi cation of measurable outcomes?
Are the causal linkages between the hierarchical levels plausible? In the planning phase, program logic models help the auditor to understand the audited entity and to identify key program results and the systems and operations that produce them. A program logic model is mainly applicable when reality is simple and rational. The drawback with the model is that reality seldom corresponds with these assumptions.

Process-based studies^[1]

[1] See for instance: Weiss, C. H. Evaluation research: Methods for assessing program effectiveness. Englewood Cliffs, N.J.: Prentice Hall. 1972, and Rossi, Peter H. Freeman Howard E. and Lipsey, Mark W., Evaluation: A Systematic Approach, 6th edn, Sage Publications Inc., Thousands Oaks, California, 1999.

Basic question: How does the program work?

Process-based studies are geared to permit full understanding of how a government program works: how does it produce the results that is? Typical questions to be addressed are: What are the steps and procedures in the working process? Are the resources managed and utilized economically and effi ciently? What is the general process that clients go through with the program? What are the common complaints? What do clients and staff considers being the strengths and the weakness of the program? On what basis are the services needed? These kinds of studies are common, and they are especially useful if programs are long-standing and have changed over the years, and if signs of shortcomings are reported. The process-based approach involves many kinds of investigations (such as time management-, resource-utilization-, stakeholder-studies etc).

Impact studies^[1]

Basic question: What are the net effects of the government program? Impact studies assess the net effect of a program by comparing program outcomes with an estimate of what would have happened in the absence of the program. This type of study is used when external factors are known to infl uence the program’s outcomes, in order to isolate the program’s contribution to the achievement of its objectives.

Cost-benefit studies and cost-effectiveness studies^[2]

Basic questions: Do the program benefits exceed the costs, and are the objectives met at the lowest possible costs?

Cost-benefi t studies are investigations of the relationship between the costs and benefi ts of government projects or programs expressed in monetary terms. For example, a cost-benefi t study might be used to audit the effi ciency of investment projects (for instance road-building projects). The purpose of such a study is to determine whether the benefi ts of an entity, program or project exceed its costs. Cost-benefi t studies may be used:

[1] For more information, see for instance: Impact Analysis for Program Evaluation. Lawrence. B. Mohr. Paperback. 1996, and Causal Analysis: A method to Identify and Test Cause and Effect Re lationships in Program Evaluation. GAO. 1982.

[2] See, Cost-benefi t and cost-effectiveness analysis. In D.S. Codray, H.S. Bloom and J.R. Light (Eds.), Evaluation practice in review, San Francisco, CA: Jossey-Bass. 1987.

To obtain assurance that an analysis by the audit entity is reliable;
To compare costs and benefi ts when both are known or can reasonably be estimated;
To compare costs of alternatives when benefi ts can be assumed constant.

A cost-benefi t study should normally consider not only the tangible (and relatively easily measurable) costs and benefi ts, but also the intangible (and diffi cult to estimate) costs and benefi ts.

Cost-effectiveness studies are studies of the relationship between project costs and outcomes expressed as costs per unit of outcome achieved. While a cost-effectiveness study allows auditors to compare the economic effi ciency of program alternatives, cost-effectiveness studies are concerned with fi nding the cheapest means of accomplishing a defi ned objective or the maximum value from a given expenditure. In contrast to the economists’ version of cost-benefi t studies, in cost-effectiveness studies the benefi ts may be expressed in physical rather than monetary units: the effectiveness of a program in reaching given substantive goals is related to the monetary value of the resources going into the program or activity.

Benchmarking studies ^[1]

Basic question: Are things being done in accordance with best practices?

Benchmarking is a process for comparing an organization’s (a program’s) methods, processes, procedures, products, and services against those of organizations (programs) that consistently distinguish themselves in the same categories. Benchmarking may be used to: • stimulate an objective review of processes, practices, and systems;

develop criteria and identify potentially better ways of operating; and
lend more credibility to audit recommendations.

Meta-evaluation studies ^[2]

Basic question: Is the quality of the conducted evaluation acceptable? The purposes of meta-evaluations are to judge the quality of evaluations, to

[1] See, Benchmarking. How benchmarking can help in vfm examination. NAO. 1997.

[2] See for instance: Cook, T. D. & Gruder, C. L. Meta-evaluation research. Evaluation Quarterly, 2 (1),

5-51, 1978; and Scriven, M.: An introduction to meta-evaluation. Educational Product Report No 2. 1999.

improve the quality of evaluations, and to promote the actual use of evaluation research in the management process. The role of the SAI is to examine the actual quality of evaluations undertaken and the adequacy of, and procedural conditions for, evaluation. The criteria for meta-evaluations will concern the quality of the evaluation research undertaken and the way the evaluation function has been integrated into the management process. Broadly speaking, there are two possible criteria:

The scientifi c and epistemological quality of evaluation research: theoretical, methodological, and technical criteria, which refl ect the state-of-the-art. The theoretical requirements concern, among other things, the formulation of the problem, the defi nition of the concepts, the hypotheses, and the cohesion of the theory as a whole. The methodological requirements imposed on evaluation research involve, among others, the validity and reliability of the research results. The requirements concern, among others, the operationalization of the evaluation criteria, based on a determination of whether the situation in the policy fi eld satisfi es the evaluation standards.

Criteria of usefulness of the research for policy/management practice: this means that an audit report should provide information that is important for an effective, effi cient, and legitimate approach to a certain policy problem. In practical terms, the report should contain explicit references to the need for information to be satisfi ed by the research, to a problem in policy practice, to the research objectives associated with policy practice, etc.

Other common types of studies

Both approaches and grounds for assessment must be adapted to the multiple types of issues performance auditing deals with. One may even say that the nature of performance auditing, to a large extent, has helped to shape and defi ne audit topics and to select and design models and methods to be applied in each audit. The performance auditor must maintain an extensive network of contacts, which include contacts in the fi eld of social science. The special nature of the work requires performance auditors to monitor new research fi ndings and acquire new knowledge, for example, keeping abreast of developments and maintaining awareness of innovative approaches.

Some examples of such other common approaches are the following:

Organizational studies: Studies of whether organizational structures, processes and programs, etc., correspond to best practice.
Specifi c service- and quality-management studies: Studies of service-capacity and quality-assurance systems.

Defining the audit program

Investigations of large numbers of people are seldom carried out in performance auditing. Sampling and case studies are, however, common. When case studies are included in an audit, the interest does not focus on individual cases, but on the possible conclusions that may be drawn from them. Some of the usual investigation designs are the following:

Comparative investigation^[1]

Comparative investigations are mainly used to examine development trends and alternative conditions. Comparisons may be made over time and between different outcomes or alternatives. Comparisons can be made between subjects that work well and those that work less well, between one or more subjects and a general picture, and between similar areas in different countries.

Before and after investigation^[2]

In a ‘before and after’ investigation, the situation before the program was started is compared with that after program implementation. A simple ‘before and after’ study is one in which one set of measurements is taken before program participation and a second set is taken on the same set of participants after suffi ciently long participation. Impact is estimated by comparing the two sets of measurements. The main drawback to this design is that the differences between before and after measures cannot be confi dently ascribed to the program.

[1] For more information, see Ragin, C.C. The Comparative Method: Moving Beyond Qualitative and Quantitative Strategies. Berkley: University of California Press. 1989.

[2] See for instance, Campbell, D.T. & Stanley, J.C. Experimental and Quasi-Experimental Designs for Research. Chicago. Rand McNally. 1966.

Sampling investigation ^[1]

The audit fi ndings, conclusions, and recommendations must be based on evidence. Since auditors seldom have the opportunity to consider all information about the audited entity, it is crucial that the data collection and sampling techniques are carefully chosen (AS 153). The auditor must make a judgment as to whether sampling is an appropriate way of obtaining some of the audit evidence required.

Among the factors that must be considered are:

the number and relative sizes of the items in the population;
the complexity of the questions to be answered in the sample, and
the relevance and reliability of evidence produced with alternative tests and procedures, and the relative cost and time involved in each. As the auditor seeks to draw conclusions about a whole population by testing a sample of items selected from it, it is essential that the sample is representative of the population from which it is drawn. A sample may be statistical or non-statistical; both require the use of professional judgment.

The fi rst stage in planning the sample is to make an exact defi nition of the population. For statistical samples, it is important that it is homogenous. It is also essential that the auditor clearly defi nes the specifi c audit objective that testing with the aid of the sample is designed to achieve.

Moreover, the sample size must be determined. Throughout the selection procedure, the auditor should regularly review whether the sample selected is likely to adequately represent the population. As far as possible, testing should follow a pre-determined questionnaire. As errors or exceptions are found, it is necessary to consider their cause and nature. The results must be evaluated and documented. Sampling is often used to obtain evidence in performance audits. While the objectives of the sampling exercise may be different, the underlying principles are the same. In performance auditing, sampling techniques are mostly used when essential facts cannot be obtained in other ways and when there are demands for structured comparison and well-founded generalizations. Due to limited resources, the samples

[1] See for instance: Using Statistical Sampling. GAO. 1992.

are seldom very large, and it is usually necessary to limit the number of questions to be answered. To obtain more in-depth knowledge, the selection methods may be supplemented with other information-gathering techniques, such as case studies.

Case study investigation ^[1]

Case studies may be used to demonstrate that the assumed problems exist and that they are not merely marginal problems. Case studies can also be used to make in-depth analyses and comparisons. However, it is diffi cult to make statements based on case studies regarding the frequency and extent of problems, even if the cases are selected to illustrate general problems and are representative. However, in combination with other methods, case studies may allow some general conclusions to be drawn. Since such studies are preferable to large investigations, they are often used in performance audits.

Among other things, case studies are used to:

make a comprehensive in-depth analysis of complex problems;
obtain illustrative examples to discuss and check against other information; and
In combination with general statistics, to illustrate and confi rm the results of broader studies.

In choosing the number of cases to be studied, a balance must be struck between the breadth and depth of the examination. The selection of case studies may include both diffi cult and successful cases, so that comparisons may be made to identify underlying factors. Another type of case study is carried out to supplement more general information obtained from the in-depth examination of an individual case. Once a number of case studies have been compiled, the auditors may circulate the fi ndings to the audited entities involved to obtain their views on the extent to which the studies give a general picture of the problems. The results of the case studies may also be discussed with scientists, experts, and specialists in seminars and elsewhere. By combining general statistics with the in-depth case studies–and verifying them–the auditors may gain suffi cient

[1] For more information, see: Case Study Evaluation. GAO. 1990. Yin, Robert K. Case Study Research. Design and Methods. Second Edition. Applied Social Research Methods. VOL 5. Sage Publications, Thousands Oaks, London, New Delhi, 1994.

acceptance of their fi ndings to allow them to form the basis for some generalizations.

Quasi-experimental investigation ^[1]

The essential feature of true experiments is the random assignment of subjects to treated and untreated groups constituting the experimental and control groups, respectively. A control group is a group of untreated subjects that is compared with experimental groups in terms of outcomes. An experimental group is a group of subjects to whom an intervention is delivered and whose outcome measures are compared with those of control groups.

A quasi-experiment is a research design in which ‘experimental’ and ‘control’ groups are formed non-randomly. The use of the experimental method on practical and political problems has led to increases in ‘quasi-experimental’ methods, which attempt to eliminate as much as possible the extraneous effects that make assessment of impact diffi cult, though without the full scientifi c rigor that a properly-conducted experiment would.

The two common types of quasi-experimental designs involve constructing control or comparison groups in an attempt to approximate random assignment. This is done by matching participating and non-participating targets or by statistical adjustment of participants and non-participants so they are as equivalent as possible in respect of relevant characteristics.

Selecting techniques for gathering information

Data collection may be performed once or through ongoing measurements (time series design, longitudinal analysis). Information may be gathered on the basis of physical evidence, documents (including written statements), oral testimonies (interviews), or by other means depending on the objectives of the audit. It will often be necessary to collect both quantitative and qualitative data. The types of data to be obtained should be explainable and justifi able in terms of suffi ciency, validity, reliability, relevance, and reasonableness. Performance auditing may produce primary data (its own source material) with the aid of questionnaires, surveys, and direct

[1] See Campbell, D. T. & Stanley, J.C. Experimental and Quasi-Experimental Designs for Research. Chicago. Rand McNally. 1966.

observation. However, a great deal of secondary data (material produced by others) is also often used. This includes offi cial statistics, which are extracted and processed, and the audited bodies’ own statistics are also often used, if considered relevant and reliable.

Both quantitative and qualitative information and data are used (and combined). Quantitative data are measurable or numerical and may be used to illustrate or back up a statement. Qualitative information and data may, for instance, refer to opinions and attitudes or general observations, but it may refer to knowledge that is more profound. In general, qualitative information of some kind is always needed in order to give an analysis breadth and depth in performance auditing.

Some of the methods used for data gathering are the following.

File examination

Documents provide an effi cient way of collecting data, and fi le examination is likely to form the basis of many performance audits. Files contain a wide range of types of evidence, such as the decisions of offi cials, the ‘case records’ of program benefi ciaries, and the records of government programs. It is important to establish the nature, location, and availability of fi les at the outset of a performance audit so that they can be examined cost effectively.

Secondary analysis and literature search

Secondary analysis may relate to the review of general research reports, books and papers in the subject area of the program, or to studies that are more specifi c and statistics in the area, including both historical material and current publications. It is important to examine different kinds of documents from the audited entity as well as past audits and evaluations carried out by the SAI, or others as these may update and enlarge the auditor’s working knowledge of a particular subject. Studies of documentation can give the performance auditor access to useful material, but it is important to assess the reliability of the content of the documents – whether the information they contain gives an objective or subjective picture, whether they give a multi-faceted picture, etc.

Surveys or questionnaires

A survey is a systematic collection of information from a defi ned population, usually by means of interviews or questionnaires administered to a sample of units in the population. Surveys are used to gather detailed and specifi c information from a group of people or organizations. They are particularly useful when one needs to quantify information from a large number of individuals on a specifi c issue or topic. Questionnaires are mainly used to collect facts that are not available in any other way and that are important as a reference to substantiate a viewpoint. Questionnaires are thus used when comprehensive knowledge is needed. Case studies and other in-depth methods are often used to supplement questionnaires. A wide range of survey techniques is available. The most commonly used are postal, Internet, telephone, and in-person interviews. Questionnaires often require computer processing and also assume a good knowledge of the area in question. Properly used, the questionnaire technique is effective, though it can be diffi cult and time-consuming to design questions and to process the answers obtained. As a result, experts are often needed.

Interviews

An interview is basically a question and answer session to elicit specifi c information. A great deal of performance audit work is based on interviews, and different kinds of interviews are carried out at different stages of the audit. The entire spectrum of interviews is used, from fact-fi nding conversations and discussions, through unstructured interviews (that is, with ‘open-ended’ questions), to structured interviews that follow a list of closed questions:

preparatory and inventory interviews;
interviews to collect material and information;
interviews to chart attitudes and arguments, and
interviews to generate and assess ideas and suggestions

Interviews may be used both in the planning phase and in the examination itself, to obtain documents, opinions and ideas that relate to the audit’s objectives, to confi rm facts and corroborate data from other sources, or to explore potential recommendations. Various kinds of techniques are used, one or more people may be interviewed at the same time, and the interviews may be over the telephone or in the form of personal visits. They may be in-depth or more in the nature of checking information.

