ISSAI 300

The International
Standards
of Supreme
Audit Institutions,
ISSAIs, are issued by INTOSAI,
ISSAI 300
Fundamental
Principles
of Performance
Auditing
the International Organisation of Supreme Audit Institutions. For more information visit
www.issai.org

INTOSAI

Fundamental Principles of
Performance Auditing

I NT OS AI P r ofe ss i o n a l S t an d ar ds Co m mi t te e
PSC-Secretariat
Rigsrevisionen Store Kongensgade 45 P.O. Box 9009 1022 Copenhagen K Denmark
Tel.:+45 3392 8400 Fax:+45 3311 0415 E-mail: [email protected]

INTOSAI
EXPERIENTIA MUTUA
EXPERIENTIA MUTUA

OMNIBUS PRODEST

OMNIBUS
PRODEST

INTOSAI General Secretariat - RECHNUNGSHOF

(Austrian Court of Audit)
DAMPFSCHIFFSTRASSE 2
A-1033 VIENNA
AUSTRIA
Tel.: ++43 (1) 711 71 Fax: ++43 (1) 718 09 69
E-MAIL: [email protected];
WORLD WIDE WEB: http://www.intosai.org

ISSAI 300 Fundamental Principles of Performance Auditing

INTRODUCTION ................................................................................................................................................ 1
PURPOSE AND AUTHORITY OF THE FUNDAMENTAL PRINCIPLES OF PERFORMANCE AUDITING ..... 1
FRAMEWORK FOR PERFORMANCE AUDITING ............................................................................................2
Definition of performance auditing ................................................................................................................. 2
Economy, efficiency and effectiveness .......................................................................................................... 2
Objectives of performance auditing................................................................................................................ 3
Applicability of ISSAI 300 ............................................................................................................................... 3
ELEMENTS OF PERFORMANCE AUDITING ................................................................................................... 4
The three parties in performance auditing ..................................................................................................... 4
Subject matter and criteria in performance auditing ...................................................................................... 4
Confidence and assurance in performance auditing ...................................................................................... 5
PRINCIPLES OF PERFORMANCE AUDITING ................................................................................................. 5
General principles .......................................................................................................................................... 5
Audit objective ............................................................................................................................................ 6
Audit approach ........................................................................................................................................... 6
Criteria........................................................................................................................................................ 7
Audit risk .................................................................................................................................................... 8
Communication .......................................................................................................................................... 8
Skills ........................................................................................................................................................... 9
Professional judgement and scepticism .................................................................................................. 10
Quality control .......................................................................................................................................... 10
Materiality ................................................................................................................................................. 11
Documentation ......................................................................................................................................... 11
Principles related to the audit process ......................................................................................................... 13
Planning........................................................................................................................................................ 13
Selection of topics .................................................................................................................................... 13
Designing the audit .................................................................................................................................. 14
Conducting ................................................................................................................................................... 15
Evidence, findings and conclusions ......................................................................................................... 15
Reporting ...................................................................................................................................................... 16
Content of the report ................................................................................................................................ 16
Recommendations ................................................................................................................................... 16
Distribution of the report........................................................................................................................... 17
Follow-up ...................................................................................................................................................... 17

ISSAI 300 Fundamental Principles of Performance Auditing

INTRODUCTION
1. Professional standards and guidelines are essential for the credibility, quality and
professionalism of public-sector auditing. The International Standards of Supreme Audit
Institutions (ISSAIs) developed by the International Organisation of Supreme Audit Institutions
(INTOSAI) aim to promote independent and effective auditing and support the members of
INTOSAI in the development of their own professional approach in accordance with their
mandates and with national laws and regulations.
2. ISSAI 100 Fundamental Principles of Public-Sector Auditing provides the fundamental
principles for public-sector auditing in general and defines the authority of the ISSAIs.
ISSAI 300 - Fundamental Principles of Performance Auditing builds on and further develops
the fundamental principles of ISSAI 100 to suit the specific context of performance auditing.
ISSAI 300 should be read and understood in conjunction with ISSAI 100, which also applies to
performance auditing.
3. ISSAI 300 Fundamental Principles of Performance Auditing consists of three sections.
The first section establishes the framework for performance auditing and for reference to the
relevant ISSAIs.
The second section consists of the general principles for performance audit engagements
that the auditor should consider prior to commencement and throughout the audit process.
The third section contains principles of relevance to the main stages of the audit process
itself. Each principle is followed by a brief explanation.

