Leveraging Technology for Enhancing Public Audit – SAI Malaysia

Leveraging Technology for Enhancing Public Audit – SAI Malaysia


National Audit Department of Malaysia

Over the past few decades, the Government of Malaysia has successfully harnessed information communication technology (ICT) to achieve greater productivity and efficiency in the public sector. The governance framework is already in place and legislations have been enacted to address potential issues that arise from the use of ICT. Overall, technology has not only benefited the public agencies, it has also helped to fundamentally transform and improve audit approaches. As the national auditor, the Auditor-General’s Office of Malaysia (NADM) actively uses technology in its audit processes. In this article, NADM shares how it has leveraged technology to enhance public audit.


1.       INTRODUCTION

The Government of Malaysia has continuously introduced new technology in developing government infrastructure and systems to ensure effectiveness of public service delivery. In 1997, under the 7th Malaysia Development Plan, the Malaysian Government introduced the e- government project. Under the 10th Malaysia Development Plan, the Government has further increased the allocation for ICT development from RM5.17 billion to RM10.8 billion of which RM8.5 billion had been spent. As of now, more than 500 major systems have been developed and used in various ministries, departments and agencies at the federal government level to improve public service delivery.

The usage of ICT has remarkably changed the manner in which the Government operates where core systems, processes, procedures and rules are increasingly transformed and innovated   for   a   more   efficient   and   effective   operation   as   well   as   service   delivery. Nevertheless, new technology brings new organisational risks and this will ultimately bring new financial risks as well. The winds of change in the public sector are also creating major impact on the auditing profession in terms of the nature, timing and results of the audit work. Thus, auditors need to keep abreast with the client’s advancement in technology usage with regard to audit methodology, tools and techniques.

2.       OVERVIEW OF THE NATIONAL AUDIT DEPARTMENT MALAYSIA (NADM)

Established in the early 20th Century, NADM is responsible for carrying out audits on all Federal Government Ministries, Departments and Agencies and the State Governments which includes 25 Federal Ministries and 86 Departments, 13 State Governments, 112 Federal Government Agencies, 139 State Government Agencies, 144 Local Authorities and 15 Islamic Religious Councils. Besides this, government agencies, companies which received grant from the Government or where more than 51% of its share capital is owned by the Government are also subject to audit. As an independent institution, the Auditor General’s Report on the financial position and the implementation of the government development programmes is tabled in Parliament and State Legislatures annually. The types of audit carried out include attestation, financial management and performance audit.

Supreme Audit Institutions (SAIs) are directly impacted where the audit approaches and methodologies in this environment has now transformed even though our audit objectives remain the same. Inevitably, SAIs will have to leverage on technology in order to increase audit efficiency and effectiveness which ultimately improve the overall quality of the audit. The  use  of  technology  by  SAIs  will  allow  for  wider  audit scope  and  coverage;  improved timeliness in conducting the audit and collecting evidence; more in-depth data analysis and interrogation; and, better communication and reporting. Consequently, SAIs would be able to obtain better quality information for audit and help improve the integrity of the overall audit. The changing environment of the government sector through the implementation of e- Government/ICT projects resulted in the increasing prevalence of technology and this will not only bring about significant impact to the way we deal with the government sector for social and economic services or as government employees in performing our day to day operations; but more importantly the technology-based environment brings together with it the issues of governance, security, risks management, legal mandate and internal controls. Therefore, it is crucial to identify and assess on how these issues are/have been addressed in this environment.

This paper aims to share our experience in leveraging technology to enhance public audit quality and effectiveness.

3.       MALAYSIA TRANSFORMATION THROUGH ICT

In 1997, the Malaysian Government launched the Electronic Government initiative, generally known as e-Government, with the introduction of the Multimedia Super Corridor (MSC) in 1996. The implementation of e-Government in Malaysia heralds the beginning of a journey of reinventing the government by transforming the way it operates, modernising and enhancing its service delivery. E-Government seeks to enhance the convenience, accessibility and quality of interactions with the public and businesses at large. Simultaneously, it will improve information flow and processes within the government, improve the speed and quality of policy development, improve coordination and enforcement more efficiently and seamless public service delivery as well as allow for prompt decision making. This would enable the government to be more responsive to the needs of its people.

E-Government is one of the seven flagship applications introduced in MSC. The objectives of these flagship applications are to instigate and accelerate the growth of MSC, to enhance national competitiveness, to create high value jobs and export growth, to help reduce digital divide, and to make MSC a regional hub and test bed. Under the e-government flagship, seven main projects categories as government to government, government to people and government to business were identified. A total of RM455 million has been spent to develop e-Government applications. To ensure the successful implementation of e-Government, cooperation between Ministry of Energy, Water and Communications (MEWC), Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) and other agencies are being strengthened. The seven pilot projects of the e-Government Flagship Applications are as follows:

NO.

APPLICATIONS

EXPLANATION

1.

Project Monitoring System (SPP II) It is an online system that monitors the entire lifecycle of national programs such as from project application to approval to implementation, mid-term review and completion.

2.

Human Resource Management Information System (HRMIS) HRMIS provides a single interface for government employees to perform human resource functions effectively and efficiently in an integrated environment. This is in line with the objective of HRMIS which is not only for record keeping but also providing transactional functions such as leave applications, loan processing, competency management, recruitment, and selection of employees. The HRMIS project is anchored by the Public Service Department (PSD).

3.

Generic Office Environment (GOE) It includes powerful document and office management solution that enables users to manage their office environment effectively and efficiently. It is fully web-based and has been customized based on local developed package, DRDok.

4.

Electronic Procurement (EP); The electronic procurement system, better known as e-Procurement, streamlines government procurement activities and improves the quality of service it provides. E-Procurement converts conventional procurement processes to electronic procurement on the Internet. It enables suppliers to obtain tender documents and submit bids through the Internet. The suppliers are equipped with smartcards that enable them to transact with the e-Procurement system. Modules in e-Procurement system include suppliers’ registration, central contract, direct purchase, tenders and contract, which are fully functional and used by the government in its procurement exercise.

5.

Electronic Services (E-Services); E-Services enable the users to conduct transactions with government agencies, such as the Road Transport Department (RTD) and private utility companies such as Tenaga Nasional Berhad (TNB) and Telekom Malaysia Berhad (TM) through various convenient channels like the e-Services kiosks and internet. Users can now conduct transactions by themselves without queuing, traffic jams or bureaucratic hassles.

6.

Electronic Labour Exchange (ELX); and ELX is one stop-centre for labour market information, as supervised by the Ministry of Human Resource to enable employers and job seekers to communicate on the same platform. It provides an effective centre of labour market information and references and involves effective and integrated job matching process.

7.

E-Syariah It is a case management system that integrates the processes related to management of cases for the Syariah Courts. It aims to improve the quality of services of the Syariah Courts and the productivity and efficiency of the management of the Syariah courts throughout the country.

Besides e-government, the other six flagship applications of MSC are Multipurpose Card; Smart Card; Tele Health; R & D Cluster; e-Business; and Technopreneur

4.    GOVERNANCE, RISK AND CONTROL FRAMEWORK WHICH GOVERNS AND REGULATES THE e-GOVERNMENT/ICT IMPLEMENTATION.

Public sector ICT in Malaysia is led by Malaysian Administrative Modernisation and Management Planning Unit (MAMPU). The roles of MAMPU are to provide advisory, guidance and consultation services by achieving at least the scale 5 (satisfactory) of 7 in the service delivery effectiveness assessment. Each Ministry has their own IT Governance setup consisting of:

a.    Chief Information Officer(CIO);
b.    Steering Committee;
c.    Technical Committee; and
d.   Project Management Office

The effectiveness of the ICT framework structure which governs and regulates e- Government/ICT Projects implementation in meeting its overall goals will still need to be improved especially on issues of governance and project management.

The challenges and areas for improvement on the e-Government/ICT framework cover such areas as user requirements studies; technical expertise; budget constraints; systems interoperability/integration and interfaces with other systems; Change Management and communication between developer and project team, key user and management, etc.

NADM has been actively involving in ICT project development of the various ministries and agencies. The involvement however is only to express our views on aspect of internal controls and also to ensure all our requirements are taken into account in the system specifications and development which will later facilitate our audit. To avoid conflict of interest, the basis of involvement is to ensure adequate internal controls of system are in place and all rules, regulations and procedures were adhered to. NADM also plays advisory role in pre- implementation, during and post implementation phase of ICT system/project development. Besides the advisory role, NADM also carries out the audit on ICT Projects during and post system implementation.

5.       AUDITING e-GOVERNMENT/ICT ENVIRONMENT

In performing the financial and attestation audits, Computer Assisted Audit Techniques & Tools (CAATTs) approach is used for data analytics using auditing software such as Audit Command Language (ACL). In respect of IT projects and system development, IT audit team perform concurrent audit during development as well as at the pre and post implementation.
In ensuring that project implementation is carried out in accordance with the contracts, the government   has   developed   various   monitoring   mechanisms   for   government   projects including ICT projects such as Project Monitoring System where the various levels involved in the development and monitoring of project developments are required to update the status of development and all involved are informed and therefore immediate actions are taken.

6.       TECHNOLOGY-BASED APPROACH THROUGH THE USE OF AUDIT TOOLS

The  technology  adoption  Project  in  NADM  commenced  as  early  as  1980’s  where  the technology enabled audit method begun with the purchase of audit software, ACL. Further, the phases continued in planned and structured environment. The phases concerned were Phase I (1996); Phase II (1997 -1998); Phase III (1999 -2000) and finally Phase IV (2001 –2002). All these phases were drawn in preparation of infrastructure which is associated with procurement of computer hardware, software and network across the country. In order to speed up the project, Phase V (in year 2003) was commenced for procurement of new hardware and software. By using the audit software, NADM auditors are able to conduct audit methodology driven by technology.

NADM initiated the usage of the software through CAATTs method. This was the aid tools to augment the effectiveness of audit work. Accordingly, through Phase V, deployment of ACL software was made both through network environment and standalone personal computer in order to enable more of NADM auditors to harness this software. Both the tools – ACL and Microsoft Excel were used in performing data analytics for financial data in performing financial statement auditing.

NADM uses data analytics for one (1) Federal Government Financial Statement and eleven (11) State Government Financial Statements. However, NADM does not use analytics on unstructured  data  in  performing  data  mining  and  collecting  of  audit  evidence  due  to limitation of technical expertise.

In carrying out the data analytic, NADM faced problems such as system complexities, data from different  sources  and  platform,  SAI’s  capacity  and  capabilities,  liability  and  compatibility issues. As mentioned earlier, NADM started to use CAATTs in 1980’s. In 1992, NADM started doing interim audit using CAATTs tools. Initially, data were downloaded from Auditor General office using round tape, then cartridge platform was used to download data. Nowadays remarkable progress in Information Technology (IT) and sophisticated communication infrastructure, data are downloaded from client office using the Infra Network.

NADM has used ACL’s data analysis software to dramatically improve its government audit processes. The IT Audit team conducts monthly analysis of financial data from 23 branches and successfully verified transactions worth RM488.2 billion through concurrent audit processes in 2013 and RM501.1 billion in 2014. The team is also paving the way for other public sector organisations to improve their audit processes by sharing knowledge and data analysis best practices with various government departments, ministries, and agencies. As a result of this, the NADM was announced as the 16th Impact Award Winner at the ACL Annual Customer Celebration 2014 in Dallas, United State of America.

To further enhance the use of data analytics in its audit processes, NADM is  now in the process of developing a comprehensive electronic working paper (eWP) for financial audit for the Federal and State Governments, Federal and State Statutory Bodies, Local Government Authorities as well as trust funds. The eWP comprises of audit management system, audit planning, working papers, risk analysis, sampling, reports as well as outsourcing services.

7.       CAPACITY BUILDING

In keeping up with the rapid advancement in technology, it is vital to have knowledgeable and highly competent workforce to keep abreast of technological changes so as to be able to carry out audits efficiently and effectively. Besides that, with the growth in data and the availability of tools to analyse the same, multi-disciplinary skills should be encouraged to fully exploit the audit potential of technology. Data Science, which is all about extracting value from data, recognises  this  aspect,  and  typically  shows  it  to  be  residing  at  the  intersection  of  three different disciplines. For auditors, this would translate into knowledge of the analytical tools, the domain knowledge, and basic statistics. The most value comes when such skills are available with the same person, otherwise the audit team has to be made a self-contained unit.

The capacity of  NADM  in  terms of  human  resource  increased substantially  in  year  2008 compared to the years before. Availability of adequate human capital has made it possible to widen the audit scope in the near future.

The role of Chief Information Officer is placed under the Director of Corporate Management Sector to execute the department ICT initiative. Information System Strategic Plan was released to outline our approach to strengthen ICT culture amongst the NADM staff. Restructuring was done in 2002 by introducing the Information and Communication Technology (ICT) Division under Corporate Management Sector. This division is responsible for planning, equipping, managing the computer system infrastructure, implement technology adoption programmes and also provide technical support to NADM auditor in computer based auditing

In approaching the capacity development of specialist ICT  auditors, NADM conducted in- house training through the National Audit Academy(NAA) for the staff and participated in various international training programmes provided by SAIs, ASEANSAI, ASOSAI and INTOSAI. The NAA has formulated specific ICT training modules to build up the ICT competency and expertise in audit work. Hands-on training program and workshop on IT controls, SDLC, and CAATTS are carried out to enhance staffs’ skills by the School of IT of the NAA. In addition, NADM has also issued IT Audit Manual for auditors to carry out IT audit. This will enable auditors with little knowledge of audit software to use and apply IT techniques in implementing their audit. To date, 18 specific guidelines have been issued and used.

The NAA also conducted workshops to promote the leveraging of technologies amongst the auditors by harnessing skills and competency in their audit work.

8.       IMPACT OF ANALYTICS

Data analytics has a wide range of involvement in the audits. In some audits, data analysis is used as a method to supplement our traditional analysis, whilst in other audits it is critical to providing evidence to support the overall audit outcomes.

The findings of analytics are normally communicated to the NADM management through discussion and reports which are subsequently delivered to the auditees. It is through our audit analytics results and recommendations that auditees are able to take necessary actions such as data cleaning, improve the internal controls of system, system enhancement, conduct proper testing and strengthen project management and monitoring.

Effective use of data analytics results in a more focused audit that can pinpoint the specific areas of risk, foster dynamic audit planning and execution that provides a better balance of controls analysis and transactional analytics based on the underlying risks.

9.       WAY FORWARD

The growing reliance on IT systems has given rise to several risks in the event of lapses in internal controls such as systems errors which result in inaccurate data used for decision- making and possible unauthorised access or changes to data leading to loss or corruption of important information. The public key infrastructure supports the distribution and identification of public encryption keys, allowing users and computers to exchange data securely over networks and verify the identity of the other party. Therefore, NADM would further enhance its audit coverage as to include internal controls to ensure the reliability and security of public service IT systems and compliance with the relevant Government IT policies, laws and regulations.

In order to keep pace with the developments in Information Technology especially in the area of Data Analytics influenced by the Big Data, there is a need to change radically the way we look at these tools. For the most part, IT has been used to computerise and improve the efficiency of established processes rather than transform or replace them. The nature of auditing is impacted by two technology enablers – a globally connected world where the past model of vertically integrated audit teams of local office resources can be replaced by deconstructing many audit procedures into tasks that can be performed most effectively, and advancements in data science and related technologies.

To significantly improve audit effectiveness as well as efficiency, more effective Data Analytics need to be used to discover and analyse patterns, identify anomalies, and extract other useful information in data underlying or related to the subject matter of an audit through analysis, modelling,  and  visualization  for  the  purpose  of  planning  or  performing  the  audit.  This approach is significantly different from the conventional use of CAATs by SAI Auditors.

Secondly, big data approach to analytics where certain characteristics of Big Data analytics are causing a rethink on data usage need to be looked at. It is increasingly possible to analyse the entirety or almost all data rather than just a small, carefully chosen subset or sample which can   lead to more robust models, reduced reliance on sampling, and hence a greater level of assurance in audits.

Thirdly, technology can be used to achieve the same level of assurance but more efficiently at a lower cost, or it can be used to achieve a higher level of assurance via a more effective audit at similar cost. The focus needs to shift from efficiency goals of cost reduction to improved effectiveness by increasing assurance.

Fourthly, audit data analytic techniques using large data sets, correlating data from multiple sources, data mining algorithms and data visualisation have revolutionised fraud detection effectively. Patterns and connections that might never have been discovered in the past can be much more easily identified, analysed, and visualised.

10.    CONCLUSIONS

As  public  agencies  shift  towards  using  more  ICT  for  public  administration  and  service delivery, SAIs would need to be at the forefront of technology to ensure that their audit competency is kept relevant. Leveraging on technology based solutions will enhance the quality of the auditing process as well as the audit quality and effectiveness. The NADM continues to commit the use of technology in carrying out the audit to increase audit efficiency and effectiveness, and therefore, the investment on technology based audit approach as well as  capacity  building  in  this  area  is  our  immediate  priority  to  ensure  our  audit  remains relevant and effective.

11.    REFERNCES

a.    Reimagining Auditing in a Wired World – AICPA White Paper – August 2014
b.    Data Analytics for Internal Audit – KPMG – 2013
c.    Global Technology Audit Guide (GTAG) 16- Data Analysis Technologies – August 2011
d.   Country Paper by SAI Malaysia, February 2015: for ASOSAI Symposium 2015 – Leveraging Technology to Enhance Audit Quality and Effectiveness
e.    A country paper by SAI India , February 2015: for ASOSAI Symposium 2015 – Leveraging Technology to Enhance Audit Quality and Effectiveness
f.    A  country  paper  by  SAI  Australia  ,  February  2015:  for  ASOSAI  Symposium  2015  – Leveraging Technology to Enhance Audit Quality and Effectiveness
g.    A  country  paper  by  SAI  Philippines  ,  February  2015:  for  ASOSAI  Symposium  2015  – Leveraging Technology to Enhance Audit Quality and Effectiveness





Leave a Reply