Professional Documents
Culture Documents
A Risk-Based Approach To Performance Auditing: CCAF-FCVI Fellow
A Risk-Based Approach To Performance Auditing: CCAF-FCVI Fellow
2009/2010
A Risk-based Approach to
Performance Auditing
Strategic Paper by
Levina Rusk Kishimba
TANZANIA
CANADA
Table of Contents
Page
Acknowledgements
Executive Summary
vii
Introduction
Background
Objective
2
2
2
2
3
4
4
4
4
5
5
5
5
6
6
6
Conclusion
11
Bibliography
14
iii
Acknowledgements
Praise is to the Lord God who always guides my every step and keeps me in the centre
of his will.
This strategy paper is the result of a nine-month International Fellowship Program
I attended in Canada from August 2009 to May 2010. The fellowship was awarded by
the Canadian Comprehensive Auditing Foundation (CCAF) with funding provided by
the Canadian International Development Agency (CIDA).
Special thanks and appreciation to CCAF; CIDA; the Auditor General of Canada,
Ms. Sheila Fraser; and the staff of the Office of the Auditor General of Canada
(OAG Canada) for organizing and running the program.
I would also like to express my gratitude to OAG Canadas Canada Revenue Agency
Performance Audit Team (Group 7, Team 8), the people who ran the Offices training
program, and International Relations staff for the support they gave me in developing
my strategy paper and gaining a lot of knowledge in performance auditing.
My participation in this fellowship program would not have been possible without the
vision of the Controller and Auditor General of the United Republic of Tanzania,
Mr. Ludovick Utouh, in improving the knowledge and skills of his staff.
I sincerely thank my mentor, Mr. Ronald Bergin, Principal of Strategic Planning at
OAG Canada, for sharing his time and insight throughout the development of my
strategy paper.
I am very grateful to my darling husband, Timothy, who was always there to support
and encourage me during my stay in Canada.
Many thanks also to all 20092010 CCAF International Fellows for their friendship.
It was nice spending time with them.
Finally, I wish to extend my deep and lasting appreciation to all who, in one way or
another, helped me throughout the fellowship program.
Levina Rusk Kishimba
May 2010
Executive Summary
This strategy paper proposes how the National Audit Office of Tanzania (NAOT) will
adapt and implement the Office of the Auditor General of Canadas one-pass planning
approach to selecting performance audits. One-pass planning (OPP) is a risk-based
audit planning approach which focuses on how well an entity is managing its major risks
rather than on areas of suspected weakness.
Preparing one-pass plans for performance audits will provide assurance to Parliament
and other stakeholders that NAOT is following a systematic and independent, risk-based
and objective approach to selecting the areas for audit. This will demonstrate that it is
efficiently using the available resources. In addition, this approach will ensure that any
entity deemed to be significant has a current, multi-year plan based on a high level of
risk analysis.
This approach will be implemented incrementally. It will begin with a briefing for
management and staff, followed by training for an initial core of staff on preparing and
applying an OPP approach to audit selection. Current audit structures will be adopted to
suit the OPP process, and then a pilot survey will be carried out. The new approach will
be monitored, evaluated, and adjusted throughout the implementation process.
vii
Introduction
Background
1.
In the past, long-term entity planning in the Office of the Auditor General of
Canada (OAG Canada) focussed on determining the value-for-money audit priorities.
Planning was carried out from the perspective of making a difference for Canadians by
identifying areas that likely needed improvement. As a result of a project entitled
Advancing Audit Practices, approved in June 2001, OAG Canada implemented a more
systematic, integrated, and risk-based approach to long-range entity planning, referred
to as one-pass planning (OPP).
2.
The term one-pass signifies that the knowledge of both performance and
financial auditors is brought together in one analysis at the beginning of the process to
help document the auditors understanding of the risks that a particular entity is facing
and how well it manages those risks. Near the end of the process, the auditors again
consider a combined analysis to determine to what extent they will use financial audits
and performance audits to address the issues they wish to audit.
3.