PURPOSE AND AUTHORITY OF THE FUNDAMENTAL PRINCIPLES OF

PERFORMANCE AUDITING
4. This document seeks to establish a common understanding of the nature of performance
auditing, including the principles to be applied to achieve a high standard of audit.
INTOSAI members are encouraged to develop or adopt authoritative standards consistent with
ISSAIs 100 and 300 and to take into account the INTOSAI guidance on performance auditing.
The ISSAI 3000 series provides an overall framework for performance auditing, with general
guidelines on the conduct of audits, as a basis for assisting SAIs in developing their own
national standards.
5. Standards for performance auditing should reflect the need for flexibility in the design of
individual engagements, for auditors to be receptive and creative in their work and for
professional judgement at all stages of the audit process.
6. INTOSAI recognises that SAIs have contrasting mandates and work under different conditions.
Due to the varied situations and structural arrangements of SAIs, not all auditing standards or
guidelines can apply to all aspects of their work. SAIs therefore have the option of developing
authoritative standards that are either based on or consistent with the Fundamental Principles
of Performance Auditing. If an SAI chooses to base its standards on the Fundamental
Principles, those standards should correspond to the Principles in all applicable and relevant
respects.

ISSAI 300 Fundamental Principles of Performance Auditing

7. Where an SAIs auditing standards are based on or consistent with the Fundamental Principles
of Performance Auditing, these may be referred to by stating:
We conducted our audit[s] in accordance with [standards], which are based on [or
consistent with] the Fundamental Principles of Performance Auditing of the International
Standards of Supreme Audit Institutions.
The reference may be included in the audit report or communicated by the SAI in a more
general form covering a defined range of engagements.
8. SAIs may choose to adopt the Performance Audit Guidelines (ISSAIs 3000-3999) as the
authoritative standards for their work. Where an SAI has chosen so to adopt these guidelines, it
must comply with them in all relevant respects. Reference in this case may be made by stating:
We conducted our [performance] audit[s] in accordance with the International
Standards of Supreme Audit Institutions [on performance auditing].

FRAMEWORK FOR PERFORMANCE AUDITING

Definition of performance auditing
9. As carried out by SAIs, performance auditing is an independent, objective and reliable
examination of whether government undertakings, systems, operations, programmes, activities
or organisations are operating in accordance with the principles of economy, efficiency and
effectiveness and whether there is room for improvement.
10. Performance auditing seeks to provide new information, analysis or insights and, where
appropriate, recommendations for improvement. Performance audits deliver new information,
knowledge or value by:

providing new analytical insights (broader or deeper analysis or new perspectives);

making existing information more accessible to various stakeholders;
providing an independent and authoritative view or conclusion based on audit evidence;
providing recommendations based on an analysis of audit findings.

Economy, efficiency and effectiveness

11. The principles of economy, efficiency and effectiveness can be defined as follows:
The principle of economy means minimising the costs of resources. The resources used
should be available in due time, in and of appropriate quantity and quality and at the best
price.
The principle of efficiency means getting the most from the available resources. It is
concerned with the relationship between resources employed and outputs delivered in terms
of quantity, quality and timing.
The principle of effectiveness concerns meeting the objectives set and achieving the
intended results.
2

ISSAI 300 Fundamental Principles of Performance Auditing

Performance audits often include an analysis of the conditions that are necessary to ensure
that the principles of economy, efficiency and effectiveness can be upheld. These conditions
may include good management practices and procedures to ensure the correct and timely
delivery of services. Where appropriate, the impact of the regulatory or institutional framework
on the performance of the audited entity should also be taken into account.

Objectives of performance auditing

12. The main objective of performance auditing is constructively to promote economical, effective
and efficient governance. It also contributes to accountability and transparency.
Performance auditing promotes accountability by assisting those with governance and
oversight responsibilities to improve performance. It does this by examining whether decisions
by the legislature or the executive are efficiently and effectively prepared and implemented,
and whether taxpayers or citizens have received value for money. It does not question the
intentions and decisions of the legislature, but examines whether any shortcomings in the laws
and regulations or their way of implementation have prevented the specified objectives from
being achieved. Performance auditing focuses on areas in which it can add value for citizens
and which have the greatest potential for improvement. It provides constructive incentives for
the responsible parties to take appropriate action.
Performance auditing promotes transparency by affording parliament, taxpayers and other
sources of finance, those targeted by government policies and the media an insight into the
management and outcomes of different government activities. It thereby contributes in a direct
way to providing useful information to the citizen, while also serving as a basis for learning and
improvements. In performance auditing, SAIs are free to decide, within their mandate, what,
when and how to audit, and should not be restrained from publishing their findings.

Applicability of ISSAI 300

13. The Fundamental Principles of Performance Auditing are provides the basis for the adoption or
development of standards by SAIs. They have been formulated with a view to the institutional
background of SAIs, including their independence, constitutional mandates and ethical
obligations and the requirements of the Prerequisites for the Functioning of SAIs (ISSAIs 1099).
14. When dealing with overlaps between audit types (or combined audits) the following points
should be considered:
Elements of performance auditing can be part of a more extensive audit that also covers
compliance and financial auditing aspects.
In the event of an overlap, all relevant standards should be observed. This may not be
feasible in all cases, as different standards may contain different priorities.