To obtain the broadest possible view of reality, it is important to interview people with different positions, perspectives and insights (staff at both central and local levels, staff from different interested parties or stakeholders, experts in the fi eld in question etc.).

Interviews are a way of gathering facts and information and gaining support for a variety of arguments, but one cannot rely solely on interviews. Although many of the details and statements obtained in an interview will have to be checked before they can be used, in many contexts interviews are still a useful way of collecting facts. The results of the interviews must then be compiled and documented in a way that facilitates analysis and quality assurance, for example by separate grouping of the factual material; the problems, causes, consequences, and proposals put forward (conditions, criteria, causes, effects, and potential recommendations).

Seminars and hearings

Seminars are often used in the different phases of a performance audit, not least when preliminary observations and conclusions are to be discussed.

Seminars might be used for instance to:

acquire knowledge of a specialist area;
discuss problems, observations, and possible measures; and • air arguments for and against different views and perspectives. Seminars have the advantage of bringing together a large number of people representing a wide range of knowledge and perspectives. This gives better knowledge of the area in question. Arranging and running seminars and hearings, which are similar to seminars, is demanding. However, the purpose of hearings is mostly to invite or call for interested parties and experts to give their views on the area to be audited.

Focus groups, focal groups, reference groups and experts

Focus groups are a selection of individuals brought together to discuss specifi c topics and issues. They are primarily used to collect qualitative data – information that can provide insights into the values and opinions of those individuals in the process or activity being audited. Focal group techniques are used to obtain information on the implementation and impacts of government programs based on the perspectives of the benefi ciaries and other stakeholders.

The pattern of the views could be expressed in a stakeholder model. A stakeholder study could be used in the planning of the audit in order to identify the main groups interested in a certain action developed by government.

Reference groups may be composed of people drawn from within or outside the SAI and are usually made up of experts and specialists. They are sometimes used both in initiating an audit and during the course of the audit as a source of viewpoints. Some experts are consultants or short-term employees. The reference groups may include experts employed directly by the SAI, consultants employed by the audited entity or experts operating on an independent basis (e.g. academic researchers). The purpose of using experts is, to make technical knowledge or skills that are essential for the achievement of the audit objectives available to the audit team. This kind of expert assistance has the advantage of allowing relevant information to be acquired quickly. One drawback, however, is that it may be diffi cult to judge the competence of experts, to obtain the appropriate expertise, to check their work, or to evaluate the results produced by the experts.

Direct observations

Direct observations are not common in performance auditing. This method is mainly used to gain insight into, and understanding of, the way an operation is run; to obtain the views of staff in the fi eld, and discuss and test ideas, and to add to, or make comparisons with, other information.

The following table presents some of the methods mentioned for collecting data during audits/evaluations (source: Carter McNamara, 1998).

Method	Overall Purpose	Advantages	Challenges
Questionnaires, surveys, checklists	When there is a need to get, quickly and/or easily, a great deal of information from people in a non-threatening way	– Can be done anonymously – inexpensive to administer – easy to compare andanalyze – administer to many people – can obtain large amounts of data – many sample questionnaires already exist	– Might not get careful feedback – wording can bias client’sresponses – are impersonal – in surveys, may need sampling expert – do not give full story
Interviews	When one wants to fully understand someone’s impressions or experience, or learn more about their answers to questionnaires	– Obtain full range and depth of information – develop relationship withclient – can be fl exible with client	– Can take a long time – can be hard to analyze andcompare – can be costly – interviewer can biasclient’s responses
Documentation review	When one wants an impression of how the program operates without interrupting the program; from a review of applications, fi nances, memos, minutes, etc.	– Gives comprehensive andhistorical information – does not interrupt program or client’s routine in program – information already exists – few biases about information	– Often takes much time – info may be incomplete – one needs to be quite clear about what one is looking for – not fl exible meansto obtain data; data restricted that which already exists
Observation	To gather accurate information about how a program actually operates, particularly about processes	– View operations of aprogram as they are actually occurring – can adapt to events as they occur	– Can be diffi cult to interpret behavior – can be complex tocategorize observations – can infl uence behavior of program participants – can be expensive
Focus groups	Explore a topic in depth through group discussion, e.g. about reactions to an experience or suggestion, understanding common complaints, etc.; useful in evaluation and marketing	– Quickly and reliably obtaincommon impressions – can be effi cient way to get range and depth of information in short time – can convey key information about programs	– Can be hard to analyze responses – need a good facilitator for security and closure – diffi cult to schedule 6-8people together

Analyzing and interpreting information

Analyzing quantitative and qualitative data is an important step in all performance audits. When analyzing data (whether from questionnaires, interviews, focus groups, etc.), the auditors should start by reviewing the audit objectives and the audit question. This will help the auditors to organize their data and focus their analysis. In interpreting the information, the auditors should attempt to put the information in perspective, by comparing the results to audit criteria or to what is generally expected.

It is important to study the information both in-depth and extensively. A performance audit analysis must always be based on a good understanding of the activity under audit and its working conditions. However, no analysis can consider everything. Each analysis must be built on common sense and a realistic view of what can, may, and must be put forward.

When analyzing information or data from interviews, the main problem is to allocate what has been said into different categories or topics. In interviews the auditor is looking for common threads of information, things that fi t together, or examples of the same underlying problem, issue, or concept. In this sense, qualitative (non-numerical) analysis may be used to assess and explain auditee performance. By reading documents, the auditors are able both to collect descriptive information and to systematically analyze the text and look for anything that is relevant.

Information analysis is an intellectual, creative, and iterative process, which includes both rational and irrational elements. It always involves refl ections and discussions, brainstorming, and mostly non-quantitative techniques such as content analysis, comparative analysis, analysis with the aid of expert panels etc.^[1]

Two examples of quantitative techniques are mentioned below.^[2]

Descriptive statistics to understand data distribution

Data distribution may often be expressed in the form of a graph (bar chart or curve) that shows all the values of a variable. The statistics that describe data distribution can be powerful tools for audit analysis and reporting.

There are three basic dimensions of data distribution that may be important to an auditor:

the ‘“central tendency’” of the distribution (mode, median, mean, quartile level, etc.);
the spread (variability or dispersion) of the data (minimum and maximum values, tails, etc.); and

[1] Most of these methods are described in books like: Weiss, Carol H. Evaluation: methods for studying programs and policies. Upper Saddled River, N.J.: Prentice Hall. 1998; and Rossi, Peter H, and Freeman Howard E, and Lipsey, Mark W. Evaluation A Systematic Approach. 6th edn, Sage Publications Inc, Thousands Oaks, California. 1999.

[2] See for instance, Quantitative Data Analysis. GAO 1992.

the shape of the data (standard deviation, normal distribution, fl at distribution, bi-modal distribution, etc.). Data distributions may be used:
to identify the level, spread, or shape of the data when this is more important than a single ‘average’ number;
to decide whether variable performance meets an audit criterion or not;
to interpret probability distribution to assess risk; and
to assess whether sample data are representative of the population.

Regression analysis

Regression analysis is a technique for assessing the degree to which variables are associated (correlated). Regression analysis may be used:

to test a relationship that is supposed to hold true;
to identify relationships among variables that may be causally related that might explain outcomes;
to identify unusual cases that stand out among expected values; and • to make predictions about values in the future.

Appendix 2

Performance Audit Criteria

Audit criteria are reasonable and attainable standards of performance against which the economy, effi ciency, and effectiveness of activities can be assessed. They refl ect a normative (i.e. ideal) model for the subject matter under review. They represent best or good practice, a reasonable and informed person’s expectation of “what should be.” When criteria are compared with what actually exists, audit fi ndings are generated. Meeting or exceeding the criteria might indicate “best practice,” but failing to meet criteria would indicate that improvements could be made.

Some characteristics of suitable criteria include the following. Reliability: Reliable criteria result in consistent conclusions when used by another auditor in the same circumstances.

Objectivity: Objective criteria are free from any bias of the auditor or management.

Usefulness: Useful criteria result in fi ndings and conclusions that meet users’ information needs.

Understandability: Understandable criteria are clearly stated and are not subject to signifi cantly different interpretations.

Comparability: Comparable criteria are consistent with those used in performance audits of other similar agencies or activities and with those used in previous performance audits of the entity being audited. Completeness: Completeness refers to the development of all signifi cant criteria appropriate to assessing performance.

Acceptability: Acceptable criteria are those that independent experts in the fi eld, audited entities, legislature, media, and general public are generally agreeable to.

Criteria can perform a series of important roles to assist the conduct of a performance audit, including:

forming a common basis for communication within the audit team and with SAI management concerning the nature of the audit;
forming a basis for communication with the auditee’s management;
forming a basis for the data collection phase by providing a basis on which to build procedures for the collection of audit evidence; and
providing the basis for audit fi ndings and helping to add form and structure to observations.

Their level of detail and the form they take often determines the degree to which criteria are successful in serving these uses. It is unrealistic to expect that those activities, systems, or levels of performance in economy, effi ciency, and effectiveness areas will always fully meet the criteria. It is important to appreciate that satisfactory performance does not mean perfect performance, but is based on what a reasonable person would expect, taking into account auditee circumstances.

The audit criteria must be set objectively. The process requires rational consideration and sound judgment. The auditors must for instance:

have a general understanding of the area to be audited, and be familiar with relevant legal and other documents as well as recent studies and audits in the area;
have good knowledge of the motives and the legal basis of the government program or activity to be audited and the goals and objectives set by the legislature or the government;
have a reasonable good understanding of the expectations of the major stakeholders, and be aware of basic expert knowledge; and
have a general knowledge of practices and experience in other relevant or similar government programs or activities. Moreover, it is often useful to obtain the input of auditee(s) management to the development of criteria. Disagreement about criteria can then be identifi ed, discussed, and, perhaps, resolved at an early stage. However, the facts and arguments presented by the auditee(s) must be weighed against other relevant facts and arguments (from other sources, experts etc.).

Goals set by the legislature or the executive branches are sometimes vague or confl icting. Under such conditions, the auditors might have to interpret the goals to make them more operational or measurable. One possibility is to get experts and stakeholders in the fi eld to answer questions such as: How should the goals and objectives best be interpreted and measured? What should be the expected results under the given conditions? What is the best-known comparable practice? If the goals are confl icting, one option – if other alternatives seem inappropriate – is to divide the audit project into several sequential studies, covering one goal at the time. In cases of vague or long-term goals it might sometimes be possible to narrow the scope somewhat and look for short-term perspectives and direct criteria. (There are of course also other options.)

Appendix 3

Evidence and Documentation

Audit evidence

Audit evidence is information collected and used to support audit fi ndings. The conclusions and recommendations in the audit report stand or fall on the basis of such evidence.^[1] Consequently, performance auditors must give careful thought to the nature and amount of evidence they collect. All fi eldwork should be planned from the perspective of acquiring evidence intended to support the fi ndings appearing in the fi nal report.

The INTOSAI auditing standards state: ‘Competent, relevant and reasonable evidence should be obtained to support the auditor’s judgment and conclusions regarding the organization, program, activity or function under audit’ (AS 3.5.1).

1.1 Competence of evidence

Evidence is competent (valid and reliable) if it actually represents what it purports to represent. Considering the following matters can assist when assessments are made of the reliability of evidence:

Corroboration of evidence is a powerful technique for increasing reliability. This means that the auditor looks for different types of evidence from different sources.
Sources of evidence from outside the audited entity are – rightly or wrongly – often viewed as more reliable than information generated within the auditee.
Documentary evidence is usually considered to be more reliable than oral evidence.

[1] The INTOSAI’s Code of Ethics and Auditing Standards, glossary.

Evidence generated through direct auditor observation or analysis is more reliable than evidence obtained indirectly.
The reliability of auditee-generated information will partly be a function of the reliability of the auditee’s management/internal control systems.
Oral evidence that is corroborated in writing is more reliable than oral evidence alone.
Original documents are more reliable than photocopies.

1.2 Relevance of evidence

Relevance requires that the evidence bear a clear and logical relationship to the audit objectives and to the criteria. One approach to planning for data collection is to list, for each issue and criterion, the nature and location of evidence that is needed, as well as the audit procedure that is to be implemented.

Sufficiency of evidence

The auditor should obtain suffi cient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit report. Suffi ciency is a measure of quantity of audit evidence. Appropriateness is a measure of quality of audit evidence, its relevance to particular criteria, and its reliability.

Evidence is suffi cient when there is enough relevant and reliable evidence to persuade a reasonable person that the performance audit fi ndings, conclusions and recommendations are warranted and supported. In determining whether documentary evidence is suffi cient, the auditor must take account the status of the document.

The factors that dictate the strength of evidence required to support an observation in performance auditing include: • the level of materiality or signifi cance of the observation;

the degree of risk associated with arriving at an incorrect conclusion;
experience gained in previous audit examinations – or other investigations – on the degree of reliability of the auditee’s records and representations:
known auditee sensitivity to an issue; and
the cost of obtaining the evidence relative to the benefi ts in terms of supporting the observation.

Evidence gathered during a performance audit may be predominantly qualitative in nature and require extensive use of professional judgment. Accordingly, the auditor would ordinarily seek corroborating evidence from different sources or of a different nature in making assessments and forming conclusions.

When planning the audit, the auditor should identify the probable nature, sources, and availability of audit evidence required. The auditor should consider such factors as the availability of other audit reports or studies and the cost of obtaining the audit evidence.

Characteristics of performance audit evidence

Auditors need to be aware of potential problems or weaknesses with performance audit evidence. Potential problems include:

evidence based on a single source (reliability, validity, suffi ciency);
oral evidence not supported by documentation or observation (reliability);
evidence that is not time-sensitive, i.e. too old and does not refl ect changes (relevance);
evidence that is too expensive to obtain relative to benefi ts (relevance and suffi ciency);
source of evidence has a vested interest in outcome (reliability);
samples collected are not representative (relevance, validity, suffi ciency);
evidence may be related to an isolated occurrence (validity, suffi ciency);
evidence is incomplete, i.e. does not demonstrate a cause or effect

(reliability, suffi ciency); and • evidence is confl icting (reliability).

Evidence can be categorized as to its type – physical, oral, documentary, or analytical.

Physical evidence

Observing people and events or examining property are ways to obtain physical evidence. The evidence can take the form of photographs, charts, maps, graphs or other pictorial representations. A photograph of an unsafe condition is far more compelling than a written description.

When the observation of a physical condition is critical to achieving the audit objectives, it should be corroborated. This may be achieved by having two or more auditors make the observation, if possible accompanied by representatives of the auditee.

Oral evidence

Oral evidence takes the form of statements that are usually made in response to inquiries or interviews. These statements can provide important leads not always obtainable through other forms of audit work. They can be made by employees of the auditee, benefi ciaries and clients of the program being audited, experts and consultants contacted to provide corroborating evidence in relation to an audit, and by members of the general public. Corroboration of oral evidence is needed if it is to be used as evidence rather than mere background information.

Corroboration of oral evidence could be obtained:

by written confi rmation from the interviewee;
by weight of multiple independent sources revealing the same facts; or
by checking records later.

