A framework to embed records management into the auditing process in the public sector in South Africa

Abstract

Audit reports issued by the Auditor-General of South Africa (AGSA) yearly indicate that poor record-keeping is one of the contributing factors to disclaimer audit opinions in the public sector. Despite this, records management is often not considered or used as an essential element to facilitate an effective auditing process in the public sector in South Africa. Utilizing the auditing process of AGSA as a conceptual framework, this study sought to develop a framework to embed records management practices into the auditing process in the public sector in South Africa, with a view to reduce findings on record-keeping in the audit reports. Literature review was conducted to demonstrate the relationship between records management and auditing. The study suggests a framework that can assist governmental bodies in managing records effectively throughout the application of an auditing process that includes records management at all stages and within specific contexts of the organization. It is hoped that such a framework will help governmental bodies in South Africa towards obtaining clean audit reports.

Keywords

auditing records management public sector South Africa

Records, if properly managed, can be an enabler to the audit process.

Introduction

An informetrics analysis of the audit reports of the Auditor-General of South Africa (AGSA) by Ngoepe and Ngulube (2013a) reveals a strong association of the contribution of poor record-keeping to disclaimer audit opinions in governmental bodies. This implies that many governmental bodies in South Africa are disclaimed due to a lack of supporting documentation. In this regard, AGSA is not able to express an opinion on the financial statements of many governmental bodies, primarily due to insufficient records. Auditors regard disclaimer of opinions as one of the two worst case opinions – the other being an adverse opinion where auditors fundamentally disagree with the management representations being made (Bhana, 2008). Organizations receiving disclaimer of opinions face consequential implications such as lack of interest from investors, loss of credibility, impatience from communities for better service delivery, investigations for maladministration or unexpected change of leadership without succession planning, as is the case in South Africa. To mitigate the situation, what lacks is a framework that will ensure that record-keeping is embedded in all the stages of auditing.

This study seeks to develop a framework to embed records management practices into the auditing process in the South African public sector. Duranti (2012) urges records management practitioners in South Africa to focus on demonstrating to regulatory, auditing bodies and policy makers that they ought to embed record-keeping requirements in any activity that they regulate, audit or control. It is hoped that if the framework is customised and implemented in the public sector, this will go a long way in reducing findings on record-keeping in the audit reports. The public sector in South Africa has long been characterised by an abyss of audit opinions attributed to lack of supporting documentation as demonstrated in studies by Ngoepe (2012, 2014), Ngoepe and Ngulube (2013a, 2013b, 2014). As a result, the 2014 clean audit target which was launched on 14 July 2009, that “by 2014, all 283 municipalities and government departments of all nine provinces in South Africa will have achieved clean audits of their Annual Financial Statements (AFS) and maintaining systems for sustaining quality financial statements and management information” (Shiceka, 2009:2) is a mirage, as more than 70% of municipalities are still receiving disclaimer opinions. Elsewhere, in Botswana, the situation is the same, as Mosweu (2011) bemoans that conducting public audits in Botswana has been a strenuous exercise for the Office of the Auditor-General in that country as the results are riddled with lamentations of poor records management.

The present study will underline the fundamental role played by record-keeping in the auditing process. The study will contribute to the records management literature by providing a framework to embed records management into the auditing process. As Ryan (2006:125) would attest, many studies have been undertaken about records management, but few deal directly with linking negative audit outcomes to a lack of proper records management. For that reason, this study attempts to fill the gap by developing a framework of embedding records management into the auditing process. The framework proposed in the study can be used by government departments in South Africa and elsewhere to provide a means to improve the audit results. This will be in support of a firm commitment by political leaders in South Africa to drive clean audit opinions in government. For the purpose of this study, ‘Auditor-General of South Africa’ refers to the supreme audit institution in South Africa that audits and reports on the accounts, financial statements and financial management of the public sector, while ‘the auditor-general’ refers to an individual who is the head of that institution. ‘The public sector’ in South Africa refers to the four spheres of government, that is, national government departments, provincial government departments, municipalities and statutory bodies (Ngoepe and Ngulube, 2013a).

Problem statement

Despite auditors relying on records as evidence to support transactions as Bhana (2008) suggests, AGSA (2010) observes that records management is often not regarded as essential for good governance in the public sector in South Africa. Whenever AGSA conduct an audit assignment, most of the times the constraint it faces is that supporting documentation cannot be provided by organizations being audited (Nel, 2011). Even though records management provides the basic layer for accountability, Isa (2009:148) postulates that an integrated records management and corporate governance approach is not yet being practised in the public sector world-wide. Furthermore, the International Records Management Trust (IRMT) (1999a) and Palmer (2000:63) lament that records management tends to be excluded from the criteria for a sound financial management infrastructure. Together, records management and auditing provide the layer of control that is essential to ensure transparency, accountability and good governance. Therefore, it is necessary that records management be integrated into the auditing process in order to effectively enable the auditing process. The purpose of this study is to develop a framework to embed records management into the auditing process, with a view to help reduce record-keeping findings in audit reports. In order to develop the framework, the study will define the concept ‘auditing’, present the auditing process followed by AGSA and discuss the role of records management in the auditing process.

Definition of key words

The key words identified in this study are ‘auditing’ and ‘records management’. Yusuf and Chell (1998:96, 2005:28) contend that defining terminology in research is crucial to dispel confusion and for better understanding, both for those who are new to the subject and those who are familiar with the subject.

Auditing

Odendaal (2009/10:44) defines auditing as an independent validation of a transaction or of representations in the form of financial statements by management of an entity. Financial statements are fundamentally a collation of transactions that are presented in a manner that purports to represent the performance of an entity (Bhana, 2008; Mallin, 2010: xx). The objective of financial statements is to provide information about the financial position, financial performance, and cash flows of an entity that is useful to a wide range of users in making economic decisions. They also show the results of the management’s stewardship of the resources entrusted to it.

