Supplementary information
What is auditing?
Auditing refers to the process of checking and verifying information. There are two main types of auditors – internal auditors, who are usually employed by the organisation and focus on processes and controls, and external auditors, who are external to the organisation and focus on financial reporting. The AGSA functions as an external auditor of government.
The Independent Regulatory Board for Auditors (Irba) defines an external auditor as ‘an independent professional who… expresses an opinion on the fair presentation of companies’ financial statements’. External auditors typically verify an institution’s accounting systems, procedures and financial statements; evaluate how it manages funding and financial risk; ensure that it complies with all legal requirements; and ensure that tax payments are correct and in line with tax legislation and requirements.
What is the difference between internal and external auditors?
Internal auditors are usually part of an organisation who report to senior management and the board (via the auditee committee) on the state of governance, risk management and controls within the whole organisation (all departments, functions and operations). They focus on reviewing control design, testing key controls to ensure they are operating as intended and effectively managing the organisation’s risk, and making recommendations to improve overall control environment and operational performance of organisation as a whole.
External auditors, like the AGSA, are independent external assurance providers to the organisation and have a statutory obligation to report to shareholders and the public on the accuracy of the annual report and the financial statements. They focus on identifying risks and assessing controls over financial reporting, gaining sufficient audit evidence to conclude that the financial statements present a true and fair view of the organisation’s finances and operations, and making recommendations to improve the financial control environment.
Source: Institute of Internal Auditors
What is an audit in the public sector?
The public sector auditor assesses the stewardship of public funds, implementation of government policies and compliance with key legislation in objective manner.
The scope of the annual audit performed for each auditee is prescribed in the Public Audit Act and the general notice issued in terms of this Act. It includes:
- providing assurance that the financial statements are free from misstatements that will affect whose who use the financial statements
- reporting on the usefulness and reliability of the information in the annual performance report
- reporting on material non-compliance with key legislation
- identifying the key internal control deficiencies that should be addressed to achieve a clean audit.
Performance audits may also be performed to determine whether resources have been procured economically, and are being used effectively and efficiently.
What do we audit?
We focus on three main areas during our annual audits:
- financial statements
- performance reports
- compliance with legislation.
Audit of financial statements
The purpose of the annual audit of the financial statements is to provide users with an opinion on whether the financial statements fairly present, in all material respects, the key financial information for the reporting period in accordance with the financial reporting framework and applicable legislation.
The audit provides the users with reasonable assurance about how reliable and credible the financial statements are based on whether or not the audit procedures performed revealed any material errors or omissions in the financial statements.
Definition: A material misstatement is a material error or omission in the financial statements.
We report the poor quality of the financial statements we receive in the audit reports of some auditees who are subject to the MFMA or the PFMA as a material finding on compliance, as it also constitutes non-compliance with this legislation. The finding is only reported if the financial statements we receive for auditing include material misstatements that could have been prevented or detected if the auditee had an effective internal control system.
We do not report a finding if the misstatement resulted from an isolated incident or if it relates to the disclosure of unauthorised, irregular or fruitless and wasteful expenditure identified after the financial statements had been submitted.
Why are financial statements important?
Financial statements are an important tool that provide an account of an auditee’s financial affairs. They show how the auditee spends its money, where its revenue comes from, its assets and the state of those assets, how much it owes creditors, how much it is owed by its debtors, and whether the money owed is expected to be received.
The financial statements also give insight into an entity’s committed financial obligations and whether the entity will be able to honour these commitments when they fall due.
In addition, the financial statements provide crucial information on how the auditee adhered to its budget; the unauthorised, irregular, and fruitless and wasteful expenditure it incurred; and its overall financial position – in other words, whether its operations are financially sustainable.
The financial statements are used by the committees in Parliament and the legislatures to hold accounting officers and authorities to account and to make decisions on, for example, the allocation of the budget. For some public entities, creditors, banks and rating agencies also use the financial statements to determine the level of risk in lending money to the entity. In addition, members of the public can use the financial statements to see how well the auditee is using the taxes they pay to provide services.