In assessing the reliability and relevance of oral evidence, the auditor needs to assess the credibility of the interviewee; that is, the position, knowledge, expertise and forthrightness of the person being interviewed.

Documentary evidence

Documentary evidence in physical or electronic form is the most common form of audit evidence. It may be external or internal to the auditee. External documentary evidence may include letters or memoranda received by the auditee, suppliers’ invoices, leases, contracts, external and internal audits and other reports, and third-party confi rmations. Internal documentary evidence originates within the audited entity. It includes items such as accounting records, copies of outgoing correspondence, job descriptions, plans, budgets, internal reports and memoranda, statistics summarizing performance, and internal policies and procedures.

The reliability and relevance of documentary evidence needs to be assessed in relation to the objectives of the audit. For example, the existence of a procedures manual is not evidence that the manual is put into practice. As with oral evidence, the position, knowledge and expertise of the author or approver of the document may need to be assessed.

Documents that are the output of management control systems (e.g. the accounting system) will need to be assessed in light of the internal controls that operate within that system. Auditors who intend to rely on such evidence should assess the system’s internal controls.

Analytical evidence

Analytical evidence stems from analysis and verifi cation of data. The analysis can involve computations, analysis of ratios, trends, and patterns in data obtained from the auditee or other relevant sources. Comparisons can also be drawn with prescribed standards or industry benchmarks. Analysis is usually numerical, and considers, for example, ratios of output to resources, or the proportion of the budget that is spent. It can also be non-numerical in nature; for example, observing a consistent trend in the nature of complaints made about an auditee.

The evidential process

Collecting evidence takes place during both the pre-study and examination phases of an audit. Work done in the pre-study phase also constitutes part of the overall evidence.

Auditors should:

examine the characteristics of data required;
collect data relevant to achieve the audit objectives;
collect data outlined in the audit work plan;
collect data that is suffi cient and persuasive to logically support the analysis, observations, conclusions and recommendations; and
apply the standard of evidence to build a successful case ‘on the balance of probabilities’.

Sources of evidence are discussed below.

Policy statements and legislation

Auditors should gather policy documents, operating guidelines, manuals, ministerial directives, decisions on delegation, etc., and examine the background leading to their promulgation. Auditors should also consider changes to legislation and the document trail leading to the need for change, such as, submissions, press clippings, complaints, case histories and speeches.

Published program performance data

Published auditee budget statements provide evidence on the objectives and performance of agencies. They include an auditee overview and provide fi nancial and performance information.

Interviews

Interviews can be useful, but it is necessary to identify the right people to provide information and to corroborate the oral information. Solid preparation for the topic is essential and a list of questions prepared in advance is useful; in some cases, it may be effective to supply this list to the interviewee beforehand.

File examination

Information obtained from fi les provides strong evidence to support recommendations. A list of fi les should be obtained from auditee registry systems. In addition, fi le information of relevance to a particular work area may be found in that work area. Audit interviews may also give hints on which fi les to seek and review.

Files, which may prove useful for review, include those on:

strategic and operational planning;
management control;
Executive meeting minutes; • complaints and disputes; and
reviews and audits.

File evidence can provide strong support for fi ndings. File examination is time intensive and it is usually not possible to examine all fi les. Judgment must be exercised concerning whether to examine a random selection or a selection based on the purpose of the investigation. Usually the latter approach would be adopted, but if time permits a random sample of other fi les should be studied.

Management reports and reviews

Agencies usually generate a number of internal reports or reviews that summarize for senior management the issues at the time, or propose courses for action. Auditors should locate and analyze such reports. Ways of identifying reports include interviews and examination of minutes of management meetings.

Databases

Most agencies have one form or another of management information system that collects relevant information for conducting operations. These systems can be important sources of evidence, especially in quantifying various matters.

External sources

Larger agencies may have sophisticated specialist libraries relevant to their areas of responsibility. Literature searches on relevant topics and key words can be particularly useful.

SAI sources

The auditor should not overlook evidence that has been collected in previous audits or through information collected to support strategic planning for the auditee.

Observation

The value of direct observation should not be overlooked. Observation of the general demeanor of staff can give information on pressure, morale, or lack of work, which can then be followed up if appropriate. However, careful consideration needs to be given to selecting activities or facilities to be physically inspected. These should be representative of the area under examination. Auditors should also be aware that people perform differently when they are being observed.

This type of evidence can be regarded as ‘soft’ unless corroborated. Photographs and video recordings increase the value of direct observation. Written detailed descriptions of the results of the observations are recommended.

Documentation

INTOSAI auditing standards state that: ‘Auditors should adequately document the audit evidence in working papers, including the basis and extent of the planning, work performed and the fi ndings of the audit’ (AS 3.5.5). It is also stated that: ‘Adequate documentation is important for several reasons. It will:

Confi rm and support the auditor’s opinions and reports;
Increase the effi ciency and effectiveness of the audit;
Serve as a source of information for preparing reports or answering any enquiries from the audited auditee or from any other party;
Serve as evidence of the auditor’s compliance with auditing stand-ards;
Facilitate planning and supervision;
Help the auditor’s professional development;
Help to ensure that delegated work has been satisfactorily per-formed; and
Provide evidence of work done for future reference’ (AS 3.5.6). Working papers are all relevant documents collected and generated during a performance audit. They should include: documents recording the audit planning; the nature, timing, and extent of the audit procedures performed; and the results and the conclusions drawn from the audit evidence obtained. Working papers should therefore contain at least three sections: planning, execution and reporting.

Working papers serve as the connecting link between the fi eldwork and the audit report and should be suffi ciently complete and detailed to provide an understanding of the audit. Thus, they should contain the evidence accumulated in support of the opinions, conclusions and analysis supporting the recommendations in the report.

Working papers assist organization, facilitate access to the evidential documentation and thus:

assist in the planning and performance of the audit;
facilitate effective management of individual audits and the audit task;
assist in the supervision and review of the audit work; and
record evidence resulting from audit work performed to support the audit opinion.

The auditor should adopt appropriate procedures to maintain the confi dentiality and safe custody of the working papers and should retain the working papers for a period suffi cient to meet the needs of the legal and professional requirements of record retention.

It is better to be vaguely right than exactly wrong

It is seldom possible for performance auditors to get all information they need. Available data might be inaccurate, incomplete or confl icting. Thus, auditors have to be creative in trying to fi nd data that at least reasonably well describes what they are after. It may be possible to obtain well-founded estimations, or there might be other ways to fi nd data that ought to be useful for practical analysis and overall assessment. Less-precise data – combined with logical deduction and other information – might sometimes be suffi cient; for instance if the purpose is to describe tendencies. Another possibility is to get the auditees and other stakeholders to confi rm that the less-precise data being collected provides a reasonable and fair picture of reality, i.e. the information collected can be used as evidence of one type or another and as a basis for further analysis and general conclusions. Data collection is always a compromise between the ideal (the best solution) and the reality (the second or the third best solution). Overestimated ambitions in trying to fi nd complete, accurate and exact data may hamper the effectiveness of any performance audit. Efforts to be exact may easily be in confl ict with ambitions to make an intelligent analysis. The need to be exact must therefore always be weighed against what is reasonable economical, and relevant for the purpose of the data-collection.

Consequently, performance auditors should always try to be practical in their efforts to collect, interpret and analyze data. It is important, however, that the reader of the audit report is informed about the quality of all information that has been collected and how it was gathered. This is even more essential when it comes to data that are less precise. The auditors should not draw any other conclusion than that permitted by the quality of the data.

Appendix 4

Communication and Quality Assurance

External relations and relations with auditees

The development of good and proper external relations is often a key factor in achieving effective and effi cient audits of government programs. The progress and outcome of the audit will be enhanced if the audit team can obtain good contact and foster confi dence by maintaining a fully professional approach during the course of the audit. SAI staff should seek to maintain good relationships with all stakeholders involved, promote the free and frank fl ow of information, and conduct discussions in an atmosphere of mutual respect and understanding. The SAI should use its powers of access to information tactfully and with due regard to the ongoing operational responsibilities. The SAI should endeavor to give the audited entities reasonable notice of its intention to commence an audit and should discuss the general scope of the study with relevant offi cers.

Relations with the auditees

The audit manager in charge of the study – or the project leader – normally makes the initial contact with the auditee(s) in order to advise them on matters such as:

the objectives, timing, duration, and type of audit to be conducted;
the intended offi ces or regions to be visited; and
names, titles, phone numbers, etc. of the audit staff and an offi cial contact person at the SAI for the audit.

The objectives of the meetings or conferences in the initial process are to:

establish suitable liaison arrangements at both the management and working levels, including arrangements for progressive reporting of tentative fi ndings;
ensure that the auditee(s) clearly understands the audit objectives and processes, including a description of access powers and safeguards on confi dentiality;
outline the auditee’s responsibilities and clarify any queries or misunderstandings the auditee may have; and
make administrative arrangements for the audit team, such as access to buildings, personnel, fi les, systems, and data.

At the conclusion of each audit, an exit meeting with the managers at the auditee(s) ought to be arranged, for example in order to:

discuss provisional audit fi ndings, conclusions and recommendations with auditee management and obtain management’s comments on them;
afford the auditee the opportunity to correct misunderstandings and question the audit conclusions and fi ndings.

Quality assurance and quality control systems

INTOSAI auditing standards state that the SAI should establish systems to confi rm that integral quality assurance processes have operated satisfactorily; ensure the quality of the audit report; and to secure quality improvements and avoid repetition of weaknesses. Quality assurance refers to policies, systems, and procedures established by SAIs to maintain a high standard of audit activity. It also refers to the requirements applicable to the day-to-day management of audit assignments. Quality control, on the other hand, refers to reviews conducted to assess the quality assurance system or the executed audit projects.

SAI quality assurance activities

As part of the SAI’s professional obligations it must establish and support adequate systems of quality assurance activities. The systems comprise structures, policies, and procedures designed to provide the SAI with adequate assurance that the work undertaken by the SAI meets professional requirements and standards. Quality assurance activities include:

Securing the quality of the planning; the planning of selected tasks should be reviewed to ensure that adequate consideration has been given to all matters considered essential.
Securing the quality of the on-going work; the on-going work should be subject to continual review. This review is essential to maintain the quality of audit work and to promote learning and feedback.
Securing the quality of the fi nalized audit; all completed tasks should be reviewed prior to signing any reports.

Quality assurance activities should be designed to ensure that all audits are conducted in accordance with relevant auditing standards.

The objectives of quality assurance procedures should incorporate:

professional competence and integrity;
supervision and assignment of personnel to engagements;
guidance and assistance;
client evaluation; and
allocation of administrative and technical responsibilities. The SAI’s general quality assurance policies and procedures should be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood, and implemented. Events and elements in the audit work that require special attention by the audit managers and the SAI managers are considered below. Systems for quality assurance – especially systems which focus on the fi nal stages of the audit process – are often time consuming and costly. The ideal is a fully integrated system.

Planning and budgeting and the use of consultants

The audit manager needs to take into account factors such as quality, resources, and timing in planning the audit. The budgets consist of allocations for salaries, travel, consultants, and any other direct costs. If the SAI seeks advice from external experts, the standards for exercise of due care and confi dentiality of information will apply to such arrangements.

Monitoring and executing the audit

The managers should ensure that the audits are completed within budget and on time, extending the budget if justifi ed. The audit manager must be aware of risks to timely audit completion and ensure audit work is relevant to the objectives and scope of the audit. The development of the data-gathering process and the analytical work has to be monitored. The audit manager should ensure that the audit teams are able to maintain good and proper relations with auditee(s) and other stakeholders.

Progress reporting and audit reporting

The audit manager should inform the SAI management on the progress of the audit, with recommendations for corrective action if needed. The manager must also ensure that the audit reports meet the reporting standards.

Quality assurance review program – external and internal reviews

A quality assurance review program is a series of external and internal reviews of activities undertaken by the SAI – it assesses the overall quality of the work performed and covers various issues and perspectives. Consequently, the program has to be fl exible. The results of the program should be reported to the SAI management at least annually (with a high volume of performance audits). A quality assurance review may examine adherence to policy and procedures and identify areas where there is any opportunity for improvements in these policies and procedures, or it may assess the quality of work performed to meet specifi ed objectives or specifi c stakeholders’ perspectives. Quality assurance reviews will generally address both adherence to specifi ed processes and the quality of the work performed. The report on the quality assurance review program should summarize the results of all the reviews including the tasks selected (number and type), the fi ndings, and any recommendations.

Quality assurance and quality development

It is important that all quality assurance/control activities have a high degree of legitimacy among the auditors and that the procedures and systems are not too sophisticated. Besides quality assurance and control activities, perhaps the most effective way to promote quality in audit work is to recruit competent staff and to create working conditions that:

stimulate quality development;
promote openness, delegation and mutual trust within the organization; and
encourage the auditor’s own sense of responsibility.

In an information-based and professional activity such as performance auditing, it is generally more important to support the audit teams in their efforts to achieve a good level of quality in their work, than to supervise them in the traditional sense of the term.

Appendix 5

Performance Auditing and Information Technology

Introduction^[1]

Information Technology (IT) is being increasingly used for public sector program planning, execution, and monitoring. The sharing or integration of information between agencies raises issues such as the risk of security breaches and unauthorized manipulation of information. Auditors should not only be aware of the uses of IT, they should also develop strategies and techniques for providing assurance to stakeholders about value for money from the use of IT, security of the systems, existence of proper process controls, and the completeness and accuracy of the outputs. Earlier, it was common in performance auditing to focus on issues such as planning, development and maintenance of individual IT systems. Today, the perspective is broader. IT systems are primarily seen as important components in all government programs (e-government). The shift in perspective has consequences for performance auditing in the area of information technology. The value of good IT systems is that they can improve the economy, effi ciency and effectiveness of existing programs and contribute to better public services. IT systems can be an effi cient and effective program delivery mechanism. They have the potential to deliver existing services at reduced cost and to provide a range of additional services, including program performance information, with greater effi ciency, security, and control than is available in manual systems. However, IT systems also have the potential to result in major systemic errors with a resultant greater impact on agency performance than would be possible if manual systems are used.

This appendix highlights a range of important considerations for performance auditing in an IT environment and is not intended to replace detailed guidelines that SAIs may need to develop in order to evaluate their auditees’ IT environment.

The approach to performance auditing in an IT environment should involve the following interrelated processes:

obtain an understanding of the auditees’ IT systems and determine their signifi cance for the performance audit objective;
identify the extent of IT systems auditing required to achieve the performance audit objective (e.g. audit of IT-investment processes and their links to business strategies, audit of systems development; audit of environment and applications controls) and employ specialist information system/IT auditors to undertake the task; and
develop and use, when appropriate, computer-assisted audit techniques to facilitate the audit.

A performance audit in an IT environment should:

assess whether the IT systems enhance the economy, effi ciency, and effectiveness of the program’s objectives and its management, especially in relation to program planning, execution, monitoring, and feedback;
determine whether system outputs meet established quality, service and cost delivery parameters;
identify any defi ciencies in information systems and IT controls and the resultant effect on the effi ciency, economy, and effectiveness of performance;
compare the IT system development and maintenance practices of the auditee to leading practices and standards; and
compare the IT strategic planning, risk management, and project management practices of the auditee to leading practices and standards including corporate governance practices.