ISSAI 300 Fundamental Principles of Performance Auditing

In such cases, the primary objective of the audit should guide the auditors as to which
standards to apply. In determining whether performance considerations form the primary
objective of the audit engagement, it should be borne in mind that performance auditing
focuses on activity and results rather than reports or accounts, and that its main objective is
to promote economy, efficiency and effectiveness rather than report on compliance.

ELEMENTS OF PERFORMANCE AUDITING

15. The elements of a public-sector audit (auditor, responsible party, intended users, subject
matter and criteria), as defined in ISSAI 100, may assume distinct characteristics in
performance auditing. Auditors should explicitly identify the elements of each audit and
understand their implications so that they can conduct the audit accordingly.

The three parties in performance auditing

16. Auditors frequently have considerable discretion in the selection of subject matter and
identification of criteria, which in turn influences who the relevant responsible parties and
intended users are. While auditors can give recommendations, they need to take care that they
do not assume the responsibilities of the responsible parties. Auditors in performance audits
typically work in a team offering different and complementary skills.
17. The role of responsible party may be shared by a range of individuals or entities, each with
responsibility for a different aspect of the subject matter. Some parties may be responsible for
actions that have caused problems. Others may be able to initiate changes to address the
recommendations resulting from a performance audit. Others still may be responsible for
providing the auditor with information or evidence.
18. The intended users are the persons for whom the auditor prepares the performance audit
report. The legislature, government agencies and the public can all be intended users. A
responsible party may also be an intended user, but it will rarely be the only one.

Subject matter and criteria in performance auditing

19. The subject matter of a performance audit need not be limited to specific programmes, entities
or funds but can include activities (with their outputs, outcomes and impacts) or existing
situations (including causes and consequences). Examples might be service delivery by the
responsible parties or the effects of government policy and regulations on administration,
stakeholders, businesses, citizens and society. The subject matter is determined by the
objective and formulated in the audit questions.
20. In performance auditing, the auditor is sometimes involved in developing or selecting the
criteria that are relevant to the audit. Paragraph 27 describes which specific requirements
follow from this for the auditor.

ISSAI 300 Fundamental Principles of Performance Auditing

Confidence and assurance in performance auditing

21. As in all audits, the users of performance audit reports will wish to be confident about the
reliability of the information which they use for taking decisions. They will therefore expect
reliable reports which set out the SAIs' evidence-based position on the subject examined.
Consequently, performance auditors should in all cases provide findings based on sufficient
appropriate evidence and actively manage the risk of inappropriate reports. However,
performance auditors are not normally expected to provide an overall opinion, comparable to
the opinion on financial statements, on the audited entitys achievement of economy, efficiency
and effectiveness. This is therefore not a requirement of the ISSAI framework.
22. The level of assurance provided by a performance audit should be communicated in a
transparent way. The degree of economy, efficiency and effectiveness achieved may be
conveyed in the performance audit report in different ways:
either through an overall view on aspects of economy, efficiency and effectiveness, where
the audit objective, the subject matter, the evidence obtained and the findings reached allow
for such a conclusion;
or by providing specific information on a range of points including the audit objective, the
questions asked, the evidence obtained, the criteria used, the findings reached and the
specific conclusions.
23. Audit reports should only include findings that are supported by sufficient appropriate
evidence. The decisions made in drawing up a balanced report, reaching conclusions and
formulating recommendations frequently need to be elaborated upon in order to provide
sufficient user information. Performance auditors should specifically describe how their findings
have led to a set of conclusions and if applicable a single overall conclusion. This means
explaining which criteria were developed and used and why, and stating that all relevant
viewpoints have been taken into account so that a balanced report can be presented. The
principles on reporting give further guidance for this process.

PRINCIPLES OF PERFORMANCE AUDITING

General principles
24. The general principles set out below give guidance on aspects of performance auditing that are
relevant throughout the audit process.
Some areas to which these principles apply are not covered by ISSAI 100. These are the
selection of audit topics, the identification of audit objectives and the definition of an audit
approach and criteria.
In other areas, such as audit risk, communication, skills, professional judgment, quality
control, materiality and documentation, the general principles draw on the principles of
ISSAI 100 and explain how they specifically apply in performance auditing.
Finally, some areas, such as ethics and independence, are currently addressed by ISSAI
100 and by ISSAIs at level 2.

