Journal of Government Audit and Accounts

XXIXth Accountants General Conference, 2018

Theme Papers

Theme: Auditing and Accounting in a Digital Era

1. Introduction

1.1 Today, we are living in the information age. Information age or digital era is a historic period in the 21st century characterised by the rapid shift from traditional industry to an economy, based on information technology. India started experiencing digital technology at a slow pace in the late 1980s. However, in recent years, digital technology has made inroads, at a very rapid pace, in almost every industry, bring about sweeping transformations. Digital transformation is critical to survival today for most of the businesses and organisations.

1.2 In case of government, the initial phase of use of IT for delivery of services was through in situ computer systems by different government departments, across the counters. There was emphasis on reaching out to the citizen with services and information through web based systems. The web enabled services later on transformed from one sided service providers to interactive platforms where the citizen could also upload information into the databases. These service deliveries are now increasingly moving to the app based services through mobile sets. Emergence of social media has also provided another platform to government and its functionaries to provide information and some services through these modes.

1.3 Developments in electronic business transactions using electronic payments have enabled government functions to be remotely conducted, e.g., payment of taxes and fees for services from the government. A unified payment gateway facilitates such service. Cloud computing has emerged as an enabler for remote storage, processing and delivery of services to the users in the government as well as to the citizen. This also enables online transaction processing (OLTP) thus providing real time services to citizens.

1.4 There are 44 e-Governance programmes implemented/under implementation on Mission Mode at centre and state levels. The government has also started using different technologies such as remote sensing, GIS, GPS etc., to improve its policy making, planning and response systems. Accuracy of information is facilitated by using the information collected, using the Global Positioning System (GPS). This makes the data useful even for social projects that are delivered by the government. While different governments and departments are at different stages of maturity in use of technology, the fact remains that technology has led to creation of large databases of information in several domains, especially, financial transactions and programme performance

1.5 An immediate need has, therefore, arisen to take stock of new developments happening around us in the digital era and devise strategies and approaches for conducting audit in this environment more effectively.

1.6 This paper attempts to discuss aspects related to Audit and Accounting in the digital era, focusing on Audit Planning issues, which could significantly enhance the quality and effectiveness of audit, particularly the audit of expenditure, by leveraging technology.

2. Audit Planning framework

2.1 The primary objective of audit planning is to ensure that adequate attention is devoted to important areas by proper risk assessment and optimal deployment of audit resources so as to draw reasonable assurance on the quality of public spending, achievement of programme objectives and proper assessment, collection and accounting of government revenues. Audit planning in IA&AD is governed by the CAG’s Auditing Standards, 2017 and three sets of Auditing guidelines issued by the C&AG for Compliance, Performance and Financial Attest audits.

3. Objective of this paper

3.1 The objective of this paper is to ascertain the extent to which we can use available data and leverage technology for more effective and efficient audit planning. The paper explores various areas in which audit planning process can be strengthened using technology.

4. Audit Planning in Digital Era- An effective Strategy and Approach

4.1 The paper places emphasis on improving audit planning and other processes through, securing effective access to auditee databases, using modern data analytics techniques for riskassessment, developing a knowledge management system, obtaining stakeholders’ inputs through effective use of technology, developing operational level audit manuals to help systematize and automate field audit operations, using machine learning and artificial intelligence for early detection of major financial irregularities/frauds, adopting focus area/systemic analysis approach for better assurance, obtaining expert advice in complex/highly technical areas/sectors, progressively moving towards audit of outcomes and adoption of a comprehensive IT solution for IA&AD. These issues and suggestions are discussed in detail in the succeeding paragraphs.

4.2 Structure of the paper The paper has been divided in two sections (i) Planning for improving audit effectiveness discussing risk assessment, obtaining stakeholders’ inputs for audit planning etc in an IT environment, and (ii) ONE IAAD – One system, highlighting the need for a comprehensive end to end solution for IAAD covering line and support functions and Capacity Development.


5. Focused audit and systemic analysis

5.1 An effective audit must be able to provide reasonable assurance to the stakeholders on use of public funds and lead to systemic improvements for better governance. Therefore, an important objective of audit should be to carry out systemic analysis by identifying areas where things can go wrong and diagnose the sources of failure, as far as possible, to identify and report on systemic weaknesses. A possible approach could be where emphasis is given on comprehensive data collection, use of data analytics for assessment of risk areas (focus areas) and comprehensive examination of focus areas in each sector to determine the extent of non- compliance and also identify systemic problems with their root causes. The high risk/focus areas can be identified by (a) analysing financial transactions/programme databases, (b) analysing related data/information on linkages to the transactions from other departments/entities, (c) using information from the Inspection Reports/Audit Reports to identify patterns, trends, etc. (d) obtaining inputs through beneficiary surveys (e) identifying issues of social or environmental importance (f) effectively analysing media reports etc.

5.2 The following steps could be adopted to implement the above approach for improving effectiveness of audits, especially, compliance audits:

  • Map the audit universe, especially for data availability.
  • Undertake a comprehensive exercise of data collection in apex and other important audit units and have a clear understanding of their functioning.
  • Conduct a detailed risk assessment by analysing financial and operational databases of the entity using data analytics tools.
  • Identify high risk areas (focus areas) in each sector/department such as agriculture, education, medical, infrastructure, irrigation, police, etc.
  • Undertake a focused audit in the identified high risk areas after developing detailed guidelines/list of checks. The check list should be uniformly applied to all the selected units/transactions across the sector/department concerned where compliance audit is being carried out.
  • Consolidate the audit findings, vis a vis each check, to assess the level of non- compliance in the identified high risk area.
  • Examine the reasons for non-compliance and identify systemic issues.
  • Escalate the systemic issues (highlighting possible consequence) to the appropriate level in the Government for taking corrective action.

5.3 The above framework, if it is called one, can be effectively implemented when it is adequately planned for. Availability of IT platforms make it possible to leverage the potential of IT for automating these steps. This is expected to not only improve the quality of audit by bringing uniformity and comprehensiveness in examination but also to raise materiality levels of audit findings. It will enhance transparency and accountability in the audit process and will help provide better assurance. This will aid governance by improving and strengthening systems through timely addressing of systemic problems.

6. Database of audit universe and audit mandate

6.1 For planning any audit, clear understanding of the audit universe and the audit mandate with regard to each entity in the audit universe is essential.

6.2 Audit universe covers all the entities subject to the audit jurisdictions of respective auditors. Audit mandate is the legal authority prescribed under the Constitution, CAG’s DPC Act, other Acts of Parliament and State Legislature, entrustment orders issued by President/Governor, etc. The terms and conditions may vary from entity to entity and state to state.

6.3 There is a need to have a centralised database of auditable units (audit universe) along with their profile and audit mandate in respect of all the units in the audit universe. Lack of clarity about the Acts/rules of various bodies and authorities and non-preservation of entrustment orders can create problems in audit planning and deciding on policy issues. There is a need to archive and preserve such important records in digitized form for easy retrieval as and when required.

7. Securing Data access

7.1 Availability of reliable and relevant data of financial transactions and programme implementation in an audit entity is a pre-requisite for audit planning. It is important to map the availability of data with the audited entities/data sources. This has to be carried out systematically on a regular basis. A repository of data source mapping with sectors/departments will be useful in identifying all relevant data sets before start of audit planning.

7.2 Presently, every time an audit is conducted, audit has to approach the governments/ departments to provide data. It takes considerable time to get data from the auditees who cite different reasons to delay/deny access to their databases.

7.3 The governments/departments are also at different levels of maturity as far as data management is concerned. As such data is available in different modes. The figure below shows the different possible modes in which data can be made available by the audited entities/third parties.

Figure: Data Access Modes

7.4 One of the possible manners in which audit can ensure data access is by including their data requirements during the system design stage. Development of set of minimum requirements in all government systems, for information supply to audit, through a set of guidelines/audit data requirements may help address this issue.

7.5 As such, it may need to be ensured that all e-governance programmes and work automation projects in the government ministries/departments should provide for an inbuilt audit interface module as a part of audit and accounting requirements to facilitate easy access of data to audit. In providing data to audit, non-repudiability of data should be ensured through appropriate audit trails.

7.6 Pending creation of facility for online access to audit, there should be an arrangement with the government to provide data dump to audit promptly or user access to the IT system within specific time as and when required by audit. As such, there should be specific data access arrangement agreed to by the auditors and the auditee, detailing the datasets, mode of data transfer, frequency/periodicity of data transfer, security requirements, if any.

7.7 At the same time, any of the above arrangements should not take away the right of audit to seek further information/data as required for subsequent audits.

8. Planning for better execution

8.1 Modern technology can be effectively used to improve audit quality by empowering the field auditor in terms of access to relevant information, timely consultation and guidance, and availability of operational manuals and online toolkits to carry out audit more efficiently and effectively. This can be achieved through various measures including the following:

8.2 Knowledge Management System

8.2.1 IT Systems have to be used by the department to improve quality and productivity of the entire audit process including planning. A comprehensive Knowledge Management System (KMS) is required to be established for CAG HQ and field offices to provide requisite knowledge support, on line, to the auditors at HQ and in field to plan and conduct audit effectively and also make internal and external comparisons/benchmarking. This would involve establishment of digital library containing all CAG work products, standards and manuals, guidelines, studies, research papers etc. In addition, there are large number of Acts, rules, regulations, Government Orders, and instructions relating to various departments/ministries which form audit criteria for compliance, performance and financial audits. These criteria vary from state to state.

8.2.2 Effective audit planning involves extensive study, research work and an analysis. Hence KMS will provide easy access to relevant material on varied subjects for audit planning purposes. Further, Audit teams in the field move from one location/department to another and do not always have access to all the rules and instructions that are required to conduct audit of various departments/organizations/units in an effective manner. This has an adverse impact on the quality of audit. A comprehensive KMS with search facility will be of great help to field audit teams in locating the relevant audit criteria on line.

8. 3 IT based Audit Tool Kits

8.3.1 Planning involves developing appropriate audit strategy in advance for conducting audit. It presupposes availability of prescribed and updated audit manuals clearly defining the scope and extent of audit in terms of checks to be exercised and the extent of audit coverage to be achieved in audit of various entities. While detailed audit design matrices are developed for Performance audits, similar practice is not prevalent in compliance audits. It may thus be desirable that similar detailed checklists are developed for compliance audits for every major area such as procurement audit, grant in aid audit, school audit, works audit, hospital audit. establishment audit etc. in the form of operational audit manuals. Once these operational level manuals provide comprehensive checklists for specific type of audit units, bringing consistency, uniformity, transparency and accountability in such audits would become easier. This will also facilitate in drawing more reliable audit assurance as the extent of checks exercised and scale of non-compliance/deviation noticed can be measured.

8.3.2 Based on detailed checks prescribed for various types of entities in the operational manuals, IT based Audit tool kits can be developed as structured templates of audit checks which could be embedded in the end to end IT solution for use by the field audit team. The comprehensive list of audit checks incorporated in the tool kit will help the field auditor carry out audit in a more comprehensive manner and more consistently. It will also enable compilation of audit findings/output and provide a basis for assurance based audits.

8.4 Leveraging VLC and IFMS data for Audit Planning

8.4.1 VLC and IFMS data need to be leverage more effectively for audit planning for financial, compliance and performance audits. There is a gap in the present use of VLC/IFMS data vis-à-vis their potential use due to lack of user friendly access to data and non/delayed availability of scheme-budget and department-budget link documents. The capacity to effectively use such data by the audit teams needs to be developed.

