[toc-this]
Principles
Clear, robust and practical procedures should be identified in order to obtain [link title="audit%20evidence" link="%2Faware%2FGAP%2FPages%2FAudit-evidence.aspx" /]
so as to be able to draw conclusions with reasonable certainty. The [link title="subject%20matter" link="%2Faware%2FPA%2FPages%2FPlanning%2FDetailed-planning.aspx%23Set-the-audit-scope" /]
, the audit questions being addressed, and the resources and time available should determine the most appropriate combination of procedures.
Evidence collection follows an iterative decision-making process, whereby auditors obtain data, examine it for completeness and appropriateness, analyse it, and make decisions on whether additional evidence is required.
Data requires analysis to explain what has been observed, and to make the connection between cause and effect. Auditors need to be aware that collecting data serves no useful purpose if it cannot be properly analysed.
The final stage of audit procedures involves combining the results from different types of sources, e.g. combining results from surveys with those from case studies, etc., in order to derive valid audit findings.
Instructions
Designing audit procedures
Performance audits can draw upon a large variety of methods, commonly used in the social sciences, to gather and analyse evidence. A good performance audit will normally combine different audit procedures to capture a range of data and corroborate findings from different sources, and combine [link new-window title="quantitative" link="https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FQuantitative" icon="external-link" /]
and [link new-window title="qualitative%20(non-numerical)" link="https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FQualitative" icon="external-link" /]
data. A combination of procedures is necessary to provide solid evidence to support the conclusions and recommendations, with the quantitative data giving the ECA the means to demonstrate the significance of its observations and [link title="recommendations" link="%2Faware%2FGAP%2FPages%2FRecommendations.aspx" /]
. As it is neither practical nor efficient to cover all possible aspects in a single audit, the nature, extent and timing of audit procedures should be restricted to a limited number of matters of significance. These are matters that pertain to the audit questions, can be carried out with the resources and expertise available, and are critical to the achievement of the intended results of the audit subject.
Different methodological approaches may be employed at different audit phases and for different purposes:
- Typically during the planning phase, the auditor is interested in more general information as part of the learning process to understand the subject matter. Qualitative techniques are particularly useful at such stage to identify the significant issues, develop preliminary ideas and build hypotheses. These techniques are also particularly well suited to complex problems.
- As the audit proceeds, the auditor will need more specific information to assess and measure performance, or to document errors or problems already known (e.g. from the planning phase). Quantitative analysis, involving an examination of numerical data, is one of the most powerful audit tools for developing evidence-based conclusions. Such analysis adds considerable value to the audit work, as it can provide clear measures of costs, benefits and performance.
- For specific aspects an audit may rely on the
[link title="work%20of%20other%20auditors" link="%2Faware%2FGAP%2FPages%2FSpecific%2FWork-of-other-auditors.aspx" /]
or [link title="external%20experts" link="%2Faware%2FGAP%2FPages%2FSpecific%2FExternal-experts.aspx" /]
.
Audit team needs to know what data analysis procedures it will use before designing their strategy for data collection. Otherwise, they may find that the data collected cannot be analysed. It may be necessary to pilot-test certain methods to ensure that they can provide the evidence required to answer the audit questions.
Data collection procedures
Data collection procedures range along a continuum from, at one extreme, those giving an overall picture of a situation or population (e.g. surveys) to, at the other extreme, the in-depth exploration of a small number of subjects or items (e.g. inspection), with other methods in between:
[tiles small color="alternate-1" css-code="font-size%3A%2090%25%3B" css_code_compiled=".dynamic-unique-shortpoint-class-name%20%7B%20font-size%3A%2090%25%3B%20%7D"]
[tile title="Survey" link="%2Faware%2FPA%2FPages%2FExamination%2FSurveys.aspx" icon="ion-android-globe"] [/tile]
[tile title="Auditee%20data" link="%2Faware%2FGAP%2FPages%2FSpecific%2FAuditee-data-collection.aspx" icon="database" text-color="white"] [/tile]
[tile title="Interview" link="%2Faware%2FGAP%2FPages%2FSpecific%2FAudit-Interview.aspx" icon="ion-chatbubbles" text-color="white"] with auditee, third parties[/tile]
[tile title="Focus%20group" icon="ion-ios-people" color="neutral-quaternary"] of experts, stakeholders[/tile]
[tile title="Observation" icon="eye" color="neutral-quaternary"] of people, processes[/tile]
[tile title="Inspection" icon="search" color="neutral-quaternary"] of assets[/tile]
[/tiles]
Data analysis procedures
The term ‘data analysis’ is generally used to include both the compilation (coding and tabulation) and analysis of data. Analytical techniques to be employed may be:
- quantitative, which may employ simple techniques (e.g. frequency counts) or more sophisticated techniques (e.g. regression analysis). Computer assisted audit techniques (CAATs) are often an essential part of quantitative analysis.