ISSAI 300 Fundamental Principles of Performance Auditing

Audit objective
25. Auditors should set a clearly-defined audit objective that relates to the principles of
economy, efficiency and effectiveness.
The audit objective determines the approach and design of the engagement. It could simply be
to describe the situation. However, normative audit objectives (are things as they ought to be?)
and analytical audit objectives (why are things not as they ought to be?) are more likely to add
value. In all cases, the auditors need to consider what the audit pertains to, which
organisations and bodies are involved and for whom the ultimate recommendations are likely to
be relevant. Well-defined audit objectives relate to a single entity or an identifiable group of
government undertakings, systems, operations, programmes, activities or organisations.
Many audit objectives can be framed as an overall audit question which can be broken down
into more precise sub-questions. They should be thematically related, complementary, not
overlapping and collectively exhaustive in addressing the overall audit question. All terms
employed in the question should be clearly defined. The formulation of audit questions is an
iterative process in which the questions are repeatedly specified and refined, account being
taken of known relevant information on the subject as well as feasibility.
Instead of defining a single objective or overall audit question, auditors may choose to develop
several audit objectives, which need not always be broken down into sub-questions.
Audit approach
26. Auditors should choose a result-, problem- or system-oriented approach, or a
combination thereof, to facilitate the soundness of audit design.
The overall audit approach is a central element of any audit. It determines the nature of the
examination to be made. It also defines the necessary knowledge, information and data and
the audit procedures needed to obtain and analyse them.
Performance auditing generally follows one of three approaches:
a system-oriented approach, which examines the proper functioning of management
systems, e.g. financial management systems;
a result-oriented approach, which assesses whether outcome or output objectives have
been achieved as intended or programmes and services are operating as intended;
a problem-oriented approach, which examines, verifies and analyses the causes of
particular problems or deviations from criteria.
All three approaches can be pursued from a top-down or bottom-up perspective. Top-down
audits concentrate mainly on the requirements, intentions, objectives and expectations of the
legislature and central government. A bottom-up perspective focuses on problems of
significance to people and the community.

ISSAI 300 Fundamental Principles of Performance Auditing

Criteria
27. Auditors should establish suitable criteria which correspond to the audit questions and
are related to the principles of economy, efficiency and effectiveness.
Criteria are the benchmarks used to evaluate the subject matter. Performance audit criteria are
reasonable and audit-specific standards of performance against which the economy, efficiency
and effectiveness of operations can be evaluated and assessed.
The criteria provide a basis for evaluating the evidence, developing audit findings and reaching
conclusions on the audit objectives. They also form an important element in discussions within
the audit team and with SAI management and in communication with the audited entities.
The criteria can be qualitative or quantitative and should define what the audited entity will be
assessed against. The criteria may be general or specific, focusing on what should be
according to laws, regulations or objectives; what is expected, according to sound principles,
scientific knowledge and best practice; or what could be (given better conditions).
Diverse sources can be used to identify criteria, including performance measurement
frameworks. It should be transparent which sources were used, and the criteria should be
relevant and understandable for users as well as complete, reliable and objective in the
context of the subject matter and audit objectives.
The criteria should be discussed with the audited entities, but it is ultimately the auditor's
responsibility to select suitable criteria. While defining and communicating criteria during the
planning phase may enhance their reliability and general acceptance, in audits covering
complex issues it is not always possible to set criteria in advance; instead they will be defined
during the audit process.
Whereas in some audit types there are unequivocal legislative criteria, this is not typically the
case in performance auditing. The audit objectives, question and approach determine the
relevance and the type of suitable criteria, and user confidence in the findings and conclusions
of a performance audit depends largely on the criteria. Thus it is crucial to select reliable and
objective criteria.
In a problem-oriented performance audit, the starting point is a known or suspected deviation
from what should or could be. The main objective is therefore not just to verify the problem (the
deviation from the criterion and its consequences) but to identify causes. This makes it
important to decide how to examine and verify causes during the design phase. Conclusions
and recommendations are primarily based on the process of analysing and confirming causes,
even though they are always rooted in normative criteria.

ISSAI 300 Fundamental Principles of Performance Auditing

Audit risk
28. Auditors should actively manage audit risk, which is the risk of obtaining incorrect or
incomplete conclusions, providing unbalanced information or failing to add value for
users.
Many topics in performance auditing are complex and politically sensitive. While simply
avoiding such topics may reduce the risk of inaccuracy or incompleteness, it could also limit the
possibility of adding value.
The risk that an audit will fail to add value ranges from the likelihood of not being able to
provide new information or perspectives to the risk of neglecting important factors and, as a
consequence, not being able to provide users of the audit report with knowledge or
recommendations that would make a real contribution to better performance.
Important aspects of risk may include not possessing the competence to conduct sufficiently
broad or deep analysis, lacking access to quality information, obtaining inaccurate information
(e.g. because of fraud or irregular practices), being unable to put all findings in perspective,
and failing to collect or address the most relevant arguments.
Auditors should therefore actively manage risk. Dealing with audit risk is embedded in the
whole process and methodology of performance audit. Audit planning documents should state
the possible or known risks of the work envisaged and show how these risks will be handled.
Communication
29. Auditors should maintain effective and proper communication with the audited entities
and relevant stakeholders throughout the audit process and define the content, process
and recipients of communication for each audit.
There are several reasons why planning communication with the audited entities and
stakeholders is of particular importance in performance audit.
As performance audits are not normally conducted on a regular (e.g. annual) basis on the
same audited entities, channels of communication may not already exist, While there may
be contacts with the legislature and government bodies, other groups (such as academic
and business communities or civil society organisations) may not have been engaged with
previously.
Often there are no predefined criteria (such as a financial reporting framework), and thus an
intensive exchange of views with the audited entity is necessary.
The need for balanced reports requires an active effort to obtain insight into the points of
view of the various stakeholders.
Auditors should identify the responsible parties and other key stakeholders and take the
initiative in establishing effective two-way communication. With good communication, auditors
can improve access to information sources and to data and opinions from the audited entity.
Using communication channels to explain the purpose of the performance audit to stakeholders
also increases the likelihood that audit recommendations will be implemented. Auditors should
therefore seek to maintain good professional relations with all relevant stakeholders, promote a
free and frank flow of information in so far as confidentiality requirements permit, and conduct