8.4.2 In order to leverage full potential of available data for audit planning, audit offices need to access data/reports independently through a platform that is easy to use and has in-built queries and reports relevant for audit planning and execution.

8.4.3 The Government Accounts wing has issued instructions in June, 2017 to all A&E offices to incorporate provision of a sub module in the AG module where IFMS data may be downloaded in the server of the Audit office for data analysis and carrying out Financial Attest Audit. Implementation of IFMS also presents an opportunity to synergise Financial Attest audit with treasury inspection and compliance audit.

9. Obtaining Stakeholders’ inputs for Audit Planning

9.1 Legislature and its committees, government, citizens, beneficiaries, media, etc., are our important stakeholders. Systematic and regular inputs for risk assessment from these stakeholders by way of various types of formal and informal mechanisms/arrangements can make the audit planning process more robust and effective. While we take media reports into consideration in our planning process, there is no systematic arrangement for obtaining inputs from the legislative committees, government and citizens/beneficiaries on what their concerns are. The following suggestions are made in this regard:

9.2 Online Surveys of targeted beneficiaries

9.2.1 Though audit is responsible for examining whether expenditure is incurred for the purpose for which it had been sanctioned by the legislature, inputs from beneficiaries at grassroots level are not obtained systematically at the audit planning stage for assessment of risk areas. The problem gets compounded in view of the fact that only a small fraction of the large number of implementing units (last mile service providers) such as schools, anganwadis, PHCs, police stations, Gram Panchayats etc., are actually covered in audit. In the digital era today, technology can facilitate effective partnership with the citizens and targeted beneficiaries at ground level to obtain their inputs/perceptions on implementation of government schemes/quality of spending of government funds.

9.2.2 An online survey of targeted beneficiaries, if conducted, will not only be cost effective but will also increase the range and depth of audit. The beneficiary feedbacks obtained at planning stage will help identify important issues for risk assessment and development of audit questionnaires in a comprehensive manner. The survey can be based on the concept of crowd sourcing or other modern technology to reach out to the maximum number of beneficiaries/citizens. In addition, we could also consider getting feedback from registered members, by notifying them through email/SMS with request to provide their inputs/suggestions on specific issues or survey questionnaires uploaded on the IT platform.

9.3 Web-based Audit Para Monitoring System (APMS):

9.3.1 The PAC/COPU are important stakeholders where concerns/suggestions provide inputs for risk assessment during audit planning. Apart from such inputs/suggestions from PAC/COPU on topics for performance/thematic/compliance audits, an important area is to factor in PAC/COPU recommendations in risk assessment during audit planning.

9.3.2 In the Central Government, a Web-based Audit Para Monitoring System (APMS) has been introduced by the Ministry of Finance for effective monitoring of submission of Action Taken Notes (ATNs) by the Ministry/Department. The system is managed by the Monitoring Cell (MC) of the Controller General of Accounts. The MC uploads Audit Reports on APMS immediately after their tabling in the Parliament and the Ministries/Departments concerned upload ATNs on APMS. The ATNs are also vetted by Audit through APMS only. After discussion of Audit Report, the report/recommendations of PAC are uploaded on APMS and the Ministry/Department too file their Action Taken Report against PAC report/recommendations through Web-based APMS.

9.3.3 A similar web-based APMS, if introduced in the States, will be extremely useful.

9.3.4 The online database of PAC/COPU can be analysed to provide inputs for risk assessment during audit planning.

9.4 Leveraging Technology for artificial intelligence

9.4.1 An important input that may be obtained for audit planning from various departments/ministries especially the Vigilance department is the data/information on reported cases of fraud/major financial irregularities. Since audit also has access to large volumes of financial data and other databases of Governments at central and state level, there is need to apply modern data analytics techniques to detect high risk transactions involving frauds and financial irregularities. The results can be further validated through field audit. Dashboards on the data analytic insights can be effective tools to identify such instances by auditors at the audit planning stage. Machine learning and artificial intelligence techniques can be effectively used for fraud detection. Machine learning refers to analytic techniques that “learn” patterns in datasets without being guided by a human analyst. AI refers to the broader application of specific kinds of analytics to accomplish tasks.

10. Prior Data Analysis for Risk Assessment

10.1 Risk assessment is a prerequisite for audit planning. With large volume of data-both structured and unstructured generated and maintained in various ministries and departments on their IT systems, auditors should change focus from gathering evidence in a diffused manner to analysing data and that too from multiple data sets, at audit planning stage itself. This will substantially enhance the efficiency of public audit process. This will also require a quantum shift in the audit approach for the public auditors, with corresponding upgrades required in their auditing skills, standards and guidelines.

10.2 Presently, audit is carried out manually by deputing audit teams for field audit to various units. These teams carry out audit without any prior analysis of auditee transactions or programme datasets. Such random audits are time consuming, involve huge costs and produce very low audit outputs. In view of the rapid digital transformation taking place around us today, audit strategies have to immediately change to ensure that audit is planned and executed effectively by leveraging technology.

10.3 Data Analytics should form invariable step to audit planning using all relatable data sets. A comprehensive data collection and analysis exercise should, therefore, be undertaken at audit planning and desk review stage before deployment of audit teams to the field. The data analysis will help audit in identifying audit issues, desired sample of auditable units and specific transactions, especially the outliers.

11. Planning for Outcome audits

11.1 Audit planning involves identification of important areas for conducting performance audits. Performance Audit has largely been focused on audit of programmes and schemes and analysis of Audit Reports would show that the findings are largely related to compliance of scheme/programme guidelines and non-achievement of outputs i.e., achievement of targets related to physical infrastructure and financial performance. The focus on achievement of outcomes has been lacking.

11.2 In view of the emphasis of Government on linking budgetary allocations with intended outcomes, audit of outcomes has become a priority area for us. The Outcome Budget of GoI indicates the physical dimensions of the financial budgets. Since the budget of 2017-18, public schemes and projects have been brought under a monitorable Output-Outcome Framework. This brings in greater accountability for the agencies involved in the execution of government schemes and projects.

11.3 However, there are planning challenges in audit of Programme Outcomes. While Outcomes are easily measureable in certain cases (e.g. monitoring the quality and flow of water in Namami Gange Programme), it becomes a very complex and time consuming exercise in other cases such as health, education programmes etc. We, therefore, need to collaborate with experts/academic institutions to bring in the skills to strengthen our methodology while planning such audits. Sourcing and using data from different sources, and building domain knowledge of systemic issues in the respective sectors would also be a challenge.

11.4 Planning for audit of outcomes will be a very complex and elaborate exercise involving careful assessment of auditable areas, possible outcome indicators for assessment, availability of adequate, credible and relevant disaggregated data sources, building domain expertize with the involvement of external experts, wherever necessary, adopting integrated audit strategy by involving various audit jurisdictions, carefully assessing resources and time requirements etc.


12. Developing Comprehensive IT system for the Department

12.1 Information Technology can be leveraged more effectively through an enterprise wide process automation solution and use of electronic data for audit. An end to end IT solution for IAAD may be developed covering the entire audit process including planning to effectively leverage technology.

12.2 The process automation would involve a business process reengineering where the support functions (such as implementation of e-office, automation of housekeeping functions e.g., record management of CAG audit reports, Inspection reports, training and HR functions etc.)1 are also fully automated and can be integrated into the audit process automation. There is, therefore, a need for planned approach to automate all functions of the audit department, leading to end to end automation of audit processes. The solution should also envisage interfacing with the departments for seamless flow of data and audit correspondence.

12.3 The end to end IT solution is critical in areas where the auditee has itself moved to a comprehensive IT platform, for instance, the CRA wing. The 28th AsG Conference held in 2016 had made recommendations for a common ‘End to End IT solution’ to be developed for CRA and SRA to share/analyse GST data and to facilitate integration and automation of audit planning, audit process and reporting for GST. The process of implementation of this project is under way.

12.4 Given the scale of system to be developed, a phase wise approach will be essential. The approach in such system development should necessarily be ONE IAAD - One System. The journey to achieve this goal will need identification and prioritisation of activities to be undertaken for achieving immediate (within two years), intermediate (within 2-5 years) and long term (more than 5 years) goals. A possible road map to develop such a system could be as follows:

i) Phase I - Immediate goals

a. Line functions - design of audit process automation solution

b. Support function – design and implementation of solutions like e-office, automation of support functions, e.g., record management of CAG audit reports, Inspection reports, HR and training functions etc.

c. Capacity Development – Design and conduct of IT training to work on the IAAD IT solution; training on data analytics

ii) Phase II - Intermediate goals - implementation of audit process automation solution, designing interfacing with auditee systems

iii) Phase III - Long term goals – implementing interfaces with auditee systems for seamless data flow and audits, developing machine learning and using artificial intelligence solutions etc.

13. Planning for Capacity Development

13.1 CAG’s Auditing Standards require the audit team to collectively possess the knowledge, skills expertise and competence necessary to successfully complete the audit. The question is to determine whether specialist skills are required to conduct the audit effectively and whether such skills/expertise can be sourced in-house or need to be contracted externally.

13.2 The possibility of enabling auditors to have sufficient domain knowledge before undertaking an audit in IT environment should be part of the core human resource development programme of IAAD. It will be essential to ensure that all auditors have the basic skills to navigate and work through an IT platform. As such, all audit personnel will need to acquire basic skills to work on the IT platform. This needs to be an immediate level goal.

13.3 The audit tool kits developed for specific audit areas will add to the domain knowledge by standardising the audit checks. The KMS will add to the available knowledge for any audit team before commencing audit. It will be essential to ensure that the tool kits and the KMS remain updated. This can be achieved through an updation mechanism for every domain area.

13.4 As the work on IT platform will throw up data sets, auditors need to have capacity to analyse data and draw insights. Thus, knowledge of techniques of data analytics and use of different tools for data analytics will be important. These should be an immediate and intermediate level goals, basically, based on the coverage of auditors under the training programmes. The graded capacity development on the level of skills may also be rolled out in the immediate and intermediate timeframes. Capacity to leverage Machine learning and Artificial Intelligence should be targeted for the long term timeline.

13.5 Need based engagement of experts may be considered for specific tasks, e.g. for development of tool kits, training activities for data analytics, especially, machine learning and AI techniques etc. While these activities are perpetual in nature, they can be rolled out in immediate and intermediate timelines gradually building up the domain knowledge in the KMS and audit tool kits.

13.6 The capacity of IAAD to scale up the infrastructure for a comprehensive IT solution will be essential factor in success of any IT based solution. The capacity in terms of hardware, software, data storage and data transfers, facilitated by robust, secure and fast network needs to be put in place, after a suitable gap/need assessment.

13.7 Capacity of IAAD personnel in handling the infrastructure issues need to be enhanced/provided as per the needs of the IT solution. A lot of the infrastructure issues are being handled by the outsourced personnel/support. There needs to have, therefore, adequate mix of personnel handling the infrastructural facility.

1 These functions provide essential inputs for planning and managing audits

1. Introduction

The overarching theme of the XXIX Conference of Accountants General is “Accounting and Auditing in a Digital Era”. Leveraging technology for the audit process is, therefore, a key aspect of this paper, and is dealt with first. Thereafter, the challenges to Audit Execution by type of audit (performance audit, compliance audit, and financial audits) are covered. Capacity building and related issues form the last part of this paper.

2. Leveraging Technology for Audit

2.1 The Central and State Governments (increasingly) have, and are continuing to, leverage technology for various aspects of their functioning, including policy making and planning, programme implementation and monitoring.