A high level model for auditing IT use

In auditing the use of IT in business programs, the auditor needs to focus on certain aspects. Broadly speaking, it is possible to identify the following components in a high-level model for auditing IT issues:

The government’s requirements and other demands concerning the use of IT for public administration services.
The government’s IT-based business improvement strategies and decision processes concerning IT-based business improvement investment projects (implementation of IT).
The government’s development projects, running and maintenance of IT-based business/programs, IT systems and IT infrastructure including aspects of security, integrity, control etc.
The clients’ use of IT systems including aspects of usability and the interaction between users and IT systems.
The long-term effectiveness of IT systems and IT support in business programs (value for money in using IT).
The support from different actors in IT-related issues given to agencies in the public administration including issues such as IT standards, IT technology etc.
The main actors infl uencing government and agencies in IT-related issues such as IT trends, IT knowledge etc.

Performance aspects of auditing in an IT environment

In many cases the most important issue of the audit is to establish whether the IT system has enhanced the effi ciency with which the auditee manages its programs and whether the IT system has benefi cial results for the stakeholders.

The auditor may also be expected to assess if the IT systems have facilitated improved program management. Some areas to be considered include:

The IT investment process – especially the auditee’s innovation system for creating, processing and deciding on IT investment proposals – linkage to business strategy, management and planning processes.
IT should support the objectives and business strategy of the auditee and, therefore, is an integral part of its operations.
IT operations require highly qualifi ed staff.
The contribution of IT to operations is measured in operational effi ciency terms.
The benefi ts of IT may not be realized without appropriate changes.
Normal value for money measures may be more diffi cult to apply. In addition to assessing whether the auditee’s IT systems represent value for money, the performance auditor may also be expected to measure if the IT environment has contributed to transparency, accountability, and good governance.

The audit may also contain more specialized IT issues, i.e. IT system development and operational management.

Performance auditing involving IT system development

A performance audit involving IT systems development should determine if the audited entity:

has the appropriate executive approval for the development of the IT system, i.e., that IT management fi ts in the corporate governance of the auditee;
has appropriate project management processes in place to manage the project;
has met required targets of time, cost, system function, and value for money;
uses an appropriate system development methodology; and
has processes in place, including the involvement of internal auditors, to ensure that the new system includes all the necessary controls and audit trails, and is likely to meet the requirements of the auditee and its stakeholders.

Performance auditing involving operational IT systems

The following list contains some of the more important concerns that the auditor would be expected to consider and should be modifi ed as required for the specifi c entity being audited:

the strategic and operational management of IT, including assurance that IT is included in the overall corporate governance of the auditee;
IT project management, including the auditee’s record in meeting legislative and other deadlines;
risk management practices in relation to IT;
IT system design, development, and maintenance controls;
compliance with standards, including external standards;
application controls;
processing controls, including audit trails;
business continuity arrangements;
data integrity, including sampling of data (possibly using computerassisted audit techniques);
access controls and the physical and logical security of networks and computers, including Internet fi rewalls;
controls as a safeguard against illegal software;
performance management and measurement; and
other issues that arise during the audit.

In making the assessment the auditor may:

review fi les and other documents relevant to the development and operation of the IT systems;
use an appropriate software package to test the central and networked computing system controls;
test a sample of transactions (potential for using computer-assisted audit techniques) to validate the systems and relevant controls; and
interview the Auditor General and key staff members.

Planning

As with any audit, performance auditing in an IT environment needs to be planned. The planning process should frame audit objectives with reference to the objectives of the auditee in adopting/introducing IT systems and should include audit concerns relating to value for money, controls and security. The planning phase should also identify the IT systems and their roles in programs, computer systems and software packages being used by the auditee. During this phase, auditors also need to identify the major potential risks and exposures of IT systems.

Performance auditing in an IT environment requires specialist skills, and appropriately trained personnel with skills in IT, information systems, auditing, and accountancy should be dedicated to the task. The services of consultants may be needed for the more specialized technical areas. The SAI may also need to consider acquisition of appropriate hardware and software tools. The SAI staff will require extensive training to remain abreast of technological developments and IT audit techniques.

Computer-assisted audit techniques

Auditors are increasingly using computer-assisted audit techniques. These techniques utilize custom developed software programs to assist in the execution of the audit. They can be used for both sampling system transaction data and for testing the system as a whole. Computerassisted audit technique tools can be developed to:

access and extract information from auditee databases;
total, summarize, sort, compare, and select from large volumes of data in accordance with specifi ed criteria;
tabulate, check and perform calculations on the data;
perform sampling, statistical processing, and analysis;
provide reports designed to meet particular audit needs;
facilitate audit planning and control, such as electronic audit working papers that support effective indexing, review and reporting;
conduct surveys through web questionnaires, and • increase the analysis of audit evidence and fi ndings. Computer-assisted audit techniques can be used to collect data, validate the processes in the program or to analyze the data. The auditors should develop these techniques and provide training for the staff of the auditee. These automated audit tools should be developed/ modifi ed, bearing in mind the IT environment in the auditee and the audit objectives. Computer-assisted audit techniques can also be utilized in performance audits of both IT and non-IT environments.

Reporting

The performance audit report should be drafted to minimize the use of technical terminology with a view to making it easily understandable to management, members of the legislature and the public. When the use of technical terms is inescapable, they should be explained. Audit report should be published on SAI’s websites or on CD in order to give the report a wide distribution.

Appendix 6

Performance Audits of Activities with an Environmental Perspective

Introduction

Over the past 20 years, global awareness of environmental issues has grown rapidly, with particular emphasis on matters such as ozone depletion, the destruction of rain forests and global warming. The greatly increased knowledge and experience of environmental issues acquired during this period has led to a rethinking of the role and responsibilities of both governments (at national and local level and their associated agencies) and industries. Some of the crucial changes that have taken place are:

The expansion of environmental regulation by state and local authorities.
The increasing cost of environmental protection for both the private and public sectors. The resources spent by both sectors on pollution control have increased, and both businesses and government bodies are looking for more cost-effective ways of dealing with these issues.
Environmental awareness among fi nancial institutions, both national and international. The pressure and scrutiny brought to bear by these institutions provide governments and businesses with the impetus to give environmental issues closer consideration.
Following the United Nations Conference on the Environment in Rio de Janeiro, governments and corporations around the world have shown more concern about sustainable development. The increasing concern that organizations which affect the environment in a negative way should be accountable for their actions has led to requirements for the consequences of those actions to be reported. In turn, expectations have grown that the representations made in environmental reports should be subject to independent audit. As a result of the implications of these expectations for SAIs, the subject was taken up by INTOSAI.

At the XVth INCOSAI in Cairo 1995, it was decided that, using the INTOSAI Auditing Standards as a basis, the INTOSAI Working Group on Environmental Auditing should develop a guide containing guidelines and methodologies for the conduct of audits with an environmental perspective. The result of the work, “Guidance on Conducting Audits of Activities with an Environmental Perspective”, was approved at the XVIIth INCOSAI in Seoul 2001.^[2] The purpose of the guide is to provide SAIs with a basis for understanding the nature of such auditing as it has so far developed in the governmental sphere. This basis is intended to provide a starting point from which to create an approach to the satisfactory discharge of environmental auditing responsibilities within the context of each SAI’s jurisdiction.

The term ‘environmental auditing’ is a convenient label generally used to describe one of a plethora of activities such as management audits, product certifi cation, governmental control measures and many other activities, which bear little or no relation to an external audit. SAIs also often carry out activities that, by defi nition, do not qualify as audits, but which contribute to better government. In this appendix the term “environmental auditing” is used solely in the context of the independent external audit.

At XV INCOSAI (Cairo), it was agreed that environmental auditing is, in principle, not different from the audit approach as practiced by SAIs and that it could encompass all types of audit. In this context, audit attention may be devoted to, for example, the disclosure of environmental assets and liabilities, compliance with legislation and conventions – both national and international –as well as to measures instituted by the audited entity to promote economy, effi ciency and effectiveness. Consequently, it is sometimes easier to talk about performance auditing with an environmental perspective.

Applying INTOSAI Code of Ethics and Auditing Standards

The INTOSAI Code of Ethics and Auditing Standards refl ect a consensus of best practices among SAIs. Thus, it is clear that the standards codify generally accepted professional practices, which are applied in carrying out independent external audits and which may also encompass the audit of activities with an environmental

[1] This appendix is based on documents form INTOSAI’s IT-Committee and the guidelines for performance auditing provided by ASOSAI. The experience of individual SAIs has also been considered.

[2] This short presentation is to a large extent based on that guide and other documents and reports from INTOSAI’s Working Group on Environmental Auditing. The experience of individual SAIs has also been considered.

perspective. It follows that a SAI should – to the full extent appropriate – take the INTOSAI Auditing Standards into account when planning, conducting, and reporting on an environmental audit.

2.1 Basic postulate of relevance and its consequences for performance auditing with an environmental perspective

The SAI should consider compliance with the INTOSAI Code of Ethics and auditing standards in all matters that are defi ned as material. Each SAI should establish a policy to ensure that environmental audits are of high quality. The SAI should recognize the global nature of environmental matters and promote performance audits with an environmental perspective.

Government programs or entities that have an impact on the environment may be categorized into the following three groups:

Programs or entities whose operations directly or indirectly affect the environment.
Programs or entities whose operations directly or indirectly may infl uence environmental policy formulation and regulation, whether internationally, nationally or locally.
Programs or entities whose tasks involve power to monitor and control the environmental actions of others.

The government is responsible for determining what information it needs to ascertain whether its environmental objectives are being realized. In addition, the executive authorities (the government agencies) and their managers are directly responsible for the correctness and suffi ciency of information on the entity’s impact on the environment, be it with regard to fi nancial performance, assets or liabilities, compliance with legislation, or other prescriptions for its performance. Situations are likely to arise in practice, however, where there is a lack of legislation providing for the disclosure of relevant environmental information or where there is a lack of disclosure for some other reason. In such situations, the SAI should report the shortcoming and may also have to consider the possible effects on its audit report. The full scope of government auditing, regularity (fi nancial and compliance) and performance auditing, also applies to environmental auditing. Performance auditing of environmental activities may for instance assess:

whether environmental programs are properly prepared;
whether environmental policies and programs are conducted in an economical, effi cient and effective manner;
whether environmental programs are properly monitored and evaluated; and
whether environmental programs are effective.

Environmental auditing adds a special challenge to the expanding role of auditors and their responsibility for improving and developing new techniques and methodologies to assess whether the reasonably and valid performance measures are used by the audited entity.

General auditing standards of relevance and their consequencesThe auditor and the SAI must be, and must be seen to be, independent and objective in carrying out environmental audits. The auditor and the SAI must also possess the required competence. The wider the SAI’s mandate and the more discretionary it is in nature, the more complex the task becomes of ensuring quality of performance across the mandate. This applies directly to environmental auditing and may often be addressed by making use of teams or by obtaining assistance from experts in the fi eld. If the SAI employs external environmental experts, it must exercise due care to assure itself of their competence. SAIs and their auditors and others who carry out environmental audits should demonstrate adequate knowledge of both environmental matters and performance auditing/program evaluation.
Field and reporting standards

The auditor should plan the audit in a manner that ensures an audit of high quality and collect relevant and reliable information on the audited program or entity. This should, where applicable, include relevant environmental information on:

laws and regulations of relevance;
goals and objectives set by the parliament or the government;
the policies, objectives and practices established by the entities to be audited; and
the existence of environmental assets and liabilities and any changes that may have occurred in them during the period under review. The objective and scope of the environmental audit should be clearly defi ned. The specifi c needs of environmental auditing may require additional procedures to be carried out. It may be advisable to make use of specialists in the SAI to carry out review of the planning and fi eldwork from an environmental perspective.

Developing methods and practices

A SAI may undertake environmental audits under its mandate to carry out performance audits. For performance audits, there are at least fi ve different types of environmental focus such as:

audits of government monitoring of compliance with environmental laws;
audits of the performance of government environmental programs;
audits of the environmental impact of other government programs;
audits of environmental management systems; and
evaluations of proposed environmental policies and programs. Since the SAI may not be able to audit every program or entity involved, it will need to carefully design a methodology that will allow it to draw supportable conclusions on how a given function or activity is implemented nationally. Some of the tools it may consider using are fi eld visits, questionnaires, and statistical sampling.

3.1 Auditing government monitoring

In many countries, a lead environmental ministry and department (or other agency of the executive government) is charged with ensuring that environmental laws and objectives are properly implemented by public and/or private entities. These laws may charge the environmental department with such activities as:

issuing permits that limit the quantity or concentration of pollutants discharged;
monitoring compliance with such permits;
monitoring environmental conditions to help identify other potential non-compliance with regulation;
helping in the interpretation of regulations, and providing other assistance to regulated entities to assist them in their compliance work; and
taking enforcement action when violations occur.

In some cases, the federal (national) government, state, or other levels of government may delegate these environmental regularity responsibilities. In addition, other types of executive government departments, such as transport or agriculture, may also exercise certain environmental regulatory responsibilities. The SAI is often charged with examining how well these other departments exercise their environmental responsibilities.

The data needed to support fi ndings and conclusions may be centrally located and readily available. More usually, important information may need to be collected from diverse locations and from numerous governmental and non-governmental entities. A SAI should be aware that environmental regulatory compliance data has proven to be particularly susceptible to error in many countries. The absence of reliable environmental data may itself become a central message of the SAI’s report.

3.2 Auditing the performance

A government may be enabled by statute or other authority to carry out (or fund other entities to carry out) a range of other programs or activities to protect or improve the environment. A program or activity of this type:

may be the responsibility of a government ministry, a government department or one or several government agencies with particular interest in the environment; or
may be the responsibility of, for example, a department or a government agency for agriculture, through a program for assisting farmers to adopt practices that minimize pollution.

A SAI may fi nd it useful to identify the international agreements on environmental matters to which its government has agreed and then identify which programs have been established to achieve them. Care should be taken in selecting and scoping an audit of a governmental environmental program. A SAI may also consider whether to focus its attention on one main policy instrument or on many different policy instruments. In selecting a performance audit, the SAI should pay particular attention to the availability of suffi cient, relevant and reliable data. When planning its audit, the SAI should examine the risks and materiality of government programs or activities, taking into account the resources involved, the importance of the environmental problem to be addressed, and the magnitude of the intended effect. The auditors should also consider whether there are indications of problems of effi ciency and effectiveness in the area to be studied.

Consideration of the scope and methodology of the audit should address the availability of audit criteria, particularly when the program is not subject to statutory requirements. The SAI may identify ways of comparing the program’s arrangements to best management practices or to practices used for similar environmental programs in the same country or elsewhere. The SAI may also report the program’s achievements over time, against the program’s own targets, or targets or benchmarks set by experts.

The auditor should bear in mind that environmental programs may be aiming for impacts which:

are individually small-scale but cumulatively large-scale;
take a long time to have a noticeable effect; and
are affected by signifi cant external factors (weather conditions, etc.).

3.3 Auditing the environmental impacts of other government programs In addition to programs whose principal aim is to protect or improve the environment, all activities affect the environment in one way or another through their use of resources or consequences of their other actions. Some government programs have signifi cant effects, which may be positive or negative, intended or unintended.

