We re here to help Audit and Oversight

“We’re here to help” – Audit and Oversight in the Life of the Public Service Andrew Graham School of Policy Studies Queens University

“Whenever the advance of civilization brought about the necessity of one man being entrusted to some extent with the property of another, the advisability of some kind of check upon the fidelity of the former would become apparent. ” Richard Brown, The History of Accounting and Accountants, 1905

What Audit is…… Audit is “ the independent objective assessment of the fairness of management’s representations on performance or the assessment of management’s systems and practices, against criteria, reporting to a governing body or other with similar responsibilities. ” CCAF: “Comprehensive Auditing”

What Audit is…… • No uniform definition because it evolves even now • Four key elements of any audit: – A set of actors: managers, auditors, higher officials, oversight bodies – An accountability relationship – Maintenance of independence between auditors and subordinates – Auditors review and examination of subordinates’ execution of delegated duties and responsibilities

Audit as a tool in monitoring the performance of accounting • Efficacy of internal control processes – Internal Audit • Financial statements – External Audit • Ongoing quality of processes and development – GAAP and related standards • Integrity of financial information

Authority, Power, Resources, Goals Individuals or Organizations Accepting Accountability: Towards Whom Audit is directed Accountability for Performance, Results and Efficiency Auditors: responsible for auditing units/organizations on behalf of the conferring authorities Audit in the Accountability Relationships Individuals or Organizations Conferring Accountability: For whom audit is performed

The Independence of Auditors • Cornerstone of the profession but also of the function • Independence does not mean total separation – there must be degrees of separation depending on the nature of the audit relationship: internal or external auditors, process auditors versus corporate

The Independence of Auditors • Mixing managerial functions and auditing functions impairs objectivity • Creating boundaries often a challenge, e. g. risk assessments for development of the audit universe

Managers are responsible to prevent fraud and error…. . • Errors are unintentional mistakes: – Clerical mistakes – Misapplication of accounting principles – Misinterpretation of information • Intentionally committed errors is fraud leading to loss of assets generally detectable by an objective or third party review of financial records

Managers are responsible to prevent fraud and error…. . • Distortion fraud is a misrepresentation of a financial position or results not resulting in lost of assets

The evolution of auditing • Main purpose of auditing in public sector has been to detect fraud or misuse of public funds – either before or after the expenditure

The evolution of auditing • This has evolved towards more attestation to the fair representation of the organization's financial conditions and detect technical errors and errors of accounting • This has evolved into the value for money approach which calls upon auditors to assess the efficacy of programs

Both a systems and a transaction focus • Auditing can focus on a single transaction – either before or after it takes place – this is a probity and compliance focus based on materiality

Both a systems and a transaction focus • Auditing can also focus on a system to ensure that controls are in place and working thereby giving some assurance that the individual transactions are being made properly • Auditing can also focus on accounting policies to ensure that they provide the greatest transparency and reliability

Types of Audits • Time focus: – Pre-audit: not visible, based on risk, can be automated, closely linked to operations – Post-Audit: extensive use of sampling, higher visibility, more linked to results including compliance

Types of Audits • Internal: organization is the client, usually the CEO or Board, but can be at a lower level, secure checks and balances within the organization, senior management’s eyes and ears

Types of Audits • External: reporting to the legislature or board of the organization, high degree of independence, generally highly transparent, will have greater focus on overall results and value for money

External Audit in the Pubic Sector

Scope or Purpose of the Audit • Financial and compliance audits: focuses on the proper conduct of financial operations, either pre or post: – Validity of an individual transaction against criteria for eligibility – Individual transactions that contain exceptions that should be reported or forwarded to a higher authority for authorization – Errors, error rates and risk – Adequacy of controls – Fraud, misrepresentation or distortion of financial information – Adequacy of the security procedures

Scope or Purpose of the Audit The Start of Value for Money • Economy: looks at whether the organization is using the resources that it has in the best possible manner to achieve its objectives • Efficiency: were the objectives of the organization reached at the lowest cost?

