Civic Review, Vol. 13, Special Issue, 2017, 64–82, DOI: 10.24307/psz.2017.0305
Supreme audit institutions (SAIs) must conduct their audits where and when this is most needed, and where the greatest added value is generated. In line with the principles of good governance, when planning audits, in addition to risk analysis results, SAIs ideally also take social expectations into account. The support of good governance is treated as a priority, moreover, the audit focus of SAIs is also impacted by the focus of public management.
The aim of this study is to present the selection methodology supporting audit planning, as well as the characteristics of risk analysis through international examples. The study first presents the key phases and features of the planning processes of supreme audit institutions, while also pointing out how planning can support good governance. Planning comprises several interrelated phases, including the selection of audited areas, the definition of methodology, the preparation of audit programmes and resource planning. In line with the requirements of international standards, SAIs apply risk analysis in the various phases of planning. This section will also present a new trend, namely social participation.
According to its Strategy adopted by the Hungarian National Assembly, the State Audit Office of Hungary (SAO) considers as its mission to promote the transparent and sound management of public finances with its value creating audits performed on a solid professional basis, and thus to contribute to good governance. The goal of the SAO’s audits is to provide well-founded, professional and objective answers with regard to current economic and social problems, by focusing on appropriate issues at the appropriate time. For this purpose, the SAO renewed its planning system from 2011. The second part of the study presents the planning processes of the State Audit Office, developed on the basis of international standards. In order for the audits of the State Audit Office to support good governance to the greatest possible extent, the various planning phases have a hierarchic structure and rely heavily on information from the organisation’s risk database.
Journal of Economic Literature (JEL) code: H83, H11, E69
Keywords: audit planning, selection, risk analysis, supreme audit institution, participation
Planning processes of supreme audit institutions
SAI planning for good governance
One of the expectations against supreme audit institutions (state audit offices) is that they must conduct audits in areas where there is a relevant social need for this, and where such audits generate the greatest benefit for society. The function of planning processes is first and foremost to select areas within state involvement in general, the auditing of which helps fulfil the above criteria, thereby supporting good governance, the well-managed state and efficient state management. In addition, certain planning tasks also arise in connection with any given audit, such as the planning of the audit objective, its method, key issues, resource requirements, as well as supporting activities.
As such, SAI planning is a complex, multi-phase process which forms a hierarchic system from strategic planning through resource plans and the creation of operative audit plans all the way to feedback. This chapter presents the key steps of planning, primarily based on INTOSAI1 standards (ISSAI 200, 300, 400).
The strategy is the long-term (multi-year) plan of SAI activity, which sets out the key tasks of the institution as well as its ethical requirements, values, priorities, and the directions and main objectives of the given period.2 This strategy is prepared in line with the institution’s mission as well as with legal regulations and the government’s strategy papers. The strategic plan serves as a foundation for the annual plans of the period ahead, and as such, strategic planning defines audit topics and audit criteria (the method used by the state audit office to set out the audit directions of the period ahead depends on both political-statutory environment as well as established traditions). These are all necessary to align annual plans with one another, and for audits to generate the greatest added value possible while supplementing one another.3
The selection of audit topics and criteria depends on strategic priorities. The primary goal of selection – in addition to limited audit capacities and expenditures – for audits is to contribute to improving state operation to the greatest extent possible. This contribution may take on a number of forms, such as the saving of public funds, the support of decision-making, the improvement of effectiveness and transparency, etc. The objectives of selection criteria vary depending on what type of audit they serve as basis for.
- The objective of financial audits is to determine whether the information presented in the financial statements of a given organisation comply with the applicable financial reporting and regulatory framework, thus helping to increase the confidence that the intended users have in such financial statements. One of the objectives of selection may be to cover as much of public spending as possible by auditing the most significant programmes, i.e. those that impact financial equilibrium the most.4
- Compliance audits are a specific audit type designed to determine whether the activities, operations, financial transactions, information and data constituting the subject of the audit are in compliance, in all material respects, with the regulations and requirements relevant to the audited entity. During the definition of selection criteria, one of the objectives may be the selection of organisations and programmes where potentially irregular operation represents a considerable macro-economic risk, and where regularity audits (by raising awareness on their operation) provide useful information for decision-makers as well as other stakeholders.
- The objective of performance audits is to constructively support the efficient, effective and economical spending of public funds, as well as the management of and task performance related to national assets. Another goal is to uncover factors potentially hindering financial management and task performance as well as the enforcement of the requirements of effectiveness, efficiency and economy; and to point out how these could be reduced (these audits typically examine the realisation of the 3E-s: effectiveness, economy and efficiency). The goal in this case is to select systems and programmes, the auditing of which represents substantial added value for their effectiveness, efficiency or economy (ISSAI 3000). Added value could mean, for example, the support of parliamentary/governmental decision-making or contribution to the improvement of the management of the audited entity.