The environmental effects of the activities can be highlighted as part of a wide-ranging performance audit – of the economy effi ciency, and effectiveness of a government activity, or as a narrowly defi ned study focusing solely on the environmental impacts.

The SAI may review the adequacy of:

the description of the program or activity, its environment, and the baseline conditions;
the completeness of the range of key impacts identifi ed;
the data used to assess the likelihood of the impacts and their expected scale; and
any proposals for measures to counter the impacts. The SAI may wish to test for itself what impacts a government activity may have on the environment, its likely scale, and any values that can be placed on its costs and benefi ts. Discussions with experts and searches of literature can identify commonly used evaluation methodologies. It may also be helpful to identify and seek the views of key stakeholders (e.g. residents in the area affected by the activity, key environmental interest groups, and nongovernmental organizations in the fi eld) as well as academics specializing in relevant evaluation methodologies.

From the outset, the government may identify measures that counter or reduce environmental impacts. The SAI’s audit may address whether these measures:

have been put in place and are in accordance with leading practices or best available information or technology and not entailing excessive cost; and
have had the preventive effect intended, and, if not, what actions the government has taken instead.

In some cases, the counter measure may need to be suitable for preventing or dealing with low-risk, major-impact occurrences, such as unintended releases of radioactive substances. Accident and incident procedures may be rarely used, but they need to be operable in case of need. When such procedures are important, an audit may review:

the procedures;
the training of any staff involved;
the frequency of testing the procedures; and
Whether any arrangements required with third parties (suppliers, emergency services, etc.) are up-to-date.
- Auditing environmental management systems

Organizations are introducing environmental management systems to ensure that they are systematically setting policies for continual improvement in environmental performance and are achieving the policy objectives effectively. In considering whether to undertake an audit of environmental management systems or not, a SAI should identify existing government policy on establishing them. The SAI may decide to audit complete environmental management systems for individual government departments. Alternatively, the audit may focus on one or more elements across a range of departments, agencies, or other organizations within the SAI’s remit. The latter approach can be helpful for dealing with relatively small-scale matters and nonetheless offer scope for signifi cant improvements across the government. A SAI may consider whether it should audit and report on an actual performance target set by the government. For an audit of this type, the SAI could usefully investigate how the government compares with practices elsewhere and with the government’s commitments and practices to international agreements. A SAI may also consider whether government monitoring of departments’ environmental management systems and reporting of environmental performance makes them suffi ciently accountable to the legislature and the public for meeting key performance targets. The SAI could undertake an audit to identify the level of performance and reasons for non-achievement of targets.

Evaluating proposed policies and programs

Some SAIs may be called upon to provide analyses or information on proposed policies or programs to their legislatures. This may occur, for example, when a national legislature refocuses its attention from the question, ‘Is the program operating well in conformance with its statutory requirements?’ to the more basic question, ‘Do the underlying statutory requirements themselves need modifi cation to make them more cost-effective or to improve them in other ways?’ Under these circumstances, it may request the SAI to analyze alternative proposals being considered.

Generally, such work poses both challenges and risks. In particular, analyses of proposed policies or programs may sometimes require special skills (specially-trained staff, consultants, expert panels, etc.). Even with these added skills, the nature of such analyses involves risks for the SAI, particularly if it is viewed as taking sides in debates over matters of policy. The SAI may consider the following alternatives to minimize such a risk:

Provide factual information rather than judgments.
Identify consensus among experts.
Evaluate and comment on analysis of other organizations.
Decline the request.

Establishing audit criteria

One concern for SAIs in carrying out environmental audits is determining the criteria against which the audited program or entities will be assessed. It is important to ensure that the chosen criteria – if used – will be generally accepted as relevant, complete and understandable. A performance audit may need to be based on criteria from, in a formal sense, both ‘authoritative’ sources (based on laws, documented policies and goals, generally accepted standards, etc.) and ‘non-authoritative’ sources (academic literature, experts, indicators, or measures used by similar entities or other entities engaged in similar activities, etc.). See appendix 2.

The special risk that a SAI faces in conducting an environmental audit is that the criteria it has used may be inapplicable, inappropriate or biased. The greatest risk for the SAI will come from using nonauthoritative sources of criteria. On the other hand, such sources are often both necessary and fruitful when deeper or broader analysis is required. The ultimate test of the chosen criteria is that (like all audit criteria), they are objective rather than subjective. The criteria should also ensure the completeness of the performance indicators used (and the performance indicators should be relevant, understandable and reliable).

In the problem-oriented approach, however, the use of audit criteria will play a less important role. Instead, the formulation of well-founded hypothesis is of great importance.^[1]

[1] See for instance: Handbook in Performance Auditing. Theory and practice. 1999.

Appendix 7

Towards a system-oriented approach in performance

auditing: A theoretical framework

The system-oriented approach of effectiveness auditing^[1]

Public services are complex, and the growing complexity of government programs increases the incidence of confl icting goals and unintentional side effects, caused by overlapping or coinciding functions. Further, most central decisions on public programs must be made without being completely sure that they will attain the stated objectives, at least not at the fi rst attempt.

It is not an easy task to turn political goals into government programs and to design and implement measures that will obtain desired results. It may even prove diffi cult to fi nd suitable methods to assess the results and the effectiveness of government interventions. There is a growing insight that there often is a large gap between what has been decided politically and what will later be implemented and fi nally achieved.

It is therefore essential to develop models to help performance auditors in their efforts to analyze and evaluate the implementation and effectiveness of government interventions. One common approach in performance auditing is the so-called goal-means (aims and methods) model. In this model implementation is seen as a process where general goals are broken down into sub-goals or means by ministries and executive authorities; authorities later being held accountable for how they manage and produce the services.

[1] For more information, see Towards A System-Oriented Approach In Performance Auditing: A Theoretical Framework. National Audit Offi ce of Sweden, RRV, 1985.

The system-oriented approach to effectiveness auditing, presented below, has it roots in the goal-means model. It is also based on ideas and concepts from ‘system theory’, where government undertakings or programs are seen as systems of interacting and functional interdependent elements. Regulations, resources, government bodies etc. are all examples of elements that constitute a system of this type of a government undertaking.

Defi ning a government undertaking as a system means that the performance auditors have to apply a holistic perspective. In auditing effectiveness of such systems, less emphasis is put on the accountability of individual agencies. The focus is on the effectiveness of the systems themselves.

The system-model and government undertakingsThe system-model is presented below, step by step.
- Production – the first component in the model

Production is the core of the system-model. In all production of services, production and consumption occur simultaneously. Consequently, clients, staff, working methods and resources are all part of the production system. This is shown in the fi gure below.

Administration – the second component in the modelThe aim of production is to deliver services to society effi ciently. This might, for instance: require motivated and competent staff; rational use of resources; good practices; participating and well-informed clients etc.

The operation of the production system takes place within the framework of an administration, involving perhaps several ministries and many departments and agencies, as well as regional offi ces and local authorities.

The function of the administrative systems – to allocate resources, to plan and implement activities, to monitor and evaluate progress etc. – is basically to make it easier to coordinate and control the operations of government undertakings. The administrative systems should contribute to effective implementation of the undertakings.

Structural design – the third component in the model

This structural design forms another framework (around the production and administrative systems). The societal undertaking and the concomitant political goals are not the only matters that parliaments and governments decide upon. Other important issues are the structure of the executive organization, bud get frameworks and regulations that direct operations in production systems. This is shown in the fi gure below.

Finally, it must be noted that forces in the environment have a bearing on the way a societal undertaking is implemented. Therefore, the complete system model is:

The system model shows that the actions of government bodies or authorities (departments or agencies) form one of many links in a larger chain of events. A government body must therefore be assessed in the light of other control factors in the form of rules, resources, the organization set up to carry out certain activities, and the social environment in which the individual unit or organization operates. The systems model allows for a wide concept of effectiveness auditing and questions such as: Is the government undertaking well structured? Audits of such issues may involve assessments regarding the regulatory approach, the distribution of responsibilities, or the granting of appropriations etc.

Effectiveness auditing – some conclusions

In its effectiveness auditing, the SAI examines the effectiveness of government and government-fi nanced activities. By that we mean that an examination is made of whether the results are those that parliament and the government intended to achieve when they allocated resources, established agencies, and passed legislation to implement a societal undertaking.

The model presented above illustrates that this type of effectiveness assessment requires a systems approach. All factors that have a tangible effect on the degree to which the goals are attained must be considered. Otherwise there is considerable risk that in the assessment, for example, the importance of a single agency is magnifi ed. The instruments at the disposal of the agencies may in fact be rather feeble compared to the forces at work in society.

An important part of all effectiveness auditing is the assessment of actions and decision-making. Therefore, a simple explanation of possible reasons for failing to attain the established goals is often not enough. The factors that can be infl uenced must also be identifi ed. The systems model shows that there are two types of factors that can be infl uenced:

The agency’s actions – do the agencies involved perform their tasks in the most appropriate way, seen in relation to the undertaking to be carried out?
Structural design – is the body of rules, the appropriation of resources and the organization of agencies appropriate for its purpose in relation to the undertaking to be carried out?

The systems approach to effectiveness auditing works on the basis of a dual auditing issue. Both the activities of the agency and the structural design are considered in assessing whether or not the operation is effective.

Effectiveness auditing may always run a certain risk of gazing blindly at the internal workings of the agency under audit. One does not always notice that a possibly needed tightening up of routines and planning procedures can be of lesser importance in terms of the impact on real effectiveness. Strong criticism may sometimes be levelled, without noting that the agency’s activities are limited by the fact that its resources are far too meager or that it has a weak position in the government administration. By placing the agency in a wider context, the systems approach to auditing counteracts the risk of adopting a narrow view.

The intention of the model that has been developed is to clarify the aims of a system-oriented audit. The next question is how to attain that level of ambition. On the basis of the agency’s experience of the systems approach gained in concrete projects, three requirements regarding methods can be discerned:

In system – oriented auditing, the operations in a certain area of society are the point of departure. This is expressed by allowing a particular undertaking to form the basis of both the study and the fi nal assessment.
In system-oriented auditing, the scope of the analysis is defi ned in terms of the ‘system’ that is formed by the undertaking itself and the forces/actors that affect the realization of this undertaking.
In system – oriented auditing, data on outcome are always included in the basis for analyses and assessments.

The purpose of this model is to provide a theoretical framework for effectiveness auditing that takes the government undertaking, i.e., the ultimate effects that the public program/agency is intended to bring about, as its point of departure.

Performance Audit Principles

. INTRODUCTION

INTOSAI’s fundamental auditing principles recognise that due to the differing approaches and structures of Supreme Audit Institutions (SAIs), not all auditing standards apply to all aspects of their work^[1]. Furthermore, on the basis of the terms of the audit mandate with which SAIs are empowered, any auditing standards external to the SAI cannot be prescriptive, nor have a mandatory application to the work of the SAI^[2]. However, in order to promote high quality work across its members, INTOSAI advocates that each SAI should establish a policy which has regard to INTOSAI standards, and other specific professional standards, which should be followed in carrying out various types of work that the organisation conducts. This audit guideline of key principles outlines a common understanding of what defines high quality work in performance auditing.
Comparisons between the practices of performance auditing in different countries show considerable variations depending on the mandate, organisation and methods used by the SAIs. The legal, administrative and economic environment can have a bearing on the nature of performance audits conducted and how they are carried out. The maturity of public sector administration also impacts on the extent and nature of performance audits that can be performed.
Performance auditing generally follows one of three approaches in examining the performance of the audited entity. The audit may take a result-oriented approach, which assesses whether pre-defined objectives have been achieved as intended, a problemoriented approach, which verifies and analyses the causes of a particular problem(s), or a system-oriented approach which examines the proper functioning of management systems: or a combination of the three approaches.
Performance audit may also adopt one of two perspectives for the audit: a top-down perspective, which focuses on the requirements, intentions, objectives and expectations of the Legislature, Executive and/or regulatory body, or a bottom-up perspective, that focuses on the effects of the activity on the audited entity and the larger community^[3]. In the case of the former performance audit does not question the intentions and decisions of the legislature, but instead examines whether possible shortcomings in the laws and regulations have affected those intentions being met. Depending on their mandate, SAIs may audit the assumptions on which policy decisions were based and the impact of such policy decisions. The audit provides an objective assessment to inform the legislature on such issues as how to enhance policy target achievement and/or how to accomplish objectives more efficiently and effectively.

Whichever approach or perspective is adopted, performance audit aims mainly towards examining the economy, efficiency and effectiveness of the audited entity in the performance of its functions and activities, not excluding the verification of the audited

entity’s compliance with established legislation and regulations^[1]. Where appropriate, the impact of the regulatory or institutional framework on the performance of the entity should also be taken into account. Performance audit often achieves this by attempting to answer two basic questions: are the right things being done, and are things being done in the right way?
As performance auditing can deal with all facets of the public sector, it would not be possible or appropriate to propose detailed common auditing standards to cover all situations. Accordingly, auditors are required to apply their own professional judgments and applicable professional standards to the diverse situations that arise in the course of performance auditing. This document is largely based upon the concepts contained in ISSAI 3000 – Implementation guidelines for Performance Auditing, to which auditors should refer for additional guidance.

2. KEY PRINCIPLES OF PERFORMANCE AUDITING

2.1 Definitions

Performance auditing is an independent and objective examination of government undertakings, systems, programmes or organisations, with regard to one or more of the three aspects of economy, efficiency and effectiveness, aiming to lead to improvements⁵.
The performance audit task is a separately identifiable piece of audit work, typically resulting in the issuing of a statement, or report. It should have clearly identifiable objectives and pertain to a single or clearly identifiable group of activities, systems, programmes or bodies know as the “audited entity”.

2.2. Performance audit objective

According to ISSAI 100^[2], an individual performance audit should have the objective of examining one or more of these three assertions:

the economy of activities in accordance with sound administrative principles and practices, and management policies;
the efficiency of utilisation of human, financial and other resources, including examination of information systems, performance measures and monitoring arrangements, and procedures followed by audited entities for remedying identified deficiencies; and
the effectiveness of performance in relation to the achievement of the objectives of the audited entity, and the actual impact of activities compared with the intended impact.

. The audit objectives are usually expressed in the form of one overall audit question and a limited number of subsidiary questions that the audit will answer and conclude against. Such questions are thematically related, complementary, not overlapping and collectively exhaustive in addressing the overall question. The audit questions addressed by performance audit do not have to be exclusively based on a retrospective audit approach. In a performance audit, SAIs can take an early initiative and furnish proactive audit findings, and/or recommendations, where appropriate, if this is explicitly allowed by their legal mandate. Furthermore, financial and compliance audit aspects^[1], including environmental considerations in the context of sustainable development, can also be included in a performance audit. Finally, the perspective of the citizen that is related to the performance of the audited entity should be taken into account where appropriate.

2.3 Selecting audit topics

Auditors should select audit topics that are significant, auditable, and reflect the SAI’s mandate⁸. The audit should lead to important benefits for public finance and administration, the audited entity, or the general public. Where there is an overlap between other types of audit and performance auditing, classification of the audit engagement will be determined by the primary purpose of that audit^[2]. Aside from audits carried out under legal mandate at the request of the Parliament or other empowered entity, performance audit topics should be selected on the basis of problem and /or risk assessment and materiality or significance (not only financial significance, but also social and/or political significance), focusing on the results obtained through the application of public policies. The selection process for audit topics should aim to maximise the expected impact from the audit while taking account of audit capacities. The processes of strategic planning^[3] and establishing the annual audit programme, are useful tools for setting priorities.

