Lilongwe, Malawi | 1–5 December 2025

AFROSAI-E successfully hosted a regional Audit Follow-Up Workshop on SAP-Based Integrated Financial Management Information Systems (IFMIS) in Lilongwe, Malawi, bringing together financial and IT auditors from SAI Malawi, SAI Zambia, and SAI Zimbabwe. The workshop built on insights from a previous IFMIS benchmarking programme in Harare, Zimbabwe (18–21 August 2025) and forms part of AFROSAI-E’s ongoing commitment to strengthening Supreme Audit Institutions (SAIs) through targeted training, benchmarking, and capacity-building initiatives.

The workshop focused on enhancing audit methodologies for SAP-based IFMIS, including cybersecurity considerations, audit collaboration, and evidence-based verification of previous recommendations. With SAP systems increasingly critical for public financial management across the region, participants explored practical approaches to verify implementation of audit recommendations, evaluate improvements in internal controls, and strengthen accountability.

Official Opening and Key Messages
The workshop was officially opened by Deputy Auditor General of Malawi, Mr Gerald Pute, who emphasised the importance of providing robust assurance on critical systems like IFMIS while adhering to established audit methodologies. He highlighted the growing role of cybersecurity in protecting public resources and encouraged stronger collaboration between IT and financial auditors.

Workshop Focus Areas
Over five days, the joint team of 22 auditors engaged in hands-on sessions covering:

• SAP S/4HANA technical reviews and navigation from an experienced user perspective
• Cybersecurity assessments, including threat modelling, vulnerability testing, penetration testing, email and file transfer security, and evaluating encrypted communication channels
• Integration of IT and financial audit objectives and alignment with risk-based approaches
• Evidence-based verification using SAP transaction logs, workflow approvals, audit trails, and data extraction tools
• Use of data analytics to validate previous audit findings

Participants also identified 14 key IFMIS audit focus areas, ranging from General Ledger, Accounts Payable/Receivable, Procurement, Payroll, Asset Accounting, HR/HCM audits, to Security and Access Control, Integration Testing, and Organisational Management audits.

Knowledge Sharing and Regional Insights
The workshop provided a vibrant platform for knowledge exchange. Delegates shared experiences on SAP data extraction and analytics using ACL and Microsoft Excel, post-implementation reviews, and tracking recommendation implementation. Insights from each SAI helped highlight common challenges and practical solutions for auditing government-wide financial systems.

A major takeaway was the importance of effective collaboration between financial and IT auditors throughout the audit process. Participants commended AFROSAI-E for providing a practical and interactive learning environment, essential for improving audit quality and impact.

Looking Ahead
The three SAIs committed to strengthening IFMIS audit practices in the 2026 cycle. Key planned actions include:

• SAI Zambia will formalise procedures defining how IT auditors support financial audit teams through a Service Level Agreement (SLA), following consultative meetings to incorporate financial audit priorities.
• Annual reviews of SAP control environments will be conducted ahead of financial audit planning to proactively identify and communicate risks affecting multiple Ministries, Provinces, and Spending Agencies.

AFROSAI-E’s investment in regional capacity building highlights its dedication to enhancing accountability, transparency, and good governance, equipping SAIs to meet the challenges of digitised public financial management systems.

Article contributors: Michael Mfutso and Brighton Mpatisha