Within the IA&AD, on the A&E side, the IT-based VLC systems represent the primary system of record for compilation and reporting of State Government accounts. Likewise, the Department has implemented IT systems for entitlement functions. These VLC and Entitlement Systems represent the primary system of record for services delivery for our accounting and entitlement services.

However, there is no such corresponding Department-wide IT system for our audit function. Over the years, the Department has had numerous, if sporadic, initiatives (Department-wide as well as office-specific) for use of IT tools for supporting audit planning, execution and reporting. We have had several such tools in the past or being planned now/in progress – e.g. IR-Main, Audit Management System (AMS), OPTIMA, E2E (for GST), System Automation Initiative (for ITRA) and now a pilot project for State AG Offices. There is a strong case for a Department-wide IT system covering the audit process.

2.2 Scope of Comprehensive IT System for Audit Process (ONE IAAD)

A comprehensive Department-wide IT System for the audit process (ONE IAAD) will need to cover:

  • All types of audit – compliance, financial and performance audit;
  • All stages of the audit process from audit selection, planning and design through audit execution to audit reporting and follow-up;
  • Audits done across all types of sectors – from State AGs (General & Social Sector Audit) and AGs (Economic & Revenue Sector Audit) to Central Audit Offices covering different sectors (revenue, expenditure, commercial, defence, railways, communications) etc.

At the minimum,

  • A common data architecture would be required – e.g. the structure for coding of auditee units; the structure for capturing IRs/paragraphs; approach to categorization of audit findings and key word searches;
  • A common system architecture (at a reasonable level of granularity) would be required – e.g. what is the full range of modules that will be needed for the Department as a whole; what will be the platform used; what will be the broad structure used for financial audits, compliance audits and performance audits; how will exchange of data within the Field Office and between the Field Office and Hqrs. Office be managed; how will audit checklists/Audit Design Matrix be designed and populated?
  • At the same time, the auditee environment for field audit offices varies enormously.
  • By type of Audit Office or audit area - what would be feasible for audit of GST or audit of Income Tax may not be feasible or practicable for State AG Audit Offices (Expenditure Audit).
  • Between different offices within the same category - What is feasible or practicable for one State AG Audit Office may not be fully implementable in another State AG Audit Office.

2.3 Coverage (by Audit Phase)

2.3.1 Data gathering and audit planning/design

The “Audit Selection and Planning/Design Phase” covers two aspects:

  • Selection of units/topics (be it for compliance, performance or financial audit) through a Strategic/Annual Audit Plan;
  • For the selected units/topics, preparing a detailed audit plan – audit scope and coverage; audit objectives/sub-objectives/questions; audit sample etc.

Leveraging technology to support this phase will need to cover different elements:

  • VLC data, including data by Department/DDO (following the Apex Auditable Entity approach), by object code, and also covering receipts, AC/DC Bills, UCs, PD/PL/Similar accounts etc.;
  • Budget data
  • Real-time financial data from the State Government (to supplement VLC data, where appropriate);
  • Tax/assessee data in respect of receipts;
  • Expenditure sanctions issued by Government Departments;
  • Financial data in respect of Government-funded bodies/authorities (especially Societies Project Implementing Units etc.) as well as Government companies/corporations
  • PPP database;
  • MIS data for schemes/programmes;
  • E-tendering data;
  • Grant-in-aid databases;
  • HR data for the State Government;
  • Evaluation reports (and other reports e.g. social audit reports) for schemes/programmes/activities;
  • Information which is publicly available (press, TV, online media)

In addition, from an audit methodology perspective, the IT System will have to cover, at the minimum:

  • Up-to-date Government Financial Rules/Regulations as well as GOs/GRs issued by Government Departments;
  • MSO(Audit) and other Guidelines issued by Headquarters Office;
  • Accounting Standards and guidance issued by ICAI;
  • A database of all (current/up-to-date) audit-related instructions issued by Headquarters Office;
  • A repository of sector/area specific audit checklists which could be adapted/refined as necessary for specific performance/compliance/financial audits;
The output of the audit planning exercise would also have to be captured through the IT System:
  • Up-to-date Audit Universe;
  • Strategic and Annual Audit Plans – compliance; financial and performance audits
  • For individual audits, Audit Design Matrix, Audit Sample, Allocation of work amongst the Audit Team, initial communication to the Auditee

2.3.2 Audit Execution and Documentation

The comprehensive IT System will have to cover (with linkages/cross references):

  • Audit requisitions;
  • Audit observations;
  • Responses to Audit Observations;
  • Entry and Exit Conferences;
  • Audit Documentation and Evidence (KDs; Photographs; Other forms of evidence2) and complete Working Papers
  • Beneficiary Surveys (for audit planning and audit execution); crowd-sourcing and other social media forms (for audit evidence);
  • Mechanisms for collation/compilation of audit findings from different audit teams for the same audit;
  • Audit Findings Matrix (linked to Audit Design Matrix)
  • Supervision and monitoring of execution online/real-time at different levels (HoD/Group Officer/OAD Headquarters) and issue of additional guidance;
  • Workflow automation

2.3.3 Audit Reporting and follow-up – IT System integration

The comprehensive IT System will have to cover (with linkages/cross references):

  • Drafting, finalization and issue of Inspection Reports and Departmental Appreciation Notes/Management Letters;
  • Responses from Auditees to IRs and DANs;
  • Follow-up of IRs and DARs and maintenance and clearance of outstanding audit findings (IRs/paras/Objection Book);
  • Legacy data of outstanding audit findings (what to capture from the paper-based records and how);
  • Drafting, processing (including workflow automation) of Audit Reports;
  • Follow-up of Audit Reports (including ATNs/Detailed Explanations; PAC/COPU etc.)

2.4 Human and Financial Resources Required

It is appreciated that the human resources required for such an implementation are substantial. The implementation of such a system will have to proceed side-by-side with the annual audit execution and reporting cycle, without impacting the preparation of the CAG’s Audit Reports; and without an immediate increase in staffing (at Group A or Group B levels). Any ramp-up of Group B staff requirements will necessarily be gradual. It is also important to get data being captured into the IT system to be validated/verified. In addition, if we are going to such levels of IT dependence, the pool of skilled IT manpower across the Department will have to be significantly enhanced (even if we outsource application development and system maintenance). Adequate training to our staff to switchover to an IT based system is also required.

Likewise, the financial resources required for such a project implementation will also be considerable. Apart from the costs involved in application development and system maintenance, IT infrastructure costs (initial and recurring) will be significant – in terms of server infrastructure, networking hardware, Internet access infrastructure and costs, networking security, mobile apps for our field audit teams

3. Audit Execution Issues – by type of Audit (Compliance/Financial/Performance Audit)

3.1 Compliance Audit

3.1.1 Traditional Approach to Compliance Audit

Hitherto, the audit plan for transaction-based audits/compliance audits was based on an A/B/C categorization of units (also referred to as High Risk/Medium Risk/Low Risk). The categorization into High/Medium/Low Risk was at the level of the auditee unit (generally, the Drawing & Disbursing Officer for civil audit) and not on a top-down basis following the auditee hierarchy. The main parameter for deciding the risk profile/categorization was financial expenditure, although other parameters like past audit findings, cases of fraud/embezzlement and other factors were also to be considered. The audit duration was more or less uniform for A/B/C category units. The audit planning approach was somewhat different for other audits (e.g. Central Commercial Audit) but the principles were broadly similar.

3.1.2 Need for a new model for audit planning and execution

There have been numerous developments in the IA&AD, which had not been fully captured in the traditional approach to compliance audit planning and, therefore, necessitated a paradigm shift to planning and executing compliance audits (and indeed financial and performance audits as well).

CAG’s Auditing Standards were updated in 2017, and the Compliance Audit Guidelines (issued for the first time in 2016) instituted a top-down, risk based and department centric approach and aimed to instill process rigour in audit implementation. Instead of a DDO-centric approach, a three-tier hierarchy is prescribed:

  • Apex/Auditable Entity – the Department/Sector in the State Government or the Central Government being the top layer;
  • Audit Units – Units with one or more of (a) substantial devolution of administrative and financial powers; (b) functional autonomy; (c) operational significance with reference to achievement of objectives of the Apex Auditable Entity;
  • Implementing Units – Organizational hierarchy and implementing agencies below the Audit Units.

The Annual Compliance Audit Plan would consist of a risk-based selection of Apex Auditable Entities, an appropriate sample of Audit Units at various hierarchies within each Apex Auditable Entity, and a selection of Implementing Units as necessary, and also determination of specific subject matter, where considered necessary.

Individual compliance audit, according to the Compliance Auditing Guidelines, means. For each individual compliance audit3, a detailed audit plan would be prepared, defining the scope and extent of audit, particular compliance audit objectives to be derived from the scope of audit, and a Compliance Audit Design Matrix (on the lines of the Audit Design Matrix for PAs). From a reporting perspective, the Guidelines envisage preparation of an Inspection Report for each of the selected Audit Units and a Departmental Appreciation Note to the Apex Auditable Entity.

It is possible that for some Departments, we may designate the Pr. Secretary/Secretary as the Apex Entity (in one sense a “super” Apex Entity), and in addition, a few other Senior Officers also as Apex Entities. The Apex-Auditee Entity based approach also implies that when, based on the risk profile, we select an audit unit and/or implementing units, we would necessarily need to audit the higher-level apex unit (such audit may be for a very limited scope consistent with our assessment of risk profile).

We recognize that the implementation of the Compliance Auditing Guidelines (at all stages – planning and audit design, execution and reporting) is still a work-in-progress.

The issues related to compliance audit execution largely flow from the deficiencies in compliance audit planning, laying greater emphasis on quantity over quality i.e. “maximum” number of audit units covered (often with a “standardised” audit duration) over quality. Audit scope is not clearly and specifically defined, audit coverage is understood to mean the audit period/years covered and nothing more, and audit sampling is not scientific. Therefore, our compliance audits largely do not provide audit assurance – i.e. that except for the findings highlighted in the IRs (which should naturally migrate to Management Letters and the CAG’s Audit Report), there were no significant instances of non-compliance or lack of propriety within the audit scope and sample. This also implies that in the areas (audit scope and sample) examined by Audit, significant system defects have been highlighted4. The tendency towards setting of an “annual target” number of DPs for each audit team (or for that matter, the Group Officer and the HoD) leads to a focus on identifying “low hanging fruit” for floating as potential DPs.

3.1.3 Task Force to suggest measures to improve the quality of IRs (2016)

Many of these issues had been highlighted by a task force chaired by Shri Ashwini Attri for suggesting measures for improving the quality of IRs. Some of the notable recommendations made by the Task Force included the following:

  • Risk analysis of auditable entities by field offices provides undue weightage to expenditure/receipts; this should cover other important areas (e.g. core areas of functioning, visibility and topicality of issues/events, prevention of losses, weightage, fraud etc.). Also, risk analysis of the Apex Auditable Entity as well as lower level of units needs to be thorough and well documented.
  • The Annual Audit Plan puts undue stress on quantity (i.e. number of units to be audited) rather than quality of audit output, and audit parties often do not focus on core activities/mandate.
  • Specific planning for the audit of the programmed selected Unit is often absent; this needs to be corrected. An informed decision should be taken about the number of days required for preparing the audit plan for the unit.
  • Audit execution is largely not being subjected to the desired monitoring; vetting and approval of IRs also does not get the deserved attention.
  • Mechanisms for ensuring follow-up action on IRs need to be strengthened.
  • While we have made concerted efforts to sharpen our skills for conducting Performance Audits, the same cannot be said about Compliance Audit (except when the Department came out with the Compliance Auditing Guidelines). Better training needs analysis for compliance knowledge, focus on domain knowledge of the auditable entities etc. are important.
  • Leadership and motivation by Group A officers for compliance audits is important.

