Major Phases of Performance Audits & Survey Techniques for Assessing Controls

How auditors gather information, assess risks, and evaluate controls during the survey phase.

The survey phase is critical for establishing audit direction, determining where controls matter, and shaping the scope and methodology of a performance audit. Auditors rely on structured information gathering and early risk assessment to ensure the audit focuses on the highest-priority issues.

This lesson is a preview from Graduate School USA's Assessing Controls in Performance Audits Course.

Major Phases of Performance Audits

  1. Survey
  2. Planning
  3. Fieldwork
  4. Reporting

Guidance for Conducting the Survey

A survey is typically initiated by a proposal for audit, which is an output of audit selection. The proposal identifies the subject (program) preselected for audit and cites the selection source. It usually explains why the program was selected and, in doing so, identifies or implies the performance aspect or aspects of concern.

Based on the proposal and knowledge from prior audit work, auditors may begin a survey with extensive understanding of the selected program or with very little. Accordingly, the type and extent of information to be obtained will depend on what auditors need to learn to be prepared for planning the follow-on audit.

Each audit office will have its own policies and procedures governing the purpose and conduct of surveys. Therefore, the guidance provided here is general and intended to apply broadly.

Survey Information Needs

There is no authoritative list of information needs to be pursued in a survey. Nonetheless, to achieve the purposes of a survey, there are categories of information that auditors commonly seek to obtain.

Note: Each audit office will likely have its own guidance on the nature and extent of information to be collected during a survey. A pro-forma list of information needs can be especially helpful for survey staff, enabling them to determine what information they already have (e.g., from the proposal for audit or prior audits) and what information they still need to obtain.

Ways to Obtain Information in a Survey

  1. Review of legislation and regulations
  2. Review of management studies and reports, particularly reports on program and operations performance
  3. Review of the budget
  4. Interviews
  5. Observation of operations
  6. Limited test of transactions
  7. Review management’s report of its assessment of controls (FMFIA Risk Assessments and Control Reviews in the federal government)
  8. Review management’s performance plans (required in the federal government by the Government Performance and Results Act)
  9. Review of audit reports

Three Valuable Sources of Survey Information

There are three documents that may—if they exist—provide auditors with much of the information needed in conducting a survey.

1. Entity Strategic Plans

Strategic planning is common at all levels of government. Although details vary, auditors can generally expect such plans to include:

  • A mission or program purpose statement covering the major programs and operations of the agency
  • Goals and objectives, including outcome-related goals and objectives
  • A description of how the goals and objectives are to be achieved, including the operational processes and the resources required to meet those goals and objectives

Such information about programs and their operations is invaluable when planning and conducting a detailed audit.

2. Management’s Control Self-Assessments

Various statutes and regulations require the heads of federal agencies, and many state and municipal agencies, to establish, maintain, and evaluate systems of internal control. Federal agency leadership is required to report annually on its system of internal control.

Auditors will generally find it helpful to consider the work performed by managers in evaluating their systems of controls, especially when the auditor’s objective is to assess the adequacy of those controls.

3. Entity Performance Plans and Reports

While perhaps less common than strategic planning, measurement and reporting on operations and program performance is increasingly practiced across government entities. Federal agencies are required by the Government Performance and Results Act of 1993 (GPRA) to measure and report on the performance of their programs. State and local governments are encouraged but not required to report on their “service efforts and accomplishments” by the Governmental Accounting Standards Board (GASB).

When agencies have a performance plan and/or performance report, such documents will typically:

  • Establish performance goals, in measurable form, defining the expected level of performance for a program.
  • Establish performance indicators used to measure or assess relevant outputs, service levels, and outcomes of each program.
  • Compare actual program results with established performance goals and, in some cases, explain why certain goals were not met.

This information on performance can be extremely valuable in selecting program activities for audit and in planning and conducting detailed audit work.

Risk Methodology for Assessing Controls in a Survey

Identifying Inherent Mission and Integrity Risks

One methodology for gaining an understanding of and assessing controls during the survey phase includes the following steps:

  1. Obtain, or develop with management’s assistance, a mission statement for the entity being audited. If the mission statement does not explicitly identify them, determine the performance aspects reflected in the outcomes and outputs inherent in the mission. Also identify the target population and its needs.
  2. Based on those performance aspects, create a list of inherent mission-specific risks. Also list integrity risks (i.e., abuse and fraud risks) relevant to the mission.
  3. Select the risks for which you want to make a preliminary assessment of controls.
  4. Identify the control objectives and control techniques for the selected risks, and conduct limited tests of those control techniques.
  5. Based on the results of these limited tests, form a judgment about the level of vulnerability of the matter being considered. A high inherent risk may be counterbalanced by a strong control technique; conversely, a medium risk can be heightened by the absence of an effective control technique.
  6. Make a preliminary decision about which risks and related controls to pursue in the audit.

Kim Peppers

Kimberly Peppers spent 37 years as a federal employee culminating in leadership roles as regional inspector general and audit director in multiple federal agencies; building a career in federal audit, budget and program analysts’ positions. She has subsequently worked in the federal consulting environment. Kim considers among her notable achievements obtaining her doctorate, in business administration while concurrently working in audit and investigations stationed in the middle east.

More articles by Kim Peppers

How to Learn Auditing

Build practical, career-focused federal auditing skills through hands-on training designed for beginners and professionals alike. Learn fundamental tools and workflows that prepare you for real-world projects or industry certification.