TIAPS Module 1 Audit and Assurance workbook
• Dual leadership: minister (political leader) plus secretary general (administrative leader). • Board of the agency/department represented by the executive only (with those appointed within organization). • Audit committees at the agency/department level with non-executive directors/independent members. • Audit committee centralized for the government. • Thematic boards: e.g., internal control board led by a secretary general (or deputy). • Dedicated unit or person in the presidential administration (where relevant) with specific oversight responsibilities. 4 While the governing body leads on governance and is ultimately responsible for it, it is perhaps more accurate to say governance is implemented collectively and collaboratively by the governing body, management, and internal auditing, although in different ways. Governance occurs at every level of an organization at which decision-making takes place no matter how minor because all decisions contribute to success (or lack thereof). This view of governance is consistent with CIPFA’s model elaborated in the Whole System Approach to Public Financial Management. 5 There are three important elements in The IIA definition of governance. • Processes and structures. Governance includes not only activities undertaken by an organization but also the way in which those activities and its resources are organized. • Inform, direct, manage, and monitor. Governance is part of a continuous cycle of input and feedback. Internal and external information informs decisions, actions are executed, and outcomes are achieved that then inform future decisions. • Achievement of objectives. The purpose of governance is organizational success. Governing bodies in the public sector may be comprised wholly of independent members without executive responsibilities or may combine executive and non-executive members. The non-executive responsibilities may be characterized as those: • Contributing to strategy by bringing a range of perspectives to strategy development and decision making. • Making sure that effective management structures and processes are in place, and that there is an effective team at the top level of the entity. • Holding the executive to account for performance in fulfilling the responsibilities delegated to it by the governing body, including thorough purposeful challenge and scrutiny. 6 4 Assessing the Effectiveness of Internal Control: PEMPAL Guidance for Public Sector Internal Auditors, PEMPAL, 2020 5 See Delivering Excellent Public Finance: CIPFA’s Whole System Approach to Public Financial Management 6 International Framework: Good Governance in the Public Sector, CIPFA, 2014 10
The need for governance arises for two main reasons. • Accountability. Public sector organizations are managed and led by officials for and on behalf of citizens. Public resources (money, labor, buildings, land, and other assets) are used to serve a particular purpose for the common good. Those assigned to administer those services – whether by election or appointment – have an obligation to the public to act as diligent stewards of public resources and do whatever is reasonable to achieve the best outcomes. In many cases, officials take an oath of office to this effect. Being accountable entails public officials are open to scrutiny for their behavior and performance and will receive due recognition or admonishment accordingly. This requires transparency through honest and reliable reporting together with mechanisms (enforced by the rule of law) for apportioning rewards and punishments (which may include no longer being able to serve in a public position) as appropriate. • Uncertainty. Governance is also required because there are no guarantees wellintentioned actions will yield desirable results. Resources and systems are finite and imperfect. People are subjective in their thinking, limited in their knowledge and reasoning, and unreliable in their behavior. Circumstances are complex, changeable, interconnected, and chaotic, and ultimately unpredictable. All these factors create uncertainty, and it is the impact of uncertainty – whether favorable or unfavorable – on our efforts to achieve goals that is the origin of risk. According to ISO, risk is simply defined as “the effect of uncertainty on objectives.” 7 Governance aims to restore confidence and trust by stakeholders as well as enabling managers and leaders to navigate uncertainty by making better decisions based on a clearer understanding. Accountability and uncertainty are unavoidable. They both require honest endeavors based on sound judgments. Governance helps an entity fulfil its purpose economically, effectively, efficiently, ethically, and sustainably. • Economically: with the least amount of effort and resource, reducing – and ideally eliminating – unnecessary costs of input. • Efficiently: with the greatest amount of output, minimizing – and ideally eliminating – inferior or defective results. • Effectively: with the greatest success in achieving desired outcomes and value. • Ethically: in accordance with accepted norms of behavior. • Sustainably: in a manner that minimizes – and ideally eliminates – negative social and environmental impacts. Governance can be regarded in part as an attempt to address risks that exist in the relationships between stakeholders and those assigned to manage affairs on their behalf. This is an example of the classic principal-agent situation. In the public sector context, citizens are the primary stakeholder (or principal) of organizations while elected and appointed officials are the agents. As noted in A.1, the consequences of errors and abuse in the management of public resources and pursuit of public policy can be considerable. 7 ISO 31000: Risk Management, 2018. 11