ISSAI 300 Fundamental Principles of Performance Auditing

discussions in an atmosphere of mutual respect and understanding for the role and
responsibilities of each stakeholder. However, care should be taken to ensure that
communication with stakeholders does not compromise the independence and impartiality of
the SAI.
Auditors should notify audited entities of the key aspects of the audit, including the audit
objective, audit questions and subject matter. Notification will usually take the form of a written
engagement letter and regular communication during the audit. Auditors should maintain
communication with audited entities throughout the audit process, by means of constructive
interaction as different findings, arguments and perspectives are assessed.
Audited entities should be given an opportunity to comment on the audit findings, conclusions
and recommendations before the SAI issues its audit report. Any disagreements should be
analysed and factual errors corrected. The examination of feedback should be recorded in
working papers so that changes to the draft audit report, or reasons for not making changes,
are documented.
At the end of the audit process, stakeholder feedback can also be obtained on the quality of the
published audit reports. The audited entities perception of audit quality may also be solicited.
Skills
30. Collectively, the audit team should have the necessary professional competence to
perform the audit. This would include sound knowledge of auditing, research design,
social science methods and investigation or evaluation techniques, as well as personal
strengths such as analytical, writing and communication skills.
In performance auditing, specific skills may be required, such as knowledge of evaluation
techniques and social science methods, and personal abilities such as communication and
writing skills, analytical capacity, creativity and receptiveness. Auditors should have a sound
knowledge of government organisations, programmes and functions. This will ensure that the
right areas are selected for audit and that auditors can effectively undertake reviews of
government programmes and activities.
There may also be specific ways of acquiring the necessary skills. For each performance audit
the auditors need to have a full understanding of the government measures which are the
subject matter of the audit, as well as the relevant background causes and the possible
impacts. This knowledge must frequently be acquired or developed specifically for the
engagement. Performance audits often involve a learning process and the development of
methodology as part of the audit itself. On-the-job learning and training should therefore be
available to auditors, who should maintain their professional skills through ongoing professional
development. An open attitude to learning and an encouraging management culture are
important conditions for enhancing individual auditors professional skills.
In specialised areas, external experts can be used to complement the knowledge of the audit
team. Auditors should evaluate whether and in what areas external expertise is required, and
make the necessary arrangements.

ISSAI 300 Fundamental Principles of Performance Auditing

Professional judgement and scepticism

31. Auditors should exercise professional scepticism, but also be receptive and willing to
innovate.
It is vital that auditors exercise professional scepticism and adopt a critical approach,
maintaining an objective distance from the information provided. Auditors are expected to make
rational assessments and discount their own personal preferences and those of others.
At the same time, they should be receptive to views and arguments. This is necessary in order
to avoid errors of judgement or cognitive bias. Respect, flexibility, curiosity and a willingness to
innovate are equally important. Innovation applies to the audit process itself, but also to the
audited processes or activities.
Auditors are expected to consider issues from different perspectives and maintain an open and
objective attitude to various views and arguments. If they are not receptive, they may miss
important arguments or key evidence. As auditors work to develop new knowledge, they also
need to be creative, reflective, flexible, resourceful and practical in their efforts to collect,
interpret and analyse data.
A high standard of professional behaviour should be maintained throughout the audit process,
from topic selection and audit planning, via the audit proper, to reporting. It is important for
auditors to work systematically, with due care and objectivity and under appropriate
supervision.
Quality control
32. Auditors should apply procedures to safeguard quality, ensuring that the applicable
requirements are met and placing emphasis on appropriate, balanced and fair reports
that add value and answer the audit questions.
ISSAI 40 - Quality Control for SAIs offers general guidance on the system of quality control
established at the organisational level to cover all audits. In the conduct of performance audits
the following specific issues need to be addressed:
Performance audit is a process in which the audit team gathers a large amount of auditspecific information and exercises a high degree of professional judgement and discretion
concerning the relevant issues. This must be taken into account in quality control.
The need to establish a working atmosphere of mutual trust and responsibility and provide
support for audit teams should be seen as part of quality management. This may entail
applying quality control procedures that are relevant and easy to manage and ensuring that
auditors are open to feedback received from quality control. If there is a difference of opinion
between supervisors and the audit team, appropriate steps should be taken to ensure that
the audit teams perspective is given sufficient consideration and that the SAIs policy is
consistent.