2.4 The audit process

2.4.1 Planning an audit

The auditor should plan the audit in a manner which ensures that it is of high quality and is carried out in an economic, efficient and effective way and in a timely manner^[4]. The audit planning documents should contain:
background knowledge and information needed to understand the entity to be audited, to allow an assessment of the problem and risk, possible sources of evidence, auditability, and the materiality or significance of the area considered for audit¹²;

^[1] the audit objective, questions or hypotheses, criteria, scope and period to be covered by the audit, and methodology (including techniques to be used for gathering evidence and conducting the audit analysis);
an overall activity plan which includes staffing requirements, i.e. sufficient competencies (including the independence of engagement staff), human resources, and possible external expertise required for the audit, an indication of the sound knowledge of the auditors in the subject matter to be audited^[2];
the estimated cost of the audit, the key project timeframes and milestones, and the main control points of the audit.
Performance audits should have suitable audit criteria that focus the audit and provide a basis for developing audit findings. The audit criteria, which can be of a qualitative or quantitative nature, should be reliable, objective, useful, and complete. It should be possible to identify the source of the audit criteria used.
The audit scope should clearly define the extent, timing and nature of the audit to be carried out. When laws, regulations, and other compliance requirements pertaining to the audit entity have the potential to significantly impact on the audit questions, then the audit should be designed to address these issues in order to conclude on the audit questions¹⁴.
In determining the extent and scope of the audit, auditors often need to assess the reliability of internal controls that assist in conducting the business of the audited entity¹⁵. The extent of that assessment depends on the objectives of the audit. Moreover, they should be alert to situations or transactions that could be indicative of illegal acts or abuse and should determine the extent to which such acts affect the audit findings^[3].
When designing audit procedures, the auditor should determine the means for gathering sufficient appropriate audit evidence to conclude against the objectives, answer the audit questions, or confirm the hypotheses. Since auditors seldom have the opportunity to consider all information about the audited entity, data collection methods and sampling techniques should be carefully chosen. The planning phase should always involve certain research efforts, with the aim of building knowledge, testing various audit designs; and checking whether data needed is available. This makes it easier to choose the most appropriate audit method.

Performance audits can draw upon a large variety of data-gathering and analysis techniques, such as surveys, interviews, focus groups, observations, documentary analysis, transaction testing, as well as the analysis of economic, financial and performance data. Audit methods should be chosen which best allow the gathering of audit data in an efficient and effective manner. While the aim of auditors should be to adopt best

[1] ISSAI 300/1.3-1.4.

[2] ISSAI 3000/2.2, page 38. 14 ISSAI 4000 series 15 ISSAI 300/3.1.

[3] ISSAI 300/0.3(d).

practices, practical reasons such as availability of data may restrict the choice of methods. Therefore, as a general rule, it is advisable to be flexible and pragmatic in the choice of methods. For this reason, performance audit procedures should not be standardised in all their terms, as being too prescriptive may hamper the flexibility, professional judgement, and high levels of analytical skills required, in a performance audit^[1].
Auditees should be notified of the key aspects of the audit, including the audit objective, questions, criteria, and scope, before the start of the data collection phase^[2] or after the completion of the audit planning.

2.4.2 Conducting the Performance Audit

Audit examination work takes place on the basis of audit planning already undertaken, and the planning documents thereby developed. Audits should be performed with due care, with an objective state of mind, and with appropriate supervision. The audit team should collectively possess adequate knowledge of the subject matter and audit techniques.
The auditor should obtain sufficient and appropriate audit evidence to satisfy the audit objective and questions, to be able to draw conclusions and, if appropriate, to issue recommendations. The nature of the audit evidence required in performance audit is determined by the subject matter, the audit objective, and the audit questions. Under normal circumstances, performance audits require significant judgement and interpretation in concluding against the audit questions, due to the fact that audit evidence is more persuasive (“points towards the conclusion that…”) than conclusive (“right/wrong”) in nature^[3].
Evidence may be categorized as physical, documentary, testimonial, or analytical. The types of evidence to be obtained should be explainable and justifiable in terms of sufficiency, validity, reliability, relevance, and reasonableness. Audit evidence should be competent, relevant and reasonable in order to support the auditor’s judgment and conclusion regarding the audit questions^[4]. All audit findings and conclusions must be supported by audit evidence.
Performance auditors should be resourceful, flexible and systematic in their search for sufficient evidence. They must also be receptive to alternative views and arguments and seek data from different sources and stakeholders^[5]. Auditors should always try to be practical in their efforts to collect, interpret and analyze data. While primary or own source data is usually the most reliable, secondary data which is collected and/or analysed by others (e.g. performance evaluation reports, internal audit reports, etc.), can be an important source of information in performance audits. It is important, that the reader of the audit report is informed about the source and quality of the data, particularly when it contains estimations.^[6]
The analysis of data involves combining and comparing data from different sources. It is important that the auditor works systematically and carefully in interpreting the data and arguments collected²³. The audit team should document all matters which in its professional judgement are important in providing evidence to support the audit findings and the conclusions to be expressed in the audit report.
The auditor needs to produce audit documentation to fully record the preparation, conduct, contents and findings of the audit in a meaningful way. They should be sufficiently complete and detailed to enable an experienced auditor having no previous connection with the audit to subsequently determine what work was performed in support of the audit findings, conclusions, and recommendations²⁴. In general, the organisation of the audit should also satisfy the requirements of good project management.
The development of good and proper external relations is a key factor in achieving effective and efficient performance audit results. Auditors should seek to maintain good professional relationships with all stakeholders involved, promote a free and frank flow of information in so far as confidentiality requirements permit, and conduct discussions in an atmosphere of mutual respect and understanding of the respective role and responsibilities of each stakeholder. The communication process between the auditor and auditee begins at the planning stage of the audit and continues throughout the audit process, by a constructive process of interaction, as different findings, arguments and perspectives are assessed. Where important audit findings are made during an audit these should be communicated to those charged with corporate governance in a timely manner.
Auditors should not communicate to third parties, neither in writing nor orally any information they obtain in the course of audit work, except where doing so is necessary to discharge the statutory or otherwise prescribed responsibilities of the SAI in question. Any such communication of information should be governed by the statutory or other rules of procedure in force for the respective SAI^[7]. Auditors however, may exchange information regarding management deficiencies with internal auditors, should this information not be of a data security or other confidential nature, for the purposes of ensuring that any identified shortcomings are addressed. Auditors should also report any financial irregularities to the authorities concerned, where appropriate.

2.4.3 Reporting

In a performance audit, the auditor reports on the economy and efficiency with which resources are acquired and used, and the effectiveness with which objectives are met. Such reports may vary considerably in scope and nature, for example covering whether resources have been applied in a sound manner, commenting on the impact of policies and programmes and recommending changes designed to result in improvements^[8].
For all audit assignments any limitations to the audit, such as restrictive regulations, or limitations concerning access to information or reporting requirements, should be disclosed to users of the audit report. The report should also disclose the standards that were followed and audit criteria applied in carrying out the performance audit.
The auditor is not normally expected to provide an overall opinion on the achievement of economy, efficiency and effectiveness by an audited entity in the same way as the opinion on financial statements^[9]. Where the nature of the audit allows this to be done in relation to specific areas of an entity’s activities, the auditor is expected to provide a report which describes the circumstances and context to arrive at a specific conclusion rather than a standardised statement.
The audit report should include information about the audit objective, audit questions, audit scope; audit criteria, methodology, sources of data, any limitations to the data used, and audit findings. The findings should clearly conclude against the audit questions, or explain why this was not possible. The audit findings should be put into perspective and congruence should be ensured between the audit objective, audit questions, findings and conclusions. The report should, where appropriate, include recommendations.
The report should be timely, complete, accurate, objective, convincing, constructive, and as clear and concise as the subject-matter permits^[10]. It should also be readerfriendly, well structured, and contain unambiguous language. Overall, it should contribute to better knowledge and highlight improvements needed^[11]. The audit findings and conclusions should be based on evidence and should be clearly distinguishable in the report^[12]. All relevant viewpoints should be considered in the report and the report should be balanced and fair^[13].
Recommendations, where provided, should be presented in a logical, knowledgebased and rational fashion, and be based on competent and relevant audit findings^[14]. They should be practicable, add value and address the audit objective and questions.

They should be addressed to the entity(ies) having responsibility and competence for their implementation.

Auditors should refer to all significant instances of non-compliance and significant instances of abuse^[15] that were found during or in connection with the audit³⁴. Where such instances are not pertinent to the audit questions, it is envisaged that they would nevertheless be communicated to the auditee preferably in writing at the appropriate level.
Unless prohibited by legislation or regulations, before publishing a performance audit report, the SAI should always give the auditee(s) the opportunity to comment on the audit findings; conclusions, and recommendations^[16]. Where disagreements occur they should be analysed and factual errors corrected. The examination of feedback received should be recorded in working papers so that any changes to the draft audit report, or reasons for not making changes, are documented.
Distributing audit reports widely can support the credibility of the audit function. SAIs should decide about the method of distribution in conformity with their respective mandates. The reports should be distributed to the auditee, the Executive and/or the Legislature, and where relevant, made accessible to the general public directly and through the media and to other interested stakeholders^[17], unless prohibited by legislation or regulations.

2.4.4 Follow-up

Follow-up of the audit report should be part of the audit process as it is an important tool used to strengthen the impact of the audit and improve future audit work. The priority of follow-up tasks should be assessed as part of the overall audit strategy of the SAI^[18]. Sufficient time should be allowed for the audited entity to implement appropriate action.
When conducting follow-up of audit reports, the auditor should adopt an unbiased and independent approach. The focus should be to determine whether actions taken on findings and recommendations remedy the underlying conditions^[19]. The results of the follow-up should be reported appropriately in order to provide feedback to the legislature, together if possible, with the conclusions and impacts of the corrective actions taken where relevant.

2.5 Quality system

Performance audits should be subject to a system of quality control^[20], incorporating processes for supervision and monitoring of quality, quality assurance, and external quality and peer reviews, in order to provide reasonable assurance that the audit has been conducted in accordance with professional standards and regulatory and legal requirements, and that the reports are appropriate. In this regard SAIs should apply the provisions of ISSAI 40 which provides a framework in relation to establishing and maintaining an appropriate system of quality control which covers all audit assurance and other work performed by SAIs. For performance audit, the following issues are important to ensure the quality of audit work:
to the extent possible and needed, performance audits should be carried out by teams since, as a rule, they address complex questions^[21]. All audit team members should understand the audit questions, the terms of reference of the work assigned to them, and the nature of responsibilities required of them by auditing standards;
experts participating in an audit should have the necessary competence required for the purposes of the audit. The audit team should ensure that the expert is independent of the activity/programme, and that (s)he is informed about the conditions and the ethics required^[22];
decisions should be properly documented regarding the audit objective and questions, and criteria of the audit, resources to be applied to the audit in terms of skills and qualifications, arrangements for reviews of progress at appropriate points, and the dates by which fieldwork is to be completed and a report on the audit is to be provided^[23].

[1] ISSAI 3000/1.8, page 29.

[2] ISSAI 300/1.4(g).

[3] ISSAI 3000/4.2.

[4] ISSAI 300/5.4.

[5] ISSAI 3000/4.2.

[6] ISSAI 3000/appendix 3/5 23 ISSAI 3000/4.5. 24 ISSAI 300/5.7

[7] ISSAI 200/2.46.

[8] ISSAI 400/4.

[9] ISSAI 400/23

[10] ISSAI 400/7(a).

[11] ISSAI 3000/5.3.

[12] ISSAI 400/7.

[13] ISSAI 400/24.

[14] ISSAI 3000/4.5.

[15] ISSAI 1240/P6, “Abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable…”. 34 ISSAI 400/7.

[16] ISSAI 3000/4.5.

[17] ISSAI 3000/5.4.

[18] ISSAI 3000/5.5.

[19] ISSAI 400/26.

[20] ISSAI 40

[21] ISSAI 3000/2.2.

[22] ISSAI 200/1.18 and 2.43-44.

[23] ISSAI 200/1.24 and 1.26.

Appendix to ISSAI 3100

Table of Contents:

1.Introduction	3

2.The nature and benefits of performance auditing	4
2.1. What is performance auditing?	4
2.2. External benefits	5
2.3. Internal benefits	5

3. The challenges of introducing performance auditing	6
3.1. Long term management commitment is needed	6
3.2. A proper mandate is vital	6
3.3. The importance of building relationships with stakeholders	6
3.4. Organizational issues need to be addressed	9
3.5. The key success factors	9

4. How to get started	11
4.1 Beginning small scale, with a pilot and focused themes	11
4.2. Determining the resources needed	11
4.3. Raising awareness within the SAI	13
4.4. Not setting up detailed systems and procedures at this early stage	13

5. Building the capacity for a sustainable performance auditing function – ‘maintaining the momentum’	14
5.1. Operational manager	14
5.2. Staff recruitment and training	14
5.3. Performance auditing framework	15
5.4. Communications strategy	18
5.5.Following-up the implementation of performance audit recommendations	18

Introduction

Performance auditing greatly enriches public accountability and enables the SAI to make practical contributions to improving the efficiency and effectiveness of the public administration. This guide aims to set out the benefits to an SAI from introducing performance auditing, together with some of the key issues to consider in introducing and maintaining performance auditing in an SAI. It is mainly aimed at the Head of the SAI and its senior management staff, to help them understand the requirements and challenges to be faced. The idea is to focus on the strategic needs and general implications of introducing a sustainable performance auditing function. SAIs operate under different mandates and models, and the size of SAIs and the administrative culture vary around the world. Therefore it is not possible to produce detailed guidelines applicable to all; so this document focuses on the strategic challenges concerned with the implementation process and the resources needed. It also highlights the key features of performance auditing and its importance to SAIs, public administrations and society as a whole.

A significant number of SAIs have encountered difficulties in introducing a sustainable performance auditing function. Besides political and administrative factors, the complexity and challenge of performance auditing itself should also be acknowledged. Experience has shown that it may take years to develop this form of audit work in a sustainable way. In addition, having a strong financial and compliance auditing function does not guarantee success in performance auditing, since performance auditing is a very different discipline.

These guidelines consist of four main chapters:

Chapter 2: presents the key performance auditing principles and describes internal and external benefits of this type of work;
Chapter 3: points out the main challenges of introducing performance auditing;
Chapter 4: highlights the key aspects to be considered when starting performance auditing; and
Chapter 5: provides an outline of the principal issues for a sustainable performance auditing function.

2. The nature and benefits of performance auditing

2.1. What is performance auditing?

Performance auditing is an independent and objective examination of government undertakings, programs or organizations, relating to one or more of the three aspects of economy, efficiency and effectiveness, with the aim of leading to improvements. The key principles guiding performance auditing may in short be described as follows:

The principle of ECONOMY is keeping costs low. It requires that the resources used by the audited entity for its activities shall be made available in due time, in appropriate quantity and quality and at the best price.