It is, therefore, clear that the objective during the planning of all audit types is to create the greatest added value possible, however, the form of this added value varies at the given audit types (more reliable statements; improvement in terms of compliance; more effective, efficient and economical operation).
The strategy paper also sets out the so-called audit orientation, considered to be one of the most important characteristics of SAI activity. The figure below related to the planning priorities of performance audits helps to outline the audit orientation.
Through its (performance) audits, the state audit office may decide to examine the regularity of the audited organisation/area/process, thereby supporting the enforcement and implementation of legal regulations (focus on statutory compliance, vertical axis). When the state audit office primarily wishes to contribute to the modernisation of state operation, it then focuses its audits on various aspects of performance (focus on effectiveness, vertical axis). Audits may also move along a wide spectrum in terms of the audited area as well, as – based on its strategic decision – the state audit office may examine only government bodies or only government programmes involving several sectors, or it may also define its own “portfolio of audited entities” somewhere between these two end-points (movement along the horizontal axis).
The form of public management also affects the priorities of SAI audits. As stated in ISSAI 3000, “in countries where public management is mainly concerned with means and less involved with ends, audits also tend to focus on whether rules have been observed and enforced rather than whether the rules serve or are seen to serve their intended purpose”.
Certain conditions must also be met in respect of the area for audit (process, programme, organisation) in order to generate the highest added value possible, e.g. the given area must be significant (but at the same time auditable) from an economic, public finance, social or public policy aspect (ISSAI 100). These conditions are also usually defined by strategy papers.
The annual plan5 lists and presents the audits to be carried out in the given period (audit objective, method, audited area, risks, key audit questions, etc.). The annual plan is prepared in harmony with the audit priorities set out in the strategy as well as with macro-economic and risk analyses and the requirements stipulated by legal regulations, while also taking into account ‘anticipated demand’ for audit reports (in other words, on which forums and by which socio-economic players the report is expected to be best utilised). The objective of planning, therefore, is to select the areas, programmes and organisations to be audited in the coming period, and to determine the order of audits depending on capacity. (At the European Court of Auditors, this phase is called ‘programming’, in line with EU terminology.) The annual plan serves as the foundation for operative planning.
Audit planning comprises the formulation of the specific audit strategy and the preparation of the audit plan. In addition, complex audits are also substantiated by analyses and preliminary studies. The plan must provide answers to the questions: what is audited, why is it audited and what is the purpose of the audit?
Based on INTOSAI standards, it is in this phase that the objectives, scope, method and criteria of the given audit must be formulated in detail; this is where audit questions must be drafted and the sample to be audited is to be defined and where the documents supporting the audit (e.g. background information, analyses, etc.) must be prepared.
The resource plan serves the professional, objective and smooth implementation of the audit. This resource plan defines the required human and physical resources as well as the schedule of the audit, and also provides all other information needed for the audit.
After the completion of audits, it must be ensured that all the experiences that may improve planning quality are processed and fed back into planning processes.
Role of risk analysis in SAI planning
Supervisory, (sectoral) management and audit duties are part of the core activities of numerous institutions, and performing these is likewise supported by risk analysis, which points attention to the riskiest areas, topics, processes and organisations. Typical examples include the system of macro-economic analyses carried out during budget planning, and the planning and monitoring of sectoral governance and supervisory activities (Domokos et al., 2015).
Audit planning creates a unique situation in terms of both the objective of risk analysis and the persons implementing the analysis. Within planning, the analysis of audit subjects’ risks (which analysis supports the selection process) can be distinguished logically from the evaluation of risks threatening the conduct of the audit. In both cases, the risks are analysed by the audit organisation, but the risks themselves can arise in the audited organisations in the former, and in the auditing organisation in the latter case. In the case of selection, the analysis and risk-bearing roles are separated, therefore, risk management also takes on a unique interpretation in respect of audit activity. On the one hand, the risks of the various areas, processes, activities and organisations are analysed in the interest of the assessment of selection, sampling and inherent risk. On the other hand, the risks of the planning and selection processes and the risks of conducting the audit that may arise at the audit organisation must also be identified (e.g. auditor numbers and time limits may not be sufficient, audit evidence may be incomplete, the auditor fails to uncover a material error).
