Ensuring the increased use of IT while conducting audits has become more important for TCA in recent years due to growing quantities of data and information, relations between data becoming more complex, progressive computerization of organizational systems, big variety of generated data formats and traditional data processing applications becoming inadequate.
By developing computerised audit systems and searching ways to extend their use, we aim to: introduce new instruments for administration of mass data, use techniques and technologies from many fields including mathematics and statistics to make the most of data, lessen the resources used and decrease workload, identify mistakes or errors in data processing at an earlier step, enable the automation of analysis and transform periodic audit to continuous audit.
Collection of Data from Auditees
Accounting data and other financial and non-financial data of all auditees within central government are collected periodically and electronically through “Integrated Public Financial Management System” to our data warehouse using a secure database connection. The system integrates all digital data into a centralized structure.
For gathering data of the municipalities using their own systems for keeping their accounting information a platform called ‘BVAS’ has been developed. It is a form based smart client application through which municipalities upload their information securely. This system checks and controls the data before being uploaded.
The data is mainly processed via VERA which stands for Turkish Court of Accounts Data Analysis System. The system controls whole data population in the data warehouse for accuracy, integrity and compliance providing a comprehensive approach of testing. Checks compliance with policies reviewing data on a regular basis with respect to the predetermined parameters during the audit process –the analyses.
Development of Analyses
The analyses are centralised data processing functions by which the management identifies the risks earlier before the annual audit programming/planning process and sets the audit strategy. Analyses do not only detect risks but also crosscheck wide range of data sets and detect accounting errors computerizing iterative and time taking procedures that fall upon the auditor while conducting audits.
Creation of predefined analysis bring automation and standardisation to the audits. All auditors have access to VERA and attain analysis results and financial data of the auditees. They can make original analysis over VERA and deliver results instantly or rely their manual methods of testing upon standard reports and some specially formatted reports generated by the system based on the results of static and dynamic analysis scenarios.
Risk Assessment System
Determination of the auditees carrying greater risk at macro planning phase is essential to ensure an effective audit.
A system is implemented working over VERA to rank the auditees based on their risk levels. With this system, data from over 1400 municipalities are being analyzed by TCA. Municipalities are being assessed by taking into account their budget size, investments, incomes, transaction numbers and volumes, size of their expenses, demographic structure and then they are graded and grouped by their risk profiles. Each scenario evaluates municipalities according to different criteria thus it also makes possible to detect the areas where deviations are concentrated within any entity.
The management uses results of the assessment before macro planning.
In addition, the auditors use the results of risk assessment analyses for identification of the risk of material misstatement existing in the financial statements due to errors and fraud at the planning phase and plan the auditing procedures to be performed regarding what audit evidence is necessary. Then at the execution phase, they focus on the so called areas. The higher risk levels require planning more involved audit risk procedures to be executed.
Statistical Sampling Implementations
Since most of the auditees’ applicable data is large and complex, it is not economic nor possible to examine all the transactions, accounting records and relevant documents during the audit period.
Besides cost benefit reasons, even in the cases where use of technology enables examination of whole data, it is not suitable since many testing procedures require physical inspection, control processes and collection of information from workers or third parties and the risk that some transactions may be missing from the general ledger.
To gain reasonable assurance regarding the entire data, auditing standards permit use of audit sampling. With statistical sampling techniques, most efficient sample size can be calculated and statistical conclusions about the population can be reached.
The biggest problems generally faced in using statistical sampling methods, which involve using law of probability for selection and evaluation of less than 100 percent of the items in a population is that the underlying concepts are too complex, needs training so that the auditors need to use proper sampling applications supported by IT systems.
Regarding this problem, sampling analysis have been created over VERA for calculation of sample size and selection of samples from the identified population. The auditor fills in the assurance level, acceptable error level and expected error rate and the analysis makes calculations based on that information. Analyses cover three sampling methods; random sampling, monetary unit sampling and stratified sampling.
Auditors draw conclusions upon examination of the samples selected representing the population. The results reached are extrapolated and thus acceptable assurance is provided.