Scope or Purpose of the Audit Still in the World of Value for Money • Effectiveness: were the results obtained consistent with stated goals? • Sustainability: have the organizations actions and use of resources put it at risk of carrying on or being able to function effectively in the future: also called stewardship

RESULTS ORIENTATION FOCUS Spending in Line Financial Money Spent Input Costs as Planned Process as Planned Results/Outputs as Planned Outputs Continue over Time Economy Actual Costs and Variance System and Process Objectives Achieved Efficiency Effectiveness Sustainability Program Continuity and Secondary Impacts

What is an operational audit and where does it fit in? • An operational audit is really a set of audits but focused on a unit within the organization which is • Designed to provide either senior management or the responsible manager with a full picture on the operational compliance and effectiveness of the unit

What is an operational audit and where does it fit in? • More inclusive than a performance audit which focuses on economy and efficiency but also focuses on other issues: financial, staff morale, infrastructure • Designed to provide a full picture of the health, strengths and weaknesses of the unit

What is an operational audit and where does it fit in? • Often conducted on a cyclical basis with large decentralized organizations to provide central management with ongoing picture of health of operational units • Also conducted on the assumption of a new unit head • Helpful in facilitating decentralized management of units with some degree of review and oversight from the centre • More difficult to conduct in that it is often interdisciplinary and not strictly financial

The Role of Risk in Auditing • Determining what gets auditing and by whom can be driven by many factors: – – Public concern Key stakeholder concerns Specific senior management or board direction Materiality • Sums being spent • Size of the program in terms of people affected or consequences of error – Inherent risks

Types of Risk • Inherent risks of the program: potential for error, complexity of calculations • Control risks: extent to which controls are in place to mitigate inherent risk and the extent to which they actually work • Detection risks: use of audits to detect possibility of overlooking a potential error or flaw, even though the evidence of one is not strong

The Role of Risk in Auditing • The emergence of strategic risk tools in setting audit priorities • Previous types of risk are essentially bottom-up and transaction focused with an emphasis on the accuracy of financial statements

The Role of Risk in Auditing • As well, they are auditor-centric in that they focus on concerns for auditors to be able to attest to the validity of financial statements, the existence of working control systems and the general absence of fraud

The Role of Risk in Auditing • This focuses both the auditor and management on accounting mechanisms • Strategic risk tools focus on the organization as a whole and involve all of management in determining the risk factors to the organization of not achieving its goals

The Role of Risk in Auditing • Internal auditors derive their work agenda from a global view of the risks in the organization that need special or continuing focus • Generally there will be a link with business planning within the organization

External Audit • External auditors also generally use a strategic risk approach in focusing their audit plans – this will be much more complex involving not simply what the government sets as its highest risks, but also the views of the external auditor’s own boss – the legislature and the external auditors own view

External Audit • This approach demands a more sophisticated use of risk assessment tools • This approach also leads to broader concerns about whether the investment is not simply accurate, but also reasonable – can lead to value for money approaches which invite auditors into the realm of program evaluation, an area where their expertise may be called into question.

The Role of Risk in Auditing • Benchmarks for achieving a risk focus for both internal audit and management: – • internal audit solicits line management’s perspective and concerns on the operation of key business processes; – • internal audit obtains line management view of the level of key business risks; and – • clear linkages are established between internal audit’s risk assessment and its audit plan.

External Review • Legislative Auditors: reporting directly to the legislature, they manage the auditor general function of the government: Auditor General, Provincial Auditor, City Auditor

External Review • Inspection and Monitoring Units: e. g. Best Value Inspectorate, UK, MPMP, Ontario, Vermont Social Wellbeing Index • External Audit Firms

External Review • Not part of the government or organizational hierarchy – accountable to the legislature/city council or board of directors

External Review • Roles: – Reliability of financial statements – Adequacy of management systems and practices – Legal compliance for procedures – Value for money – Specific audits as directed by the legislature

Third Party Accountability • Contracting for services is hardly new, just more prolific now • While challenges exist to establishing both accountability and audit requirements, they are not insurmountable.

Third Party Accountability • They are not negotiable in the public sector accountability context. • Need to be built into the contracting process.

Third Party Accountability • Have to assume that contractors will take a different perspective on accountability than a public sector organization • Similarly, public sector accountability is not costless to contracting organizations – in fact, it can be quite burdensome.

Third Party Accountability • Many governments are in suck and blow mode on this issue: favoring more outsourcing arrangements, but wanting risk-free, highly detailed accounting procedures

Third Party Accountability • Ultimately, governments and contractors need to meet the public accountability needs, but with some important features to the relationship: – Clear statements and agreements on the desired outcomes or deliverables – Clear definitions of accountability of all parties involved – Good costing and costing methodology to respond to changes – Good contract design and contract administration – Clear reporting protocols – Effective contract governance – Post-contract evaluation

A Word of Caution “Books and auditing of accounts, instead of exposing frauds, only conceal them; for prudence is never so ready to conceive new precautions as knavery is to elude them. ”[1] Rousseau, J. J. , The Social Contract and Discourses (ed. G. H. Cole), 1993, London, Dent, p. 154 [1]

Finis