When risk analysis is performed during planning in the interest of selecting audit topics and organisations, then this risk analysis entails the collection of necessary, relevant and reliable data and information, as well as the entire process of identifying, analysing and assessing potential risks (indicators, effects, probability). In such cases, risk analysis is not performed in order to plan the risk management measures needed within one’s ‘own’ organisation, but is instead directed at mapping out the areas and processes that bear the greatest risk, and at identifying and assessing risks present in auditable persons (organisations or private individuals). Where analysis involves a population (e.g. central subsystem, entrepreneurial partnerships) with a great number of elements, the main purpose of risk analysis is to sort the elements according to the specified risk criteria, i.e. to establish a kind of risk “ranking” in the interest of selecting the riskiest elements.
Pursuant to INTOSAI standards, the foundation of the planning work processes of supreme audit institutions must be laid down by risk analyses. As an example of the practice applied by supreme audit institutions, Domokos et al. (2015) present the risk analysis used by the European Court of Auditors. According to this, state audit offices conduct risk analysis during
- the selection of audit priorities and areas,
- the analysis of the controls and measures of the audited entities, and
- the definition of the issues and scope of the audit.
In addition, in order to conduct the audits, the risk related to the audit activities must also be managed.
When selecting audit priorities and areas, the goal of risk analysis depends on the audit directions set out in the aforementioned SAI strategy. If the state audit office, for instance, wishes to support the enforcement and implementation of legal regulations, its risk analysis supports the selection of areas, the irregular operation of which represents high risk in respect of e.g. the feasibility of the budget, the accomplishment of fiscal objectives, the successful implementation of various governmental programmes, the effective operation of organisations or the provision of public services. If the state audit office wishes to primarily support the renewal of public management through its audits, risk analysis then lays the foundation for the selection of areas where a shortfall is observed in respect of effectiveness-efficiency-economy, and which thereby hinder the achievement of the performance targets of the government.
Where analysis may involve a population (e.g. budget lines, multiple business associations, projects) with a great number of elements, the key goal of risk analysis is to sort the elements according to the specified risk criteria, i.e. to establish a kind of risk “ranking” in the interest of selecting the riskiest elements.6
When assessing regularity and financial statements, SAI auditing – similarly to all audits – cannot provide complete assurance of uncovering all deviations. Instead, the objective should be the so-called reasonable assurance, which in practice typically represents an audit risk of 5 per cent. Audit risk is the opposite of audit assurance: the risk of drawing an erroneous conclusion that is still tolerated by the auditor. In practice, audit risk is unavoidable. Audit risk can be calculated as follows.
audit risk = inherent risk (arising from the nature of the audited organisation)* control risk (depending on the controls of the audited organisation)* detection risk (the risk that the auditor fails to detect certain deviations).
This is why the state audit office, through the risk analysis of the controls and measures of the audited organisation, seeks to identify the organisational processes where significant (residual) risk (existing in spite of the controls that are in place) threatens the accomplishment of organisational goals. The audit is able to generate the greatest added value by assessing these processes and by pointing out the deficiencies of these processes.
The definition of the issues and scope of the audit depends on the nature and magnitude of residual risks. In this particular phase, risk analysis supports the establishment of audit procedures, including sampling and the planning of control tests.
Risk analyses related to performance audits are different from the methods applied at financial regularity audits, as in this case the risks threatening the realisation of the 3Es must be assessed (ECA, 2013).
New directions; citizen participation in SAI audits
From time to time, new trends appear within the planning processes of supreme audit institutions. In the recent period, international literature has become increasingly focused on the analysis of the benefits and disadvantages of citizen participation (e.g. the 2014 study by Baimyrzaeva and Kose). Citizen participation is when, during the selection of audit topics, SAIs also discuss audit topics suggested by citizens or citizen groups, which are then taken into account when compiling audit plans. This aspiration is in line with the principles of good governance as, by involving citizens in decision-making processes, it reinforces the transparency of governance as well as the confidence placed in governance. In addition, SAIs also understand what citizens are focused on, e.g. what processes they consider risky or where they observe wastefulness.
The UN/INTOSAI symposium of 2011 also focused on citizen participation in the activities of supreme audit institutions. The results of the questionnaire survey conducted among state audit offices served as the basis for the discourse (United Nations, 2013).
According to the level of citizen engagement, state audit offices can be classified into one of three groups (see Figure 2). The largest group is Group 1, where one-way communication is typical: SAIs respond to requests, hold presentations and provide information to the public, as well as distribute audit reports on their websites and through the media or conferences. They only involve experts in their activities (such as planning). In the view of SAIs in Group 1, citizens engagement compromises the independence of the organisation.