- Page 1 and 2: Module 1: Audit and Assurance TIAPS
- Page 3 and 4: Table of Contents Module 1: Audit a
- Page 5 and 6: Relevant Standards Reference is mad
- Page 7 and 8: • Close scrutiny. The activities
- Page 9: A.2 Public Sector Governance IIA In
- Page 13 and 14: Although developed for government a
- Page 15 and 16: A.3 Governance Models When evaluati
- Page 17 and 18: defensive aspects to minimize negat
- Page 19 and 20: A.3.3 CIPFA International Framework
- Page 21 and 22: 8. Ensure that its arrangements for
- Page 23 and 24: • Consideration of overlapping in
- Page 25 and 26: A.3: Reflection Which model or mod
- Page 27 and 28: Although they are related, the prin
- Page 29 and 30: B.1.1 Independence, Objectivity, an
- Page 31 and 32: B.1: Reflection Is it possible to
- Page 33 and 34: According to The IIA Position Paper
- Page 35 and 36: B.2: Reflection When was the last t
- Page 37 and 38: When independence or objectivity ar
- Page 39 and 40: B.4 Safeguards for Independence and
- Page 41 and 42: In other cases, there is no audit c
- Page 43 and 44: C. Assurance and Advisory Engagemen
- Page 45 and 46: It is common to build an allowance
- Page 47 and 48: The following list is taken from Sa
- Page 49 and 50: helping managers developing control
- Page 51 and 52: C.1.5 Internal Audit Opinions Audit
- Page 53 and 54: Leadership and Communication Intern
- Page 55 and 56: C.2 Auditing Governance The IIA Sup
- Page 57 and 58: C.2: Reflection How does your inter
- Page 59 and 60: Fraud may be perpetrated via measur
The need for governance arises for two main reasons.<br />
• Accountability. Public sector organizations are managed <strong>and</strong> led by officials for <strong>and</strong><br />
on behalf of citizens. Public resources (money, labor, buildings, l<strong>and</strong>, <strong>and</strong> other<br />
assets) are used to serve a particular purpose for the common good. Those assigned<br />
to administer those services – whether by election or appointment – have an<br />
obligation to the public to act as diligent stewards of public resources <strong>and</strong> do<br />
whatever is reasonable to achieve the best outcomes. In many cases, officials take<br />
an oath of office to this effect. Being accountable entails public officials are open to<br />
scrutiny for their behavior <strong>and</strong> performance <strong>and</strong> will receive due recognition or<br />
admonishment accordingly. This requires transparency through honest <strong>and</strong> reliable<br />
reporting together with mechanisms (enforced by the rule of law) for apportioning<br />
rewards <strong>and</strong> punishments (which may include no longer being able to serve in a<br />
public position) as appropriate.<br />
• Uncertainty. Governance is also required because there are no guarantees wellintentioned<br />
actions will yield desirable results. Resources <strong>and</strong> systems are finite <strong>and</strong><br />
imperfect. People are subjective in their thinking, limited in their knowledge <strong>and</strong><br />
reasoning, <strong>and</strong> unreliable in their behavior. Circumstances are complex, changeable,<br />
interconnected, <strong>and</strong> chaotic, <strong>and</strong> ultimately unpredictable. All these factors create<br />
uncertainty, <strong>and</strong> it is the impact of uncertainty – whether favorable or unfavorable –<br />
on our efforts to achieve goals that is the origin of risk. According to ISO, risk is<br />
simply defined as “the effect of uncertainty on objectives.” 7<br />
Governance aims to restore confidence <strong>and</strong> trust by stakeholders as well as enabling<br />
managers <strong>and</strong> leaders to navigate uncertainty by making better decisions based on a clearer<br />
underst<strong>and</strong>ing. Accountability <strong>and</strong> uncertainty are unavoidable. They both require honest<br />
endeavors based on sound judgments. Governance helps an entity fulfil its purpose<br />
economically, effectively, efficiently, ethically, <strong>and</strong> sustainably.<br />
• Economically: with the least amount of effort <strong>and</strong> resource, reducing – <strong>and</strong> ideally<br />
eliminating – unnecessary costs of input.<br />
• Efficiently: with the greatest amount of output, minimizing – <strong>and</strong> ideally eliminating –<br />
inferior or defective results.<br />
• Effectively: with the greatest success in achieving desired outcomes <strong>and</strong> value.<br />
• Ethically: in accordance with accepted norms of behavior.<br />
• Sustainably: in a manner that minimizes – <strong>and</strong> ideally eliminates – negative social<br />
<strong>and</strong> environmental impacts.<br />
Governance can be regarded in part as an attempt to address risks that exist in the<br />
relationships between stakeholders <strong>and</strong> those assigned to manage affairs on their behalf.<br />
This is an example of the classic principal-agent situation. In the public sector context,<br />
citizens are the primary stakeholder (or principal) of organizations while elected <strong>and</strong><br />
appointed officials are the agents. As noted in A.1, the consequences of errors <strong>and</strong> abuse in<br />
the management of public resources <strong>and</strong> pursuit of public policy can be considerable.<br />
7<br />
ISO 31000: Risk Management, 2018.<br />
11