If we audit and express an unqualified audit opinion on the financial statements, it means that there were no material misstatements (errors or omissions) in the financial statements and the users of those financial statements can trust the credibility of the information.
Audit of predetermined objectives / performance reporting
Auditees are required to measure their actual service delivery against the performance indicators and targets set for each of their predetermined performance objectives as defined in their annual performance plan, strategic plan or corporate plan, and to report on this in their performance reports.
PFMA: Every year, we audit selected material programmes of departments and objectives of public entities, as well as selected development priorities of auditees, to determine whether the information in the performance reports is useful and reliable enough to enable oversight bodies, the public and other users of the reports to assess the auditee’s performance. The programmes and objectives we select are those that are important for the auditee to deliver on its mandate. In the audit report, we report findings that are material enough to be brought to the attention of these users.
As part of the annual audits, we audit the usefulness of the reported performance information to determine whether it is presented in the annual report in the prescribed manner and is consistent with the auditee’s planned objectives as defined in strategic and annual performance plans. We also assess whether the performance indicators and targets set to measure the achievement of the objectives are:
- well defined (the indicator needs to have a clear, unambiguous definition so that data can be collected consistently, and is easy to understand and use)
- verifiable (it must be possible to validate the processes and systems that produce the indicator)
- specific (so that the nature and the required level of performance can be clearly identified)
- time bound (the time period or deadline for delivery must be specific)
- measurable (so that the required performance can be measured)
- consistent (with the planned objectives, indicators/measures and/or targets)
- relevant (so that the required performance can be linked to the achievement of a goal).
We also audit the reliability of the reported information to determine whether it can be traced back to the source data or documentation and whether it is accurate, complete and valid.
Audit of compliance with legislation
Every year, we audit and report on how auditees have complied with key legislation that applies to their financial and performance management and related matters. We focus on the following areas in our compliance audits, if they apply to the particular auditee:
- the quality of financial statements submitted for auditing
- asset and liability management
- expenditure management
- unauthorised, irregular, and fruitless and wasteful expenditure
- effecting consequences
- revenue management
- strategic planning and performance management
- financial statements and annual report
- transfer of funds and conditional grants
- procurement and contract management (in other words, supply chain management).
In our audit reports, we report findings that are material enough to be brought to the attention of the auditees’ management, as well as oversight bodies and the public.
What do the different audit opinions mean?
There are five main audit opinions that the AGSA can give:
Unqualified opinion with no findings
The ideal – a clean audit – everything has been done the way it should be. There are no material misstatements in the financial statements and the auditee has complied with the law and reported properly on its performance objectives. A clean audit means the money has been used ideally and for the intended purpose.
A clean audit also confirms that those charged with service delivery have created a solid foundation for delivering services and that finances are unlikely to be the cause for delayed service where things are going wrong.
Unqualified opinion with findings
Not bad, but not ideal – here, the information in the financial statements is correct and complete, meaning there are no material misstatements. But there are ‘material findings’: problems with the auditee’s performance reporting or non-compliance with the law, or both. This could compromise the auditee’s accountability.
Qualified opinion with findings
The situation is worrying – the auditee did not manage and account for its finances to achieve the best results. The financial statements contain material misstatements about specific amounts, or there is insufficient evidence for the AGSA to conclude that the amounts are not materially misstated.
Adverse opinion with findings
Lots of problems everywhere – the auditee has not followed the correct rules and procedures and has not provided complete, correct information to account for its spending. There are a lot of material misstatements.
Disclaimed opinion with findings
The worst outcome – the finances are so badly managed that the auditee cannot even produce evidence (documentation) to support its financial statements.
There is also a sixth category that an audit can fall under:
Outstanding audits
Financial statements were either submitted too late for the AGSA to audit or not submitted at all. This category is usually considered as bad as a disclaimed opinion.
What are unauthorised, irregular, and fruitless and wasteful expenditure (UIFW)?
Unauthorised, irregular and fruitless and wasteful expenditure are three of the problems that the auditors might flag about government spending.
Unauthorised expenditure
expenditure that occurs when auditees use more funds than had been allocated (in other words, overspending) or use allocated funds for purposes other than those intended
This can be as a result of administration errors or accidents.