The National Audit Office of Tanzania (NAOT) has not yet established a strategic
planning process to ensure that only relevant matters involving significant risks are
selected for performance audits. Resources allocated for performance audits are always
limited, which makes selecting entities or areas to be audited a key issue. Putting into
place a process which allows the preparation of one-pass plans for the audit entities
would enable the Office to focus its limited resources on areas of greatest risk.
Objective
4.
This strategy paper proposes the integration of a risk-based approach to
selecting potential performance audits in the office of the Controller and Auditor
General (CAG) of the United Republic of Tanzania, namely, one-pass planning (OPP).
OPP will assist with the selection of audits based on significance and business risks (i.e.
risks to the achievement of the entity's objectives). It will use resources more effectively
and reduce the time and cost of conducting an audit. This will therefore help NAOT
improve efficiency in the planning phase of its performance audits.
5.
The main objective of this paper is to provide a strategy which will enable NAOT
to implement an OPP approach as a tool for selecting performance audit topics and to
integrate the preparation of one-pass plans into the strategic planning process of the
office by July 2012.
choosing topics that are sometimes hard to audit, for example, due to a lack of
background, difficulty determining scope, or risk of missing important areas; and
risking the Offices credibility by picking irrelevant topics for political reasons (not
being independent of the political process of the day).
7.
Other problems include limited resources allocated for performance audits and a
lack of cooperation from auditees.
Rationale for using one-pass planning in the office
8.
A risk-based approach offers what may be the best way for NAOT to
demonstrate independence and objectivity in addressing the problem of deciding what
areas, entities, or themes should be chosen for performance audit.
9.
As used by the Office of the Auditor General of Canada (OAG Canada), the onepass planning (OPP) approach emphasizes that planning at the entity level should
address all mandate areas of OAG Canada simultaneously. It applies to audit planning
for programs and functional areas within and across federal departments and agencies.
By focusing on areas of greatest risk to entities, OAG Canada is moving toward an
assurance-based perspective. This reinforces its goal of addressing the areas of
greatest significance to entities and the expectation that its audits can result in a positive
opinion about the management systems and practices it examines. Applied to NAOT,
this approach could also improve its relationships with auditees.
10.
Further, since adopting OPP, OAG Canada is in a better position to assure
Parliament that audit efforts have been devoted to areas of highest importance, and that
OAG Canada is achieving an appropriate balance of effort with the limited resources
available for the audit. It is in a better position to respond when questions are asked
about why it did or did not audit certain areas. Similarly, adopting an OPP approach for
the audit entities would enable NAOT to focus its limited resources only on areas of
greatest risks.
Challenges ahead
11.
Performance Audit is a small division of NAOT, with only 11 auditors. Success in
implementing the approach will involve some challenges that can be overcome in
different ways by the implementation committee. The committee will include
performance auditors, the selected financial auditors, Development Plans Unit officials,
the Controller and Auditor General and the Assistant Auditor General, Value for Money.
Its worth noting that the success of the whole process is highly dependent on the
support and involvement of NAOT management. The following sections describe
expected challenges.
12.
Performance auditors are not familiar with risk-based approaches to
performance auditing. Identifying and assessing risks are activities central to OPP.
None of the performance auditors at NAOT has technical expertise, experience, or
training on using risk-based approaches to selecting matters for performance auditing.
Making such a fundamental change will be a challenge, and therefore some
performance auditors may be reluctant to adopt this new approach. This challenge can
be addressed by explaining the benefits of using OPP and training the auditors on how
to prepare and use the approach.
13.
Ministries, departments, and agencies (MDAs) as well as local government
authorities do not identify and assess risks that would prevent them from delivering their
programs. OAG Canada uses the auditees own identification of risks as a check in its
OPP approach. In Tanzania, MDAs do not identify and assess their risks. To address
this challenge, the NAOT performance auditors, with the assistance of MDA officials, will
identify and assess the entities risks.
14.