• Frequency counts
• Ratio analysis
• Comparative analysis
• Trend analysis
• Variance analysis
• Regression analysis
- qualitative, which may be used to analyse and interpret interviews or documents, or to identify descriptive material that may be used in the audit report.
[tiles small color="alternate-1" css-code="font-size%3A%2090%25%3B" css_code_compiled=".dynamic-unique-shortpoint-class-name%20%7B%20font-size%3A%2090%25%3B%20%7D"]
[tile title="Bench-%20marking" link="%2Faware%2FPA%2FPages%2FExamination%2FBenchmarking.aspx" icon="ion-speedometer"] [/tile]
[tile title="Case%20studies" icon="fa-folder-open-o" color="neutral-quaternary"] [/tile]
[tile title="Coding%20and%20abstraction" icon="fa-cubes" color="neutral-quaternary"] [/tile]
[/tiles]
- domain-specific. Audit teams can also use the following domain-specific guidance when relevant to their audit objective.
[tiles small color="alternate-1" css-code="font-size%3A%2090%25%3B" css_code_compiled=".dynamic-unique-shortpoint-class-name%20%7B%20font-size%3A%2090%25%3B%20%7D"]
[tile title="Auditing%20evaluations" link="%2Faware%2FPA%2FPages%2FExamination%2FAuditing-evaluation.aspx" icon="simple-badge"] [/tile]
[tile title="IT%20audit" link="%2Faware%2FGAP%2FPages%2FAuditing-IT-environment.aspx" icon="simple-screen-desktop"] [/tile]
[/tiles]
Other considerations
In the course of audit work, the auditor may obtain or come across sensitive information. Such information should be treated in a confidential manner, and data protection rules observed.
The auditor should have a questioning mind and maintain professional scepticism. Notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management, the auditor should recognise that a situation of irregularity or fraud could exist. Auditors should discuss among themselves and be alert for situations, control weaknesses, errors and unusual transactions or results that could indicate illegal acts, such as [link title="fraud" link="%2Faware%2FGAP%2FPages%2FFraud.aspx" /]
, impropriety, corruption or irregularities, or [a-glossary term="abuse"]abuse.[/a-glossary]
In the occurrence of such an event, the audit team should determine the extent to which such acts affect the audit result and should follow the [link title="standard%20ECA%20procedures" link="%2Faware%2FGAP%2FPages%2FFraud.aspx%23Suspected-fraud" /]
in respect of fraud.
Resources
[icons-list icon-size="2" separator="line" icon-vertical-alignment="middle" vertical-alignment="middle"]
[icon-list-item title="Evidence%20collection%20plan" description="It%20documents%20the%20audit%20questions%20and%20sub-questions%2C%20criteria%2C%20types%20and%20sources%20of%20evidence%2C%20and%20collection%20and%20analysis%20procedures%20that%20will%20be%20applied%20to%20answer%20them." link="%2Faware%2Fdocuments%2FEvidence-collection-plan-template.docx" icon="file-word-o" linking="new-window" /]
[icon-list-item title="Performance%20audit%20database" description="It%20consists%20of%20audit%20questions%2C%20methods%20and%20techniques%20used%20in%20previous%20audits.%20It%20can%20be%20searched%20by%20keyword%20and%2For%20filtering%20the%20required%20fields." link="%2Faware%2FDocuments%2FPA-database.xlsx" icon="file-excel-o" linking="new-window" /]
[/icons-list]
[/toc-this]