SAIs in Group 2 support two-way communication. They monitor information communicated by the media as well as topics debated in parliament. They regularly conduct public opinion surveys. They may also consider suggestions from members of parliament, different parties, factions, trade unions, employers’ organisations and other non-profit organisations. A few also pay attention to opinions posted on social networks, or may consult with professional organisations or bodies. Based on these criteria, the SAO falls into Groups 1 and 2.
SAIs in Group 3 consider citizens as partners in the various phases of their activity, and during this activity they actively use the various media channels (surprisingly, most of these are SAIs of developing countries). As far as planning is concerned, they can suggest topics, organisations or areas to be audited. According to South Korean experiences (Kim, 2014), based on their interests and priorities, citizens primarily suggest topics related to their subsistence (permit and licencing, construction, transportation and environment) and these make up almost half of all audit requests. Despite the high cost of the implementation of participation, the positive effects of requests made by citizens that affect the operation of the public sector balance out related costs (64 per cent of participation audit requests have resulted in material consequences). Another important benefit is that participation significantly contributes to enhancing the transparency and impartiality of public institutions.
At the same time, risks arising parallel to the more extensive use of participatory auditing must also be mentioned, risks such as the appearance of personal interests in recommendations (individual citizen interests or the political and economic interests of certain groups). These risks can and must be managed, for example by accepting recommendations that focus on public interests, filtering recommendations based on committee assessments or setting a minimum number of applicants in respect of a given issue.
In addition, the measurement of the effectiveness and utilisation of participation is also essential in the interest of the increased utilisation of the benefits of public participation.
Audit planning processes at the State Audit Office of Hungary
The theoretical background of the audit planning
Concept of a strong, active and well-managed state
The financial crisis has clearly shown that decreased role of the state in areas that have key importance from an economic perspective (such as public services), and the enforcement of interests of specific market player carries numerous social and economic risks (G. Fodor–Stumpf, 2007). The marketisation processes appearing in certain state subsystems may lead to certain social groups swiftly lagging behind, as well as a drop in competitiveness. At the same time, the division of decision-making responsibilities in governance also generates further problems: it undermines the transparency and auditability of performance, and weakens accountability (Frivaldszky, 2010).
As a possible answer to these problems, the ideal of the strong and active state, in other words ‘a well-managed state’ was formulated, which strives to accomplish the goals of good governance through a reinforced state role. The well-managed state, on the one hand, establishes the framework conditions that are essential for socio-economic development, and on the other, assumes the tasks – as well as the responsibility – of good governance. Along this train of thought, and on account of the experiences of the negative consequences of indebtedness, starting from 2010 the creation of a new public management system commenced in Hungary. The neoliberal economic policy concept (liberalisation, deregulation, participation) has been replaced by an economic policy that focuses on the protection of national interests, and which increases and strengthens the role of the state. The legal regulations required for the operation of the well-managed state have been created.
The operation of the state which has a strong economic role requires stable financial foundations and macro-financial equilibrium, and at the same time it also became necessary to revise the tool-kit of the auditing of public spending and the management of public assets. The stability of public finances assumes independent, professional and regular public auditing and control systems. It was by keeping these objectives in mind that the Hungarian public finance system was renewed, a highlighted and strategic element of which was the reinforcement of the system of public finance controls (Domokos, 2014).
The framework and tools of the auditing of public finances
In addition to creating the constitutional guarantees needed for economic renewal, for the reduction of public debt and for keeping public debt at bay, basic provisions related to the auditing of public finances, to the State Audit Office and the Fiscal Council have also been included in the Fundamental Law within the topic of public finances. The Fundamental Law stipulates the so-called debt rule, according to which the National Assembly may not adopt an Act on the central budget as a result of which state debt would exceed half of the gross domestic product. As long as public debt exceeds half of the gross domestic product, the National Assembly may only adopt an Act on the central budget which provides for state debt reduction in proportion to the gross domestic product.
National Assembly has adopted a new law to ensure the economic stability of the country and the sustainability of its budget, to ensure the independent opinion on the status of the execution of the act on the central budget and for the purpose of facilitating the reduction of public debt (Act CXCIV of 2011 on the Economic Stability of Hungary). The Stability Act also stipulates regulations limiting the generation and increase of public debt, and states that the Fiscal Council shall examine whether the bill on the central budget complies with the public debt rule.
The revised legal environment, therefore, limits the leeway of public overspending through the debt rule, and through having this rule monitored and enforced by the Fiscal Council. As such, the Fiscal Council is tasked with guaranteeing macro-financial equilibrium. The State Audit Office plays an important role in supporting the work of the FC, through its analyses that also make use of audit experiences.
