““We’re here to help” – We’re here to help” – Audit and Oversight in Audit and Oversight in

the Life of the Public the Life of the Public ServiceService

Andrew Graham

School of Policy Studies

Queens University

““Whenever the advance of Whenever the advance of civilization brought about civilization brought about the necessity of one man the necessity of one man being entrusted to some being entrusted to some

extent with the property of extent with the property of another, the advisability of another, the advisability of

some kind of check upon the some kind of check upon the fidelity of the former would fidelity of the former would

become apparent.”become apparent.”

Richard Brown, Richard Brown, The History of The History of Accounting and Accountants, Accounting and Accountants,

19051905

What Audit is……What Audit is……

Audit is “ the independent objective Audit is “ the independent objective assessment of the fairness of assessment of the fairness of

management’s representations on management’s representations on performance or the assessment of performance or the assessment of

management’s systems and practices, management’s systems and practices, against criteria, reporting to a governing against criteria, reporting to a governing

body or other with similar body or other with similar responsibilities.”responsibilities.”

CCAF: “Comprehensive Auditing”

What Audit is……What Audit is……

• No uniform definition because it evolves even now

• Four key elements of any audit: – A set of actors: managers, auditors,

higher officials, oversight bodies– An accountability relationship– Maintenance of independence between

auditors and subordinates– Auditors review and examination of

subordinates’ execution of delegated duties and responsibilities

• Efficacy of internal control processes – Internal Audit

• Financial statements – External Audit

• Ongoing quality of processes and development – GAAP and related standards

• Integrity of financial information

Audit as a tool in monitoring the Audit as a tool in monitoring the performance of accountingperformance of accounting

Individuals or Organizations

Accepting Accountability: Towards Whom Audit is directed

Authority, Power, Resources, Goals

Accountability for Performance, Results and Efficiency

Individuals or Organizations

ConferringAccountability: For

whom audit is performed

Auditors: responsible for auditing

units/organizations on behalf of the

conferring authorities

Audit in the Accountability Relationships

The Independence of AuditorsThe Independence of Auditors

• Cornerstone of the profession but also of the function

• Independence does not mean total separation – there must be degrees of separation depending on the nature of the audit relationship: internal or external auditors, process auditors versus corporate

The Independence of AuditorsThe Independence of Auditors

• Mixing managerial functions and auditing functions impairs objectivity

• Creating boundaries often a challenge, e.g. risk assessments for development of the audit universe

Managers are responsible to prevent Managers are responsible to prevent fraud and error…..fraud and error…..

• Errors are unintentional mistakes:– Clerical mistakes– Misapplication of accounting

principles– Misinterpretation of information

• Intentionally committed errors is fraud leading to loss of assets generally detectable by an objective or third party review of financial records

Managers are responsible to prevent Managers are responsible to prevent fraud and error…..fraud and error…..

• Distortion fraud is a misrepresentation of a financial position or results not resulting in lost of assets

The evolution of auditingThe evolution of auditing

• Main purpose of auditing in public sector has been to detect fraud or misuse of public funds – either before or after the expenditure

The evolution of auditingThe evolution of auditing

• This has evolved towards more attestation to the fair representation of the organization's financial conditions and detect technical errors and errors of accounting

• This has evolved into the value for money approach which calls upon auditors to assess the efficacy of programs

Both a systems and a transaction Both a systems and a transaction focusfocus

• Auditing can focus on a single transaction – either before or after it takes place – this is a probity and compliance focus based on materiality

Both a systems and a transaction Both a systems and a transaction focusfocus

• Auditing can also focus on a system to ensure that controls are in place and working thereby giving some assurance that the individual transactions are being made properly

• Auditing can also focus on accounting policies to ensure that they provide the greatest transparency and reliability

Types of AuditsTypes of Audits

• Time focus:– Pre-audit: not visible, based on

risk, can be automated, closely linked to operations

– Post-Audit: extensive use of sampling, higher visibility, more linked to results including compliance

Types of AuditsTypes of Audits• Internal: organization is the

client, usually the CEO or Board, but can be at a lower level, secure checks and balances within the organization, senior management’s eyes and ears

Types of AuditsTypes of Audits• External: reporting to the

legislature or board of the organization, high degree of independence, generally highly transparent, will have greater focus on overall results and value for money

External Audit in the Pubic SectorExternal Audit in the Pubic Sector

Scope or Purpose of the AuditScope or Purpose of the Audit

• Financial and compliance audits: focuses on the proper conduct of financial operations, either pre or post:– Validity of an individual transaction against

criteria for eligibility– Individual transactions that contain exceptions

that should be reported or forwarded to a higher authority for authorization

– Errors, error rates and risk– Adequacy of controls – Fraud, misrepresentation or distortion of

financial information– Adequacy of the security procedures

Scope or Purpose of the AuditScope or Purpose of the Audit

• Economy: looks at whether the organization is using the resources that it has in the best possible manner to achieve its objectives

• Efficiency: were the objectives of the organization reached at the lowest cost?

The Start of The Start of Value for Value for

MoneyMoney

Scope or Purpose of the AuditScope or Purpose of the Audit

• Effectiveness: were the results obtained consistent with stated goals?

• Sustainability: have the organizations actions and use of resources put it at risk of carrying on or being able to function effectively in the future: also called stewardship

Still in the World of Value for

Money

RESULTS ORIENTATION FOCUS

Spending in Line

Financial Money Spent

Input Costs as Planned

Economy Actual Costs and Variance

Process as Planned

Efficiency System and Process

Results/Outputs as

Planned

Effectiveness

Objectives Achieved

Outputs Continue over

Time

Sustainability

Program Continuity and

Secondary Impacts

What is an operational audit and What is an operational audit and where does it fit in?where does it fit in?

• An operational audit is really a set of audits but focused on a unit within the organization which is

• Designed to provide either senior management or the responsible manager with a full picture on the operational compliance and effectiveness of the unit

What is an operational audit and What is an operational audit and where does it fit in?where does it fit in?

• More inclusive than a performance audit which focuses on economy and efficiency but also focuses on other issues: financial, staff morale, infrastructure

• Designed to provide a full picture of the health, strengths and weaknesses of the unit

What is an operational audit and What is an operational audit and where does it fit in?where does it fit in?

• Often conducted on a cyclical basis with large decentralized organizations to provide central management with ongoing picture of health of operational units

• Also conducted on the assumption of a new unit head

• Helpful in facilitating decentralized management of units with some degree of review and oversight from the centre

• More difficult to conduct in that it is often interdisciplinary and not strictly financial

The Role of Risk in AuditingThe Role of Risk in Auditing

• Determining what gets auditing and by whom can be driven by many factors:– Public concern– Key stakeholder concerns– Specific senior management or board

direction– Materiality

• Sums being spent• Size of the program in terms of people affected or

consequences of error

– Inherent risks

Types of RiskTypes of Risk

• Inherent risks of the program: potential for error, complexity of calculations

• Control risks: extent to which controls are in place to mitigate inherent risk and the extent to which they actually work

• Detection risks: use of audits to detect possibility of overlooking a potential error or flaw, even though the evidence of one is not strong

The Role of Risk in AuditingThe Role of Risk in Auditing

• The emergence of strategic risk tools in setting audit priorities

• Previous types of risk are essentially bottom-up and transaction focused with an emphasis on the accuracy of financial statements

The Role of Risk in AuditingThe Role of Risk in Auditing

• As well, they are auditor-centric in that they focus on concerns for auditors to be able to attest to the validity of financial statements, the existence of working control systems and the general absence of fraud

The Role of Risk in AuditingThe Role of Risk in Auditing

• This focuses both the auditor and management on accounting mechanisms

• Strategic risk tools focus on the organization as a whole and involve all of management in determining the risk factors to the organization of not achieving its goals

The Role of Risk in AuditingThe Role of Risk in Auditing

• Internal auditors derive their work agenda from a global view of the risks in the organization that need special or continuing focus

• Generally there will be a link with business planning within the organization

External AuditExternal Audit

• External auditors also generally use a strategic risk approach in focusing their audit plans – this will be much more complex involving not simply what the government sets as its highest risks, but also the views of the external auditor’s own boss – the legislature and the external auditors own view

External AuditExternal Audit

• This approach demands a more sophisticated use of risk assessment tools

• This approach also leads to broader concerns about whether the investment is not simply accurate, but also reasonable – can lead to value for money approaches which invite auditors into the realm of program evaluation, an area where their expertise may be called into question.

The Role of Risk in AuditingThe Role of Risk in Auditing

• Benchmarks for achieving a risk focus for both internal audit and management: – • internal audit solicits line management’s

perspective and concerns on the operation of key business processes;

– • internal audit obtains line management view of the level of key business risks; and

– • clear linkages are established between internal audit’s risk assessment and its audit plan.

External ReviewExternal Review

• Legislative Auditors: reporting directly to the legislature, they manage the auditor general function of the government: Auditor General, Provincial Auditor, City Auditor

External ReviewExternal Review

• Inspection and Monitoring Units: e.g. Best Value Inspectorate, UK, MPMP, Ontario, Vermont Social Wellbeing Index

• External Audit Firms

External ReviewExternal Review

• Not part of the government or organizational hierarchy – accountable to the legislature/city council or board of directors

External ReviewExternal Review

• Roles: – Reliability of financial statements– Adequacy of management systems and

practices– Legal compliance for procedures– Value for money– Specific audits as directed by the

legislature

Third Party AccountabilityThird Party Accountability

• Contracting for services is hardly new, just more prolific now

• While challenges exist to establishing both accountability and audit requirements, they are not insurmountable.

Third Party AccountabilityThird Party Accountability

• They are not negotiable in the public sector accountability context.

• Need to be built into the contracting process.

Third Party AccountabilityThird Party Accountability

• Have to assume that contractors will take a different perspective on accountability than a public sector organization

• Similarly, public sector accountability is not costless to contracting organizations – in fact, it can be quite burdensome.

Third Party AccountabilityThird Party Accountability

• Many governments are in suck and blow mode on this issue: favoring more outsourcing arrangements, but wanting risk-free, highly detailed accounting procedures

Third Party AccountabilityThird Party Accountability

• Ultimately, governments and contractors need to meet the public accountability needs, but with some important features to the relationship: – Clear statements and agreements on the desired

outcomes or deliverables– Clear definitions of accountability of all parties

involved– Good costing and costing methodology to respond

to changes– Good contract design and contract administration– Clear reporting protocols– Effective contract governance– Post-contract evaluation

A Word of CautionA Word of Caution““Books and auditing of Books and auditing of

accounts, instead of accounts, instead of exposing frauds, only exposing frauds, only

conceal them; for conceal them; for prudence is never so prudence is never so

ready to conceive new ready to conceive new precautions as knavery precautions as knavery

is to elude them.”is to elude them.”[1]

[1] Rousseau, J.J., Rousseau, J.J., The Social Contract and Discourses The Social Contract and Discourses (ed. G.H. Cole), 1993, London, Dent, p. 154(ed. G.H. Cole), 1993, London, Dent, p. 154

FinisFinis