3.1.4 Technical Guidance and Supervision (TGS) of LB Audits

Although our audit mandate in respect of PRIs and LBs is Technical Guidance and Supervision5 (TGS), over the years, the focus has largely been on direct audits of a few ULBs and PRIs, rather on technical guidance and support of the work of the primary auditor (Examiner/Director, Local Fund Audit). Chapter 10 of the Regulations on Audit and Accounts clearly lays focus on review of the annual audit plan of the ELFA, the audit methodology and approach, review of ELFA Inspection Reports, submission of returns by the ELFA as prescribed by the CAG for advice and monitoring, and training and capacity building of local fund audit staff. In fact, even the objective of the “direct” audit of selected PRIs and ULBs is to provide technical guidance to the ELFA.

TGS for LB Audit is compounded by the fact that decision-making in many areas (especially for PRIs) is often in the hands of the State Government, rather than the local body. Also, the devolution of functions to PRIs and the actual empowerment (as opposed to theory) of PRIs varies dramatically from State to State – PRIs in some States are more empowered, and more active than in others. A distinction also needs to be drawn between ULBs and PRIs – many large Municipal Corporations have annual budgets which are larger than the smallest States, and such MCs possess a considerable degree of independent decision-making.

3.2 Financial Attest Audit

3.2.1 Overview – Audit Planning and Execution

The responsibility of the CAG referred to in Article 151 of the Constitution is the report on the accounts of the Union/State Government. Therefore, the certificate of the CAG on the Finance & Appropriation Accounts read with Report No.1 (Audit Report on Central/State Finances) constitute the primary Audit Report of the CAG. This certification and report requires substantial level of focus and attention, during audit planning (and allocation of human resources) as well as audit execution. For example, a statement that Audit performed a detailed check of 3 out of (say) 30 Personal Deposit accounts is valid only if such detailed check includes field audit of the records maintained by the PD administrator, including records with the treasury, agency bank etc.

By contrast, supplementary audit of accounts of Government companies is given due importance in the Central Commercial Audit setup. Since audit is with reference to the Accounting Standards notified by the Ministry of Corporate Affairs and the Guidance Notes issued by ICAI, the detailed audit planning has greater clarity. The timelines for finalization of CAG’s comments are also clearly understood and accepted within the Department.

3.2.2 Financial Attest Auditing Guidelines for audit of State Government accounts (March 2015)

In continuation of the Financial Attest Audit Manual (2009), the Department issued a detailed set of “Financial Attest Auditing Guidelines for audit of State Government accounts” (2015). These Guidelines largely focus on the arithmetical accuracy checks between the VLC data and individual Statements, within Statements, and also between Statements. With regard to analytical issues, aspects like checking of bookings under MH 800 (receipts and expenditure), AC Bills, UCs are specifically mentioned. From an organizational perspective, the Guidelines incorporate the erstwhile Central Audit function (now redesignated as FINAT) as an integral element of the financial attest auditing process.

3.3 Performance Audits

3.3.1 All India PAs

Some issues related to All India PAs include the following:

  • The interest of Field Offices in All India PAs is related to whether the audit output from the field office can form the basis for a State PA (or at least a TA). If so, the quality of manpower deployed by State AGs is likely to be significantly higher. Consultation with field offices for future topics for All-India PA reviews could be useful.
  • The Audit Design Matrix/Audit Guidelines for PA reviews are quite detailed, and without adequate familiarization it is often difficult and time-consuming for audit teams in individual Field Offices to understand and assimilate these guidelines and apply them during audit execution.

3.3.2 Integrated Audits

All-India reviews represent one form of integrated audits. PA topics in the Railway Wing are often integrated audits; likewise, integrated/joint PAs are also taken up sometimes by the Commercial Wing.

In addition to these cases, there are also topics which need to be taken up jointly by the GSS and ERS Audit Offices in a State, even after the restructuring of offices conducted in 2012. There are also audit topics like Namami Gange, which cut across multiple audit jurisdictions. Some examples of areas where integrated/joint audit (not just for performance audit, but even for compliance audit) could be useful:

  • GST audit – where co-operation between the Central and ERS Audit Offices would be critical at least in the initial 1 or 2 years;
  • VAT audit – Under the earlier VAT systems, collaboration between AsG offices of different States to match sales/purchase figures
  • State Tax administration – Stamps & Registration audit parties could need help from the local Commercial wing which audits industrial areas (where tax exemptions are granted); similarly, in Stamps & Registration audit, figures and details are often required from Registrar of Companies (under Ministry of Commerce, GoI)
  • Audit of Tourism Department – The audit teams might need assistance from other Departments e.g. PWD, Police, Culture, Archaeology, which may or may not fall within the audit jurisdiction of the same teams
  • Forest clearance – Sometimes, audit teams comes across instances of delay/non- completion/abandonment of projects due to lack of forest clearance; integrated audit with the forest audit teams would be useful;
  • Department and PSU – Situations exist where the Department and PSU are under the audit jurisdictions of two different offices, or within the same audit office but under different groups.

3.3.3 Evaluation/Assessment of outcomes (as opposed to outputs)
In general, when assessing effectiveness as part of our PA reviews, we tend to focus more on inputs, processes and outputs, and not so much on outcomes. The reasons why we do not conduct impact assessment of outcomes (as distinct from outputs) are several; these include the difficulty in establishing a cause-effect relationship, the lack of such skills and competencies with our Department, and very importantly, that establishing a causal relationship with outcomes needs a much longer time-horizon, not consistent with our annual reporting cycle.

According to the 2014 Performance Auditing Guidelines,

“… While focusing on effectiveness, it is important to distinguish between the immediate outputs or products and the ultimate impacts or outcomes. Outcomes are important to the effectiveness of programmes/activities but may be more difficult to measure and assess than the inputs and outputs. Outcomes will often be influenced by external factors and may require long-term rather than short-term assessment.”

In general, when assessing effectiveness as part of our PA reviews, we tend to focus more on outputs, and not so much on outcomes. For example, in our periodic PA reviews on primary education (Sarva Shiksha Abhiyan (SSA) or more recently, the implementation of the Right to Education Act), when it comes to programme objectives, our audit focus is on:

  • Inputs – e.g. Provision/availability of necessary funds; recruitment of adequate numbers of teachers; non-existent/inadequate school infrastructure (buildings, blackboards and other equipment, separate toilets for boys and girls etc.); provision of textbooks, uniforms etc; benefits/aids for children with special needs;
  • Processes – e.g. process deficiencies with regard to capture of data; household surveys; non-compliance with RTE requirement for non-retention; inadequate/non-existent monitoring and evaluation and grievance redressal mechanisms;
  • Outputs - student enrolment; drop-out/retention rate

However, in the case of primary education, learning outcomes are not assessed or evaluated in our performance audits. By contrast for example, the ASER Centre6, a private NGO, brings out the Annual Survey of Education Report – the latest report being for 2017. The survey of learning outcomes through targeting of children in the age group 14 to 18 years (so as to assess the benefit of mandatory education for eight years under the RTE Act) covers basic assessment of reading, arithmetic and English through standardized tools, followed by daily tasks like counting money, adding weights, common calculations like measuring length, calculating time etc.7 Another example is the Gunotsav initiative undertaken by the Government of Gujarat for assessing the quality of outcomes in primary education 8.

A similar case could be made for our PA reviews in the health sector (e.g. National Rural Health Mission/National Health Mission) where our focus is on inputs, processes and outputs and not on an impact assessment of ultimate outcomes of governmental interventions (e.g. reduction in Maternal Mortality Rate (MMR)/Infant Mortality Rate (IMR)).

The reasons why we do not conduct impact assessment of outcomes (as distinct from outputs) are several:

  • It is difficult to establish a cause-effect relationship between government interventions and outcomes, especially in the short term but even in the long term. Outcomes are influenced by a variety of external factors (controllable or otherwise).
  • Our Department’s employees have several strengths, in particular the ability to analyze files/documents/records, look for inconsistencies/discrepancies between various sources of information and conduct further analysis etc. But, impact assessment of outcomes (i.e. monitoring such outcomes and establishing causal relationships leading to such outcomes) is more difficult and the level and type of intellectual rigour required for such studies is not something that our staff are trained for.
  • Establishing a causal relationship between governmental interventions and outcomes needs to be done over a longer time horizon; this is not ideally suited to our annual audit planning and execution horizons, where the immediate focus is on the next Audit Report.
  • We could consider using beneficiary surveys as a limited proxy. But the use of findings from beneficiary surveys has its limitations – it is a set of findings on beneficiary perceptions/responses and not necessarily on outcomes.

In many cases, our focus in PA reviews on outputs may be adequate. For example, when we conduct reviews on irrigation projects, it is generally enough to assess whether the irrigation projects have been completed, and water is actually made available in time to the farmers, perhaps supplemented by reports generated through satellite-based monitoring of creation of irrigation potential. But in sectors like health, education etc., outcomes are important.

However, if one has to look at learning outcomes of education-based Government interventions, there could be multiple causal factors (facilitating a positive outcome or inhibiting such an outcome) involved – not just the student enrolment ratio e.g.

  • The level and quality of school infrastructure – school buildings, classrooms, blackboards and other infrastructure, electricity, toilets (especially separate toilets for girl students in upper primary and higher classes);
  • Accessibility for students (nearness; road connectivity; availability of bicycles etc.)
  • The availability of adequate teaching staff and also their quality (attendance, ability to teach); timely provision of quality textbooks
  • Poverty, malnutrition and related factors, as well as social/family-based factors (including gender discrimination), inhibiting their ability to learn;
  • The impact of the Mid-day Meals programme (which could positively influence enrolment as well as attendance);
  • Financial incentives/scholarships, especially for weaker sections in higher classes

Establishing actual learning outcomes is one aspect, which is perhaps feasible. However, establishing a cause-effect relationship between multiple influencing factors with the learning outcome – what caused a positive (or negative) outcome, and to what extent (i.e. to some level of “statistical” confidence) – is quite difficult. Assessing teaching quality is difficult; even if done by expert professionals, this could remain open to challenges on account of subjectivity and/or bias.

Given this combination of factors, we could consider whether we can hint at some nuanced, qualitative statements and that too, for our audit sample (not necessarily for the audit universe). For example,

“..Audit scrutiny of test-checked schools revealed inadequacies in school infrastructure (lack of blackboards, girls toilets etc.), teacher shortages etc. These could have significant adverse impact on primary education, as evidenced by the dropout statistics for these schools…”

4. Human Resources, Capacity Building and Related Issues

4.1 Span of Control

Given the limited number of Group Officers in most field offices, prioritization is essential. What is he or she to concentrate on – performance audits, thematic audits, compliance audits under the new Apex Audit Entity based model, financial attest audits? In addition, there is other (growing) load on the Field Offices and the Group Officers. One of the underlying reasons for the load on the Group Officers is their span of control (i.e. how many teams can they effectively control and supervise for high quality work).

4.2 Updating of manuals and checklists

The MSO (Audit) was issued in 2002. The Regulations on Audit and Accounts was issued in 2007, and numerous sets of guidance have been issued/updated thereafter. It is understood that an exercise for updating the MSO (Audit) is under consideration/in progress.

