Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3D. CFO, Internal Audit, and External Audit (15%)<br />
3D Learning Outcomes<br />
On completion of this section, students will be better able to:<br />
• Describe respective responsibilities of the chief financial officer, internal audit, and<br />
external audit.<br />
• Identify opportunities for collaboration among chief financial officer, internal audit, and<br />
external audit.<br />
• Describe processes of assurance mapping.<br />
3D.1 Roles of the Chief Financial Officer<br />
The Chief Financial Officer (typically Director of Finance in Albanian public sector entities) is the<br />
most senior member of the finance and accounting team. As a member of senior management,<br />
they have entity-wide responsibilities related to leadership, strategy development and<br />
implementation, culture, and governance. As head of the finance unit, they have responsibility<br />
for managing financial resources, ensuring liquidity, safeguarding assets, setting and<br />
implementing financial strategy, determining financial policies, planning and budgeting,<br />
monitoring, and reporting.<br />
Chief financial officers have insight into every business unit. Given their visibility into<br />
opportunities that can be unlocked by information-led transformations, it is no surprise<br />
that CFOs are assuming new strategic roles. They are tasked with guiding the growth of<br />
companies, building digital organizations, and transforming the finance function. 41<br />
An important distinction is made between the roles of the Executing Officer (Director of Finance)<br />
and the Authorizing Officer (Secretary General) as a crucial part of financial control at the<br />
highest level. Additionally, the Minister (or political leader of the entity) holds neither of these<br />
responsibilities.<br />
The structure of the team and the roles within it depend on the purpose and size of the entity.<br />
Many aspects of financial management and control are determined centrally or by superior<br />
bodies, reducing the scope of responsibilities at the level of subordinated entities.<br />
The following table (based on Finance Department Organization Structure, opsdog 42 ) illustrates<br />
key functions (with potential areas of overlap) regardless of how these may be distributed and<br />
structured. Some functions, such as payroll, may be outsourced.<br />
Function<br />
Description<br />
41<br />
The CFO Agenda: Transforming the Finance Function, Harvard Business Review, 2018.<br />
42<br />
Finance Department Organization Structure, opsdog.com.<br />
69
Finance<br />
Managing long-term and operational funding, accounting, and financial<br />
reporting.<br />
Accounts payable Managing amounts owing to suppliers to ensure timely and accurate<br />
payment (maintaining Accounts Payable Ledger).<br />
Accounts<br />
Managing amounts due from clients and service-users to ensure prompt<br />
receivable<br />
collection (maintaining Accounts Receivable Ledger).<br />
Accounting and Bookkeeping to record and track financial transactions and fixed assets<br />
reporting (control) (maintaining Cash Book and General Ledger).<br />
Budgeting and Preparing and monitoring budget, variance analysis, and management<br />
forecasting accounts.<br />
Expense<br />
Approving, recording, reimbursing, and monitoring employee-generated<br />
management expenses (travel, accommodation, etc.)<br />
Tax<br />
Planning and managing all tax-related expenses.<br />
Treasury<br />
Managing cash to maximize liquidity.<br />
management<br />
Payroll<br />
Administering salaries, wages, bonuses, and deductions.<br />
Another way of thinking about the roles of the CFO related to control is to consider the main<br />
organizational functions of finance, as:<br />
• Catalyst.<br />
• Strategist.<br />
• Stewardship.<br />
• Operative.<br />
These roles are illustrated below (taken from “What is a Financial Controller? Roles and<br />
Responsibilities” 43 .<br />
43<br />
What is a Financial Controller? Roles and Responsibilities, Oracle Netsuite.<br />
70
In the public sector of some countries a distinction is made between the similar roles of financial<br />
controller and comptroller. The latter is viewed as having a broader and more senior role<br />
overseeing fiscal activities similar to the role of the Chief Financial Officer. The controller is in<br />
control of the accounting function and maintaining financial records.<br />