Irregular expenditure
expenditure that was not incurred in the manner prescribed by legislation; this does not necessarily mean that money was wasted or that fraud was committed
This may be caused by procedures not being followed.
Fruitless and wasteful expenditure
Expenditure that was made in vain and that could have been avoided if reasonable care had been taken
This can be due to not paying suppliers on time and incurring interest.
What are internal controls and why are they important?
What are internal controls?
Internal controls are processes and measures instituted by an auditee to:
- ensure that it meets its mandated objectives
- conduct its business in an effective, efficient and economical manner
- safeguard its assets and resources
- deter and detect errors, fraud and theft
- ensure the accuracy and completeness of its accounting and performance information
- produce reliable and timely financial and non-financial reports
- ensure compliance with legislation and adherence to its policies and plans
- promote accountability and transparency.
Why are they important?
Good internal control is the key to ensuring that auditees deliver on their priorities in an effective, efficient and economical manner as well as produce quality financial statements and performance reports and comply with applicable legislation.
Accounting officers and authorities have a legislated obligation to implement and maintain effective, efficient and transparent systems of financial and risk management and internal control, while oversight structures and executive authorities should keep them accountable for the effectiveness of the internal controls.
If underlying weak internal controls are not addressed, it increases the risk of the misappropriation of funds, unreliable financial and performance reporting as well as non-compliance with legislation.
On the other hand, a sound internal control environment that is monitored in a robust manner by the different assurance providers will enable effective, efficient and economical service delivery, accurate and reliable financial and performance reporting as well as compliance with legislation. This in turn will facilitate accountability and transparency in the management of public funds.
Obtaining and providing assurance that such controls are in place and working effectively should thus be a key priority of accounting officers and authorities and their senior managers.
How can preventative controls help?
Preventing poor-quality financial statements and performance reports, non-compliance and material irregularities is more effective and efficient than having to deal with the consequences of not doing so – money and time are lost, costly investigations have to be instituted, and officials are subjected to the discomfort and anxieties associated with these processes, which often take a number of years to be finalised.
Preventive controls should be designed, implemented and working effectively in all the key processes of an auditee. This will give comfort to the accounting officers and authorities, executive authorities and oversight structures that any failures that could threaten the finances, performance, delivery and accountability processes of the auditee will be prevented.
Download our preventative controls guides
A preventative control can be in place, but for it to work effectively (in other words, in the right way, at the right time, every time) it must be built on a strong control environment. This includes a leadership tone and culture in the auditee that supports the need for controls, as well as institutionalised internal controls at organisational level. Obtaining and providing assurance that the controls are in place and working effectively should be a key priority of accounting officers and authorities and their senior managers.
Preventative controls should be present across the following categories:
- The control environment as a basis for all preventative controls:
- Tone and control culture – controls that should be in place at an organisational level to enable an ethical and effective control culture, including leadership effectiveness and conduct.
- Internal institutionalised controls – controls that should be in place at an organisational level to enable the implementation and monitoring of, and the assurance on, preventative controls.
- Transactional level controls within the key business processes of auditees, such as procurement, payments, financial statement preparation, and asset management.
- Project management and delivery controls within key delivery areas, including infrastructure development and maintenance.
How do audit outcomes relate to service delivery?
When an auditee receives a clean audit opinion, it means that its financial statements and performance report give a transparent and credible account of its finances and its performance against the targets that were set. In other words, these accountability reports present a reliable picture of that auditee, whether good or bad. This enables everyone with an interest in the auditee – particularly communities, community organisations, and those who need to oversee the auditee’s performance and provide the support it needs to succeed – to judge how the auditee is doing and to take action where necessary. It also means that the auditee complied with the important legislation that applies to it and, where slip-ups did occur, they were rare or not material.
While a clean audit is not always an indicator of good service delivery, we have seen that auditees that have the controls and systems in place to plan, measure, monitor and account for their finances and performance, and to stay within the rules, often also have a solid foundation for service delivery that will benefit the communities they serve.
Other pages in this section:
Other pages in this section: