SAI Independence Principle 3
A sufficiently broad mandate and full discretion in the discharge of SAI functions
The SAI’s mandate should be specified in law. There are several elements to this:
The types of audit the SAI can perform
To meet international standards according to the ISSAIs, the legal framework should state clearly that the SAI can conduct financial, compliance and performance audits.
How this is expressed is a matter of country context. For example, some SAIs’ legislation provides for a single audit, but incorporating the three audit types. Other countries separate them into distinct audits.
Whatever approach is taken, care is also needed to allow flexibility, giving the SAI freedom to respond and carry out new and emerging types of audits e.g. environmental audits, investigations, forensic audits, and other forms of assurance. In developing countries, the SAI may also be called upon to audit development projects or the use of donor funds. Other types of audits may be mandated, of a nature specific to the country level.
This suggests that the law should be drafted with a mix of mandatory auditing duties (in particular, specifying which audits such as annual financial audits the SAI must perform and when) and discretionary auditing functions (without being prescriptive or over-specific as to what such audits might entail or when they should be performed).
The IDI’s Global Survey of SAIs in 2014 showed that SAIs almost universally have mandate to carry out financial and compliance audits, and also increasingly performance audits.
The legal framework should specify the extent of the SAI’s auditing jurisdiction clearly, and as simply as possible. Principle 3 makes it clear that SAIs should be empowered to audit:
- the use of public monies, resources, or assets, by a recipient or beneficiary, regardless of its legal nature;
- collection of revenues owed to the government or public entities;
- management of public entities;
- legality and regularity of government or public entities’ accounts;
- quality of financial management and reporting; and
- economy, efficiency, and effectiveness of government or public entities’ operations.
How the field of audit is expressed is a matter for country context. In some countries (including those with a SAI under the court model), the mandate is expressed in terms of a responsibility to audit public money or resources, or particular accounts. In others, the approach is entity-based.
It is important for the law to state clearly which approach is being used. This is especially so for a country that is transitioning from a government-wide accounting system to an entity-based PFM system. A lack of clarity can give rise to uncertainty or confusion.
The reality is that the frontiers of the mandate are often contested. For example:
- the SAI may be able to audit expenditure but not revenue;
- particular forms of revenue may be excluded from the mandate (such as oil or extractive industry revenue); or
- the SAI may be unable to audit sensitive areas of government activity (for example the defence and secret service budgets) or entities such as the central bank or state-owned commercial entities.
The ability to follow public resources to their point of final expenditure is another important element in achieving the aims of Principle 3. Irrespective of how the mandate is defined (for example, whether in terms of resources, accounts, or entities), it is important that the SAI is able to follow and audit the use of public resources from the point where their use is authorised by the Legislature (or otherwise received by the Executive as revenue) to the point where they are spent or applied.
This is especially important in those countries where public resources are made available to NGOs or private sector companies sitting outside the public sector, for example to deliver public services or to construct and operate public infrastructure assets. The SAI may find its mandate to audit funds of this nature challenged. Clarity of expression in the legal framework is therefore important, and vigilance is needed to ensure that changes in the way governments carry out their activities remain subject to the SAI’s audit oversight.
Where the SAI’s mandate is confined (for example to public sector entities), it is important for its powers of access to information (see Principle 4) to extend to information held by third party entities outside the public sector. This enables the SAI to use the information when auditing the public sector entity that is responsible for the activity concerned. Alternatively, the right to audit or to have access to information can be written into the contract with the third party.
While breadth and flexibility are crucial in defining the SAI’s mandate, it is also important for the law to be realistic about what a SAI is required to do and what is affordable and achievable.
In less developed countries, it may be desirable to allow the SAI to set auditing targets rather than requiring it to carry out annual financial audits of all accounts, or every entity, within its jurisdiction. That will ensure that the law does not place the SAI in a position of being unable to comply with its legal obligations.
Making provision for the contracting out of audits (under the SAI’s supervision and direction) is another means of enabling full coverage of the public sector while not imposing unrealistic burdens on the SAI.
Principle 3 also deals with the need for independence in how the SAI’s mandate is given effect. Not only should the SAI have the broadest possible mandate and field of audit, but it should also be free from direction or interference from the Legislature or the Executive in the:
- selection of audit issues;
- planning, programming, conduct, reporting, and follow-up of audits; and
- enforcement of decisions where applicable to the mandate.
Principle 8 also addresses the autonomy of the Head of SAI to allocate resources as considered necessary to audit activity.
The selection of audits should not happen in a vacuum. There should be scope for the SAI to discuss its work programme intentions with the Legislature, and be open to accommodating requests for particular audits or areas of audit emphasis. This may also extend to discussion of audit priorities with other stakeholders, including CSOs and the public, as part of the SAI’s willingness to remain relevant and credible to citizens. Practices of that nature are consistent with INTOSAI-P 12.
However, the ability to say “no” is crucial. Maintaining the SAI’s independence from political processes is an important proviso to any good working relationship with the Legislature and other stakeholders. For example, if the SAI believes a request to carry out a particular audit is “political”, it must have the power to decline such requests. Likewise, the SAI should be aware of community preference or pressure, but retain the decision as to which areas of audit work are most important.
This needs to be made clear in the legal framework. Ideally, it should be expressed through a constitutional provision which guarantees the independence of the SAI and its Head, including freedom of direction from any person or body in relation to its selection of audits and its power to report.
However, this aspect of Principle 3 also has important practical dimensions. Independent audit selection can be controversial, or unsettling. In practice, it can be enhanced by means such as:
- using a transparent, risk-based audit selection methodology, which includes interaction with auditees or committees of the Legislature;
- explaining the reasons for audit selection decisions, both directly to auditees or legislators and to the public and other stakeholders through the SAI’s relationship management practices;
- explaining the nature of a proposed audit with reference to the mandate, standards, and methodology, and providing reassurance about audit quality (for example by explaining the quality control and quality assurance processes); or
- in relation to a performance audit, explaining that (unless the law allows otherwise) the audit will not involve questioning or commenting on government policy choices but will be restricted to the audit of policy implementation.
The SAI should also be willing to explain that independence in audit selection does not mean that the SAI regards itself as above the law, or unaccountable for its work.
Auditing standards and methodology
The legal framework should also ensure that the standards and methodology for the SAI’s work are not set by the Executive. This is an important element of independence in functional terms.
In many PFM systems, the Minister or Ministry of Finance sets the accounting standards for the government’s financial reporting. However, it would be inconsistent with auditor independence for the same authorities to set the standards by which the accounts are to be audited. This would, in effect, result in the SAI’s primary audit client setting the standards and thereby determining the scope of its audits.
There are several options for achieving independence in this area. One is for the law to give the Head of SAI autonomy to determine the standards which will be applied. Preferably, this should be with reference to internationally accepted standards (such as the ISSAIs), with a power to modify for local circumstances. Another is to give the standard-setting responsibility to an independent commission. However, in that case it is important that the members have sufficient knowledge and understanding of auditing standards to perform this task appropriately.
In either case, the standards should be publicly available, to ensure transparency. Many SAIs put their standards on their websites. In some countries, they are presented to the Legislature and made public in that way.
Independence in relation to the mandate should also extend to the broader audit methodology. The SAI should be free to use appropriate working practices and methods, including computer-assisted auditing techniques, and to set standards and expectations of its staff (including through a code of ethics). These questions are also important in relation to Principle 8, which concerns the operational autonomy of the Head of SAI.