Given the seniority of the position, the CFO plays both a strategic role to enable achievement of<br />
the organization’s core purpose as well as an operational role supporting core functions. They<br />
are key to ensuring conformance with reporting requirements as well as supplying information<br />
internally to aid effective decision-making. They also have responsibility for overall financial<br />
control. Therefore, it is essential the CFO fully understands their organization and its culture,<br />
vision, mission, goals, priorities, risks, resources, people, and processes.<br />
CIPFA developed a detailed description of the Role of the Chief Financial Officer in Public<br />
Service Organisations based on five principles which is worth quoting in full. 44<br />
Principle 1: The CFO in a public service organisation is a key member of the<br />
Leadership Team, helping it to develop and implement strategy and to resource and<br />
deliver the organisation’s strategic objectives sustainably and in the public interest.<br />
44<br />
Role of the Chief Financial Officer in Public Service Organisations, CIPFA, 2011.<br />
71
• Contributing to the effective leadership of the organisation, maintaining focus on<br />
its purpose and vision through rigorous analysis and challenge.<br />
• Contributing to the effective corporate management of the organisation, including<br />
strategy implementation, cross organisational issues, integrated business and<br />
resource planning, risk management and performance management.<br />
• Supporting the effective governance of the organisation through development of<br />
– corporate governance arrangements, risk management and reporting<br />
framework; and – corporate decision making arrangements.<br />
• Leading or promoting change programmes within the organisation.<br />
• Leading development of a medium term financial strategy and the annual<br />
budgeting process to ensure financial balance and a monitoring process to<br />
ensure its delivery.<br />
• Ensuring the medium term financial strategy reflects joint planning with partners<br />
and other stakeholders.<br />
Principle 2: The CFO in a public service organisation must be actively involved in, and<br />
able to bring influence to bear on, all material business decisions to ensure immediate<br />
and longer term implications, opportunities and risks are fully considered, and alignment<br />
with the organisation’s overall financial strategy.<br />
Responsibility for financial strategy:<br />
• Agreeing the financial framework with sponsoring organisations and planning<br />
delivery against the defined strategic and operational criteria.<br />
• Maintaining a long term financial strategy to underpin the organisation’s financial<br />
viability within the agreed performance framework.<br />
• Implementing financial management policies to underpin sustainable long-term<br />
financial health and reviewing performance against them.<br />
• Appraising and advising on commercial opportunities and financial targets.<br />
• Developing and maintaining an effective resource allocation model to deliver<br />
business priorities.<br />
• Leading on asset and balance sheet management.<br />
• Co-ordinating the planning and budgeting processes.<br />
• Establish a medium term business and financial planning process to deliver the<br />
organisation’s strategic objectives, including: – a medium term financial strategy<br />
to ensure sustainable finances; – a robust annual budget process that ensures<br />
financial balance; and – a monitoring process that enables this to be delivered.<br />
• Ensure that professional advice on matters that have financial implications is<br />
available and recorded well in advance of decision making and used<br />
appropriately.<br />
72
• Ensure that those making decisions are provided with information that is fit for the<br />
purpose – relevant, timely and giving clear explanations of financial issues and<br />
their implications.<br />
Influencing decision making:<br />
• Ensuring that opportunities and risks are fully considered and decisions are<br />
aligned with the overall financial strategy.<br />
• Providing professional advice and objective financial analysis enabling decision<br />
makers to take timely and informed business decisions.<br />
• Ensuring that the organisation’s capital projects are chosen after appropriate<br />
value for money analysis and evaluation using relevant professional guidance.<br />
