TIAPS Module 1 Audit and Assurance workbook
A.3.5 Examples of Best Practice in Public Sector Governance Governance is dependent on clarity and understanding regarding accountability. An organization with effective internal accountability arrangements will have management and staff who understand clearly their own roles, responsibilities and powers and how they relate to others in the organization. Every public sector organization needs to be headed by an effective Minister or board of directors to lead and control the entity and monitor the executive management. The Minister or Chairperson of the board of directors needs to have his role formally defined in writing to include responsibility for providing effective strategic leadership and to ensure he successfully discharges the overall responsibility for the organization’s activities. 15 Managerial accountability is discussed in detail in Module T2 Good Governance, Managerial Accountability, Developing Strategy, and Data Analysis. The following examples of best practices in public sector governance are based on the APEC Economic Committee’s Good Practice Guide on Public Sector Governance. 16 Culture The organization must demonstrate its commitment to strong governance, and this starts with the “tone at the top.” Leaders and senior managers must lead by example. Good practices include: • Formal adoption of a good governance framework, principles, standards, etc. in policy or by legislation. • Adoption of a written code of ethics, values, and acceptable behavior. • Implementation of procedures for enforcing acceptable behavior, including the need for agreeing individual and team goals, monitoring, and reporting. • Preparedness for addressing unacceptable behavior in a fair, consistent, and timely manner. • Training and awareness-raising to communicate and reinforce values. • Commitment to improvement with measurable targets. • Periodic audit of organizational culture. Stakeholder Relationships Engagement with internal and external stakeholders is a two-way process, ensuring all parties are aware of the organization’s vision, mission, goals, and priorities and can comment on and participate in its governance. Good practice includes: • Regular engagement with internal and external stakeholders through systematic and ad hoc arrangements. • Regular and reliable two-way communications. • Operation of appropriate virtual and in-person boards, panels, committees, and other groups with representation from civil society, political leadership, the private sector, service users, community groups, managers, and staff. 15 APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011. 16 APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011. 22
• Consideration of overlapping interests with other public sector bodies supported by multi-agency and inter-departmental forums. • Channels for timely processing of enquiries, complaints, and suggestions. Compliance Compliance and performance are typically viewed as the primary goals of governance. Internal and external compliance requirements may be satisfied though reporting, including: • Annual reporting to the legislative body. • Electronic communications to external stakeholders via websites and other platforms. • Circulation of audit reports to target audiences. • Circulation of financial inspection reports. Compliance risk management and other aspects of governance depend on several key positions: • Chief Executive Officer (CEO). The CEO should be accountable to the governing body and may be a member of it but should not be its chair. In other words, the CEO (for example, depending on the body: Secretary General, Deputy Minister, Executive Director, or President), should participate in the development of policy and strategy but should not also be the highest decision-making authority. The CEO is responsible for performance by executing the policies set by the governing body and managing those with first and second line roles. • Chief Financial Officer (CFO). The CFO is normally a certified or chartered public accountant and is responsible for advising the governing body and senior management on all strategic financial matters as well for maintaining financial control across the entity. • Chief Compliance Officer (CCO). The CCO is responsible for advising the governing body and senior management on strategic compliance risks and for maintaining compliance risk management across the entity. Many public sector entities do not have a CCO or other risk officers and these responsibilities are shared across the senior management team and coordinated by the CEO. • Audit committee. Best practices recommend an independent audit committee, accountable to the governing body, to oversee the work of internal and external audit. Planning and Performance Monitoring Successful governance – much like internal control and risk management – relies on documentation and communication. The APEC guidance recommends the following processes and practices: • A clear statement of the organization’s purpose that is communicated to all staff. • A plan that describes the organization’s strategic priorities and objectives, consistent with the organization’s purpose, which is updated annually. • The systematic monitoring of financial and non-financial performance against the organization's plan. • The use of information generated from performance monitoring for external reporting requirements and internal planning purposes. 23