Relations between auditees and NAOT performance auditors are strained
and currently not conducive to good collaboration. Sharing information and a
collaborative spirit are very important to the success of a one-pass plan. Lack of
cooperation has been identified as an issue and is being addressed by another Fellow
from NAOT. Both projects are running at the same time, which could have represented
either another challenge or an advantage. In this case, the Fellow who will be
implementing his strategy paper Developing an Auditees Guide to the Performance
Audit Process, will be helpful because his paper will help inform the selected pilot
project entity about what NAOT will be doing before the pilot project begins.
15.
The NAOT does not have expertise yet to train its performance auditors to
conduct OPP. The key players at OAG Canada who use OPP are the principals and
directors of audit teams, the Strategic Planning and Professional Practices group, and
the consultants. To address NAOTs lack of expertise, I will transfer the knowledge I
have gained from OAG Canada effectively to all performance auditors. Further, an OPP
Team will conduct a pilot study as a training project. In addition, consultations and
advice will be applied whenever required.
16.
OPP takes time and resources. OAG Canada uses between 500 and 600 hours
to prepare a one-pass plan for a single department. In addition, it has a total of
103 performance auditors. The NAOT performance auditors represent a tiny portion of
the office operations (11 performance auditors out of around 600 employees), which
could prompt some there to wonder why the auditors should get the money required to
put the OPP approach into place. Also, OPP does not produce visible results in the short
term, a condition which usually makes it harder to get funds and resources in light of
competing priorities.
17.
Nevertheless, NAOT has accepted the implementation of the risk-based
approach (OPP) in selecting its performance audit topics, and so funding will not be a
fundamental issue. Since the office has a limited number of performance auditors, the
approach will be adapted to suit our local conditions.
Proposed Approach
19.
Since its inception in 2005, the NAOT Value for Money Audit Division has been
working hard to build capacity and achieve intended objectives through workable
budgets and action plans. To ensure that this strategy is smoothly implemented, the
OPP Team will frequently consult with NAOT management and hold a number of
meetings with them during the project planning stage.
Phase 1Briefing sessions with management and staff
20.
I will hold a briefing with the CAG and AAG-VFM to discuss the strategy and its
objectives. Then, they will review the implementation schedule and provide their
feedback and approval. The AAG-VFM will select financial auditors to be involved during
the briefing session and on the implementation committee. I will then review OPP
discussion papers and other related material obtained from OAG Canada before
preparing an agenda for the coming briefing session. The session will include
management and other staff and focus on OPP, its related concepts, and the rationale
for adopting and implementing OPP as a risk-based approach to selecting our audits.
Phase 2In-house training
21.
I will refer to the knowledge Ive gained and reading material Ive obtained from
OAG Canada when preparing presentations on how to conduct OPP. I will review the
presentations before starting the in-house training with the auditors.
Phase 3Workshops
22.
All performance auditors will be involved in developing the OPP approach to be
used in the office. The CAG and the AAG-VFM will also participate in developing the
approach. Then, we will hold workshops to develop a simplified approach which will suit
our local conditions. We will review and discuss the Integrated Risk Management
process and OAG Canadas OPP process to determine what will apply to developing a
one-pass plan format for the office.
Phase 4Pilot project for the selected entity
23.
The pilot one-pass plan will be used as a training project for learning how to
conduct them. Further, it will be helpful in determining whether the developed approach
(the adapted OPP process) works, and hence in identifying what adjustments need to be
made before integrating it into the Offices strategic planning process and putting it into
practice across NAOT.
24.
The performance auditors selected to develop the Offices OPP approach (OPP
Team) will conduct a pilot one-pass plan using the agreed upon format. Once the pilot
project is complete, the team will hold a lessons learned session with management and
other staff to identify what worked well and what could be improved. The team will then
write an OPP report and forward it to both NAOT management and the surveyed entity.
Based on the results of the report, NAOT management and performance auditors can
decide on a list of possible audits to be conducted for that particular entity over the next
three years, as well as the timing for the audits.
25.
Through this exercise, the implementation committee will become familiar with
the approach. The approach will then be introduced to other entities (at all levels of the
government) to reinforce the understanding of the government-wide audit issues and the
role of all players.
the completion of a one-pass plan for the selected entity as a pilot project by
July 2011;
the integration of OPP into the strategic planning process of the office by
July 2012; and
27.