The new legal regulations afforded a substantial constitutional role to the State Audit Office, the country’s supreme financial-economic audit organisation. The new SAO Act reaffirmed the independence of the State Audit Office in several aspects; widening its scope of authority, expanding its toolset and increasing its transparency. The starting point of the work of the SAO is the Fundamental Law and the SAO Act, from which all SAO activities (audits, analyses, advisory activity) can be derived. The constitutional provision aimed at the reduction of public debt is particularly important during the planning of SAO work. As Domokos (2014) emphasises, the State Audit Office defines its audit plan in consideration of this; indeed, this is one of the focal points of numerous audits and analyses, and the SAO makes recommendations and performs advisory tasks in the interest of accomplishing this goal.
The State Audit Office, therefore, first and foremost pays special attention to areas of the public sector that significantly impact the level of debt-to-GDP ratio, in other words the changes of public debt and gross national product. The central budget is a priority area, and the SAO provides an opinion on the substantiation of the planning of the budget as well as the feasibility of revenue appropriations; and it also audits the execution of the budget, which in turn allows for the comprehensive and systemic review of a significant part of public finances. The auditing of the management of public debt is also a task allotted to the SAO. As the indebtedness of local governments and business associations, majority-owned by local governments or the state, greatly contributes to the increase in public debt, the State Audit Office pays increased attention to auditing these areas as well.
The SAO conducts audits at multiple levels: at governmental, middle management and organisational levels alike. In order to accomplish the targets aimed at reducing debt, the compliant operation of organisations using public funds is essential. The State Audit Office is entitled to conduct regularity audits in all areas where public funds are utilised, and where the law only sets out rules of procedure. The legal regulations, therefore, guarantee the audit powers of the SAO, and also create the necessary guarantees (for example, the obligation of the audited entities to cooperate and take measures).
During the planning of audits, an important aspect is that audits, by focusing on appropriate issues at the appropriate time, support the promotion of the transparency and sound management of public finances. The reports can be utilised at multiple levels, which is why the SAO takes the various levels of utilisation into account already at the audit preparatory phase. It is equally important that planned reports are still current and topical at the time of publication, otherwise these reports cannot be utilised appropriately. As such, legislative work can only be supported by a welltimed and well-focused audit report, and this is why the legislative schedule must also be taken into consideration during planning.
During the audit planning process, the State Audit Office applies several selection methods in line with the various planning and audit phases. Consequently, it uses and analyses different types of information during the definition of audit priorities or specific audit topics, when selecting audit sites or during the preparation of the audit programme. When gathering information, it is an important aspect that the utilisation of such information should adequately outline the risks that threaten the responsible and high-quality financial management of public funds and national wealth.
Below, our study presents the selection methods used in various planning and audit phases, along with the range of information used in these phases, based on the legal regulations concerning the SAO, the contents of internal regulations and the annual reports of the SAO.
Determination of audit priorities
The audit priorities that serve as the basis for semi-annual audit planning processes are defined by the so-called strategic control team operating within the State Audit Office.7 When defining priorities, the strategic control team takes into account legal provisions, the contents of the SAO strategy, the National Assembly’s legislative schedule, strategic planning documents, the decisions of the State Reform Committee, the activities of the EU Commission and the European Court of Auditors as well as information culled from the SAO’s risk analysis system. It also takes into consideration whether any significant or major changes have occurred in the legal framework or infrastructure of the given area.
Article 43 of the Fundamental Law and Act LXVI of 2011 on the State Audit Office of Hungary (Act on the SAO) establishes the scope of authority and tasks of the SAO as well as the mandatory audits. Within its scope of activities set out by law, the SAO shall conduct audits pursuant to decisions taken by the National Assembly.
The SAO strategy states that state audit office audits must generate added value, and must lead to perceivable savings in the utilisation of public funds. The fight against fraud and corruption and the establishment of an integrity-based administrative culture are also indicated as priority goals. It is a strategic objective of the SAO that its resources not tied up by audits conducted pursuant to statutory provisions and with the frequency set out by law, be focused on conducting systemic, holistic approach audits in the interest of the transparency of the complex processes of public finances. The SAO places great emphasis on audits relying on and related to one another, as by shedding light on certain key areas of public finances from multiple perspectives, it is able to contribute good governance as part of its advisory activity.
An important aspect during the definition of audit priorities is the significance of the given area or the activity of the given organisation regarding the changes of the public debt ratio, public deficit, tax revenues or the management of national wealth. The auditing of the absorption of EU funds that have particular significance in respect of social and regional convergence; and the auditing of large distribution systems and supervisory authorities are of particular importance. Also important is the auditing of areas that realise given social objectives that are significant from a social perspective, such as for example higher education, research and development, national data protection systems, public transportation and minority self-governments.
