Identifying Risks to Efficiency
When reviewing documents, conducting interviews, or visiting sites during the planning phase of an audit of efficiency, auditors may come across information or situations that suggest that the achievement of efficiency is at risk in a given program or entity. In such cases, auditors should document their observations and obtain additional information as required.
The following is a non-exhaustive list of potential indicators that efficiency is at risk.
|There is a lack of performance information or insufficient attention is paid to available information.For example, basic information on inputs and output volumes is not collected and analyzed; performance information is not relevant, reliable, complete and timely; or performance reports are not made available to those charged with governance.|
|Personnel are not deployed to foster efficiency. For example, there is high staff turnover or a lack of training.|
|Costs of activities and programs are not known, or are not regularly collected and reviewed. For example, some program cost information is available, but the unit cost of each output is unknown; complete financial information is not made available to those charged with governance.|
|Controls are excessive in relation to similar well-managed organizations. For example, there are multiple signoffs required for routine, low-risk transactions.|
|No (or limited) internal audit function. This may mean that the organization does not pay sufficient attention to management controls and their impact on efficiency.|
|Program design does not support efficiency. For example, there may be poor process flow and duplication of efforts or information. Review of key performance indicators and comparison with internal or external standards may identify issues.|
|Opportunities for shared services have not been explored. For example, the efficiency gains that could result from sharing back office services such as financial transaction processing, procurement, human resource management, and payroll functions have not been assessed.|
|Systems and processes do not make effective use of information technology. For example, files are paper-based and hard copy documents form the basis of the systems and procedures.|
|The organizational culture does not stress the need for efficiency. For example, there is no indication that staff utilization and performance is monitored.|
|Senior management challenge of the status quo is not sufficiently rigorous. For example, formal comparisons of program efficiency against similar programs in other organizations are not undertaken to provide objective information for decision making.|
|Standards of service are not met. For example, client complaints are numerous and/or not addressed, there are long waiting lists for services or backlogs of files, and there is excess space (office, storage, and so on).|
GOOD PRACTICE: When acquiring knowledge of business for an audit of efficiency, it is useful for auditors to pay particular attention to potential indicators that the achievement of efficiency in a given program or entity is at risk. Auditors who observe the presence of risk indicators should complement their observations with analytical procedures, walkthroughs, and reviews of internal controls in order to properly assess and document the significance of the risk to efficiency.