This success will also depend on the support of other stakeholders inside and
outside NAOT. Therefore, the Office must ensure that all of its stakeholders are aware of
this new approach to its performance audit work.
28.
Further, efforts will be made to ensure that all activities in each phase of the
strategy are completed within two years (from July 2010 to July 2012).
29.
The newly developed approach will then be monitored, evaluated, and adjusted
on a periodic basis to ensure continuous learning and improve performance audit
reporting.
Conclusion
30.
The National Audit Office of the United Republic of Tanzania faces a complex
challenge in selecting its performance audit topics. This makes the Office inefficient
during the planning phase of an audit. The huge number of audit entities and the limited
resources available for performance audit work makes the task of choosing priority areas
to audit very critical. The introduction of one-pass planning as a risk-based approach to
selecting matters for audit will enable the office to make optimal use of its resources and
provide assurance to the parliamentarians, central and local governments, and the
public that the office is fulfilling its responsibilities.
Time frame
Key player(s)
June 2010
Vacation
July 2010
Levina R. Kishimba
August 2010
Levina R. Kishimba
September 2010
The AAG-VFM
September 2010
Levina R. Kishimba
(1st week)
Levina R. Kishimba
October 2010
Levina R. Kishimba
2. Deliver training to
performance auditors on
preparing an entitys onepass plan
October 2010
Levina R. Kishimba
November 2010
November 2010
December 2010
(4th week)
December 2010
Levina R. Kishimba
(3rd week)
Activity
Time frame
Key player(s)
OPP Team
OPP Team
May 2011
OPP Team
June 2011
Levina R. Kishimba
June 2011
June 2011
June 2011
June 2011
9. Undertake a full
performance audit for the
selected entity based on the
selected risks
July 2012
OPP Team
10
(1st week)
Levina R. Kishimba
(1st week)
Levina R. Kishimba
(2nd week)
Levina R. Kishimba
(3rd week)
(4th week)
interviews completed,
a brief description of the risk and its impact on the entitys mandate, governance,
and operations;
a brief description of how internal and external risks to the entity affect the entity;
11
12
Identify possible products: The audit products identified will depend on the
focus of the Auditor General and will usually address multiple risks facing the
entity. Care is exercised to limit the products to the risks that were given higher
priority.
Respond to entity risks: The proposed product is aligned to the risks that were
identified.
Document risks to the office: These are the risks of delivering (auditability) or
not delivering (credibility) the proposed product.
13
Bibliography
Bergin, Ron. Strategic Planning in the Office of the Auditor General of Canada,
Presentation to the Canadian Comprehensive Audit Foundation Fellows, October 2009.
Hopwood, Tom and Wiltshire, Collin. OAG Risk Strategies for the Next Decade.
Discussion paper on use of risk concepts in OAG planning, auditing, and management,
September 2001.
Office of the Auditor General of Canada, Strategic Planning and Professional Practices.
One-Pass Planning Guidance to the Entity Team, March 2002.
_____. Update on our Strategic Plan Challenges, PowerPoint presentation,
October 2003. Linked to the following document:
http://notes.oag-bvg.gc.ca/intranet/intranet_menus.nsf/html/e_index.htm
_____. Performance Audit Manual, June 2004.
_____. Guidance on Preparing One-Pass Plans, September 2004. Available from:
http://notes.oag-bvg.gc.ca/intranet/intranet_menus.nsf/html/e_index.htm
_____. One Pass Plan for the Canada Revenue Agency, 2007.
_____. One Pass Plan for the Government of Nunavut, 2007.
Treasury Board of Canada Secretariat. Integrated Risk Management Framework, 2001.
Available from: http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12254
_____. Integrated Risk Management Framework: A Report on Implementation Progress,
March 2003. Available from: http://www.tbs-sct.gc.ca/rm-gr/irmf-cgir/2003-03rprt01_e.asp
14