The frequency of the audits performed by the State Audit Office is determined by law or, in the absence of relevant statutory provisions, by the President of the State Audit Office.
Medium-term audit concept
The medium-term audit concept establishes the directions, objectives and focal areas of SAO with a time horizon of 3-4 years. With the creation of the concept, no unaudited areas (‘grey areas’) remain, and by defining medium-term audit directions and through holistic audits and analyses, the SAO is able to exponentially assist the utilisation of its work. The concept is an integral part of the medium-term institutional strategy of the SAO, into which semi-annual audit plans are closely integrated.
The SAO’s audit activity is essentially determined by the statutory requirements prescribing the execution of certain tasks with a pre-defined frequency, which tie up substantial resources. Every year, the SAO audits the execution of the annual budget of Hungary as well as the activities related to the exercise of proprietary rights over state property; along with the review of the local government decree on revenues due to and shared by the Municipality of Budapest and the Budapest district local governments annually, and provides an opinion on the bill on Hungary’s annual budget. Within the framework of final accounts, the effectiveness of tax collection is also audited, which is of key importance in respect of the generation of public deficit and public debt. Every second years, the SAO audits the financial management of parties and party foundations that receive budgetary subsidies. The audit tasks related to the financial management and task performance of local governments are regularly integrated by the SAO into its audit plans.
The improvement of the public debt ratio8 as a constitutional objective – with a focus on macro-economic risks – is a central element of the SAO’s medium-term audit concept. With that in mind, the SAO places special emphasis on auditing the organisations whose activities exert the greatest impact on changes in the public debt ratio. Another option of improving the public debt ratio is to increase GDP (“to grow out of public debt”). The state redistributes close to 50 per cent of GDP among players of the economy, therefore, how effectively and efficiently incomes are withdrawn in the form of taxes and other incomes of public authority and then redistributed as grants, investments and public services is a primary audit aspect. In this respect, the SAO pays particular attention to the auditing of public funds used in the areas of education and research; to the auditing of state investments and energy supply, and to the auditing of organisations supervising compliance with market regulation mechanisms and related legal regulations. As the “auditor of auditors”, the results of the work of the SAO may be exponentially important, as its findings can be utilised to make the activities of auditors more regular and effective.
Selection of audit topics
The SAO’s risk analysis division prepares specific audit topic suggestions in line with audit priorities, in accordance with internal regulations, and by taking information from the SAO monitoring system into account. As part of monitoring, it performs the following activities.
- It monitors publicly available data and information, and organises these into a database.
- It monitors and records indications and audit experiences received from supervisors, supervisory and other managers as well as from organisational units.
- It processes and records announcements of public interests and prepares monthly reports.
- It processes information concerning the sites of completed audits and audits still in progress, and keeps such information up-to-date.
- It processes daily press review reports from a risk aspect (concerning the SAO, audited entities or audit topics), records such reports and prepares monthly reports.
- It monitors the recommendations made by Members of Parliament as well as the discussions and text analyses of committees.
- It processes economic reports (e.g. Századvég monthly monitor, MFB Periscope) and analyses.
Topic suggestions – which contain the risk summary, the type of audit and the organisations affected by the audit – are approved by the President.
Definition of the focus and key issues of the audit
Preliminary studies are prepared for approved topic suggestions. A preliminary study is an audit document that lays the foundation for the preparation of audit programmes, which presents all relevant information concerning the topic, detects the risks, determines the objective, hypothesis and type of a possible audit, its period, the organisations involved, its expected utilisation and the expected costs.
During the preparation of preliminary studies, the results of preliminary risk analysis, publicly available information and statutory provisions must all be taken into account, and in individual cases, information provided by the audited entity upon the request of the SAO. The preliminary study, finalised by taking the reviewer’s opinion into consideration, is approved by the President.
Semi-annual audit plan
The State Audit Office carries out its audit activities on the basis of its audit plan approved by the President, which plan is published and forwarded to the National Assembly in semi-annual planning cycles. When compiling the audit plan, the SAO takes into account the audit tasks commenced in the preceding period that are still in progress, as well as those to be implemented in the given period pursuant to statutory obligations.
Pursuant to the provisions of the Act on the SAO, the semi-annual plan may include mandatory and timely audits, such as the auditing of the execution of the central budget, the taxation and other revenue collection activities of the state tax authority and local governments, the utilisation of campaign funds, the legality of the financial management of political parties, the activities related to the exercise of proprietary rights over state assets and the financial management of the National Bank of Hungary. Further topics defined by the State Audit Office are carried out depending on the available capacities of the SAO.