The principle of EFFICIENCY is getting the most from available resources. It is concerned with the best relationship between resources employed, conditions given and resultsachieved; in terms of quantity, quality and timing of outputs and/or achievements.

The principle of EFFECTIVENESS is meeting the objectives set. It is concerned with attaining the specific aims or objectives set and/or achieving the intended results.

Performance auditing is about analysing and assessing the performance of government programs or public services. It is an information-based activity that requires analytical and creative skill. In contrast to financial auditing, it focuses on the activity rather than the accounts . And in contrast to compliance auditing, it relates mainly to the intentions behind government interventions and to the concepts of economy, efficiency and effectiveness. Basic questions in performance auditing are:

Are the right things been done;
If so, are things been done in the right way; and
If not, what are the causes?

The perspectives and the entities to be audited vary, i.e. individual departments as well as government programs and undertakings may be audited. Some of the main differences between performance and financial auditing are summarised below.

ASPECTS	Performance auditing	Financial auditing
Purpose	Assess whether government interventions or measures have been conducted in accordance with the principles of economy, efficiency and effectiveness.	Assess whether financial operations have been carried out in accordance with legislation and regulations and whether accounts and financial statements are true and fair, i.e. reliable.
Focus	Policy, programmes, organisation, activities and management systems.	Financial transactions, accounting, financial statements, and key control procedures.
Academic basis and relevant experience	Economics, political science, sociology etc. Experience of professional investigations or evaluations and familiarity with methods applied in social science as well as other relevant methods/skills.	Accountancy and law. Professional audit skills.
Methods	Vary from audit to audit.	Standardised format.
Audit criteria	More open to the auditors’ judgement. Unique criteria for the individual audit.	Less open to the auditors’ judgement. Standardised criteria set by legislation and regulation for all audits.
Reports	Special report published on ad hoc basis. Varying structure and content, depending on objectives.	Annual opinion and/or report. More or less standardised.

2.2. External benefits

Performance auditing has important functions to fulfil, both in relation to the general public, the legislature, the government and the entities that are audited.

The democratic principle is based on the public’s right to hold governments accountable for their actions through general elections. In order for this principle to have significance, the public needs information on how public resources are spent and how public services perform. By providing objective and reliable information on these issues, performance auditing contributes to transparency and accountability.

Performance auditing also plays an important role in keeping legislatures well informed about the government’s actions, and the outcome of its own decisions. Legislature needs reliable and independent information on the results and effects of programs and decisions. Performance auditing represents a unique source of information, as it does not represent political activists or institutions. It may also be of value for Government to get an independent evaluation of the outcome of its decisions and the performance of public services.

Performance auditing provides incentives for learning and change in the public sector, by providing new information and drawing attention to various challenges. It also adresses problems that are beyond the audittee mandate by including the theme on the political agenda. It contributes to improvement and reform in public administration and government. In this way performance auditing adds value far beyond that of a control mechanism.

2.3. Internal benefits

Performance auditing enhances cultural diversity, creativity and learning in the SAI, leading the auditors to concentrate on relevant social, political and economic issues.

It has the potential to make SAIs more visible in the media because performance auditing topics attract a wider audience. This can have a flow-on effect of increasing auditors’ motivation within the SAI due to the visibility of their work.

Given that an objective of performance auditing is to identify potential improvements in the efficiency of public administration, (and therefore to help save government outlays) the credibility obtained from this type of auditing can provide greater incentives for governments/legislatures to allocate human and financial resources to the SAI.

3. The challenges of introducing performance auditing

These are a number of issues that the head of an SAI needs to address when developing a sustainable capacity for performance auditing. Successful implementation of performance auditing requires political support, appropriate regulation, leadership and active management involvement. The head of the SAI needs to ensure sufficient funding and seek partners that may assist in capacity building and quality control.

3.1. Long term management commitment is needed

It is important that the head of the SAI takes into account that performance auditing is different, demanding and takes time to implement. The head of the SAI needs to communicate a clear vision of the purpose for performance auditing and the desired outcomes to be achieved. The introduction of performance auditing requires a personal commitment from the head of the SAI, and it is also important to get management actively involved and professionally trained.

Experience proves that introducing performance auditing will often require changes in attitudes, management style, organizational behavior, recruitment practices etc. It requires leadership to publish critical performance audit reports, especially in an environment less used to such criticism. It takes courage to reveal poor performance of government programs or services, even when backed up by reliable, objective and balanced evidence and arguments. Performance auditing requires skills which SAIs with limited or no experience in the field will have to acquire.

3.2. A proper mandate is vital

The head of the SAI should also seek to obtain a suitable legal mandate that comprises the following criteria:

A mandate to carry out performance auditing on the economy, efficiency and effectiveness of government programs and entities;
Freedom to select what to audit, when to audit and how to audit, conclude and report on findings;
Freedom to place the audit results in the public domain;  Access to all information needed to conduct the audit; and
Freedom to decide who to recruit.

3.3. The importance of building relationships with stakeholders

The head of the SAI should be prepared to promote the value of performance auditing to a number of stakeholders. The SAI needs to identify its key stakeholder groups and establish effective two-way communications with them. One reason for doing this is to enable the SAI to develop a full understanding of the needs and expectations of the different groups in order to make decisions based on knowledge of what those expectations are. Another reason is to give the SAI the opportunity to explain the purpose of performance auditing to stakeholders.

When considering communications with stakeholders on performance auditing, it is important to recognize that some stakeholders will be the SAI’s usual contacts, such as the legislature and government bodies, but others may be a new group not engaged with previously, such as the academic and business communities, citizens and their representatives, research institutions, interest groups, independent agencies such as nongovernment organisations, politicians and media representatives.

In order to develop good relations with the legislature and government the head of the SAI should also work closely with these stakeholders. The head of the SAI needs to develop procedures for communicating with the media, the auditee and other key stakeholders, and to establish networks where appropriate. Some of the key stakeholder groups are discussed below but the list is not intended to be comprehensive.

The legislature

The legislature should be convinced of the need for performance auditing if it is to support additional funds being provided for its introduction within the SAI. It is important for the head of the SAI to manage the legislature’s expectations carefully because performance audit is unlikely to deliver immediate results and impacts from any decision to invest in performance auditing: the benefits will come in the medium and longer term.

The legislature should be made aware of the fact that performance auditing is about identifying opportunities for improvement in economy, efficiency and effectiveness. Public sector reform and improvement of government is more likely to happen if there is a parliamentary mechanism in place to consider the performance audit reports. The legislature needs to set out a clear procedure for receiving and deliberating on performance audit reports in order to ensure that appropriate actions are taken. The SAI should make it clear that naming and blaming individuals is not the purpose of performance auditing. Nor do such reports cross the borderline into political territory.

In some cases the SAIs will need to seek legislative changes to allow it to undertake performance audits. In such cases the SAI may need to harness a variety of means to help the legislature see the value of this type of auditing. This might involve visits to other legislatures, presentations on the impact of the work and meetings with representatives of SAIs with long experience in performance audit.

The SAI will need to establish the legislature’s preferences for performance audits regarding:  Meetings to establish performance audit topics of interest to the legislature;

Developing a good working relationship between the legislature and the SAI that ensures that audit reports will be debated; and
Additional briefing that the legislature may require to enable those working with the SAI’s performance audit reports to interact effectively with the government, for example through committee hearings involving questions to officials of audited bodes and production of legislative reports.

Audited bodies involved

The relationship between the SAI and government is long-term. Both parties need to cooperate to identify constructive ways of working together. Effort should be placed on making audited bodies aware of the procedures relating to performance auditing.

In performance auditing the SAI is seeking to achieve beneficial change in the operations of government. The SAI is therefore supporting the interest of government in helping it to meet its objectives. It is not necessarily a criticism of government when an SAI points the way to better performance, because new opportunities to improve are constantly emerging.

It is important to ensure that government authorities are made aware of the procedures relating to performance auditing, and understand the key requirements of performance auditing.

In some countries the Ministry of Finance is a key central contact for the SAI and a potential ally. Developing good communications with the Ministry of Finance on performance auditing will enable the SAI to achieve cross-government impacts on performance auditing issues. The SAI will benefit from working closely with the Ministry of Finance, to strengthen support for performance audit recommendations and proposals for systemic improvements across government. Maintaining good contacts with audited bodies is equally important.

SAIs need to be balanced and objective in communications involving both the Ministry of Finance and audited bodies, to ensure that they are not seen as taking sides with either party.

A sound dialogue with the public authorities involved is pivotal in achieving real improvements in government. Although an SAI needs to maintain independence from the auditee, the development of good and open professional relations is likely to make it easier for the SAI staff to conduct rigorous and useful audits.

It may also increase the impact of the audit if there is agreement on the findings between the SAI and the audited bodies involved. If the SAI demonstrates that it recognizes the pressures under which the audited body has to operate, and if the SAI is willing to acknowledge what audited bodies have achieved as well as what more needs to be done, the auditee is likely to be more open in its communications with the SAI, and the SAI may find the auditee provides more willingly the access to people and data that is necessary for performance auditing. Mutual responsibilities concerning sharing of information should be clarified.

Citizens

It is important to consider the interests of citizens on performance auditing. Citizens are a source of ideas for performance auditing, a source of demand for performance auditing, and users of performance audit reports. They may be contacted directly or through nongovernment organisations that represent them.

The SAI will need to consider how best to communicate with the public. Depending on the circumstances within the SAI’s country, this could include a mix of television interviews, articles in various publications, leaflets in public places such as libraries and use of the SAI’s website. The SAI could use these media to explain the new performance auditing approach and how it will enable the SAI to check that taxpayers’ money is being used by government economically, efficiently and effectively. The SAI’s website could also include notifications of future performance audits, inviting those with particular interests to contact the SAI with their comments, particularly about service delivery.

The media

It is also important for the SAI to have good communications with the media. They may serve as a bridge to citizens and the citizen’s view of public services. Sometimes public opinion, as expressed by the media, provides added support and impact for audit topics and audit reports.

Other key stakeholders

Other important external stakeholders are representatives of the academic community. They have expert knowledge in specific audit areas, and may provide a more objective view, less restricted by personal interest. Academics may thus serve as suitable discussion partners, co-readers and sometimes also consultants at all stages of an audit. In addition, academics are often suitable potential recruits to the SAI’s performance auditing function. National and international performance auditing professional community is also an available source of inputs. There may be occasions when the business community can also provide expertise for specific performance audit topics.

Non-government organisations can be a useful source of ideas. They may have conducted their own research through surveys and case studies, and may have a range of relevant contacts. Civil society can be motivated to put pressure on the legislature to act, particularly if the SAI is providing high profile material that is of interest to them.

3.4. Organizational issues need to be addressed

Performance auditing is a knowledge-based activity, and high quality work is of great importance. Owing to its special features it requires special competences. It is an investigatory discipline that requires flexibility, imagination and analytical skills. Excessively detailed procedures, methods and standards may in fact hamper the effective functioning of performance auditing.

The ability to recruit the right staff is a critical factor. It is well understood by SAIs with long experience of performance auditing, that conducting performance audits requires different skills from financial auditing. Consequently, an appropriate recruitment process is essential. It is generally required that performance auditors should hold a university degree. Experience of qualified investigative/evaluation work is an advantage. Personal competences like creativity, receptiveness, integrity, and oral and written skills are vital. It is also necessary to be familiar with methods applied in social sciences as well as other relevant methods/skills. Good knowledge of organizational management also helps ensure that performance auditors make realistic and achievable suggestions for improvements.

It is important to ensure that competence is built up step by step, and to stimulate knowledge sharing and learning in the organization. Recruiting a competent operational manager is also a strategic issue. The manager is a key factor for sustainable capacity building. In the longer term, how to develop capacity for methodological, analytical and professional in-house training should be considered. Setting conditions, standards and guidelines that will safeguard quality and sustainability are also issues that will need to be addressed. This includes a well functioning process for efficient production of performance audit reports.

3.5. The key success factors

In short these are some of the key success factors for developing a sustainable performance auditing function:

Management involvement

Define a clear vision for what to achieve and set the objectives for the performance auditing;
Realize that performance auditing is demanding, differs from financial and compliance auditing and takes time to implement;
Be aware that changes in management style and organizational behavior might be required;
Get management actively involved and professionally trained; and
Be comfortable in challenging poorly functioning programs or services, if backed up by reliable, objective and balanced evidence and arguments.

External relations

Get political support and a sufficient legal mandate;
Safeguard sustainable funding;
Ensure that government authorities understand the key requirements of performance auditing;
Establish networks with academics, non government organisations and other stakeholders;
Establish strategies for communicating with the media, auditees, citizens and other stakeholders; and
Produce interesting, challenging, well founded and reader-focused reports that add value, promote better spending and results, and are widely appreciated.

Institutional issues

Select competent staff and get a competent operational manager in place;
Make the recruitment process a better fit for performance auditing;
Build up competence step by step and stimulate knowledge sharing and learning;
Develop capacity for methodological, analytical and professional in-house training;
Set conditions, standards and guidelines that will safeguard quality and sustainability, including a well functioning process for efficient production of performance audits; and
Provide professional support on statistics, information technology, editorial work, communication office.

4. How to get started

4.1. Beginning small scale, with a pilot and focused themes

SAIs should not try to do too much too quickly. Performance audits are time consuming, and even more so for newcomers. In order to get performance auditing established, it is advisable to look for some quick wins in one or two subjects that are likely to be of particular interest to stakeholders, but which the SAI has some experience and confidence in dealing with. Such audits should not be too complicated to handle, and not too broad in scope, but still be able to add value.

The SAI might want to consider carrying out a pilot performance audit. This might be carried out away from the public eye so that there is a ‘safe space’ in which mistakes can be made and lessons learned.

It might be helpful to consider a theme for the initial performance audit work. It enables the SAI to learn by doing in a structured manner. In addition, a thematic approach makes it possible to recognize similar problems in public administration and to use experiences from one area for new audits in another area. This in turn may have positive impacts on the efficiency of the production. This would provide opportunities for focused capacity building.

A general requirement is, of course, that the problems are possible to examine with available methods, and that the processes are possible to influence, i.e. better practice is known and it is likely that the performance can be improved or money saved.

Examples of possible themes for initial performance audit work might include:

Performance Management: for example the quality of objective and target-setting and the monitoring and evaluation of results;
Time & Resource Management: for example the efficiency of organizational processes and the cost-consequences for service users and society;
Systems for Inspection and Control: for example whether systems are focused on significant organizational risks such as corruption, rather than compliance with lower level procedures;
Public procurement strategic functions and processes;
Service delivery;
Environment, climate change and sustainability;
Productivity and skills;
Efficiencies; and
Personal safety and security.

4.2. Determining the resources needed

Financial resources

Starting small scale would enable SAIs with limited resources to commence performance auditing. The costs relating to building up the necessary competence should be taken into account. Staff costs would be estimated according to established costing methodologies (for example salary costs plus basic overheads, allocated as a share of total time per month or year). Other costs may include, travel, consultancies and printing, which should be readily estimated as part of the planning process.

To satisfy good budgeting practices, it is important that the performance auditing function has a cost centre distinct from other SAI activities from the outset, and that budgets for individual performance audits and other key performance audit costs, such as travel, printing and use of consultants, are separately identified and monitored, as well as staff costs.