To meet this objective, financial statements provide information about an entity’s assets, liabilities, equity, income, expenses, including gains and losses, contributions by and distributions to owners in their capacity as owners, and cash flows. All that is done from an audit perspective is to independently assess whether representation of financial statements is fair. Therefore, the auditors’ opinion:

enhances the credibility of the financial statement; but

does not guarantee the future viability of the entity; and

does not guarantee the efficiency or effectiveness with which management has conducted the affairs of the entity.

In other words, auditing refers to a process of gathering evidence to support the auditor’s findings and opinions.

Records management

The International Records Management Trust (1999b:14) defines records management as that “area of general administrative management concerned with achieving economy and efficiency in the creation, maintenance, use and disposal of the records of an organization throughout their entire life cycle and in making the information they contain available in support of the business of that organization”. The National Archives and Records Service of South Africa (NARS) (2007:1) describes records management as a process of ensuring the proper creation, maintenance, use and disposal of records throughout their life cycle to achieve efficient, transparent and accountable governance. The thrust of all these definitions is that records management controls records from creation to disposal. Therefore, these records are needed during the auditing process to support the financial statements.

The audit process of the Auditor-General of South Africa

Audits are carried out in terms of a structured approach consisting of a planning, execution and reporting phase. In conducting an audit, the auditor ensures that the audit efforts are concentrated on the areas where the risk is perceived to be higher, rather than the areas where the risk appears to be lower or insignificant. Communication between management of the entity and the audit team is of the utmost importance. For this purpose, a steering committee is established, whose main purpose is to secure co-operation between management and the audit team. The steering committee seeks inputs on matters such as the audit plan and audit findings. This ensures that the eventual report will not contain any surprises for the entity, and affords the entity an opportunity to make timely input and effect corrective action.

The process is that organizations prepare financial statements of their activities, which represent their overall performance. These financial statements are evaluated by auditors, who assess them according to the industry’s generally accepted standards. They are examined for accuracy and fairness in their reporting. Organizations are expected to pass their audits, as the results are very important to their reputation and success. According to Evans et al. (2005) the financial statements might not be presented fairly for two main reasons: error and fraud. The auditor’s role is to look for misstatements caused for either reason. This approach augmented the prior technique of re-performing every step. Nowadays auditing involves sophisticated risk modelling, statistical sampling, and customer-focused total quality management as part of the auditing process (McNamee and McNamee, 1995:35; Rogers, 2011). Audits are very valuable to external company affiliates, such as shareholders, investors and members of the public because they provide an extra reassurance of their choice in investments when issues arise (De Jager, 2008/09:3; Phukubje, 2011). Audits enable the discovery of evidence by scrutinising relevant records.

In conducting an audit, auditors follow various investigative processes and procedures in order to express an informed opinion on the veracity of an entity’s financial and other information (De Jager, 2008/09:3). These procedures and activities are performed in identifiable stages, namely; planning, execution and reporting, and are collectively known as the auditing process (the approach used by AGSA is set out in Figure 1). The approach used by AGSA was instrumental in developing a framework to embed records management into the auditing process. Towards the goal of expressing an opinion, a series of procedures and activities is performed to obtain evidence to substantiate the auditor’s opinion. The auditor obtains audit evidence by means of test of controls and substantive procedures that are:

Figure 1.

Auditing approach used by AGSA.

sufficient: quantity of audit evidence; and

appropriate: quality of audit evidence.

The Auditor-General of South Africa (2011a) notes that the reliability of audit evidence is influenced by its source and nature. For example, external audit evidence is better than internally generated evidence. However, internally generated evidence is more reliable when the related controls are functioning effectively. Audit evidence the auditor obtains directly is more reliable than evidence supplied by the client. Written evidence (in documentary form), on the other hand, is better than oral representation. Original documents are more reliable than evidence provided by photocopies or fax (Phukubje, 2011). Therefore, as Duranti (2012) would agree, records professionals have a duty of care towards the records entrusted with custody, ethically and legally, as they are accountable for their actions to:

their profession (ethically);

their organization (administratively and legally);

society (legally and morally); and

the next generation (historically and morally).

If unable to obtain evidence or if the records are unreliable, the auditor would issue an adverse opinion or a disclaimer. Working papers serve as proof of the work done to support the audit opinion. According to AGSA (2011b) and Phukubje (2011) the auditor obtains evidence by means of one or more of the following procedures:

Risk assessment procedure.

A mixture of test of controls.

Inspection of records and of tangible assets.

Observation of a process or procedure (this is limited to a point in time in which the observation took place).

Confirmation of information directly from a third party.

Recalculation of the arithmetical accuracy of records.

Re-performance by the auditor manually.

Analytical procedure of financial and non-financial data.

Making enquiries of knowledgeable persons, both financial and others, from the entity or outside.

When conducting the auditing process, AGSA would look at what it termed “engagement activities”, which included risk assessment, determining the skills and competency of the audit team, and established terms of engagement. The Auditor-General of South Africa would then determine the risk assessment at the overall financial level, and then it would check detailed accounts and transactions. In performing the audit, AGSA would design audit procedures that addressed risk identified during the planning stage, and would then perform those procedures. Lastly, AGSA had to evaluate all evidence obtained, communicate the findings, prepare a management report and also prepare the auditor’s report. Therefore, the auditing activities are performed in identifiable stages, namely planning, execution and reporting (Manik, 2004/05; Parliamentary Monitoring Group, 2011).

When AGSA receives a set of financial statement from a governmental body in terms of the Public Finance Management Act (Act No 1 of 1999), which is applicable to statutory bodies, national and provincial departments, as well as the Municipal Finance Management Act (Act No 56 of 2003), which is applicable to local government, its responsibility is to express an opinion. It is required that an auditor states in the opinion that generally accepted accounting principles have been followed and applied on a basis consistent with that used the preceding year. That opinion effectively is an assurance as to the state of the financial statements. Therefore, AGSA would first look at the risk that the figures could have been misstated or incorrect, and that is the risk it would identify (AGSA, 2011b). A factor to be borne in mind when assessing the risk would be the strength of the internal control environment, and what procedures had been prepared to address the risk identified. When conducting the audit, AGSA would also check the bank statements, so part of the audit involved doing reconciliations on interest received, to ensure that this could not be removed, and to ensure that everything on the bank statement was also shown in the financial statements (AGSA, 2011b). In arriving at the audit opinions, AGSA, like most auditors world-wide, applies two internationally recognized principles to its reporting:

status of fair presentation (where AGSA evaluates the extent of material omissions or errors that are likely to mislead the reader of the report); and

status of internal controls and governance (where AGSA evaluates the possibility of omissions or errors occurring without being detected early enough or prevented from occurrence).

Audits invariably identify errors and/or omissions of greater or lesser amounts in the financial statements and other sections of the annual report. As a result, there are different audit opinions that AGSA could express: unqualified, qualified, adverse and disclaimer opinions (see Table 1 for an explanation on different kinds of audit opinion). An unqualified opinion with no other matters means that everything is correct (Parliamentary Monitoring Group, 2011). This means the opinion has no reservations concerning the financial statements. This is also known as a ‘clean opinion’ meaning that the financial statements appear to be presented fairly in all material respect. An unqualified audit with matters of emphasis means that although the financial statements fairly reflect the true position, there are some matters that AGSA must point out (Parliamentary Monitoring Group, 2011). There would be findings on predetermined objectives and findings on compliance. A qualified opinion means that the auditor has taken exception to certain current-period accounting applications or is unable to establish the potential outcome of a material uncertainty (AGSA, 2011b). With an adverse opinion, the auditor disagrees with the representation made by the management in the financial statements. A disclaimer opinion indicates a lack of supporting evidence to the extent that the auditor is not able to form an opinion on the financial statements. This is the most severe type of audit opinion. This is an example of lack of accountability as financial statements submitted are not accompanied by supporting evidence.

Table 1.

Different kinds of audit opinions (AGSA, 2011b).

Severity	Audit opinion	Explanation
None	Unqualified audit opinion	Audit findings do not justify any further audit disclosure.
Least severe opinion	Unqualified audit opinion with emphasis of matter	To bring matters to the attention of the users of the financial statements which are not significant enough for the audit opinion to be qualified, or with regard to statutory reporting requirements.
Severe opinion	Qualified opinion	Except for matters highlighted under the qualification, the financial statements present a fair view.
More severe opinion	Adverse	An adverse opinion is expressed when the effect of a disagreement between the auditors and the auditee is so material, pervasive and/or fundamental to the financial statements that the auditor is not in agreement that the financial statements result in a fair presentation.
Most severe opinion	Disclaimer	An audit opinion is disclaimed when the possible effect of a limitation of scope of the audit work is so material, pervasive and fundamental that the auditor has not been able to obtain sufficient appropriate audit evidence, and accordingly is unable to express an opinion on the financial statements.

It is clear from the auditing process presented in this section that records are needed when auditors perform their job. There is a clear indication of a nexus between records management and auditing.

The relationship between record-keeping and auditing

The relationship between record-keeping and auditing can be traced from time immemorial. In his closing remarks at the first annual records management seminar hosted by AGSA, the Deputy Auditor-General (DAG), Makwetu (2011), argued that the historical relationship of records management and auditing is as old as civilization. To gain a perspective of the relationship between record-keeping and auditing, it is relevant to provide a history of accounting through the ‘double-entry system’, as it enhances the way in which the connection between the two fields can be understood, as the accounting cycle begins with the creation of a record. Dandago (2009:9) argues that accounting is a service-providing discipline, making available financial information for various decisions to be guided. As a process, accounting is about identifying (through proper record-keeping), measuring (through preparation of financial statements) and communicating economic information (through publishing or making known the financial statements prepared) to give room for informed judgements (Dandago, 2009:9; Van Vuuren et al., 2005:16).

Accounting has its origins in the earliest times in the history of human society as a means of providing owners of resources with information on how their resources have been managed (Dandago, 2009:23). Today this process is reflected through various corporate governance models, such as the King III report on corporate governance in South Africa. Van Vuuren et al., (2005:15) trace accounting back to the era of the Roman Empire (c753BC-476AD) around 100 BC. The nature and extent of the commercial and related business activities in the Roman Empire created a need for a book-keeping system. The stewards (managers of resources) rendered periodic accounts of their stewardship as a demonstration of accountability. It is this practice that has metamorphosed into the preparation and presentation of financial statements by organization today (Dandago, 2009:23).

However, modern accounting, in the form of the double-entry system (see Table 2 for the formula of double-entry system), had its origins in Italy towards the end of the 13th century. Makwetu (2011) argues that the idea of double-entry originated from the duality of every transaction. This is as a result of the fact that there are two sides to every transaction, which is commonly viewed to imply that for every giver, there is a receiver. This is what Duranti (2012) would refer as trusters (givers) and trustees (receivers). The trust-bond between trusters and trustees is usually based on four characteristics of the trustees, namely:

reputation, which results from an evaluation of the trustee’s past actions and conduct;

performance, which is the relationship between the trustee’s present actions and the conduct required to fulfil his or her current responsibilities as specified by the truster;

confidence, which is an assurance of expectation of action and conduct the truster has in the trustee; and

competence, which consists of having the knowledge, skills, talents, and traits required to be able to perform a task to any given standard.

Table 2.

Formula for double-entry system (Dandago, 2009:94).

Assets = owner’s equity + outsider’s equity

Dandago (2009:94-95) traces the history of the double-entry system from an Italian friar, Frater Luca Bartolomes Pacioli (1445-1517), the father of accounting, to contemporary record-keeping. On the other hand, Makwetu (2011) and Ngoepe (2008:31) contend that auditing and record-keeping is as old as the first societal groups, because the need of a memory arises naturally in any organization. In the histories of the earliest civilisations, before the art of recording could be known, auditing took place orally. The steward in charge of the cattle, goods and other forms of wealth would, from time to time, produce to his master the wealth with which he was entrusted and give account of his stewardship, reciting from memory the goods and cattle acquired, those disposed of and those still in his possession. The master would listen to this recital of the steward’s transactions and question him thereon. The master was the listener, the auditor. This explains the derivation of the word auditing from the Latin word (audire, which is to listen), which acquired a secondary meaning: “One who satisfies himself as to the truth of accountability of another” (Dandago, 2009:95). This also manifested in the book of Luke 16 verse 1 in the Bible when Jesus told his disciples about the parable of the shrewd manager who was summoned by his master to orally account for his management activities. At the end, the manager lost his job as he could not account.

It can therefore be argued that the most ancient forms of memory were oral and the most ancient keepers of records were the remembrances, that is, individuals entrusted with the task of memorising rules, contracts, sentences and transmitting them by recitation to their juniors, authorities and those involved in contractual agreements (Duranti, 1993:30). Makwetu (2011) asserts that the frailty of human memory led to Pacioli inventing a double-entry system of accounting. This resulted from the challenge experienced by the merchants when trading with sailors. Apparently, the traders relied on the remembrances for memorising agreements and the shapes of the vessels. Once agreement had been reached, the sailors would go around the globe to trade and return after a long time. When it was time for exchanging the goods, the remembrance would be called to identify the ships and the traders. However, this approach was not reliable due to the frailty and subjectivity of human memory (Makwetu, 2011; Ngoepe and Van der Walt, 2009:117).

Having identified the loophole, Pacioli published a book in 1494 on mathematics (Summa), which included 36 chapters explaining the double-entry system (Smith, 2008). The inclusion of the double-entry system in his book resulted in Pacioli being generally recognized as the author of the first published double-entry book-keeping text. Instead, according to Dandago (2009:74), Pacioli simply described a method used by merchants in Venice during the Italian Renaissance period. His system included most of the accounting cycle as it is known today. For example, he described the use of journals and ledgers, and he warned that a person should not go to sleep at night until the debits equalled the credits - the assertion that AGSA (2011b) propagates to this day (2014) for governmental bodies to obtain clean audits. Pacioli’s ledger included assets (receivables and inventories), liabilities, capital, income, and expense accounts (Rogers, 2011). Pacioli demonstrated year-end closing entries and proposed that a trial balance be used to prove a balanced ledger (Manal, 2011). Also, his treatise alluded to a wide range of topics from accounting ethics to cost accounting.

The double-entry system was central to the success of Italian merchants, necessary to the birth of the Renaissance (Smith, 2008). Industrial Revolution (1750-1850) firms required accountants to provide the information necessary to avoid bankruptcy and their role developed into a profession. Big business required capital markets that depended on accurate and useful information. This was supplied by what became an accounting profession. Today, a global real-time integrated information system is a reality, suggesting new accounting paradigms (Manal, 2011; Rogers, 2011). Understanding this history was needed to develop the linkage between record-keeping and auditing.

As reflected in the historical account, auditing has its roots in accounting. Auditing existed primarily as a method to maintain governmental accountancy, and record-keeping was its mainstay (Manal, 2011). According to McNamee and McNamee (1995:34) the earliest records ever audited were Babylonian clay tablets about 5,000 years ago. McNamee and McNamee (1995:34) reckon that the world’s first auditor might have created the tiny marks on the clay tablets next to inventory entries. By the time of the Middle Kingdom of the Nile, the Pharaoh’s deputy was overseeing the storage of grains. Auditing was a matter of redoing the work of others. Systems were very simple, and auditing meant observing, counting and double-checking records. Auditing did not change much for nearly 5,000 years (Manal, 2011). In some countries where modern auditing is just now being introduced, re-performance is still the mainstay of the auditor. McNamee and McNamee (1995: 34-35) describe the old auditing method as a ‘checker checking a checker.’

It was not until the advent of the Industrial Revolution (1750-1850), that auditing began its evolution into a field of fraud detection and financial accountability (Manal, 2011). Businesses expanded during this period, resulting in increased job positions. Management was hired to operate businesses in the owners’ absence (the process that would later in the modern world be controlled through corporate governance models), and owners found an increasing need to monitor their financial activities, both for accuracy and for fraud prevention. Contemporary discussions of corporate governance focus on relations between ownership and management within “joint-stock, limited-liability, publicly-held, predominantly large-scale enterprises” (Herrigel, 2006:3). Anecdotal evidence suggests that the idea was formalised in the 1980s as a result of the separation between ownership and control (Marx et al., 2004). Corporate governance was therefore introduced to ensure that the agents of the owners of companies (directors and, in the case of the public sector, the director-general) control their entity in ways that will serve the interests of the shareholders (owners and investors or, in the case of public sector, ministers, mayors and the public). The directors are responsible for managing the entity and the shareholders are responsible for appointing the directors. This focus centres attention on the balance of power between shareowners and managers, together with the consequences of that balance for enterprise performance. In the early 20th century, the reporting practice of auditors, which involved submitting reports of their duties and findings, was standardized as the “Independent Auditor’s Report” (Manal, 2011). The increase in demand for auditors led to the development of the testing process. Auditors developed a way to strategically select key cases as representative of the organization’s overall performance. This was an affordable alternative to examining every case in detail, and it required less time than the standard audit (Manal, 2011; Smith, 2008).

Allinson, as quoted by Isa (2009:82), posits that auditing has changed from the way it was used in accounting for the checking of financial reliability of a business to a process where a record is maintained of a particular series of events in order to provide evidence in the case of a dispute, to check on the effectiveness of control systems and to provide evidence in the case of criminal activity. These records are commonly known as audit trails or logs. An audit log is a sequence in which an auditor’s work can be independently verified while a working paper is where the auditor tests transactions and items (Phukubje, 2011). Audit trails facilitate the process of determining accountability, effectiveness and integrity of an employee, a department, or even an organization by automatically capturing and storing all the actions that are taken upon an electronic record, the user initiating and carrying out the action and the date and time of events (Isa, 2009:82).

All types of information systems, including financial management systems, need to provide an audit trail feature for both audit purposes and security reasons. Therefore, decisions to prioritize the comprehensiveness of any system must be based on the input from the audit and records management team. Achieving organizational goals and containing costs are their utmost concern. Financial records, as compared to other types of records, are constantly under surveillance because this type of record presents evidence of fiscal value and has immediate impacts on the financial stability of an organization (Isa, 2009:82). However, financial information is just tangible evidence of performance and not an end in itself. The accuracy of financial records is crucial and should be constantly monitored to detect if there is any corruption or mishandled business transaction that may lead to loss or, even worse, bankruptcy of an organization (IRMT, 1999 b:65). As Isa (2009:82) correctly observed, the rise and fall of an organization is highly dependent on its financial status. Records, according to Hare and Mcleod (1997:2) also play a role in this regard and are kept for the following:

Information – ensure that operations are carried out appropriately and aid decision-making.

Evidence – as proof when faced with lawsuit.

Compliance – as proof that regulations have been observed.

From the historical perspective, we can gather that accounting provides financial information to users of such information, and auditing is a means to ensure that such information is reliable and conforms with established rules and regulations. The purpose of audit is to compare ‘what is to what should be’ (McNamee and McNamee, 1995:37). Both accounting and auditing rely on proper record-keeping to fulfil their purposes. Accounting reflects all transactions involving the receipt, transfer and disbursement of government funds and property. It is clear from the preceding discussion that financial information, in the form of published accounts, is a key instrument for transparency in decision making and the budgetary process. Accounting uses information from records to classify, summarise and interpret accounting statements to interested parties for their information or action. Audit, on the other hand, reviews, monitors, evaluates and adds authenticity to the accounting report and other recorded financial information. An effective internal and independent external audit function is an essential element for turning important data in records into meaningful information.

Control is the dominant, if not primary, reason for developing accounting systems. Effective systems must be comprised of a set of internal controls that manage the cycle of recording, analysing, classifying, summarising, communicating and interpreting financial information both in aggregate and in detail to support public sector accounting. These controls regulate the quality of information passing through the system and are based on verifiable procedures that control whether transactions are originated, checked, authorised and recorded according to the accounting manual instructions and financial regulations (IRMT, 1999c). When these processes are properly mapped in an organization, they lead to good corporate governance.

The benefits of external auditing are to add credibility to the information provided, assist in the strengthening of oversight, accountability and governance in the public sector, assist in giving momentum to the process of transformation of financial management in the public sector, and to provide insights so as to facilitate foresight of decision-makers (Fadzil et al., 2005:833). The external auditor helps an entity achieve its objectives by bringing an independent and objective view. According to Thompson (2003:17-18) the external auditor contributes directly through its “audits - whether compliance, financial statement, value-for-money, comprehensive or performance audits - and indirectly by providing useful information to management, the board of directors, and shareholders/stakeholders”. The accountability of a governmental body can arguably only be achieved when it demonstrates considerable transparency, which in turn can only take place when trust is supported by authentic and reliable records.

According to Nel (2011) auditors in the public sector have four areas of interest in proper records management: compliance, accountability, operational efficiency and robust world class public institutions. The foundation for all these areas is records. Inadequate records, for example, limit auditors from expressing an opinion. This has dire consequences for the lives of all citizens as auditors cannot confirm that money was spent wisely by public organizations. Therefore, Nel (2011) recommends that records management must be viewed as a business process designed to support business objectives. Furthermore, a culture that promotes effective and efficient records management to facilitate timely decision-making should be instituted by public organizations.

Proposed framework to embed records management into the auditing process

The purpose of the current study was to propose a framework to embed records management into the auditing process. It is hoped that the proposed framework will help reduce findings on record-keeping in the audit reports, as records management would be embedded in the auditing process. Creating and embedding a framework within an organization can be a lengthy and difficult process, which might encounter a level of resistance. The proposed framework in Figure 2 is not intended to be prescriptive but to assist governmental bodies to integrate records management into the auditing process.

Figure 2.

Framework to embed records management into the auditing process.

The proposed framework builds on the auditing process as defined by AGSA in Figure 1. All the steps of auditing process depicted in Figure 1 are applied by both internal and external auditors in the public sector in South Africa. For internal audit, an oversight mechanism is the audit committee. Once internal audit has completed its work, external auditors can always use the internal audit report as a point of departure if the information is reliable. The reliability will depend on the system for managing records within an organization. However, if information is not reliable, external auditors will kick-start the process through pre-engagement activities and not rely on the report of the internal audit unit.

Fowzia (2010:22) and Pop et al. (2011) argue that co-operation between internal and external auditing leads to a range of benefits for both parties. For example, the co-operation will help external auditors to raise the efficiency of the financial statements. From the internal audit perspective, the coordination assures a plus of essential information on the assessment of risk controls. The external auditor without the assistance of the internal auditor would be too expensive, as the audit method and fees follow a risk-based approach (Bhana and Ngoepe, 2009:20).

Pilcher et al., (2011) correctly argue that the extent of reliance of the external auditor on the internal auditor’s work depends on the quality of the internal audit function. Indeed, as AGSA (2011b) would agree, the internal audit function serves as a potentially valuable control to each of the components of corporate governance: external auditors and audit committee. Broadly speaking, the records requirements of external auditors are the same as those for internal auditors. As part of the audit, the work and activities of the internal audit and its effect on the external audit procedures should be considered. While AGSA has the sole responsibility of expressing an audit opinion and determining the nature, timing and extent of audit procedures, certain parts of the internal audit work may be useful. An effective internal audit department will prompt AGSA to rely on controls rather than to take a more substantive route. As part of assessing the effectiveness of internal controls, the external auditor must obtain an understanding of the internal audit department during strategic planning and assess its effectiveness, as it will influence the nature and timing of the external audit, as well as the extent of the audit procedures. Apart from the financial implication, the internal audit department can be a valuable source of information to the external auditors by making it possible for them (external auditors) to obtain a high level of understanding of the business of the auditee.

It is not the external auditor’s official role to investigate intent or actions. Instead it is within their remit to report that they are ‘unable to give an opinion’ when records are not available, are untidy or are out of date (IRMT, 1999a). If auditors’ suspicions are raised, they can then notify the appropriate authorities and may, in some cases, assist in investigations. However, standards and best practices for financial record-keeping must be in place in order to evaluate the adequacy of record-keeping systems and the auditor’s role ought to be strengthened to enable them to comment on the provision of records. Without any objective way to evaluate the adequacy of record-keeping systems (best practice guidelines and standards) it is impossible to criticise current systems and encourage improvements.

Glass (2005) stresses that in almost every sense, the relationship between internal and external auditing should not differ between the public and private sector. This is because essentially the same standards apply and the individuals involved in the auditing process share a common base of training and experience. What is more, auditors (both internal and external) are (or should be) ultimately concerned about the wise and prudent management of entity resources that have been entrusted to managers on behalf of the entity’s “owners” (Glass, 2005).

In every step of the auditing process, records are consulted and should therefore be managed properly for easy retrieval. At each stage of the auditing process, opportunities exist to introduce and enhance an organization’s records management. Therefore, in the framework, it is suggested that records management is practiced in every step of the auditing process. Embedding records management ensures that it becomes part of the organization’s core values and effective management. The framework will assist in managing records effectively throughout the application of auditing process at all stages and within specific contexts of the organization. The introduction of records management and ensuring its ongoing value adding to the auditing process require strong and sustained commitment by management of the organization through the audit committee. While records management practitioners align records management objectives with the objectives of the organization, the audit committee should:

endorse the records management strategy and policy; and

ensure legal and regulatory compliance.

Auditors, especially internal to organizations, have to understand that records management is a serious issue for the organization and that they have an important role to play in records management.

The framework recommends the recording of each stage of the auditing process as the records of such processes are an important aspect of good corporate governance. In Figure 2, records management is embedded into the auditing process applied by AGSA as follows:

Pre-engagement activities

During the first stage of the auditing process, the following are done by the audit team:

Consider changes in circumstances of previously audited entities/ Consider circumstances of new engagements (identify risks).

Determine skills and competency requirements of the audit team.

Establish terms of engagement and communicate to the management of the audited entity.

Records of this stage are important for both the auditee and the auditors as they will be used as a reference. It is of utmost importance during this stage that both parties agree on the turn-around time for retrieval of records to verify transactions. As reflected in the framework, it should be clear where records are kept and how they are arranged for easy retrieval. The availability of records management practitioners in the pre-engagement activities meetings is necessary as it will help clarify their role during the audit cycle. Therefore, records management is important as from day one when the audit process is initiated.

Audit planning

During this phase, the audit team does the following:

Obtain knowledge of the business.

Obtain understanding of the accounting systems and processes operated by management to control the entity (internal control systems).

Risk assessment: Assess financial risks facing the entity (for example, risks relating to fraud and error; liquidity/solvency problems; non-compliance with legislation).

Evaluate the work of internal audit and determine whether reliance can be placed on it.

Evaluate the financial management of the entity in terms of the predetermined levels.

Consider whether the internal controls that management has implemented are appropriately developed and documented:

If yes, the internal controls can be tested.

If not, the internal control weaknesses are identified and communicated to management.

Formulate the audit approach.

Communicate the audit plan to the management of the entity.

It is also vital to document activities of this process. The audit planning should also include how records that substantiate financial statements will be retrieved. Testing the records management system during this stage will help give a clear picture of whether the system will be able to support the audit process. This can be tested by requesting certain records that are reflected in the file plan. An assumption is that the file plan exists for each organization or there is a way in which organizations arrange their records. Records that are needed for auditing should be identified and arranged.

Execution of the audit

During execution stage, the following is done:

Testing of controls – study and evaluate the internal controls of an audited entity.

Detailed test of transactions and balances in the financial statements.

Continuous communication – meetings with the management of the auditee.

Letter to management to highlight key audit findings with recommendations.

During this phase, the records management practitioners provide auditors with records that have been requested so that auditors can verify transactions. Failure to provide records would lead to a disclaimer opinion.

Reporting

The output of an audit is simply the expression of an opinion on the financial statements of an entity. It should also be noted that audit opinions are only expressed on financial statements and not on compliance with laws and regulations. However, any deviation from laws and regulations relating to financial matters will be considered and could result in a modified audit report. Upon reporting, issues related to records management that were identified should be included in the results of the audit. The management of the entity should then commit to rectify the issues. If this is done it would lead to good corporate governance and reduce records management issues identified in the audit reports. Furthermore, it will leverage the status of records management in governmental bodies.

For the framework to be applied successfully, records management has to become part of the way that an organization is managed. This way, as reflected in the proposed framework, good corporate governance will be achieved in governmental bodies and the 2014 clean audit target would be a reality. It is clear from the proposed framework that records management plays an important role in every step of the auditing process. The role played by records management is for supporting the audit process by providing required records and documenting the audit process.

Conclusion and implication for theory, policy and practice

This study has clearly demonstrated the relationship between records management and auditing process. Records if properly managed can be an enabler to the audit process. To be useful, research findings must in some way be connected to the larger picture, that is, to what people already know or believe about the topic in question (Leedy and Ormord, 2010:285). The findings of this study may go a long way in influencing policy and practice. If the framework suggested in this study is customised by governmental bodies in South Africa it may assist them to obtain and sustain clean audit results. The current study adds to the existing theoretical and conceptual issues that form the on-going discourse on the role of records management in the auditing process as it has presented a framework that may provide a basis for embedding records management into the auditing process. It is hoped that such a framework will help governmental bodies in South Africa to obtain clean audit reports.

References

Auditor-General of South Africa (AGSA) (2011a) Constitutional and legislative mandate. Available at: http://www.agsa.co.za/AboutUs.aspx (accessed 15 January 2013).

Auditor-General of South Africa (2011b) Audit communication and reporting. Available at: http://www.agsa.co.za/LinkClick.aspx?fileticket=OsdjJSx6DuA%3d&tabid=36&mid=467 (accessed 15 January 2013).

Auditor-General of South Africa (2010) Strategic plan and budget of the Auditor-general for 2010-2013. Pretoria: AGSA. Also available at: http://www.agsa.co.za/Portals/1/STRATEGIC%20PLAN%20&%20BUDGET%202010-13.pdf (accessed 16 May 2010).

Bhana

(2008) The contribution of proper record-keeping towards auditing and risk mitigation: Auditor-General of South Africa’s perspective. Paper presented at the 3rd Annual General Meeting of the South African Records Management Forum, Midrand (South Africa), 10-11 November. Available at: http://www.khunkhwane.co.za/uploads/The%20Contribution%20of%20Proper%20Records%20Keeping%20towards%20auditing%20and%20risk%20mitigation%20%20Auditor%20General%20Perspective.pdf (accessed 18 May 2014).

Bhana

Ngoepe

(2009) Auditing and record-keeping: any link? AuditTalk 3/2009: 20–21.

Dandago

(2009) (ed) Advanced Accounting Theory and Practice. London: Adonis & Abbey.

De Jager

(2008/09) Editorial: auditing and credibility. Auditing SA (Summer): 3–4. Available at: http://www.saiga.co.za/index_htm_files/01%20Auditing%20SA%202009%20Editorial%20De%20Jager.pdf (accessed 6 May 2014).

Duranti

(1993) The Odyssey of Records Managers. London: Scarecrow Press.

Duranti

(2012) Continuity and transformation in the role of archivist. Paper read at 1st UNISA Archives Lecture, Pretoria (South Africa), 1 November. Available: http://www.unisa.ac.za/Default.asp?Cmd=ViewContent&ContentID=22494 (accessed 6 May 2013).

10.

Evans

Carlon

Massey

(2005) Record-keeping practices and tax compliance of SME’s. eJournal of Tax Research 3(2). Available at: http://www.austlii.edu.au/au/journals/eJlTaxR/2005/13.html (accessed 14 July 2013).

11.

Fadzil

Haron

Jantan

(2005) Internal auditing practices and internal control system. Managerial Auditing Journal 20 (8): 844–866.

12.

Fowzia

(2010) Co-operation between internal and external auditors: a comparative study on nationalized and foreign banks in Bangladesh. World Journal of Management 2(2): 22–35. Available at: http://wbiaus.org/3.%20Fauzia-%20FINAL.pdf (accessed 12 July 2014).

13.

Glass

(2005) The relationship between internal and external audit in the public sector. Paper read at IIA New Zealand Conference, 21-23 November. Available at: http://www.oag.govt.nz/2005/reports/docs/internal-external-audit.pdf (accessed 15 June 2013).

14.

Hare

Mcleod

(1997) Developing a Records Management Programme. London: Aslib.

15.

Herrigel

(2006) Corporate Governance: History Without Historians. Chicago: University of Chicago. Available at: http://home.uchicago.edu/˜gherrige/publications/final_draft_cg_paper.pdf (accessed 20 May 2013).

16.

International Records Management Trust (IRMT) (1999a) Managing Financial Records. London: IRMT. Available at: www.irmt.org/documents/educ…sector…/IRMT_financial_recs.doc (accessed 27 May 2014).

17.

International Records Management Trust (1999b) From Accounting to Accountability: Managing Accounting Records as a Strategic Resource. London: IRMT. Available at: http://www.irmt.org/documents/research_reports/accounting_recs/IRMT_acc_rec_background.PDF (accessed 27 May 2014).

18.

International Records Management Trust (1999c) Records and Information Management in Developing Countries: The IRMT Trust. London: IRMT.

19.

Isa

(2009) Records management and the accountability of governance. PhD Thesis. Glasgow, University of Glasgow. Available at: http://theses.gla.ac.uk/1421/ (accessed 13 April 2013).

20.

Leedy

Ormrod

(2010) Practical Research: Planning and Design. 9th ed. Boston: Pearson Education International.