Preparation of the audit programme
The programme of the given audit is prepared after the preliminary study has been approved. In line with the focus questions set out in the preliminary study, the auditors drafting the audit programme define the detailed audit questions and set out the range and volume of the data to be audited. If sampling is required, the type and method of sampling and the size of the sample is determined using statistical methods. The IT-based substantiation of audit programmes, along with data planning and data preparation, is also realised in this phase. The targetedness of the audit programme plan is examined by the organisational unit responsible for risk analysis.
In respect of the same topic and organisational scope, the SAO conducts audits based on updated audit programmes and by enforcing rolling planning principles. These programmes may also be supplemented, for example, by modular programme elements related to the given topics, but which manage special focal areas.
The audit programme is approved by the President.
Thematic audits are audits conducted on the basis of standard audit programmes with the possibility of the comparative evaluation of the given area, for example, of the most important areas of the operation of local governments and of companies majority-owned by local governments and the state; while as a method of organising audits, it greatly improves the efficiency of organisation. During thematic audits, therefore, the SAO prepares an independent report on multiple audit sites using the same audit programme. Audit sites may be selected on a risk basis, by sampling (full, representative, layered) or using other statistical methods, depending on the given audit objective. The selection of sites is facilitated by an analysis prepared by the unit responsible for risk analysis, which is based on information from the risk analysis and assessment system. Risk analysis is primarily conducted by taking the following factors into consideration.
- Information culled from the master database of budgetary institutions and the company database of business associations.
- Financial and financial management information available on organisations, e.g. annual budgets, annual/semi-annual institutional budgetary statements and the analyses prepared on the basis thereof.
- Balance reports and annual flash reports.
- Audit data of organisations, and the findings, recommendations and experiences of past SAO audits.
- Information received from the risk-warning system.
- Announcements of public interest.
- Results and experiences of SAO analyses
- Results of the SAO Integrity Survey, corruption vulnerability data, information related to integrity protection organisational tools.
This is followed by the preparation of a risk summary, which contains the essential information and risks pertaining to the selected sites (e.g. concerning the institutions selected for institutional thematic auditing). The risk summary is approved by the President.
The cost-benefit analysis of the audit, capacity planning
When planning audits, in addition to anticipated benefits, the SAO also takes auditrelated costs into account. There are numerous procedures aimed at cost reduction and more effective resource utilisation within the SAO, including for example, the system of audits relying on and related to one another,9 or the introduction of followup audits based only on electronic data supply.
The human resource planning of audits ensures that resources of appropriate quality and quantity are available, and that arising risks are managed (ranking of audit assignments, risk warnings, potential plan amendments).
Monitoring of utilisation
After the completion of the audit, the SAO tracks the obligation of the audited entity to take measures (to cooperate), the experiences of which are also channelled back into the organisation’s risk monitoring system.
The experiences of the utilisation of the report are collected, recorded and analysed continuously by the SAO, which also uses the results of the analysis during its planning processes.
Methodological revision in planning
In areas highlighted in the medium-term audit concept, even regularity audits are able to point out fundamental deficiencies, the elimination of which could lead to substantial savings in public spending. Even though it is not the SAO’s task to criticise the professional content of state policies and the way public functions are carried out, it may however audit and assess effectiveness, in other words
- whether – pursuant to legal provisions – impact studies had been prepared prior to a given state intervention (such as a tax relief or a developmental programme);
- whether regulation is comprehensive;
- whether the objectives and performance criteria had been clearly defined and whether data collection, measurement and assessment is performed on the basis thereof;
- whether the system of monitoring, auditing and assessment of implementation had been put in place;
- whether the structure and operation of the internal control system is suitable to detect and correct the risks, errors and deficiencies observed within systems and institutional operation, and to assess the measures taken in the interest thereof.
As one of the cornerstones of its independence, the SAO establishes its own professional audit guidelines and methods by following the international standards of INTOSAI. The revision of the international audit standards adopted by INTOSAI at the end of 2013 provides an opportunity for the SAO to update its audit methodology for the three main audit types, namely compliance, financial (before 2015: regularity and financial regularity) and performance audits.
The State Audit Office uses a holistic approach to audit the performance of the institutions of the central subsystem, during which it evaluates the establishment of the requirements of effectiveness, efficiency and economy, as well as compliance with these criteria. The SAO’s performance audits are aimed at improving the effectiveness and efficiency of the performance of public tasks and accomplishing quantifiable savings. In addition to the regular spending of public funds, another expectation is for such funds to be used effectively, in which management performance plays an important role. Consequently, it is highly significant to assess the institutional application and effectiveness of management performance evaluation during the auditing of central subsystem organisations. The SAO wishes to take on a leading role in preparing the methodological principles required for management performance evaluation.