Updating of Field office manuals is necessary, at the minimum to consider the updates of Performance Audit and Compliance Auditing Guidelines. The development (and periodic updation) of Department/auditee type-specific checklists (e.g. checklists for audit of District Education Officers/Government schools/Government colleges/Grant-in-aid colleges/Universities etc.) will also be necessary, in our opinion.

4.3 Capacity Building Measures

Two major areas for capacity building would be:

  • The new orientation for compliance audit – This will require a substantial change in the attitudes/skills/approach of the staff dedicated to compliance audit. Instead of the approach focusing on how many potential DPs come up (and setting targets for DPs), the new approach focuses on coverage of a defined audit scope and sample, working according to a pre-defined audit design matrix and demonstrating through the audit findings matrix that the audit execution conforms to the original audit plan and design.
  • Increased domain knowledge – In some areas, we can hire external experts to fill the gap in terms of domain knowledge (largely for performance audit, but this will increasingly be true for several Apex Auditable Entity-based compliance audits). But, in many situations, we may be unable to hire external expertise (lack of easy availability; potential conflicts of interest with Executive function; long-term requirements) and we may need to develop (and constantly upgrade) the domain knowledge of our teams in selected areas. This may be through internal training institutions, or more likely, through external training institutions specializing in specific sectors/areas. While we have conducted such domain-specific training programmes on a sporadic basis, a more systematic, long-term approach may now be required.

4.4 Staff Motivation

Ultimately, our audit results are as good as the audit staff that we have. A lot can be achieved through the efforts of IA&AS Officers, but equally there is an enormous amount that needs to be achieved through motivation of our Group B and Group C audit staff.

We are constrained in terms of our recruitment (through Staff Selection Commission), promotion (‘good’ as the benchmark performance appraisal for promotions) as well as in terms of financial incentivization by Government of India rules and orders. The Department has done away recently with the system of cash awards (although in monetary terms, the amounts were small and it was more of a recognition than a financial incentive).

We, therefore, need to explore what are the possible ways (financial and non-financial) to motivate our staff. This has to be both positive and negative – we must be able to recognize staff who do exceptionally well, and we must also be able to disincentivize poor performing staff (not just on account of conduct/behaviour). One of several possible options could be to expand the number of chances for the CPD Examination to an unlimited number; after all, it is our expectation that audit staff will need continuing professional development right through to their retirement.

2Possibility of videos as audit evidence in the future

3 Defined as an audit of the identified Apex Auditable Entity along with the selected Audit Units and a sample of Implementing Units
4 To the extent that instances of fraud, corruption and misappropriation are due to system defects, this should have been highlighted in our compliance audits.

5In effect, the role is more of supervision rather than support
6 This is given merely as an example; the methodology followed (or the findings) in the ASER Report are not being endorsed.
7 Further information is available in the document “About ASER 2017 – Beyond Basics” at
8 Seven rounds of assessment have been completed from 2009; Gunotsav-8 is currently in progress. Further information is available at )

1. Introduction

The purpose of an audit report is to communicate the results of audit to various stakeholders and to facilitate follow-up and corrective action. It is therefore essential that the audit reports are understandable, acceptable, credible and secure the trust of stakeholders and those responsible for governance. This paper (i) examines the existing Rules/Regulations/Guidelines that govern Audit Reporting by CAG of India, (ii) identifies who the stakeholders for the CAG Reports are and what are their requirements (iii) discusses the general challenges and issues involved in Audit Reporting in the CAG of India over the years and (iv) suggests the need for changes in the Reporting methods in the context of the digital era which could be discussed in the Accountant General Conference.

2. Existing Rules/Regulations/Guidelines governing Audit Reporting by CAG of India

As regards Reporting, the CAG of India has been governed by Article 151 of the Constitution of India which states that the reports of the Comptroller and Auditor-General of India relating to the accounts of the Union/State shall be submitted to the President/Governor, who shall cause them to be laid before each House of Parliament/State Legislature. The Regulations on Audit & Accounts-2007 state that the form, content and time of submission of audit reports shall be decided by the CAG.

Auditing Standards bring out the mandate, form and content for Audit Reporting and need for dissemination of the audit report. Further in order to give more clarity in the reporting aspects in Financial, Compliance and Performance Audits, the CAG of India has developed Financial Attest Auditing Guidelines10, Compliance Audit Guidelines11 and Performance Auditing Guidelines12.

Other guidance issued on the subject are Style Guide, guidance notes on ‘Drafting and presentation of Audit reports’, ‘Developing recommendations’, ‘Practitioner’s Guide for use of Data Visualisation and Infographics’ and ‘Types of Audit’.

3. Who are stakeholders for the CAG Reports

Stakeholders are those persons/entities who are interested in results of the CAGs audit efforts and read CAG Reports for their own purposes. As per Article 151, the House of Parliament represented by the Members of Parliament and the State Legislature represented by Members of the State Legislature naturally become our primary stakeholders. As the Public Accounts Committee and Committee on Public Undertakings of Parliament/State Legislature have been specially tasked with handling the CAG Reports, their members become our most focussed stakeholders. But there are other stakeholders also. Generally the overall list of stakeholders for the CAG Reports would be (i) Parliament/State Legislature represented by its members, (ii) Members of Public Accounts Committee and Committee on Public Undertakings of Parliament/State Legislature (iii) General Public represented by beneficiaries of governmental scheme, tax payers and public at large, (iv) Government officials and entities who are being audited, (v) Activists and Non-Government Organisations,(vi) Media and (vii) Policy makers, policy analysts, think tanks, academicians and researchers. Each of these stakeholders has a different purpose for reading CAG Reports and therefore want different style and level of detail from the CAG Reports. The table below attempts to plot what the various stakeholders expect from the CAG Reports.

Thus we see that report writing and report presentation is indeed a tricky task in view of the diverse requirements of all our different stakeholders. A CAG Report has to address the concerns of the legislature (who need strength of evidence), public (who need easy readability), audited entities (who need depiction of their views and limitations), media (who need topical value) and policy makers (who need in-depth macro analysis) all in one document. Over the years, the CAG has tried to satisfy all its stakeholders and this has resulted in the average CAG Report are detailed, and use complicated language, which may impact understanding and readability.

4. General challenges and issues involved in Audit Reporting by the CAG of India over the years

There are various aspects involved in Audit Reporting which are critical in deciding its effectiveness. Accordingly, this paper identifies a few of these critical aspects involved in Audit Reporting by the CAG of India over the years. The issues that are discussed below apply to all kinds of reports being produced by the CAG like inspection reports, appreciation notes, management letters and the final CAG audit reports that are presented to Parliament/Legislature.

4.1 Adequacy of detailing of the CAG Audit Reports

The CAG Report has many details in the form of multiple tables, long annexures and details which are more in the nature of supporting evidence. Often while finalising reports, there are internal discussions as to the levels of detailing that need to be exhibited in the body of the Report or whether these details need to be placed as a table in the body of the Report or as an annexure to the report or just kept by the office as supporting documents. This is also probably due to the fact that there are multiple stakeholders whom we are trying to satisfy. The level of detailing thus varies from report to report depending on the appreciation of the officials involved in their finalisation. Hence this is an area for streamlining and issuing of some guidelines and guidance from experts.

4.2 Length of the Audit Reports

As per the Style Guide and Guidance note on Drafting and presentation of Audit reports, the maximum length of a composite report comprising results of compliance and performance audits should be 120 pages (excluding overview and appendices/annexures), which can be relaxed where the number of reviews is four or more in bigger states. Overview should not normally exceed about eight to ten pages and the appendices/annexures shall not exceed 65 pages. Except for All India Performance Audits, a Performance Audit (PA) Report should not normally exceed 25 pages. The Executive Summary of a PA Report should not, generally, exceed three pages.

a) Overall length of the Reports

The first question that arises is whether there is indeed a need to have a limitation on the overall pages for a report. How can varied and deeply diverse topics which involve completely different scope, time taken and range of field audit efforts, be presented in a standard number of pages across the country?
Further, on several occasions complexities of the audit topics emerge only after commencement of the audit. In such situations, although the topic may fall in a category with low page limit, there may be substantial audit findings and the report may exceed the page limit. The reverse could also happen where the report may fall short of the prescribed page limit due to small number of audit findings and in such cases it may encourage the report writer to engage in verbiage. It may, at times, be difficult to take a decision on the category to which the audit topic should belong. Putting a limit on the number of pages per report may not be the best way of ensuring quality of reports. For, very good audit findings could be presented crisply using limited number of pages. Conversely, lengthy reports may need to be looked at more scrupulously as possibly lacking in quality.

Here we need to revisit and tackle the issue on two fronts. One is the overall restriction on the number of pages for a report and how sacrosanct this is. The second is that once a certain number of PAs and Thematic Audits (TAs) are approved as part of the audit plan for CAG Report, then restriction of pages could perceptibly undermine the reporting process. It would also be relevant to point out here that one way to limit the length of the Audit Report is to reduce the number of PAs and TAs and strengthen quality.

b) Prescribing limits for length of Thematic Reports

There is no such thing as a Thematic Audit as far as universally accepted nomenclatures of different types of audit are concerned. Should the audit products be restricted to performance, compliance and financial audits? The so called Thematic Audits (TAs) can be part of Compliance or Performance audit work and their length can depend upon the scope of the study. A PA can also be of 10-12 pages if the scope of that audit warrants so.

However, in case we continue with TAs then the issue that arises is that currently there is no clarity on the desired length of TAs, as its scope can vary from being sector specific compliance audit dominated topics which can be reported in lesser number of pages (say 8 to 15 pages) to sometimes performance audit dominated topics which require more number of pages to report (say 10 to 25 pages). Further also depending on the depth of analysis, the size of the TA could vary from 8 pages to 25 pages. This problem has become more critical due to the large number of such planned TAs in a particular CAG Report.

c) All Performance Audits should be Standalone Reports

Over the years, the CAG Reports have been focusing more on Performance Audits as they provide entities and stakeholders with information and some degree of implicit assurance about the quality of management of public resources and also assist public sector managers by identifying and promoting better management practices. Most of the composite CAG Reports contain around two or three PAs on varied subjects. It has been often felt that these PAs do not get their fair share of visibility as they remain embedded in the composite reports and are often difficult to identify and retrieve.

Standalone PA Reports on the other hand are able to attract more attention as they are easily visible hence retrievable and this tends to increase their utility. The standalone PA reports issued to the Government of India have always enjoyed enhanced visibility and are referred to and quoted more often than embedded PAs. Most other Supreme Audit Institutions like the National Audit Office, UK and the Government Accountability Office, US also issue subject-matter-wise standalone PAs. There fore in order to enhance the appeal, access and ability to retrieve Performance Audits,there is a strong case for making all PAs as standalones reports. This will help the composite reports in becoming compact.

d) Reporting on responses of the auditees

While auditee response to audit observations is a requirement of the audit standard, often the responses from auditees are evasive and long. They do not clarify the issues raised in the audit observation nor effectively counter them. We need to take a view whether irrelevant auditee response should find full reproduction or it should be adequate to quote only the relevant portion or to say that ‘the auditee in its response failed to offer any convincing explanation justifying the state of affairs/deviation as noted in this audit observation’. In the GAO, the annexures contain the full management response and in the body of the report the management response is incorporated as found appropriate by audit.