• Checking, at an early stage, that innovative financial approaches comply with<br />
regulatory requirements.<br />
Financial information for decision makers:<br />
• Monitoring and reporting on financial performance that is linked to related<br />
performance information and strategic objectives that identifies any necessary<br />
corrective decisions.<br />
• Preparing timely management accounts.<br />
• Ensuring the reporting envelope reflects partnerships and other arrangements to<br />
give an overall picture.<br />
Principle 3: The CFO in a public service organisation must lead the promotion and<br />
delivery by the whole organisation of good financial management so that public money is<br />
safeguarded at all times and used appropriately, economically, efficiently, and effectively.<br />
Promotion of financial management:<br />
• Assessing the organisation’s financial management style and the improvements<br />
needed to ensure it aligns with the organisation’s strategic direction.<br />
• Actively promoting financial literacy throughout the organisation.<br />
Value for money:<br />
• Challenging and supporting decision makers, especially on affordability and<br />
value for money, by ensuring policy and operational proposals with financial<br />
implications are signed off by the finance function.<br />
• Developing and maintaining appropriate asset management and procurement<br />
strategies.<br />
• Managing long term commercial contract value.<br />
Safeguarding public money:<br />
73
• Applying strong internal controls in all areas of financial management, risk<br />
management and asset control.<br />
• Establishing budgets, financial targets and performance indicators to help assess<br />
delivery.<br />
• Implementing effective systems of internal control that include standing financial<br />
instructions, operating manuals, and compliance with codes of practice to secure<br />
probity.<br />
• Ensuring that delegated financial authorities are respected.<br />
• Promoting arrangements to identify and manage key business risks, including<br />
safeguarding assets, risk mitigation and insurance.<br />
• Overseeing of capital projects and post completion reviews.<br />
• Applying discipline in financial management, including managing cash and<br />
banking, treasury management, debt and cash flow, with appropriate segregation<br />
of duties.<br />
• Implementing appropriate measures to prevent and detect fraud and corruption.<br />
• Establishing proportionate business continuity arrangements for financial<br />
processes and information.<br />
• Ensuring that any partnership arrangements are underpinned by clear and well<br />
documented internal controls.<br />
Assurance and scrutiny:<br />
• Reporting performance of both the organisation and its partnerships to the board<br />
and other parties as required.<br />
• Supporting and advising the Audit Committee and relevant scrutiny groups.<br />
• Preparing published budgets, annual accounts and consolidation data for<br />
government-level consolidated accounts.<br />
• Liaising with the external auditor.<br />
Principle 4: The CFO in a public service organisation must lead and direct a finance<br />
function that is resourced to be fit for purpose.<br />
• Leading and directing the finance function so that it makes a full contribution to<br />
and meets the needs of the business.<br />
• Determining the resources, expertise and systems for the finance function that<br />
are sufficient to meet business needs and negotiating these within the overall<br />
financial framework.<br />
• Implementing robust processes for recruitment of finance staff and/or outsourcing<br />
of functions<br />
• Reviewing the performance of the finance function and ensuring that the services<br />
provided are in line with the expectations and needs of its stakeholders.<br />
• Seeking continuous improvement in the finance function.<br />
74
• Identifying and equipping finance staff, managers and the Leadership Team with<br />
the financial competencies and expertise needed to manage the business both<br />
currently and in the future.<br />
• Ensuring that the Head of Profession role for all finance staff in the organisation<br />
is properly discharged.<br />
• Acting as the final arbiter on application of professional standards.<br />
Principle 5: The CFO in a public service organisation must be professionally qualified<br />
and suitably experienced.<br />
3D.1: Reflection<br />
