Audit Process

Audit process - risk assessment

What do auditors do?	Why do they do it?
Agree terms of engagement	Terms of engagement are communicated & agreed to ensure a clear understanding of responsibilities of the parties, the objectives of the audit, access to information and the reports to be provided.
Plan the audit	An understanding of the auditee is obtained for risk assessment purposes & an audit plan is prepared.
Perform risk assessment procedures	A risk assessment is performed to determine the number and type of procedures to perform.

Audit process - risk response

What do auditors do?	Why do they do it?
Perform procedures in terms of risk assessment	Procedures are performed to obtain evidence that the financial statements & annual performance report do not contain material misstatements and that key legislation has been complied with.

Audit process - reporting

What do auditors do?	Why do they do it?
Prepare management report (not published)	The report is only provided to the management of the auditee and the executive authority at the end of the audit. It details the findings from procedures performed, identifies the root causes of these findings and makes recommendations for improvement.
Prepare audit report (not published)	The report is published in the auditees’s annual report. It informs those responsible for oversight, the public and others of material misstatements in the financial statements, material findings on the usefulness and reliability of the performance report, material non-compliance with key legislation in specific focus areas, and the deficiencies in internal control that were identified during the audit.

What do auditors do?

Why do they do it?

Prepare management report (not published)

The report is only provided to the management of the auditee and the executive authority at the end of the audit. It details the findings from procedures performed, identifies the root causes of these findings and makes recommendations for improvement.

Prepare audit report (not published)

The report is published in the auditees’s annual report. It informs those responsible for oversight, the public and others of material misstatements in the financial statements, material findings on the usefulness and reliability of the performance report, material non-compliance with key legislation in specific focus areas, and the deficiencies in internal control that were identified during the audit.

Audit process - what is an audit in the public sector?

The public sector auditor assesses the stewardship of public funds, implementation of government policies and compliance with key legislation in objective manner.

The scope of the annual audit performed for each auditee is prescribed in the Public Audit Act and the general notice issued in terms thereof. It includes the following:

Providing assurance that the financial statements are free from misstatements that will affect the users of the financial statements
Reporting on the usefulness and reliability of the information in the annual performance report
Reporting on material non-compliance with key legislation
Identifying the key internal control deficiencies that should be addressed to achieve a clean audit

Performance audits may also be performed to determine whether resources have been procured economically and are used effectively and efficiently.

Audit process - what does an audit not do?

Due to the test nature and other inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some, even material, misstatements in reported information may not be detected, and the completeness and the accuracy of the information reported are not guaranteed. Due to the focus on specific areas in key legislation, the audit does not provide assurance that all applicable legislation has been complied with. Although possible fraud may be identified during the audit, this is not the main purpose of the audit. The audit does not provide assurance that service delivery has been achieved, only that the annual performance report is useful and reliable.

Audit process - what is a clean audit?

A clean audit relates to three aspects:

The financial statements are free from material misstatements
There are no material findings on the annual performance report
There are no material findings on non-compliance with key legislation

Audit process - how to achieve a clean audit

Matters reported by external and internal auditors should receive timeous management attention, internal controls should address the following key areas:

Leadership

Establish a culture of honesty, ethical business practices and good governance
Exercise oversight responsibility
Ensure effective human resource practices
Implement appropriate policies and procedures
Approve and monitor the implementation of action plans to address internal control deficiencies
Approve an appropriate information technology governance framework

Financial and performance management

Ensure proper record keeping of all transactions
Maintain effective controls over daily and monthly processing and reconciling of transactions
Produce regular, accurate and complete financial and performance (service delivery) reports
Review and monitor compliance with applicable legislation
Design and implement formal controls to mitigate information technology risks

Governance

Ensure that risks are periodically identified, assessed and effectively mitigated
Maintain an adequately resourced and functioning internal audit unit
Maintain an audit committee that performs its legislated duties and promote accountability and service delivery

Audit Process | AGSA