4.3 Readability of Audit Reports

Having a quality control mechanism and an overarching ‘Audit report writer’s guide’
While there have been many efforts by the CAG office to simplify the writing style through issue of (i) style guide (ii) guidance notes on drafting and presentation of audit reports, (iii) guidance note on developing recommendations (iv) practitioner’s guide for use of data visualisation and infographics and (v) various circulars issued over the years. Scope to have an overarching ‘Audit report writer’s guide’ incorporating all these instructions at one place after reviewing them. Currently there are around 150 field offices and 20 CAG office wings involved in the writing and checking of these reports. Hence there is need for strengthening professional quality control methods to ensure that the process of vetting of the reports becomes easier.

4.4 Clearly bringing out the weaknesses and strengths in governance and fixing responsibility for lapses

In the CAG Reports, in any observation being made, generally there is need to give the topic sentence, background, criteria, infringement made, cause, impact, recommendation, response and a rejoinder if necessary. While the CAG has been bringing out the infringement made as per the rules, not always is the larger picture concerning weakness in controls by officials and weaknesses in governance by officials, stated explicitly. Also, the cause for the deviations brought out in the reports is often not dealt with adequately. For example, short releases of funds under centrally sponsored schemes are often quoted in the report as the reason for delayed achievement or partial achievement of the targets, when in fact the reason could be delayed compliance or non-compliance of the requirements of the scheme guidelines which led to delayed or short releases and which in turn was the cause for short achievement or non-achievement of the targets. Another example would be actual receipts or expenditure being far below those budgeted/planned. Quite often, our audit report stops at pointing out the shortfalls and do not examine the deeper causes of the shortfalls.

4.5 a. Assurance given by CAG Audit Reports

Over the years there has been a lot of discussion on the method of reporting adopted with regard to ‘Assurance’ in the CAG Reports. Currently the main area where the CAG offers ‘Assurance’ is with regard to Financial Auditing and while certifying the accounts of the Central and State Governments. This is borne out of paragraph 1.5 of the Financial Attest Auditing Guidelines which states that the ‘CAG of India has the responsibility of certifying and providing assurance on the accounts of Union and State Governments’.

The audited entities who are regularly subject to audit evaluation, on the other hand, want an assurance at macro level that schemes are generally working well.

b. Report on documents not provided during audit and also report on statutory documents not maintained by the department

Very often during execution of audit, the audit entities do not provide the auditor with all the documents required to carry out their audit checks. This results in the audit reporting being incomplete. While, on the one hand, this poses a risk to the audit process since these documents could have proven critical in arriving at the correct audit conclusions, on the other, this tantamounts to a breach of the provision of the Section 18 of the CAG’s (DPC) Act where under the CAG is empowered to seek any documents or information as may be relevant for the purpose of his audit. Hence non production of documents is a serious issue that must be reported specifically in all paragraphs so as to put those paragraphs and their findings in perspective, and also separately as an individual paragraph to highlight the audit concern about the control environment.

Further, we find during audit execution that the audited entities do not maintain all the required statutory documents such as asset registers, cash book (in prescribed formats), copies of sanctions, etc. Under these circumstances also, it is important for the auditors to report these aspects necessarily so that these aspects are brought to the notice of the reader of the report.

Separately reporting on both these aspects secures the auditor from any surprises that could emerge from the examination of these documents in the future. Hence reporting on (1) documents not provided during audit and (2) statutory documents not maintained by the department, should be made mandatory with all reports of the CAG wherein such limitations occur during execution of audit.

4.6 Follow up of Audit Reports through compliance on recommendations

a) Follow up of Audit Reports is an integral part of the overall audit process and is a critical aspect in ensuring the effectiveness of audit. It needs to be ensured that the follow-up process is properly monitored and reported in ensuing CAG Audit Reports. The response and follow up by the entities is also a critical tool to evaluate intent and the internal control mechanisms in the entities. In this regard, two major questions arise. Is the method of reporting in our CAG Reports designed to facilitate follow up; and are CAG Reports giving clear recommendations for each observation where there is a follow-up action required. The answer to both questions is no. The CAG reports are basically designed to bring out the defects in the system and most often leave it to the entity to improve themselves, without giving specific recommendations. Currently, only a few observations are followed by pointed recommendations that necessarily require follow-up action. Further, recommendations are made mostly in PAs and are not that prevalent in TAs, compliance and financial attest audits. In the absence of specific recommendation as to what is expected from the entity as compliance, the actual compliance suffers.

Therefore to ensure better follow up of the CAG Reports, all the findings in the CAG Audit Report should necessarily be accompanied with a recommendation of the auditor as to what is expected of the entity to rectify the deficiency. It could be recovery, action against officials, tightening internal controls, issue of new rules, regulation, issue of clarifications, etc. Compliance to the accepted recommendations should be an important criteria for evaluating intent and internal controls in the organisation. Thereafter a running compliance matrix should be feature in every CAG report stating the number of recommendations made in the previous report, the number of recommendations accepted, follow up action taken on all the accepted recommendations and finally the recommendation pending for action to be taken. Similarly the status of compliance with recommendations of PAC also need to be featured in the audit reports as a running compliance matrix

The UN follows a system for follow up of previous recommendations wherein in each year, the Report of the Board of Auditor on Financial report and audited financial statements lists all recommendations issued during the current period, recommendations that have been fully implemented, recommendations under implementation, recommendations that have not been implemented, recommendations that have been overtaken by events and recommendations that have been closed. A similar system of tracking recommendations is also followed in other SAIs like the GAO.

b) It has also been noticed in PAs that the section on ‘Highlights’ convey only the gist of audit findings (inaction, infructuous expenditure, loss etc.), which by nature are negative. Why should we not put the ‘summary of recommendations’ (like we do in our international work) in its place in the highlights along with the findings? As recommendations flow from the same audit finding, they give a positive spin to the whole report as they stress on remedial measures and not on historical actions (or inaction) which resulted in a loss. This would give greater acceptability to what we have to say in our reports and also provide greater value to our stakeholders. This will also help in convincing the Parliamentary/Legislative Committees to focus their discussion more on the implementation of our recommendations rather than only examining the transactions which are the subject matter of the audit findings which are based on historical actions.

c) The impact of audit should be measured by not only recoveries effected at the instance of audit but also changes in government rules, policies, etc introduced as a consequence of audit findings or recommendations. It may therefore be considered whether a compulsory section in the Audit Report may also be introduced to track changes in government rules, policies, delivery systems, etc., to measure the non- monetary impact of audit. It would be relevant to mention here that this practice is followed by SAI China.

Thus besides monetary recovery at the instance of audit, non monetary audit impact such as changes in rules as a result of an audit recommendation should also be brought out in the Audit report.

4.7 Automated workflow can optimize audit reporting

An automated workflow for the entire audit process, which is being currently envisaged, should also be leveraged for audit reporting. The workflow solution should span the complete audit lifecycle i.e. from audit planning to audit execution to audit reporting and finally for tracking follow-up to audit findings including follow up to audit recommendations.

An automated workflow will keep track of every observation raised and replied at all levels i.e. at the audit memo stage, Inspection Report stage, Factual Statement stage, Draft Paragraph stage and finally CAG Report stage. As all the interventions would be made through the automated workflow system, value additions done in terms of drafting of the observation and changes made at every supervisory level can be captured.

Thus by leveraging digital technology and introducing an automated workflow, we can optimise audit reporting and thereby enhance the overall quality of audit reporting.

4.8 Digital audit reports

Digital reports are indeed the future of audit reporting as bulky printed reports are bound to become obsolete in the years to come. Many SAIs have stated introducing digital reports and even we are in the process of presenting our first digital report to Parliament.

As a pilot, one performance audit report on Customs has been proposed to be presented in a digital format. It will have an online version which will be hosted on CAG’s website and will be accessible through the internet. The offline version will be in a pdf format. The offline version in a CD will be submitted to the President for laying of the report in the Parliament. The digital report has been authenticated using digital signature in a manner prescribed under the IT Act 2000. The Report contains text, images and audio/video or a combination of these which communicate the audit findings. The report also has info graphics to present statistical information, and uses high quality data visualisations. The report is readable in an electronic form across devices like desktop computers, laptops, tablets and smart phones and anyone can download and print the report.

4.9 Managing and Designing Content for Reporting in a Digital environment and improving digital outreach through the CAG website

Most of our current stakeholders either read about our report in the media or read a printed copy of our report or access the CAG Reports through our website. If our website cannot engage the stakeholder in the first ten seconds of them logging, we lose them to other informative sites and alternative content. Currently we are not utilising vast potential of the internet due to weaknesses in the access, retrieval, presentation and visualisation of information related to audit reports on our website. We also need to develop content based on audit findings which is more amenable to dissemination in a digital environment.

Presently, without leveraging the reach of the internet, our audit effort is obscured to a large extent. Currently, our website has a long way to go to facilitate outreach of our work. There is, therefore, an urgent need to overhaul our website both by better management of existing content as well as designing new content for reporting in a digital environment.

a) Access and retrieval - problems

There are significant barriers to access information in the CAG website. The search function does not elicit adequate responses when a user wants to search the website for subject, sector or scheme-wise information.

Subject wise search: A search on our website for the subject ‘Crop Insurance’ only listed an article titled ‘No Lands’s men’. It did not bring up the Union PA on Agriculture Crop Insurance Schemes 2017, which had to be specifically searched for later. For the sake of comparison, we attempted a search of US GAO website on the subject ‘Crop Insurance’. The GAO website listed reports on the issue, offered a brief introduction or summary to catch the reader’s attention and provided a link to the reports.

Sector wise search: The results do not get much better when a user does an advanced search, by sectors. Suppose we as a user want information on the Health sector, at present to get to list of audits done in the Health sector, it is a three step process. As the first step, the sector ‘Education, Health and Family Welfare’ is selected. This lists several G&SSA reports. As a second step, we click on the G&SSA report of a State (we clicked Maharashtra). The contents table of the report is listed with Index, Preface, Introduction, Chapter on Performance Audits and Chapter on Compliance Audits. As a third step, the individual chapters have to be browsed through to get the relevant information. Expecting some PA on health sector, we clicked on chapter 2 which brought up unrelated topics like Foods and Drug Administration and Management of Sports Infrastructure. At each stage, the results belied the expectation, the report titles and chapter headings conveyed little about content and if we persevered through to the third step, we obtained inaccurate results. In such a process, if we don’t lose a user in the first two steps, we definitively would lose them in the third.

Scheme/programme wise search: A third kind of search is when we search for a specific scheme or programme. Here too, instead of listing all reports in the sector, most often individual chapters of a single report get listed on the first screen, confounding the user.

b) Access and retrieval – possible solutions

The issue of poor access and retrieval across the CAG website could be resolved to a great extent by attempting some changes. One is by giving titles for Reports, PAs, TAs and Audit Paragraphs which convey the essence. Two is by clever tagging of key words within the Reports. Three is by ensuring that executive summaries do not exceed one or two pages at the most. Four is by ensuring that when the report is hosted on the website, it should also consider having a three-four line summary of the report (this would be new content which may not be readily available in the report) and four separate links i.e. (a) link to the executive summary, (b) link to the full report, (c)links to the separate chapters within the full report and (d) links to other related reports of the CAG.

c) Developing additional content and visualisation for a digital environment

Till now all the efforts listed above relate to better management of material already available in the system as approved reports of the CAG. There is also need to develop some additional content as well to ensure visualisation of the content for effectively hosting the material in a digital environment. For instance, suppose we want to host content on the CAG website relating to flagship schemes of the Government of India like MNGREGS, Swacch Bharat Mission, National Rural Health Mission, Right to Education etc., then we could consider a main dashboard view of all the flagship Schemes. The dashboard could have list of all such flagship schemes, a background of each schemes, the changes in the scheme over the years (maybe some additional content would be needed) and some big picture numbers about the scheme currently (maybe some additional content would be needed). Thereafter sub-dashboards should open on each of the schemes with list of numerous audits conducted by the CAG over the years. Thereafter, PA wise details like audit objectives, criteria, scope, key audit observations, key recommendations, follow up etc., could appear on drilling down in the dashboard.