10

ISSAI 300 Fundamental Principles of Performance Auditing

In performance auditing, even if the report is evidence-based, well-documented and

accurate, it might still be inappropriate or insufficient if it fails to give a balanced and
unbiased view, includes too few relevant viewpoints or unsatisfactorily addresses the audit
questions. These considerations should therefore be an essential part of measures to
safeguard quality.
As audit objectives vary widely between different audit engagements, it is important to
define clearly what constitutes a high-quality report in the specific context of an audit
engagement. General quality control measures should therefore be complemented by auditspecific measures.
No quality control procedures at the level of the individual audit can guarantee high-quality
performance audit reports. It is equally important for auditors to be and remain competent
and motivated. Control mechanisms should therefore be complemented by support, such as onthe-job training and guidance for the audit team.
Materiality
33. Auditors should consider materiality at all stages of the audit process. Thought should
be given not only to financial but also to social and political aspects of the subject
matter, with the aim of delivering as much added value as possible.
Materiality can be understood as the relative importance of a matter within the context in which
it is being considered. The materiality of an audit topic should have regard to the magnitude of
its impacts. It will depend on whether the activity is comparatively minor and whether
shortcomings in the area concerned could influence other activities within the audited entity.
An issue will be considered material where the topic is considered to be of particular
importance and where improvements would have a significant impact. It will be less material
where the activity is of a routine nature and the impact of poor performance would be restricted
to a small area or otherwise minimal.
In performance audit, materiality by monetary value may, but need not, be a primary concern.
In defining materiality, the auditor should consider also what is socially or politically significant
and bear in mind that this varies over time and depends on the perspective of the relevant
users and responsible parties. Since the subject matter of performance audits can vary broadly
and criteria are frequently not set by legislation, that perspective may vary from one audit to
another. Assessing it requires careful judgement on the part of the auditor
Materiality concerns all aspects of performance audits, such as the selection of topics,
definition of criteria, evaluation of evidence and documentation and management of the risks of
producing inappropriate or low-impact audit findings or reports.
Documentation
34. Auditors should document the audit in accordance with the particular circumstances
thereof. Information should be sufficiently complete and detailed to enable an
experienced auditor having no previous connection with the audit to subsequently
determine what work was done in order to arrive at the audit findings, conclusions and
recommendations.

11

ISSAI 300 Fundamental Principles of Performance Auditing

As in all audits, performance auditors should keep an adequate documentary record of the
preparation, procedures and findings of each audit. However, the purpose and context of
documentation are somewhat specific in performance auditing.
Frequently the auditor will have acquired specialised knowledge about the audit topic that is
not easily reproduced in the SAI. Since the audit methodology and criteria may have been
developed specifically for a single engagement, the auditor carries a special responsibility to
make his reasoning transparent.
In performance auditing, as well as containing findings and recommendations the report
describes the framework, perspective and analytical structure that were adopted and the
process that was followed to arrive at the conclusions. To some extent, the report performs
functions that in other types of audits are provided by general standards or audit
documentation.
Documentation should not only confirm the accuracy of facts, but also ensure that the report
presents a balanced, fair and complete examination of the audited question or subject
matter. Thus, for example, it might be necessary for the documentation to include reference
to arguments not accepted in the report, or to describe how different viewpoints were dealt
with in the report.
The purpose of the audit report in performance auditing is frequently to persuade
reasonable users by providing new insights rather than a formal statement of assurance.
Just as the audit objectives determine the nature of the necessary evidence, they also
determine the nature of documentation.
Maintaining adequate documentation is not only part of safeguarding quality (e.g. by helping
to ensure that delegated work has been performed satisfactorily and that the audit
objectives have been achieved) but also of the SAIs and individual auditors professional
development, as it can shape good practice for similar audits in the future.

12

ISSAI 300 Fundamental Principles of Performance Auditing

Principles related to the audit process

35. Performance auditing comprises the following main steps:

Planning, i.e. selection of topics, pre-study and audit design;

Conducting, i.e. collecting and analysing data and information;
Reporting, i.e. presenting the outcome of the audit: answers to the audit questions, findings,
conclusions and recommendations to users;
Follow-up, i.e. determining whether action taken in response to findings and
recommendations has resolved the underlying problems and/or weaknesses.
These steps may be iterative. For instance, new insights from the process stage may
necessitate changes to the audit plan, and important elements of reporting (e.g. the drawing of
conclusions) may be sketched out or even completed during the process stage.

