Internal auditors in government are required to understand the internal control system, evaluate its design and effectiveness, and advise management on strengthening the system. In most jurisdictions, government internal auditors continue to use traditional manual auditing methods of testing controls by performing the tests on a retrospective and cyclical basis.
A Financial Management Information System (FMIS) automates the workflow and digitizes core government functions including budget planning/preparation, cash management, commitments, the management of expenditures and revenues, accounting and reporting. It can be linked to other information systems such as tax, debt management, asset management, procurement and payroll. An FMIS is an eco-system of interrelated sub-systems with automated and embedded internal controls. This means that most manual controls are shifted to the automated system and the government’s risk management process (internal controls and internal audit) is integrated with the FMIS.
Most governments are migrating to information and communication technology (ICT) based systems. Hence, assessing the effectiveness of internal controls using manual means in an ICT environment is subjective and not feasible. The paper, Government Internal Auditors should Leverage the Power of a Financial Management Information System (http://www.pfmkin.org/publication/governmentinternal-auditors-should-leverage-power-financial-management-information) elaborates how internal auditors can contribute to the development of an FMIS application and leverage FMIS controls and functionalities to plan and conduct audits more efficiently using contemporary audit procedures and tools (see Chart 1).
Data analytics based on FMIS databases promise enormous benefits. Data-driven criteria and analytics based on FMIS can help internal auditors carry out a risk-based selection of processes and audit locations to be audited. They can further assist in expenditure profiling, such as segregating expenditures based on the value and frequency of occurrence, as illustrated in the cases of Pakistan and Cambodia.
The Computer Aided Audit Tool (CAAT) is an example of a data analytic tool used for internal audit purposes. The Comptroller & Auditor General of India used CAATs in the audit of the eprocurement system in the State of Chhattisgarh. The audit identified serious gaps in the e-procurement system including suspected 1 Puneet Kapoor is a Senior Financial Management Specialist with the Word Bank, India and is involved in PFM reforms including in the area of FMIS and government audit. FMIS development Internal auditors test embedded controls and support user/ operational testing FMIS Go Live Internal auditors assess system security policies, standards and continued adequacy of internal controls and review change requests Leverage data Internal auditors carry out audit tests to identify risks and adopt data analytic tools Chart 1. Role of Internal Auditors in FMIS collusion and unfair tender practices. Similarly, in Ghana, the government has invested in training internal auditors in the use of CAATs in parallel with the deployment of the FMIS.
“Continuous Auditing” in an FMIS environment can help to detect and correct erroneous and potential fraudulent transactions in a timely manner. This approach to auditing was adopted by China in 2002 when the China National Audit Office launched a country-wide program called the “Global Auditing Project”. The objective was to build a Government Audit Information System which tracks the government’s budget management process throughout its life-cycle and simultaneously employs Continuous Auditing to determine the reliability, conformity, and performance of the process. Similarly, the Internal Audit Service of Malawi has institutionalized ICT auditing and procured a computerized data extraction and interrogation tool (Advance Command Language or ACL) which was used to pilot audits of the FMIS and the related human resource management information system.
Continuous Auditing can be employed in situations such as purchases and cash transfers that are configured in FMIS applications, highlighting locations where purchases are more than a specified limit compared to the previous year/period, or identifying accounts with unusual activities, and flagging all extremely high-value transactions.
The paper concludes that the effective use of FMIS functionalities and data for internal audit needs is in its infancy. Proper advocacy, outreach and training can help internal auditors use FMIS in their work, enhancing effectiveness, efficiency and relevance of the internal audit function (see Chart 2).
Internal auditors should use FMIS as a technological tool to deliver the benefits of high service standards both to the government and the citizens.