Consider planning, budgeting, monitoring, reporting, and financial control. In your<br />
organization, how are the various responsibilities of finance and accounting arranged?<br />
How is the work of financial control, financial inspection, external audit, and internal audit<br />
coordinated?<br />
Consider the five CIPFA Principles and criteria. How closely does the CFO and finance and<br />
accounting function in your organization satisfy those criteria?<br />
3D.2 Roles of External Audit<br />
A Supreme Audit Institution (SAI) is established to undertake external audits of public sector<br />
entities and report to parliament either directly or via a committee, council, or similar authority or<br />
body.<br />
A supreme audit institution (SAI), or national audit institution, fulfils the independent and<br />
technical public sector external audit function that is typically established within a country’s<br />
constitution or by the supreme law-making body. A SAI is responsible for overseeing and<br />
holding government to account for its use of public resources, together with the legislature<br />
and other oversight bodies. SAIs have different models and institutional arrangements<br />
regarding the legislature, executive and judiciary. Where there is more than one body<br />
fulfilling the public sector external audit role, the SAI is usually distinguished as possessing<br />
the strongest constitutional guarantees of independence.<br />
In line with their status as independent external bodies, SAIs require full discretion and<br />
sufficiently broad mandates, although this differs depending on the SAI country context. In<br />
order to provide expertise and credible findings on the use and management of public<br />
resources, SAIs require the ability to access all relevant documents, to work onsite, and to<br />
follow up with audited entities on their findings.<br />
75
In order for a SAI to effectively hold government accountable for its stewardship of public<br />
resources, it must operate on the fundamental principles of independence, transparency and<br />
accountability, ethics and quality control. An independent and professional SAI should hold<br />
itself to the principles that it expects of the public sector entities that it audits so as to lead by<br />
example. 45<br />
SAIs typically undertake three kinds of audits:<br />
• Financial audits.<br />
• Compliance audits.<br />
• Performance audits.<br />
In some countries, the SAI has jurisdictional authority with additional legal powers to investigate<br />
and prosecute.<br />
In Albania, the SAI is known as the Supreme State Control (SSC) and reports to the Assembly.<br />
The SSC describes itself as “the highest institution of economic and financial control in the<br />
Republic of Albania.” Its self-declared purpose is<br />
to control the effective and beneficial use of public funds, financial good administration and<br />
control of the implementation of legality in the economic and financial field…[including]<br />
communication and providing information to public authorities and the public in general,<br />
through the publication of unbiased reports. 46<br />
The IIA and INTOSAI produced a joint report confirming the compatibility of the respective sets<br />
of standards. Internal auditors and external auditors have very broadly the same objectives – in<br />
terms of accountability, transparency, and assurance – and have similar methodologies. While<br />
maintaining their individual independence, there is plenty of scope for collaboration in training<br />
and professional development, the planning of audits, and sharing of findings. An internal audit<br />
engagement may deploy a member of the SAI as a guest auditor. The degree of reliance placed<br />
on the work of another assurance provider is dependent on the level of independence and<br />
competency and the standards applied to the work, and its relevance, scope, and currency.<br />
According to INTOSAI professional standards:<br />
the Supreme Audit Institution has the task of examining the effectiveness of internal audit. If<br />
internal audit is judged to be effective, efforts shall be made, without prejudice to the right of<br />
the Supreme Audit Institution to carry out an overall audit, to achieve the most appropriate<br />
division or assignment of tasks and cooperation between the Supreme Audit Institution and<br />
internal audit. 47<br />
45<br />
OECD Public Governance Reviews: Supreme Audit Institutions and Good Governance, OECD, 2016.<br />