Planning
Selection of topics
36. Auditors should select audit topics through the SAIs strategic planning process by
analysing potential topics and conducting research to identify risks and problems.
Determining which audits will be pursued is usually part of the SAIs strategic planning process.
If appropriate, auditors should contribute to this process in their respective fields of expertise.
They may share knowledge from previous audits, and information from the strategic planning
process may be relevant for the auditors subsequent work.
In this process, auditors should consider that audit topics should be sufficiently significant as
well as auditable and in keeping with the SAIs mandate. The topic selection process should
aim to maximise the expected impact of the audit while taking account of audit capacities (e.g.
human resources and professional skills).

13

ISSAI 300 Fundamental Principles of Performance Auditing

Formal techniques to prepare the strategic planning process, such as risk analysis or problem
assessments, can help structure the process but need to be complemented by professional
judgement to avoid one-sided assessments.
Designing the audit
37. Auditors should plan the audit in a manner that contributes to a high-quality audit that
will be carried out in an economical, efficient, effective and timely manner and in
accordance with the principles of good project management.
In planning an audit, it is important to consider:
the background knowledge and information required for an understanding of the audited
entities, so as to allow an assessment of the problem and risk, possible sources of
evidence, auditability and the significance of the area considered for audit;
the audit objectives, questions, criteria, subject matter and methodology (including
techniques to be used for gathering evidence and conducting the audit analysis);
the necessary activities, staffing and skills requirements (including the independence of the
audit team, human resources and possible external expertise), the estimated cost of the
audit, the key project timeframes and milestones and the main points for control.
To ensure the audit is properly planned, therefore, the auditors need to acquire sufficient
knowledge of the subject matter. Performance auditing generally requires that audit-specific,
substantive and methodological knowledge be acquired before the audit is launched (prestudy).
When planning the audit, the auditor should design the audit procedures to be used for
gathering sufficient appropriate audit evidence. This can be approached in several stages:
deciding on the overall audit design (which questions to ask, e.g.
explanatory/descriptive/evaluative); determining the level of observation (e.g. looking at a
process or individual files); methodology (e.g. full analysis or sample); specific data-collection
techniques (e.g. interview or focus group). Data-collection methods and sampling techniques
should be carefully chosen. The planning phase should also involve research work aimed at
building knowledge, testing various audit designs and checking whether the necessary data are
available. This makes it easier to choose the most appropriate audit method.
Senior and operational management and the audit team should be fully cognisant of the overall
audit design and what it entails. Decisions on the overall audit design and its consequences in
terms of resources will often involve the senior management of the SAI, who can ensure that
skills, resources and capacities are in place to address the audit objectives and the audit
questions.
Planning should allow for flexibility, so that the auditors can benefit from insights obtained
during the course of the audit. The audit methods chosen should be those which best allow
audit data to be gathered in an efficient and effective manner. While the auditors should aim to
adopt best practices, practical considerations such as the availability of data may restrict the
choice of methods. It is therefore advisable to be flexible and pragmatic in this respect. For this
reason, performance audit procedures should not be overly standardised. Excessive
prescriptiveness may hamper the flexibility, professional judgement and high levels of

14

ISSAI 300 Fundamental Principles of Performance Auditing

analytical skills that are required in a performance audit. In certain cases where, for example,
the audit requires data to be gathered in many different regions or areas or the audit is to be
conducted by a large number of auditors there may be a need for a more detailed audit plan
in which audit questions and procedures are explicitly defined.
When planning an audit, auditors should assess the risk of fraud. If this is significant within the
context of the audit objectives, the auditors should obtain an understanding of the relevant
internal control systems and examine whether there are signs of irregularities that hamper
performance. They should also determine whether the entities concerned have taken
appropriate action to address any recommendations from previous audits or other
examinations that are of relevance to the audit objectives. Lastly, the auditors should seek
contact with stakeholders, including scientists or other experts in the field, in order to build up
proper knowledge regarding, for instance, good or best practices. The overall aim at the
planning stage is to decide, by building up knowledge and considering a variety of strategies,
how best to conduct the audit.

Conducting
Evidence, findings and conclusions
38. Auditors should obtain sufficient appropriate audit evidence to establish findings, reach
conclusions in response to the audit objectives and questions and issue
recommendations.
All audit findings and conclusions must be supported by sufficient appropriate evidence. This
should be placed in context, and all relevant arguments, pros and cons and different
perspectives should be considered before conclusions can be drawn. The nature of the audit
evidence required to draw conclusions in performance auditing is determined by the subject
matter, the audit objective and the audit questions.
The auditor should evaluate the evidence with a view to obtaining audit findings. Based on the
findings, the auditor should exercise professional judgement to reach a conclusion. Findings
and conclusions are the results of analysis in response to the audit objectives. They should
provide answers to the audit questions.
Conclusions can be based on quantitative evidence obtained using scientific methods or
sampling techniques. Formulating conclusions may require a significant measure of judgement
and interpretation in order to answer the audit questions, due to the fact that audit evidence
may be persuasive ("points towards the conclusion that ...") rather than conclusive
("right/wrong"). The need for precision should be weighed against what is reasonable,
economical and relevant to the purpose. The involvement of senior management is
recommended.
Performance auditing involves a series of analytical processes that evolve gradually through
mutual interaction, allowing the questions and methods employed to develop in depth and
sophistication. This may involve combining and comparing data from different sources, drawing
preliminary conclusions and compiling findings in order to build hypotheses that can be tested,
if necessary, against additional data. The whole process is closely linked to that of drafting the