While designing a dashboard and sub-dashboards of this kind, there would be need to develop additional content and necessary visualisation which may not necessarily be already available in some approved report of the CAG. Further in order to link the findings of other reports issued by the CAG on this subject over the years, again some additional content may have to be written. The information displayed in the main dashboard and sub-dashboards should also need to be separately designed with art work if necessary, to attract the attention of the user. For instance the dashboard on MGNREGS could have some distinct artwork which would make it easier for the reader to identify this scheme on the CAG website in the future. It should be possible to provide a few external links on this webpage to make the dashboard further more interactive. Small video summaries of the report can also be linked to the dashboard.

d) Developing interactive audit reports on CAG website

Individual audit reports hosted on the website should be made interactive. Cross referencing observations with the supporting data contained in annexures or appendices should be possible at the click of a button. We need better visualisation of the content of audit observations itself. For instance, if a user clicks on a key audit finding that ‘there were less health centres in tribal areas as compared to non-tribal areas’, it should provide a pictorial representation like a chart, geographical distribution, timeline of the underlying statistics that enabled the conclusion. An interactive report is a priority for the State Finance Reports, Reports on Public Sector Undertakings and Local Bodies finances which are dense on fiscal and financial parameters, tables, charts. In fact the datasets that have been used to derive audit conclusions and which form the basis of trends, charts, tables should be the backend of the report so that the report is interactive and enables multiple ways to view data. Such an effort will satisfy multiple stakeholder requirements and bring enhanced visibility to audit effort. In fact, wherever we use data analysis of any sort and aggregate the data and include those figures in our report, we may also give complete set of granular data while publishing the digital report.

e) Additional work products

We have an unparalleled body of work, vast digital resources which we are failing to utilise effectively. It is seldom that we aggregate our findings across sectors or put to use our collective data for effective analysis. We need to identify areas where we can present more analytical reports. It has been stated that as an aid to management14 we can point out regional imbalances in implementation of various flagship programmes across states. It is not necessary that this kind of analysis needs to be only in the form of All India CAG Report signed by the CAG. This kind of analysis can also be a separate product that can be part of the website as an analytical product. However, to appear even as an analytical product on the CAG website, whatever quality controls (like key document checks, language/drafting checks and content checks) that are required could be ensured. Further as these would not form part of ‘CAG Reports to be presented to the Parliament/Legislature’, some caveat could be included to safeguard the constitutional position of the CAG.

f) Ensuring a better feedback mechanism

Every digitally available audit report should be tagged with a simple reader feedback form containing a couple of questions regarding usefulness and quality of the report and identifying the profession of the user. We have to find more ways to obtain feedback from all stakeholders by sending out the reports to them by email and requesting for feedback which must be then aggregated and reviewed for making improvements in the future to the Audit process. Thus we should consider using the CAG website as a tool for eliciting feedback on our reports from all our stakeholders. Additionally, the website can also provide a space for the user to enter her email ID to be notified of a report. Further, if acceptable, we could also consider comments, views and feedback through twitter handles and face book as these tools have great digital outreach with stakeholders.

4.10 Introducing a CAG Report ‘App’ and social media

Wider dissemination of CAG Reports helps in bringing the efforts of the CAG to more and more stakeholders, who then act as pressure groups in increasing the levels of governance in the state. Therefore it is in the interest of enhancing governance, that the CAG Reports are read and deliberated by more and more stakeholders.

Currently, the method of dissemination of CAG Reports is either through distribution of a printed hard copy of the report or through the CAG website wherein a soft copy can be downloaded. While the limitation of physical distribution of copies continues, in this new digital age newer methods and more far reaching methods are available for dissemination of the CAG Reports. While an easily accessible, easily manoeuvrable and robust website is an absolute necessity, other digital tools have also fast emerged. The easy to carry mobile phone and handheld computers and pads have become an enormous avenue for information dissemination. Hence it is time that this potential is tapped for dissemination of CAG Reports and a CAG Reports ‘App’ is created.

An application or as commonly referred to as an ‘Ápp’ is a type of software that allows you to perform specific tasks in your desktop or laptop computers (called ‘desktop Apps’), or on your smart phone (called ‘mobile Apps’). The main benefits of having an ‘App’ for CAG reports are (i) increased visibility of CAG Reports to stakeholders at all times by giving ‘alerts’ to the user each time some new report is released, (ii) building brand for the CAG Reports at all times, (iii) creating a platform for stakeholder engagement & feedback, and (iv) creating a platform to reach out to more and more potential stakeholders.

5. Conclusion

The CAG Audit Reports are meant to communicate the results of audit to various stakeholders and to facilitate follow-up and corrective action. It is, therefore, essential that the audit reports are understandable, acceptable, credible and secure the trust of stakeholders and those responsible for governance. Each of these stakeholders has a different purpose for reading the CAG Reports and therefore wants different styles and level of detail from these reports. We need to understand their requirements and try and satisfy them to the extent possible. This can be done by enhancing the external look, presentation and readability of Audit Reports. Further we need to maintain integrity in reporting results and not shy away from giving ‘explicit assurances’ for good governance wherever deserving. We must also ensure that every finding that needs a follow up action is accompanied by a specific recommendation which clearly brings out the weaknesses in governance and those responsible for the lapses. This will also facilitate the follow up of Audit Reports by monitoring the compliance to these recommendations.

Currently we are severely under-utilising the vast potential of the internet by not keeping our content ready for digital outreach. Hence there is an urgent need to manage and design content specifically for reporting in a digital environment and improve the digital outreach through the CAG website and other digital outreach tools like ‘Apps’ for smart phones and handheld devices. Finally we should encourage all reports of CAG to be accompanied with an authentic digital and interactive version.

10Chapter 4 on ‘Documentation and Reporting’.
11Chapter 6 on ‘Reporting compliance audits’.
12 Chapter 7 on ‘Reporting process’.

13The current report uses Trebuchet font in a grey colour of size 11 with orange highlights.
14Senior Management meeting minutes of 13 June 2018.

1. Introduction

The offices of the Accountants General (A&E) are responsible for the compilation of Accounts in all states except Goa and the Union Territories of Puducherry and Delhi. They are responsible for the entitlement function encompassing Provident funds, Pension and Gazetted entitlement in most of the states. The A&E offices aid and support the States mainly in the form of exercising internal controls independently

1.1 Results of XXVIII AsG Conference

One of the discussion themes for the XXVIII Accountants General Conference 2016 was the ‘Impact of IFMS on A&E functions’. Based on the recommendations of the XXVIII AsG Conference, Committees were formed on various issues to help the A&E offices to move towards a digital environment. Two Committees were set up for formulating Functional Requirements for accessing digital data from IFMS portal and to look at the issue of laying down of specifications regarding the AG Module and the need for continuance of VLC system respectively. On the basis of the recommendations of these Committees the following main decisions were taken:

  • The Functional Requirement Specifications i.e. user requirements for utilising IFMS data by AG (A&E) and AG (Audit) were framed. These have been circulated to all AG (A&E) offices to ensure that the IFMS in their States meets these specifications. AsG in turn have taken this aspect with the State Government.
  • A decision was made that VLC may continue to be used by AG (A&E) so that the deviations/errors in IFMS data can be identified and rectified. In addition it was decided that we may request the States to prepare a separate AG Module in IFMS which will give “read only” access to the various databases and data downloading facility from the State Government. The State AsG are interacting with the State Government for development of a separate AG Module in their IFMS.

The basic objective of IFMS is to move towards accounting in a digital environment. This implies that the A&E offices move towards acceptance of digital vouchers/sub-vouchers and other documents. To enable a movement to a paperless environment a Committee was set up to look at the minimum requirements for digital vouchers and sub-vouchers. The Committee recommended that the digital vouchers have to meet the requirement of the IT Act 2000. Based on their recommendations it was decided that the vouchers need to be digitally signed and accompanied by sub –vouchers. The sub- vouchers accompanying the vouchers could be defaced before being scanned and uploaded. States of Haryana and Himachal Pradesh are conducting pilot project for complete switch over to a digital environment.

Before a complete switch over to a digital environment it is essential to draw an assurance that the checks in-built in IFMS can be relied upon. It is thus essential that AsG (Audit) conducts a Systems Audit of IFMS. In this regard a Committee was formed which framed guidelines for AsG (Audit) for conducting System Audit of IFMS.

A major impact of the IFMS will be on the manpower requirements of A&E offices. This is because mostly data is now being input at the level of DDOs and transferred to A&E offices via the treasury.

The AsG have access to real time information available from IFMS on the basis of ‘Single Source of Truth’. Thus data input is no longer an important item of work in most states. Regarding re-working of the manpower requirements in a digital environment, a pilot study has been carried out in the four states of Himachal Pradesh, Odisha, Kerala and Rajasthan. At present the results of the pilot study are under examination and are being peer reviewed.

1.2 Present Paper: This paper is an attempt to re-visit the four main functional responsibilities of the A&E offices and to help them perform their functions in a digital environment. This paper focuses on four main areas i.e.

(A) A&E offices and financial management,

(B) Treasury inspection and validation,

(C) Entitlements in a digital era and

(D) Digitization of records.

2. A&E Offices and Financial Management:

2.1 Role of A&E Offices:

Financial Management of states is purely an executive function carried out by the Finance Departments of the respective state governments. Through the Accounting and Entitlement functions, the A&E offices aid and support the state government in Financial Management mainly by exercising internal controls independently and through supporting functions like compilation of the accounts, authorising entitlements and maintaining balances.

2.2 Current Context:

The current context of the working of the A&E offices needs to be looked at in terms of the A&E offices exercising their functions in an IT enabled environment of a stabilised though dated VLC. The status of implementation of IFMS varies across the States. The status of implementation of IFMS as on 30th June 2018 is placed at Annexure –I-A and I-B.

Depending upon the status of implementation of IFMS in the state, it is now possible to import data from IFMS to VLC. Most states have initiated some or all modules of IFMS. States like Odisha, Haryana, West Bengal, Rajasthan, Kerala and Himachal Pradesh are moving towards paperless vouchers. Most offices receive accounts from the treasuries in the form of a data dump every month and are used for generating of Accounts.

Stabilisation of IFMS is leading to the need for a Business Process Reengineering with the need to shift focus from compilation to harnessing the data from IFMS and VLC to exercise effective internal controls and aid states’ financial management. Accountant General has access to real time information available in IFMS on the basis of ‘Single Source of Truth’. Hence, the accounts are expected to be of a better quality.

2.3 Reiterating and revisiting our role in the digital age:

The A&E offices shall continue to support the financial management through the accounting functions executed within the offices as also the Treasury Inspections. While the change in focus of the Treasury Inspections is discussed in the subsequent section, the other areas are as follows:

2.3.1 Budget and Expenditure Review:

The structure of the budget data from IFMS should match with that of the other modules thereby enabling timely generation of ‘Report on Expenditure’ and warning slips on excess expenditure etc. Further, the Budget data and VLC data should be regularly reconciled and should match.