After the performance auditing function becomes more established it will be necessary to factor in the costs of developing administrative systems, such as those supporting policies and procedures, audit reporting and quality assurance. It would be possible to use such information from SAIs with existing performance auditing functions and similar cost levels and approaches.

The additional costs required both in terms of staff resources, training and materials will need to be carefully estimated and discussed with the legislature. It might then be for the legislature to recommend enhancements to the SAI’s budget to reflect the need for increased resources.

People

It would be possible to conduct a competent initial performance audit using 3-5 full time equivalent staff (though if the performance auditing function is to be sustainable, the number will need to grow from this base point). A good ambition might be for the performance auditing cadre to grow to perhaps 15 staff within 18-36 months. In order for the performance audit function to have sufficient professional weight, an even larger number of staff would be very useful.

The initial performance audits might be staffed by people currently working on financial or compliance auditing. While it is the case that some of the elements of accountancy training are very relevant to performance auditing, such as investment appraisal and costing methodologies, performance auditing is a specialism in its own right, with its own particular skills requirements. In due course the SAI could recruit people with solid experience from analytical work and/or a research background. Eventually the performance audit function might consist of people with academic backgrounds from a variety of disciplines.

It is therefore worth thinking early on about how a wider range of skills can be brought to bear. If funding is available, the SAI could consider recruiting one or two people with backgrounds in evaluation, social sciences or management consultancy. Alternatively a shorter term commitment would be to bring such skills in through contracting with consultancy firms.

Partnerships with other SAIs and academics

National organisations can sometimes be cautious about the risks of funding a new venture, and in such cases international support may be the best approach initially. This is because other SAIs have wide experience regarding factors that may contribute to capacity building of implementing capacity building, including the introduction of performance auditing for SAIs, and can provide advice. International donors might also contribute, for example by commissioning SAIs who are experienced in performance auditing to provide support.

Another potential source of support is the local academic community. Academic institutions will have much relevant experience, for example of evaluating policy and conducting social research. Such institutions might be willing to work in partnership with the SAI, possibly through providing academics on secondment to the SAI.

4.3. Raising awareness within the SAI

If performance auditing is to take root within an SAI it is important to build awareness, interest and enthusiasm. One of the key messages to pass on to staff is that the Head of the SAI considers developing performance auditing to be an important priority. This can be done through whichever internal communication channels are most appropriate. These channels might include direct briefings from senior management. Importantly, for the successful introduction and ongoing benefits of performance auditing to be realized, these communications must also be supported by ongoing actions including those outlined in this guide.

4.4. Not setting up detailed systems and procedures at this early stage

SAIs should not feel that they cannot ‘jump into the performance auditing water’ before they have a detailed system in place for planning and implementing a performance audit. Work on developing audit manuals, toolkits and quality assurance arrangements can come at a later stage, because the burden of doing this can be prohibitive, and it is much more important to invest initial resources in actually trying it out. Approaching the first performance audits with a ‘pilot mentality’ can be quite helpful in terms of all parties understanding that what needs to be learned, and that mistakes might be made.

5. Building the capacity for a sustainable performance auditing function – ‘maintaining the momentum’

Performance auditing is an ever evolving function within an SAI, even for those who have had a firmly established capability for a number of years. Once the SAI has begun performance auditing, it is important to maintain the momentum to realize the full benefits. This involves progressively building the core performance auditing capacity over a number of years to ensure that early work can develop into a sustainable product. In doing this, consideration should be given to both how initial learning is captured to improve the process going forward, and also how the function can be developed into a mature performance auditing capability. These considerations will necessarily differ between short, medium and long term goals, however regardless of the issue or timeframe, the keys to success will lie in being realistic about your ambitions and flexible in your approach.

The following provides a high-level outline of some issues that the SAI will need to consider as it works to build its performance auditing capability.

5.1. Operational manager

A key factor to the sustainability of the performance auditing function in the SAI will be establishing an operational manager role with responsibility for development and oversight of the function. Amongst the duties of the role would be managing the various issues outlined in this guidance and ensuring that areas such as staffing, training and the development of a performance auditing framework are being adequately addressed and progressed.

Ideally, the operational manager role and the performance auditing function should be supported by a member of the SAI Executive who can act both as manager with accountability for the function and a ‘champion’ to help promote its benefits and ensure that it has the necessary resources devoted to it to help build its ongoing success.

5.2. Staff recruitment and training

It is the quality of the staff undertaking performance audits that will be a large contributor to the success of the function. While at the outset, the SAI may wish or need to use auditors with a background in the existing functions of financial and/or compliance auditing, over time this composition should be reviewed. Performance auditing covers the full spectrum of public administration and therefore it is important that the skills and competencies of staff reflect this. People with:

academic qualifications in areas such as social science or broader investigative and evaluation work; and
personal qualities including integrity, creativity, judgement, analytical skills and oral and written communication skills; are often those who are targeted for recruitment by SAIs within their performance auditing function. Using people with these and others skills, and adopting a flexible approach in utilising resources across the SAI to allow staff with relevant expertise to work across audits where that expertise is best used, will help the SAI develop the performance auditing capability. Recruiting mid-career professionals to strengthen performance audit and ground the work in wider public sector management experience is also an option.

This recruitment should be complemented by both initial training in performance auditing

(and the processes of the SAI) and ongoing training in areas that will develop auditors’ skills and improve the SAI’s performance auditing capability. This training can be delivered through a combination of internal and external models and cover both audit process skills, such as audit interviews and technical skills such as data analysis. From a sustainability perspective, developing a balanced internal training capacity that covers methodological, analytical and professional areas will assist in building a strong learning environment. The more that a learning culture can be developed and promoted within the SAI the greater inhouse knowledge sharing can be utilised to both improve staff skills and experiences and the overall quality of performance audits being produced.

Introducing performance auditing can also bring the benefit of stimulating knowledge sharing across the SAI. With the development of a new auditing function the SAI should remain conscious of the benefits to be gained from all auditing functions (financial, compliance and performance), drawing benefit from the work of each other (such as risks or issues that have been identified) and using the expertise of others to assist in developing a better product. While each is covering a different aspect of auditing, combined, they allow the SAI to present a powerful and more complete analysis of the audited entities and public administration.

In a similar vein to better utilising the internal skills and expertise of an SAI, many of the techniques applied in performance auditing lie within the scope of academic fields such as social and economic research. Accordingly, developing relationships and collaboration with experienced external researchers over time can bring an additional independent dimension to the work supporting a performance audit.

5.3. Performance auditing framework

Part of having a mature and sustainable performance auditing function within an SAI involves developing a framework that is supported by such things as manuals, policies, and a quality assurance process. This framework should be progressively developed as the performance auditing activities carried out by the SAI mature. The framework could utilize both the learning from performance audits undertaken and information resources such as INTOSAI, IDI and other SAIs with an already developed performance auditing capability.

Manuals, policies and procedures

The development and introduction of manuals, policies, procedures and other supporting tools will play an important role in consolidating and institutionalising performance auditing in the SAI over the longer term. As the SAI adapts to the introduction of a performance auditing capability and determines how it wishes to develop and utilise the function, consideration can be given to standardising the approach and methods used through means such as a performance auditing policy manual.

A form of document, whether it is a manual, policy or series of policies, that outlines the framework and maps the performance auditing process from concept to delivery is often used by those SAIs with an already developed performance auditing capability. In addition to being a useful general reference tool for staff it can add value by: establishing a clarity of purpose and consistency in process; supporting compliance with legislation and other authority such as auditing standards; providing an overview of performance auditing for new staff members, and making work practices more efficient.

An example of the high-level structure that could be used to develop a performance auditing policy manual is provided below:

	Foreword or Introduction
	SAI Mandate and Legislative Framework
	Structure of the Performance Auditing Function
	Strategic Planning of Performance Audits (criteria for selection)
	Planning Individual Performance Audits
	Managing the Audit and Relationships with Entities
	Conducting the Audit
	Reporting and Tabling
	Parliamentary Review
	Follow up
	Other Products and Services
	Quality Assurance

Once developed, this documentation should then be revised periodically as more performance audits are completed and the function evolves.

Quality Control and Assurance Processes

A quality control (QC) process needs to sit above the conduct of each performance audit to minimize the risks of error and drive consistency in conduct. This process should be documented and include, for example, the various steps in the audit process, checks to be undertaken (such as peer review of draft work and editorial review of final reports) and provision of space for reflection on issues identified in the audit by audit teams, audit mangers and the Executive. In essence, the QC process could be covered in a ‘checklist’ that audit managers are required to complete while conducting an audit.

Further, in developing a robust performance auditing framework the SAI should look to implement a structured quality assurance (QA) process for all performance audits. A QA process allows audits at their completion to be independently assessed on a consistent basis against specific criteria. Undertaking a QC process outlined above would be one step that the QA process would review and the SAI can develop its own criteria, based on its particular circumstances, with examples of criteria-based questions including:

	To what extent does the report clearly describe the financial, administrative and managerial context within which the area examined is carried out?
	To what extent is the report well structured and well written, and does it include an effective executive summary?
	To what extent were graphics and statistics appropriately presented and used?
	To what extent is the rationale for the report’s scope clearly set out?
	Is the audit methodology clearly set out?
	To what extent were the report’s conclusions and recommendations balanced, logical, consistent and supported by the evidence quoted?
	To what extent has the audit been successful in meeting its objectives and providing useful information to help improve public services?

Given the key role played by the QA process in developing a performance auditing capability, the executive of the SAI should be involved in crafting the criteria and clearly determining their expectations for what constitutes an efficient and effective high quality performance audit.

Those carrying out the independent QA could be senior members of the performance auditing unit (with no involvement in the conduct of the audit), or external figures such as senior academics from universities and business schools. Using external QA provides an opportunity for the SAI to demonstrate its accountability to stakeholders. Following QA reviews the SAI can circulate good practice examples of performance audit reports within the SAI for the benefit of all auditors. Where performance audit reports are found to need strengthening, a senior staff member(s) could work with the audit team concerned to identify lessons learned and possibilities for training, mentoring and coaching in specific areas.

Planning

Performance auditing should be progressively integrated within the overall strategy of the SAI and should therefore be reflected in SAI planning (such as annual and strategic plans) and the subsequent allocation of resources. The different forms of audits undertaken by the SAI should seek to complement each other in such a way that the total information provided by the SAI contributes to a comprehensive understanding of government functions.

If the SAI is able to select performance audit topics, the development of a system for determining a balanced portfolio of performance audits will assist with providing for adequate coverage of government functions. Initially, while a small number of performance audits are being completed annually, a relatively simple policy direction for performance audits could be established. This could include concentrating for example on economy, while competencies are built up in efficiency and effectiveness; or choosing some higher level themes such as reducing excessive bureaucratic procedures in order to improve transparency and efficiency and effectiveness in public administration.

The importance of having a strategic plan underpinning the performance audit program will grow as the number of staff and audits planned increases. In determining the performance audit program, considerations can include:

Risk-based assessment of government programs;
Discussions with the legislature on what they would like to see covered in the annual program of performance audits; and
Identification of key themes that might govern the selection of audit topics – some possible examples are detailed at paragraph 4.1.

5.4. Communications strategy

Publicizing of performance audit reports contributes to transparency in public sector management and demonstrates how performance auditing can contribute to improvements in public administration and governance. Accordingly, having in place a process for communicating the results to key audiences, such as the legislature, stakeholders and the media is paramount. At the basic level this should entail clarifying which stakeholders should receive information (and in what order) and what information should be provided.

SAIs adopt many different ways for publicizing performance audit reports. For example, some SAIs take a highly visible approach and develop press releases and/or conduct press conferences, while others rely on a more low-key approach and ensure audit reports are made easily available to the legislature, stakeholders, media and the general public.

Regardless of the method for communication, it is important to consider the specific messages to be communicated and the appropriate style and language. Focus should be on strategic issues relating to public administration that warrant attention or are better practice, rather than single performance deficiencies. Consideration should also be given to the specific details of the information to be published. For example, in some cases there might be a need for ensuring anonymity, such as where general disclosure is prohibited by laws or regulations in national security areas.

Differences in the Auditing Functions

An advantage of introducing performance auditing is the new ‘lens’ that it will bring to examining aspects of public administration. However, with this benefit comes the risk that the new aspect of auditing will not always necessarily accord with, or support the findings of, financial and/or compliance auditing. It is therefore important that the SAI communicates to its stakeholders the differences between the objectives of the auditing functions and why conclusions can differ.

Depending on the mandate of the SAI, it can choose to adopt a position along a spectrum which at one end highlights the differences between the auditing functions and presents conclusions that are not necessarily congruent; and at the other end encourages collaborative work to help guard against audited entities receiving different messages and the SAI publishing inconsistent information.

5.5. Following-up the implementation of performance audit recommendations

Following publication of the performance audit report and any deliberations by the legislature, the auditee may be required to respond to the SAI or the legislature about implementation of performance audit recommendations.

Where it is considered that the findings and/or recommendations of a performance audit warrant further review it may be appropriate for the SAI to conduct a follow-up on the report. Accordingly, the SAI needs to have in place a system that captures audit findings and/or recommendations and the auditee’s undertakings in relation to them. Then, after an appropriate time period has elapsed, the SAI can undertake a further assessment of the auditee’s progress with responding to audit findings and implementing recommendations and report on this through a follow-up audit.

Follow up is also important for the purposes of evaluating the benefits that arose from performance audit work. This helps to assess the effectiveness of performance audit in terms of improving public services and making them more efficient, and is useful when the SAI is seeking additional funds for its performance auditing.

(Visited 41 times, 1 visits today)

Introduction

Part 2: Government auditing principles applied to performance Auditing

Part 2: Government auditing principles applied to performance Auditing

planning the performance audit

Conducting the performance audit

Part 5: Reporting standards and guidance: Presenting the audit result

Performance Audit Methodology

Performance Audit Criteria

Evidence and Documentation

Communication and Quality Assurance

Performance Auditing and Information Technology

Performance Audits of Activities with an Environmental Perspective

auditing: A theoretical framework

Performance Audit Principles

2. KEY PRINCIPLES OF PERFORMANCE AUDITING

2.1 Definitions

2.2. Performance audit objective

2.3 Selecting audit topics

2.4 The audit process

2.5 Quality system

Appendix to ISSAI 3100

Introduction

2. The nature and benefits of performance auditing

2.2. External benefits

2.3. Internal benefits

3. The challenges of introducing performance auditing

3.1. Long term management commitment is needed

3.2. A proper mandate is vital

3.3. The importance of building relationships with stakeholders

3.4. Organizational issues need to be addressed

3.5. The key success factors

4. How to get started

4.1. Beginning small scale, with a pilot and focused themes

4.2. Determining the resources needed

4.3. Raising awareness within the SAI

4.4. Not setting up detailed systems and procedures at this early stage

5. Building the capacity for a sustainable performance auditing function – ‘maintaining the momentum’

5.1. Operational manager

5.2. Staff recruitment and training

5.3. Performance auditing framework

5.4. Communications strategy

5.5. Following-up the implementation of performance audit recommendations

Written by MJ

Leave a Reply Cancel reply