15

ISSAI 300 Fundamental Principles of Performance Auditing

audit report, which can be seen as an essential part of the analytical process that culminates in
answers to the audit questions. It is important for auditors to be goal-oriented and for them to
work systematically and with due care and objectivity.

Reporting
Content of the report
39. Auditors should strive to provide audit reports which are comprehensive, convincing,
timely, reader-friendly and balanced.
To be comprehensive, a report should include all the information needed to address the audit
objective and audit questions, while being sufficiently detailed to provide an understanding of
the subject matter and the findings and conclusions. To be convincing, it should be logically
structured and present a clear relationship between the audit objective, criteria, findings,
conclusions and recommendations. All relevant arguments should be addressed.
In a performance audit, the auditors report their findings on the economy and efficiency with
which resources are acquired and used and the effectiveness with which objectives are met.
Reports may vary considerably in scope and nature, for example assessing whether resources
have been applied in a sound manner, commenting on the impact of policies and programmes
and recommending changes designed to result in improvements.
The report should include information about the audit objective, audit questions and answers to
those questions, the subject matter, criteria, methodology, sources of data, any limitations to
the data used, and audit findings. It should clearly answer the audit questions or explain why
this was not possible. Alternatively, the auditors should consider reformulating the audit
questions to fit the evidence obtained and thus arrive at a position where the questions can be
answered. The audit findings should be put into perspective, and congruence should be
ensured between the audit objective, audit questions, findings and conclusions. The report
should explain why and how problems noted in the findings hamper performance in order to
encourage the audited entity or report user to initiate corrective action. It should, where
appropriate, include recommendations for improvements to performance.
The report should be as clear and concise as the subject matter permits and phrased in
unambiguous language. As a whole it should be constructive, contribute to better knowledge
and highlight any necessary improvements.
Recommendations
40. If relevant and allowed by the SAIs mandate, auditors should seek to provide
constructive recommendations that are likely to contribute significantly to addressing
the weaknesses or problems identified by the audit.
Recommendations should be well-founded and add value. They should address the causes of
problems and/or weaknesses. However, they should be phrased in such a way that avoids
truisms or simply inverting the audit conclusions, and they should not encroach on the
managements responsibilities. It should be clear who and what is addressed by each
recommendation, who is responsible for taking any initiative and what the recommendations

16

ISSAI 300 Fundamental Principles of Performance Auditing

mean i .e. how they will contribute to better performance. Recommendations should be
practical and be addressed to the entities which have responsibility and competence for
implementing them.
Recommendations should be clear and presented in a logical and reasoned fashion. They
should be linked to the audit objectives, findings and conclusions. Together with the full text of
the report, they should convince the reader that they are likely to significantly improve the
conduct of government operations and programmes, e.g. by lowering costs and simplifying
administration, enhancing the quality and volume of services, or improving effectiveness,
impact or the benefits to society.
Distribution of the report
41. Auditors should seek to make their reports widely accessible, in accordance with the
mandate of the SAI.
Auditors should bear in mind that distributing audit reports widely can promote the credibility of
the audit function. Reports should therefore be distributed to the audited entities, the executive
and/or the legislature and, where relevant, be made accessible to the general public directly
and through the media and to other interested stakeholders.

Follow-up
42. Auditors should follow up previous audit findings and recommendations wherever
appropriate. Follow-up should be reported appropriately in order to provide feedback to
the legislature together, if possible, with the conclusions and impacts of all relevant
corrective action.
Follow-up refers to the auditors examination of corrective action taken by the audited entity, or
another responsible party, on the basis of the results of a performance audit. It is an
independent activity that increases the value of the audit process by strengthening the impact
of the audit and laying the basis for improvements to future audit work. It also encourages the
audited entities and other users of reports to take the latter seriously, and provides the auditors
with useful lessons and performance indicators. Follow-up is not restricted to the
implementation of recommendations but focuses on whether the audited entity has adequately
addressed the problems and remedied the underlying situation after a reasonable period of
time.
When conducting follow-up of an audit report, the auditor should concentrate on findings and
recommendations that are still relevant at the time of the follow-up and adopt an unbiased and
independent approach.
Follow-up results may be reported individually or as a consolidated report, which may in turn
include an analysis of different audits, possibly highlighting common trends and themes across
a number of reporting areas. Follow-up can contribute to a better understanding of the value
added by performance auditing over a given time period or subject area.

17