- Page 1 and 2: Module 1: Audit and Assurance TIAPS
- Page 3 and 4: Table of Contents Module 1: Audit a
- Page 5 and 6: Relevant Standards Reference is mad
- Page 7 and 8: • Close scrutiny. The activities
- Page 9 and 10: A.2 Public Sector Governance IIA In
- Page 11 and 12: The need for governance arises for
- Page 13 and 14: Although developed for government a
- Page 15 and 16: A.3 Governance Models When evaluati
- Page 17 and 18: defensive aspects to minimize negat
- Page 19 and 20: A.3.3 CIPFA International Framework
- Page 21: 8. Ensure that its arrangements for
- Page 25 and 26: A.3: Reflection Which model or mod
- Page 27 and 28: Although they are related, the prin
- Page 29 and 30: B.1.1 Independence, Objectivity, an
- Page 31 and 32: B.1: Reflection Is it possible to
- Page 33 and 34: According to The IIA Position Paper
- Page 35 and 36: B.2: Reflection When was the last t
- Page 37 and 38: When independence or objectivity ar
- Page 39 and 40: B.4 Safeguards for Independence and
- Page 41 and 42: In other cases, there is no audit c
- Page 43 and 44: C. Assurance and Advisory Engagemen
- Page 45 and 46: It is common to build an allowance
- Page 47 and 48: The following list is taken from Sa
- Page 49 and 50: helping managers developing control
- Page 51 and 52: C.1.5 Internal Audit Opinions Audit
- Page 53 and 54: Leadership and Communication Intern
- Page 55 and 56: C.2 Auditing Governance The IIA Sup
- Page 57 and 58: C.2: Reflection How does your inter
- Page 59 and 60: Fraud may be perpetrated via measur
- Page 61 and 62: circumstances (unethical and often
- Page 63 and 64: Management Issues • Lack of area
- Page 65 and 66: Risk management techniques can be a
- Page 67 and 68: IT controls may be manual, automate
- Page 69 and 70: The IIA’s Cybersecurity Toolkit d
- Page 71 and 72: C.3: Reflection Fraud: How are susp
A.3.5 Examples of Best Practice in Public Sector Governance<br />
Governance is dependent on clarity <strong>and</strong> underst<strong>and</strong>ing regarding accountability.<br />
An organization with effective internal accountability arrangements will have<br />
management <strong>and</strong> staff who underst<strong>and</strong> clearly their own roles, responsibilities <strong>and</strong><br />
powers <strong>and</strong> how they relate to others in the organization. Every public sector<br />
organization needs to be headed by an effective Minister or board of directors to lead<br />
<strong>and</strong> control the entity <strong>and</strong> monitor the executive management. The Minister or<br />
Chairperson of the board of directors needs to have his role formally defined in writing to<br />
include responsibility for providing effective strategic leadership <strong>and</strong> to ensure he<br />
successfully discharges the overall responsibility for the organization’s activities. 15<br />
Managerial accountability is discussed in detail in <strong>Module</strong> T2 Good Governance, Managerial<br />
Accountability, Developing Strategy, <strong>and</strong> Data Analysis.<br />
The following examples of best practices in public sector governance are based on the<br />
APEC Economic Committee’s Good Practice Guide on Public Sector Governance. 16<br />
Culture<br />
The organization must demonstrate its commitment to strong governance, <strong>and</strong> this starts<br />
with the “tone at the top.” Leaders <strong>and</strong> senior managers must lead by example. Good<br />
practices include:<br />
• Formal adoption of a good governance framework, principles, st<strong>and</strong>ards, etc. in<br />
policy or by legislation.<br />
• Adoption of a written code of ethics, values, <strong>and</strong> acceptable behavior.<br />
• Implementation of procedures for enforcing acceptable behavior, including the need<br />
for agreeing individual <strong>and</strong> team goals, monitoring, <strong>and</strong> reporting.<br />
• Preparedness for addressing unacceptable behavior in a fair, consistent, <strong>and</strong> timely<br />
manner.<br />
• Training <strong>and</strong> awareness-raising to communicate <strong>and</strong> reinforce values.<br />
• Commitment to improvement with measurable targets.<br />
• Periodic audit of organizational culture.<br />
Stakeholder Relationships<br />
Engagement with internal <strong>and</strong> external stakeholders is a two-way process, ensuring all<br />
parties are aware of the organization’s vision, mission, goals, <strong>and</strong> priorities <strong>and</strong> can<br />
comment on <strong>and</strong> participate in its governance. Good practice includes:<br />
• Regular engagement with internal <strong>and</strong> external stakeholders through systematic <strong>and</strong><br />
ad hoc arrangements.<br />
• Regular <strong>and</strong> reliable two-way communications.<br />
• Operation of appropriate virtual <strong>and</strong> in-person boards, panels, committees, <strong>and</strong> other<br />
groups with representation from civil society, political leadership, the private sector,<br />
service users, community groups, managers, <strong>and</strong> staff.<br />
15<br />
APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011.<br />
16<br />
APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011.<br />
22