This renewal allows for the evaluation-type performance audits, which, in addition to assessing an institution’s operation and the effectiveness and efficiency of its investment activity and projects, also evaluate its social utility, utilisation and expediency. It represents a risk during the planning of these audits if the indicators and data required for evaluation are not available, or if the accountable managers of institutions and projects are not obligated to enforce effectiveness and effectiveness aspects, and for this reason, the role of preliminary data collection and risk analysis takes on increased significance.
The SAO also strives to utilise the experiences of the final accounts audit. During final accounts, uncovering the risks that impact the financial regularity of audited entities can lay the foundation for the planning of the audits of these institutions. Audits based on final accounts can help improve the quality and efficiency of SAO audits, and the same time, the SAO strives to create optimal conditions for cooperation with the audited entity and to reduce its audit-related workload.
Audits by supreme audit institutions create added value, the size of which greatly depends on the assessment of which areas institutions spend their scarce resources on and what methods they opt for when carrying out their audits.
Planning processes are equally characterised by constraints and a high degree of freedom. The constraints are primarily set out in legal regulations by stipulating mandatory audits and by defining areas that can only be audited with limited powers. The principles of planning processes are established by internationally accepted standards (INTOSAI). The determination of audit directions and methods is also strongly influenced by the management ‘style’ of the state. In countries where public management focuses primarily on the tools of execution, audits tend to inspect compliance with regulations, rather than whether the regulations serve or perceivably serve the objective set.
In addition, supreme audit institutions have considerable independence in respect of both audit topic selection and the planning processes of the various audits. The guiding principle, however, is that planned audits should generate the greatest added value possible. Consequently, state audit offices must clearly articulate what they consider to be significant added value and with what tools and methods they are able to achieve this. This is laid down in the highest level planning document, namely the institutional strategy. The transparency and applicability of the strategy supports annual planning and also ensures the harmony of annual plans.
The audit planning of the State Audit Office is a multi-phase process; the substantiation, transparency and comprehensiveness of which is insured by process-integrated controls in each phase. Planning primarily relies on information from the monitoring system that records risks, which gathers state audit office experiences and knowledge as well as outside information in a structured manner. The SAO’s monitoring system contains innovative elements, such as for instance, the text analysis of debates at the National Assembly, risk warnings from the media monitoring system as well as data from the Integrity Survey developed to measure corruption vulnerability.
In the future the planning processes of SAI audits could include methods that could fundamentally reshape audits. These may include citizen participation, the utilisation of the results of network research as well as the results of comparative analyses based on electronic data requests and supported by assessment software. It is important, however, that the new risks generated by these new initiatives are recognised and managed by the State Audit Office, and for the SAO to regularly evaluate the effectiveness and efficiency of new methods.
- 1 ISSAIs are the standards issued by the International Organisation of Supreme Audit Institutions (INTOSAI).
- 2 Strategic goals may include increasing the utility of audits, increasing the ratio of public fund usage covered by audits or the improvement of auditor capacity.
- 3 An example of hierarchic strategic planning is the practice used by the GAO (the US government accountability office, the supreme audit institution in the United States), which employs economic, social, etc. forecasts, the analysis of future challenges and macro-level risk analyses to set out the SAI’s 4 key strategic goals, broken down into a further 20 strategic objectives, the 96 performance targets ensuring these and the more than 300 related tasks ( http://www.gao.gov/products/GAO-14-1SP ).
- 4 The performance of financial audits is often set out in legal regulations and, therefore, planning leeway is narrower than in the case of performance auditing for example.
- 5 The State Audit Office of Hungary prepares semi-annual plans.
- 6 In terms of international examples, we must mention the GAO’s risk assessment activity and its most important public product, the High Risk Series (which is reviewed every two years), which lists the federal programmes and areas most vulnerable to risks of fraud, abuse, waste and mismanagement, and also lists areas that are most in need of transformation or renewal ( http://www.gao.gov/highrisk/overview#t=0 ).
- 7 The preambles of the semi-annual plans set out the priorities based on which the given period’s audit topics and areas are selected (see for instance, the SAO’s audit plan for the second half of 2015) http://www.asz.hu/storage/files/files/Angol_portal/Audit_plans/2015_second_half_audit_plan_en_final.pdf?download=true
- 8 The quotient of nominal public debt and generated gross domestic product (GDP).
- 9 In the framework of this, the SAO harmonises the data requests and on-the-spot checks of multiple audits.