46<br />
State High Control, Shtetiweb, 2021.<br />
47<br />
ISSAI 1, The Lima Declaration, INTOSAI, 2019.<br />
76
According to Standard 2050 – Coordination and Reliance:<br />
The chief audit executive should share information, coordinate activities, and consider<br />
relying upon the work of other internal and external assurance and consulting service<br />
providers to ensure proper coverage and minimize duplication of efforts.<br />
Interpretation:<br />
In coordinating activities, the chief audit executive may rely on the work of other assurance<br />
and consulting service providers. A consistent process for the basis of reliance should be<br />
established, and the chief audit executive should consider the competency, objectivity, and<br />
due professional care of the assurance and consulting service providers. The chief audit<br />
executive should also have a clear understanding of the scope, objectives, and results of the<br />
work performed by other providers of assurance and consulting services. Where reliance is<br />
placed on the work of others, the chief audit executive is still accountable and responsible<br />
for ensuring adequate support for conclusions and opinions reached by the internal audit<br />
activity. 48<br />
Assurance mapping and combined assurance are considered in more detail in section 3D.3.<br />
Some external audits of public entities may also be conducted by providers other than the SAI in<br />
accordance with legal requirements. This occurs where a publicly funded entity is responsible<br />
for tendering for an external provider for some of its statutory audits as well as any additional<br />
external assurance deemed valuable at the discretion of the organizational leadership to<br />
complement the work of the SAI, internal auditors, financial inspectors, and others.<br />
3D.2: Reflection<br />
Which body or bodies conduct external audits of your organization?<br />
What use does external audit make of internal audit findings? What use does internal audit<br />
make of external audit findings?<br />
Do internal and external audit collaborate in any other way, such as training, information<br />
sharing, and planning?<br />
Could a member of the SAI be deployed on an internal audit mission as a guest auditor?<br />
48<br />
International Professional Practices Framework, The IIA, 2016.<br />
77
3D.3 Assurance Mapping<br />
Senior management and the governing body receive assurance from various internal providers<br />
(e.g., management, internal control, risk and compliance, and internal audit) and external<br />
providers (e.g., SAI, inspectors, and other consultants). An assurance map is used to record<br />
which party is providing assurance on each group of key risks and control to avoid unwanted<br />
gaps and unnecessary overlaps and duplication. Some gaps may be deliberate, especially<br />
where management regards those risks as being of a lower priority or controls are known to be<br />
reliable and effective. Likewise, some overlap and duplication is intentional for high risk areas,<br />
new risks, or areas requiring a high degree of specialist expertise where a second opinion is<br />
valued.<br />
Assurance mapping can also help with audit fatigue which can arise in teams subject to multiple<br />
reviews, inspections, and investigations in a relatively short period of time. Assurance provides<br />
can collaborate on timing to minimize this danger. Alternatively, two audits may be conducted<br />
together.<br />
Internal audit may use the map to inform their planning and determine whether there is scope to<br />
use the work of other assurance providers rather than repeat it. Management may use the map<br />
to ensure resources and structures are being utilized with the greatest efficiency and<br />
effectiveness.<br />
The internal audit function is well laced to create such an assurance map.<br />
The IIA guide Coordination and Reliance: Developing an Assurance Map suggests five steps for<br />
producing an assurance map:<br />
1. Identifying sources of risk information.<br />
2. Organizing risks into risk categories for consolidated viewing.<br />
3. Identifying assurance providers.<br />
4. Gathering information and documenting assurance activities by risk category.<br />
5. Periodically reviewing, monitoring, and updating the assurance map. 49<br />
A further advantage of the assurance mapping process is it requires assurance providers to<br />