21.

Makwetu

(2011) Closing remarks for the records management seminar. Kempton Park, (South Africa), 20 April.

22.

Mallin

(2010) Corporate Governance. 3rd ed. Oxford: Oxford University Press.

23.

Manal

(2011) History of auditing. Available at: http://www.ehow.com/about_4681905_history-of-auditing.html (accessed 12 May 2014).

24.

Manik

(2004/05) The accountability framework and the role of the Office of the Auditor-General. Auditing SA Summer edition. Available at: http://www.saiga.co.za/documents/publications/summer2004/02_Nitasha_Manik.pdf (accessed 14 January 2014).

25.

Marx

Van der Watt

Bourne

(2004) Dynamic Auditing: A Student Edition. 7th ed. Butterworths: LexisNexis.

26.

McNamee

(1995) The transformation of internal auditing. Managerial Auditing Journal 10 (2): 34–37.

27.

Mosweu

(2011) Auditing, records inadequacy and the lamentations of the Auditor General in conducting performance audits in the Botswana public service. Paper read at the South African Society of Archivists Conference, Pretoria (South Africa), 14 - 15 July.

28.

National Archives and Records Service of South Africa (2007) Records Management Policy Manual. Pretoria: NARS. Available at: http://www.national.archives.gov.za/rms/Records_Management_Policy_Manual_October_2007.pdf (accessed 5 September 2013).

29.

Nel

(2011) Audit findings and records management in the public sector. Paper read at DBS Document and Records Management Conference, Midrand (South Africa), 19-21 September.

30.

Ngoepe

(2008) An exploration of records management trends in the South African public sector: a case study of the Department of Provincial and Local Government. MINF Dissertation. Pretoria, University of South Africa. Available at: http://uir.unisa.ac.za/bitstream/handle/10500/2705/dissertation_ngoepe_%20m.pdf;jsessionid=EB9742E5EE3AE28371CBA6ABE4C2B6EF?sequence=1 (accessed 13 May 2013).

31.

Ngoepe

(2012) Fostering a framework to embed records management into the auditing process in the South African public sector. PhD Thesis, Pretoria, University of South Africa.

32.

Ngoepe

(2014) The role of records management as a tool to identify risk in the public sector in South Africa. South African Journal of Information Management 16(1). 8 p. Available at: www.sajim.co.za/index.php/SAJIM/article/view/615/694 (accessed 9 February 2014).

33.

Ngoepe

Ngulube

(2013a) Contribution of record-keeping to audit opinions: an informetrics analysis of the general reports on audit outcomes of the Auditor-General of South Africa. ESARBICA Journal 32: 56–66.

34.

Ngoepe

Ngulube

(2013b) An exploration of the role of records management in corporate governance in South Africa. South African Journal of Information Management 15(2). 8 p. Available at: http://sajim.co.za/index.php/SAJIM/article/view/575 (accessed 9 February 2014).

35.

Ngoepe

Ngulube

(2014) The need for records management in the auditing process in the public sector in South Africa. African Journal of Library, Archives and Information Science 24 (2): 135–150.

36.

Ngoepe

Van der Walt

(2009) An exploration of records management trends in the South African public sector. Mousaion 27 (1): 116–136.

37.

Odendaal

(2009/10) An independent review of company financial statements. Auditing SA (Summer 2009/10): 43-45. Available at: http://www.saiga.co.za/index_htm_files/12%20Odebndaal%20-%20Independent%20reviews%20of%20financial%20statements.pdf (accessed 10 February 2014).

38.

Parliamentary Monitoring Group (2011) Audit report information: Workshop with auditor-general. Available at: http://www.pmg.org.za/report/20110301-training-workshop-office-auditor-general-how-interpret-and-use-inform (accessed 12 February 2014).

39.

Palmer

(2000) Records management and accountability versus corruption, fraud and maladministration. Records Management Journal 10 (2): 61–72.

40.

Pilcher

Gilchrist

Singh

(2011) The relationship between internal and external audit in the public sector – a case study. Paper read at AFAANC Conference, 2 July.

41.

Phukubje

(2011) Public sector audits. Paper read at the Development Bank of Southern Africa’s Records Management Week, Midrand (South Africa), 19-23 September.

42.

Pop

Bota-Avram

(2011) The relationship between internal and external audit. Available at: http://www.oeconomica.uab.ro/upload/lucrari/1020081/18.pdf (accessed 12 July 2013).

43.

Rogers

(2011) History of double-entry bookkeeping system. Available at: http://www.canhamrogers.com/HDEB.htm (Accessed 12 May 2011).

44.

Ryan

(2006) What is the essence of records management? Records Management Journal 16 (3): 124–130.

45.

Shiceka

(2009) Address on the launch of the 2014 Clean Audit Project. Speech presented at Boksburg (South Africa) 16 October 2009. Available at: http://www.dplg.gov.za/index.php?option=com_content&view=article&catid=3:minister-sicelo-shiceka&id=50:address-on-the-launch-of-the-2014-clean-audit-project- (accessed 3 May 2013).

46.

Smith

(2008) Luca Pacioli: the father of accounting. Available at: http://acct.tamu.edu/smith/ethics/pacioli.htm (accessed 13 May 2014).

47.

Thompson

(2003) Accountability and audit. International Journal of Government Auditing 30: 16–18.

48.

Van Vuuren

Vorster

Myburg

(2005) Accounting: An Introduction. 8th ed. Durban: LexisNexis.

49.

Yusuf

Chell

(1998) Records management education and training world-wide: a general overview of the current situation. Records Management Journal 8 (1): 25–54.

50.

Yusuf

Chell

(2005) Issues in Records Management. Bangi: Penerbit Universiti.