TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Risk Management<br />
Similar comments as those made in respect of compliance (see above) apply to risk<br />
management more generally. It relies on the actions of multiple parties (most notably the<br />
CEO, CFO, <strong>and</strong> a Chief Risk Officer or equivalent) together with the support of internal audit.<br />
There may not be an individual or team with organizational responsibility for risk<br />
management <strong>and</strong> so the task is shared among managers, blending first <strong>and</strong> second line<br />
roles.<br />
Information <strong>and</strong> Decision Support<br />
The APEC guidance describes essential requirements for information <strong>and</strong> decision support:<br />
• St<strong>and</strong>ards for the creation <strong>and</strong> retention of public records, usually established by<br />
legislation.<br />
• Procedures within organizations to ensure the st<strong>and</strong>ards are met.<br />
• Quality data, information, <strong>and</strong> analysis to inform decisions taken by government<br />
boards <strong>and</strong> committees.<br />
• The keeping of records of decisions established by government boards <strong>and</strong><br />
committees, including the points considered or discussed in reaching those<br />
decisions. 17<br />
Review <strong>and</strong> Evaluation<br />
In the final element, the APEC guidance recognizes the importance of continuous<br />
improvement to governance supported by review <strong>and</strong> evaluation.<br />
• Ideally, governance arrangements should be reviewed in detail every year or two,<br />
particularly when there is a significant event affecting or potentially affecting those<br />
arrangements, such as a major legislative change or recommendations from a<br />
government committee or an external auditor.<br />
• An internal review led by the Minister or board of directors <strong>and</strong>/or executive<br />
management would normally suffice. Occasionally, where an organization could<br />
benefit from outside objectivity <strong>and</strong> expertise, a formal, externally facilitated review<br />
should be conducted.<br />
• The scope of the review may extend across the full range of the organization’s<br />
activities or else be confined to a performance assessment of the Minister or board of<br />
directors <strong>and</strong>/or executive management. In either instance, the fulfilment of both<br />
performance <strong>and</strong> conformance objectives should be evaluated.<br />
• Smaller <strong>and</strong>/or less complex organizations need not review their governance<br />
arrangements as frequently or in as much depth as larger <strong>and</strong> more complex<br />
organizations.<br />
• Organizations with significant policy or operational risk need to review their<br />
governance practices more frequently <strong>and</strong> more thoroughly.<br />
• Results from the reviews of governance arrangement should be acted upon in a<br />
reasonable timeframe 18<br />
17<br />
APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011.<br />
18<br />
APEC Economic Committee’s Good Practice Guide on Public Sector Governance, 2011.<br />
24