Evidence Sources and Audit Tests
Documentary, testimonial, physical, and analytical evidence can all play a role in audits of financial assurances for site remediation. The main sources of evidence that will be useful in this context are:
- a review of relevant documents,
- testing of controls and IT systems, and
- site visits.
Review of relevant documents
By their nature, performance audits rely heavily on documentary evidence, and audits of financial assurances are no exception. Auditors need to consider everything from evidence of the rules that government organizations and mining companies have to meet to evidence that controls have been put in place and are functioning as intended. (Audits will usually look at government controls, not private enterprise controls.) Documentation needs to be gathered, reviewed, and analyzed by auditors, then added to the audit file if it is deemed relevant to support audit observations and conclusions.
Table 19 provides many examples of documents that may prove useful as audit evidence in an audit of financial assurances.
Table 19 – Examples of Documentary Evidence that May Be Useful in an Audit of Financial Assurances for Site Remediation
Interviews with key managers and staff in the organization(s) responsible for collecting and managing financial assurances can be valuable testimonial evidence in an audit of financial assurances for site remediation. Interviews of relevant stakeholders and industry members may also be useful, depending on the specific audit focus.
While testimonial evidence is usually considered weaker than documentary evidence, interviews can be useful to:
- confirm information obtained from other sources of evidence (thus strengthening the support for audit observations and conclusions),
- confirm the absence of something that was expected to exist,
- place documentary evidence in its proper context, and
- open new leads in an audit and identify further sources of evidence.
When testimonial evidence from an interview is to be used to support audit observations and conclusions, it is good practice to document the interview and to have the interviewee either approve the minutes or confirm in writing (by email or letter) the accuracy of the key statements intended to be used as evidence.
Testing of controls and IT systems
As explained in the Planning Phase section, public sector organizations must rely on a number of controls to ensure that the financial assurances they receive from mining companies for site remediation are accurate and complete. Given the importance of these controls to achieve this objective, it is likely that auditors will test a selection of controls during the examination phase of their audit of financial assurance programs.
By doing a walkthrough of selected controls, auditors can document that controls have been put in place, but they generally need to do more testing to ascertain whether the controls are effective. This type of testing will often involve selecting a sample of transactions or using data mining and analysis techniques to detect anomalies in a large number of transactions. Testing the quality of datasets can also be a necessary audit procedure. In planning this work, performance auditors should enquire as to whether financial auditors have performed walkthroughs and other detailed testing on financial assurances as part of the audit of the Public Accounts.
Depending on the nature and complexity of the IT systems used by responsible departments and agencies, audit teams may need the help of an IT expert to complete their audit procedures. In such a case, an IT expert can review IT general controls and validate application controls for the calculation of financial assurances.
Whatever control testing auditors decide to conduct, they should document all the steps they took as part of the process so that another auditor could replicate their work and arrive at the same conclusion.
Visits of mine sites or of the regional offices of an audited organization are key to understanding how things work in a country or region. They give auditors a chance to meet many individuals who have direct knowledge of key processes and to observe first-hand the workings of important systems. Site visits can be even more valuable if an audit team is accompanied by an independent expert.
In terms of evidence, site visits can help auditors to map out processes in detail. They may also provide opportunities to test key controls and perform substantive tests of details. Finally, they are a good way to obtain testimonial and documentary evidence.