share information with each other and thus help to create a more coherent view of the<br />
organization.<br />
An assurance map can take many forms. It will likely reflect the risk categories adopted by the<br />
organization and used in the risk register. An example assurance map is shown below. The<br />
example does not include external assurance providers which should be considered for a<br />
comprehensive picture.<br />
49<br />
Coordination and Reliance: Developing an Assurance Map, The IIA, 2018.<br />
78
79
3D.3.1 Combined Assurance<br />
An extension of assurance mapping is sometimes referred to as combined assurance. Beyond<br />
the tracking of assurance coverage across all major risk categories, combined assurance is a<br />
more coordinated approach to provide greater insights on governance, risk management, and<br />
internal control. According to guidance produced by AuditBoard:<br />
True combined assurance represents the ultimate level of coordination, including such<br />
elements as combined scheduling, consolidated planning and reporting, shared terminology,<br />
and use of common and shared technology. 50<br />
The seven steps described in the article are:<br />
1. Establish a baseline.<br />
2. Outline and define your objectives and expected benefits.<br />
3. Obtain involvement of other assurance providers.<br />
4. Communicate with, educate, and obtain sponsorship of key stakeholders.<br />
5. Take an iterative step-by-step approach.<br />
6. Create a change management plan.<br />
7. Measure and report on success against expected benefits. 51<br />
More advanced guidance is given by AuditBoard in the guide Advancing Combined Assurance<br />
to Manage Risks. 52<br />
In the King IV Code of Corporate Governance, combined assurance has a specific meaning<br />
linked to King’s model of five lines of assurance, an extension of the Three Lines Model to<br />
include external audit and the board.<br />
3D.3: Reflection<br />
Who provides assurance to management and the governing body in your organization?<br />
Are there any risk areas of over-coverage or under-coverage in terms of assurance?<br />
Does your organization produce an assurance map? If so, who produces the assurance<br />
map? What use is made of the assurance map?<br />
Does internal auditing use the work of other assurance providers? If so, what examples do<br />
you have? How do auditors determine the work of other assurance providers can be relied on?<br />
50<br />
What is Combined Assurance? Seven Steps to Start a Successful Program, AuditBoard, 2020.<br />
51<br />
What is Combined Assurance? Seven Steps to Start a Successful Program, AuditBoard, 2020.<br />
52<br />
Advancing Combined Assurance to Manage Risks, AuditBoard, 2021.<br />
80
References and Additional Reading<br />
10 Tips for Evaluating Internal Control Deficiencies” AuditBoard, 2021.<br />
https://www.auditboard.com/blog/tips-evaluating-internal-control-deficiencies/<br />
Acquis, Eur-Lex. https://eur-lex.europa.eu/EN/legalcontent/glossary/acquis.html#:~:text=The%20European%20Union%20(EU)%20acquis,syste<br />
ms%20of%20EU%20Member%20States.<br />
Advancing Combined Assurance to Manage Risks, AuditBoard, 2021.<br />
https://www.auditboard.com/resources/ebook/advancing-combined-assurance-to-managekey-risks/<br />
Budgeting the Internal Audit Function: How Much is Enough? Tone at the Top, The IIA,<br />
December 2018<br />
https://www.theiia.org/globalassets/site/content/tools/advocacy/2018/budgeting-the-internalaudit-function-how-much-is-enough/tone-at-the-top-issue-90-december-2018_updated.pdf<br />
Chapters of the Acquis, European Commission. https://neighbourhoodenlargement.ec.europa.eu/enlargement-policy/conditions-membership/chapters-acquis_en<br />
CIPFA Financial Management Code https://www.cipfa.org/policy-andguidance/publications/f/financial-management-code<br />
Coordination and Reliance: Developing an Assurance Map, The IIA, 2018<br />
https://www.theiia.org/globalassets/documents/content/articles/guidance/practiceguides/coordination-and-reliance-developing-an-assurance-map/pg-coordination-andreliance-developing-an-assurance-map1.pdf<br />
De Koning, Robert, PIFC Public Internal Financial Control, 2007.<br />
Delivering Excellent Public Finance: CIPFA’s Whole System Approach to Public Financial<br />
Management. https://www.cipfa.org/policy-and-guidance/reports/whole-system-approachvolume-1<br />
Finance Department Organization Structure, opsdog.<br />