2.3.2 Monthly and Annual Accounts:

Implementation of IFMS will facilitate the timely rendition of these accounts, for them to serve as more effective MIS.

2.3.3 Accounting Checks and Quality of Accounts:

Implementation of IFMS will facilitate the timely rendition of accounts, for them to serve as more effective MIS. Owing to single source of data, there will practically be no difference in details mentioned on the face of the voucher and the data downloaded from the IFMS. As there is little need for the staff to do any data entry, care needs to be exercised so that the ‘Single source of truth’ is not reduced to a ‘Single source of error’.

a. The focus therefore, has to shift to ensuring proper validation of vouchers by checking its existence, authenticity, correctness and its completeness. A&E Offices have to draw an assurance that systems of internal controls have not been circumvented. For this physical Vouchers and sub vouchers need to continue until guarantees by way of digital signatures etc. are set in place against misuse or fraud. In some states, the entire process of Tendering to Payment will be online thereby removing the need for generation of manual sub vouchers as these will be generated online. However, third party sub vouchers in case of petty purchases, chemist bills etc. will continue and effective checks have to be ensured against their multiple unauthorised usage.

b. While the basic entry of voucher/challan data and the attendant validation checks would be taken care of in IFMS, classification checks to be exercised by the A&E offices need to be strengthened. Proper classification checks are essential even if there are in built controls in IFMS for preventing booking of receipts/expenditure against unauthorised heads. This area assumes importance in the light of the fact that many states are classifying grants-in-aid released to SPVs/Autonomous Bodies as capital expenditure in contravention of IGAS-2.

c. With regard to outstanding DC Bills and Utilisation Certificates, the role of A&E offices shall continue as hitherto. Since these certificates are due directly from the Controlling Officers, a separate module/interface may be necessary on IFMS for online transfer of these certificates which may then be automatically reconciled with the outstanding information as per VLC.

d. Reconciliation with the CCOs will be taken up in the IFMS. AsG will upload the receipts/expenditure in IFMS and the CCOs will reconcile or provide their comments. Transfer entries in the VLC should be directly effected through IFMS-VLC linkage.

e. With regard to the accounting of Public Works and Forest divisions, it is pertinent to note that in few states like Karnataka, Kerala and Rajasthan etc. the Public Works and Forest Departments’ DDOs have started operating through the treasuries and the LOC system has been dispensed with. In some States only salary payments are routed through the Treasury. It is important that in the process divisional documents like Schedule of Works which allows expenditure monitoring of works and hitherto submitted as part of divisional accounts are not discontinued. Internal consistency between the monthly accounts figures in the divisional accounts should be ensured.

2.3.4 Debt Management, Inter State Transactions and Accounting of Deposits & Reserve Funds:

a. Transactions relating to debt management and interstate transactions are presently carried through RBI advice procedure. We may consider using e-kuber instead.

b. Public Deposit Accounts/Personal ledger Accounts: It is essential to monitor the reconciliation of balances under them. The Plus minus memo data, annual balance statement for PL Accounts, statements of deposits qualifying for lapse could be electronically obtained from IFMS. The details of the PLA administrators in IFMS must be reconciled with that in VLC. Funds are generally required to be transferred to PDAs/PLAs through ‘Nil’ bills. These ‘Nil bills’ also need careful scrutiny.

c. Reserve Funds- It is noticed that in most cases, the receipts and expenditure are not accurately captured under Reserve Funds. There are many cases where all transactions have not been accounted for. Thus the closing balances are not confirmed.

3. Treasury Inspection and Validation:

3.1 Checks to be exercised on Vouchers and Challans

The Treasury is the nucleus of the accounting system of Government. The treasuries maintain records of financial transactions and conduct necessary checks as per the Treasury Code of the respective state and financial rules on the flow of Funds. District Treasury acts as the receiver and disburser of the State Government funds.

With the introduction of IFMS in treasury management system of the states, treasury inspection will require to be conducted both on data and application packages adopted in treasuries. To conduct treasury inspection in digital environment, we may need to modify our systems and processes and include system evaluation and devise checks to be exercised on e-vouchers and e-accounts.

3.2 Thematic Audit:

During Treasury inspection we may also need to focus on entitlement disbursement by the State Governments on items like scholarships, pension, welfare schemes etc. Thematic sampling on selected theme like scholarships, pensions, class IV GPF, Gazetted audit, welfare schemes, lapsable/non lapsable deposits, Contributory pension scheme, could be undertaken etc.

3.3 Issues of Personal Deposit /Personal Ledger Accounts:

During Treasury inspection an important part of the Audit is to scrutinize the PD/PLA accounts. The State Government is authorized to open PD/PLA accounts for specific purposes in consultation with the Accountant General. However, specific rules governing PD/PLA accounts vary from State to State. These need to be kept in view while framing checks.

4. Entitlement Functions in digital era:

The entitlements functions in the A&E offices provide us the opportunity to provide public service directly to the employees of the State Governments and others citizens. It should be our constant endeavour to improve the quality of services being provided to our stakeholders. Some of the IT enabled services have become very basic minimum services in todays connected world and our services need to be improved to meet these expectations.

All A&E offices are not maintaining Entitlement functions of the State Government. Twenty one A&E offices are authorizing Pensionary benefits for the State Government employees. GPF functions of State Government employees are maintained in twenty States and one Union Territory. In nine A&E offices, Gazetted Entitlements are maintained.

4.1. Pension Function:

The processing of Pension cases have been computerized and most of the States are processing Pension delivery service through the System Automation Initiative (SAI) Package. Pensioners can access the AG website and view their status of authorization of pension. Some States also provide SMS facility to communicate with the pensioner. Online grievance redressal facility has also been provided by offices like Maharashtra, Odisha, Tamil Nadu, Andhra Pradesh and Telangana.

The main focus in a digital era is to ensure a linkage between the IFMS of the State Government and the SAI application of A&E offices so that pension cases are received online and authorization forwarded similarly.

4.2 General Provident Fund Function:

The process of maintenance of GPF and processing of Final payment have been computerized in all the offices. The subscribers can access the AG website and view their present GPF status. In addition, most of the States are providing information through SMS facility and online registration of grievances facility.

Historical GPF data is available in three phases. From 2012-13 onwards more or less all States are hosting annual GPF slips online. The data was maintained on FoxPro from 1998 till computerization. The closing balance for the FoxPro period was included as opening balance for the GPF slips hosted online from 2012 onwards. Before FoxPro period (pre 1998) the data was remained in manual format. However, all balances are included in the current available online data.

At present there are number of issues relating to missing credits, un-posted credits and debits leading to incomplete accounts at A&E offices. There is need to integrate GPF application package with the IFMS.

4.3 Gazetted Entitlement:

(a) Nine A&E offices are responsible for maintaining GE functions. This function includes processing the entitlements like Pay & allowances, Leave records, History of Services etc.of Gazetted Officers of State Government, Judges , Governor, Ministers, Speakers etc.

(b) In the existing scenario, the claims for the entitlements reach the AG office in a physical format as letters which may be for events like Promotion, Transfer, Leave, Increment, etc. The claims are then processed manully.

(c) The office of AG (A&E), Kerala has developed a Gazetted Entitlement Management System (GEMS) application. The GEMS application processes the claims regarding Pay /Leave etc. for the officer and the output is generated in the form of pay slips /Pay Intimation /Leave account of officers etc. It also issues SMS alerts. Forwarding of hard copies of Pay slips/authorization has been despensed with. The e-Pay slips and e-authorization are forwarded using digital signatures.

4.4 Long Term Advances

Ledgers of Individual loanees as well as the broadsheets need to be integrated to both the VLC and wherever stabilised to the IFMS so that the entire process of recording the debits and credits, interest calculation as well as issuance of No Dues Certificates is done seamlessly. Simultaneously, the balances in the annual accounts also need to flow correctly from VLC.

5. Record Management:

Twenty-Eight Accounts & Entitlement offices have been generating records of permanent nature ever since their inception. Maintaining and preserving this record is thus not only obligatory, but also a significant challenge. Digital technologies offer a new preservation paradigm. They provide the prospect of preserving the original by providing access to the digital surrogate. Digital preservation enables safeguarding the informational content from the degradation of the physical medium.

5.1 Why Digitisation:

The reasons for digitisation of records may be examined from two perspectives

(a) For preservation purposes;

(b) For enhanced access.

The purpose of digitisation of records is to produce precise and truthful duplicates of the originals. These duplicates must satisfy both users of today and future potential users. These duplicates must therefore be of high quality and retain a physical stability that can be conserved/preserved over time.

Enhancement of access is accomplished by creation of a single point access to the digitized records and thereby realizing ‘virtual re-unification’ of old records, either from a single original location, or from widely scattered ones, thus making records more widely accessible. It also enables creation of a metadata/indexing of old records and with the use of Document Management System.

5.2 Business Process Re-engineering:

Access to old records is fundamental for Entitlement functions. Enhancement of access and linking of digitized data of old record with SAI Pension and VLC applications will significantly reduce the turnaround time for finalization of in-hand entitlement cases. Quality control/authenticity of the digitised record is vital for Entitlement functions.

5.3 Authenticity of Records:

The core issue in authenticity of records is that a document or an image is free from manipulation or corruption. In the analogue world, a document is truthful when its distinctiveness is reliable, i.e. you can recognize the creator; time and method of creation; circumstances of origin. If this credibility is maintained over time, the document is genuine. For digital files the position is more complex. There is always a risk whenever such files are transmitted across time or space. Their integrity must remain intact and it is essential that no unauthorized changes - whether deliberate or accidental- be made in the physical representation or in the content of the files.

If digitized records are to be accepted as authentic substitutes for original records, and are projected to serve that purpose, it must be assured, that (a) the informational content and physical appearance of the documents has been adequately captured; (b) the means for retrieving and preserving the digital images are in place; and (c) the legal requirements are met.

Quality control therefore is an important component at every stage of a digitisation project. A quality control program is essential. For this validations and checks need to be incorporated including third party independent checks from say sister A&E and Audit Offices as well as say the Pensioner’s Welfare Associations.

It is important to organize the scanned image files into a hierarchy that logically follows the physical organization of the documents. Similarly, it is important to name the scanned files in a strictly controlled manner that reflects their logical relationships. The file naming convention should be decided at the project conceptualization stage.

5.4 Legal Framework:

The legal requirements facilitating the digitisation of old record and retention of electronic records is laid down in ‘The Information Technology Act, 2000’. Section 7 of the Act demands that ‘Where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if:

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record;

Section 65B inserted in the Indian Evidence Act 1872 by the Second Schedule of the I T Act 2000 stipulates that ‘any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer, shall be deemed to be a document and shall be admissible in any proceedings, without further proof or production of the original, provided the conditions mentioned in sub- section (2) to (5) of this section are met’.

Continue Readingimg

From the Editor's Desk

The tenth issue of the Journal of Government Audit and Accounts is a special edition that presents highlights of the 29th...


Welcome Speech by Comptroller & Auditor General of India

It is an honour and privilege for me to welcome all of you on behalf of our 48000 strong family to this inaugural...


Inaugural Speech by President of India

I am happy to be here for the 29th Accountants General Conference. This is the right occasion and opportunity to introspect...


Valediction Speech by Finance Minister

As Mr. Mehrishi mentioned, I have had the privilege of interacting with you on your biennial Conference on the last two...


Pre-Conference Meeting


From the International Desk

The Comptroller and Auditor General (CAG) of India occupies several important positions in INTOSAI and ASOSAI...