https://opsdog.com/categories/organizationcharts/finance#:~:text=A%20Finance%20Department%20manages%20a,the%20finances%<br />
20of%20the%20company.<br />
Framework for assessing public financial management, PEFA, 2019.<br />
https://www.pefa.org/sites/pefa/files/resources/downloads/PEFA%202016_latest%20version<br />
_with%20links%20%282%29.pdf<br />
IIA Practice Guide: Measuring Internal Audit Effectiveness and Efficiency, The IIA, 2010<br />
https://www.theiia.org/globalassets/documents/content/articles/guidance/practice-<br />
81
guides/measuring-internal-audit-effectiveness-and-efficiency/practice-guide-measuringinternal-audit-effectiveness.pdf<br />
International Professional Practices Framework, The IIA, 2016.<br />
Handbook of International Public Sector Accounting Pronouncements, Volume 1, IPSASB,<br />
2021. https://www.ipsasb.org/publications/2021-handbook-international-public-sectoraccounting-pronouncements<br />
Handbook of International Public Sector Accounting Pronouncements, Volume 2, IPSASB,<br />
2021. https://www.ipsasb.org/publications/2021-handbook-international-public-sectoraccounting-pronouncements<br />
ISSAI 1, The Lima Declaration, INTOSAI, 2019.<br />
https://www.intosai.org/fileadmin/downloads/documents/open_access/INT_P_1_u_P_10/INT<br />
OSAI_P_1_en_2019.pdf<br />
Local Government Management Guide: Management’s Responsibility for Internal Control, Office<br />
of the New York State Comptroller, 2016 https://www.osc.state.ny.us/files/localgovernment/publications/pdf/managements-responsibility-for-internal-controls.pdf<br />
OECD Public Governance Reviews: Supreme Audit Institutions and Good Governance, OECD,<br />
2016. https://read.oecd-ilibrary.org/governance/supreme-audit-institutions-and-goodgovernance_9789264263871-en#page20<br />
Position Paper: Internal audit's relationship with external audit, Chartered Institute of Internal<br />
Auditors, 2020. https://www.iia.org.uk/resources/delivering-internal-audit/position-paperinternal-audits-relationship-with-externalaudit/#:~:text=The%20external%20audit%20focus%20is,are%20effective%20in%20managi<br />
ng%20risks<br />
“Public Financial Management,” Transparency International, knowledgehub.transparency.org.<br />
https://knowledgehub.transparency.org/topics/public-financial-management-parentlabel#:~:text=Public%20financial%20management%20(PFM)%20is,allocated%2C%20spent<br />
%20and%20accounted%20for.<br />
Role of the Chief Financial Officer in Public Service Organisations, CIPFA, 2011.<br />
https://www.cipfa.org/-/media/Files/CIPFA-Thinks/Reports/Role-of-CFO-v2-2011.pdf<br />
State High Control, Shtetiweb, 2021. http://shtetiweb.org/2012/09/28/kontrolli-i-larte-i-shtetit<br />
Sustaining High Performance Beyond Public Sector Pilot Projects, McKinsey, 2018.<br />
https://www.mckinsey.com/industries/public-and-social-sector/our-insights/sustaining-highperformance-beyond-public-sector-pilot-projects<br />
82
The Practice of Internal Controls, Office of the New York State Comptroller, 2010<br />
https://www.osc.state.ny.us/files/local-government/publications/pdf/the-practice-of-internalcontrols.pdf<br />
The CFO Agenda: Transforming the Finance Function, Harvard Business Review, 2018.<br />
https://www.coupa.com/lp_fce-19-hbr-cfo-<br />
agenda?utm_source=GoogleAds&utm_medium=Paid-Search&utm_campaign=SEM-<br />
2022Q1&utm_trm=NA-Finance&utm_content=19-HBR-The-CFO-<br />
Agenda&utm_last_engagement=PG19246A1&gclid=CjwKCAiA_6yfBhBNEiwAkmXy5wDvrc<br />
oK8C1kvT6hcTjB_OZNyMMy5dbcRZqfUr-lslnIjK1xBWNpHhoCGFsQAvD_BwE#top<br />
What is Combined Assurance? Seven Steps to Start a Successful Program, AuditBoard, 2020.<br />
https://www.auditboard.com/blog/combined-assurance-get-started/<br />
“What Internal Audit Can Do To Improve Financial Management,” Internal Audit 360, 2019.<br />
https://internalaudit360.com/what-internal-audit-can-do-to-improve-financial-management/<br />
What is a Financial Controller? Roles and Responsibilities, Oracle Netsuite.<br />
https://www.netsuite.com/portal/resource/articles/accounting/financialcontroller.shtml#:~:text=Most%20of%20what%20a%20financial,%2C%20operator%2C%20c<br />
atalyst%20and%20strategy.<br />
Whittaker, J., Strategy and Performance Management in the Government, Pilot Software,<br />
November 2003. Quoted in “How to Manage (and Measure) Government Performance,”<br />
FreeBalance, August 9, 2022. https://freebalance.com/en/blog/pfm/why-use-the-balancedscorecard-ingovernment/#:~:text=The%20balanced%20scorecard%20provides%20governments,used%<br />
20in%20the%20private%20sector.<br />
.<br />
83