Costs-Benefits of Public Sector Audit Recommendations

Posted on by
Reply

Last week I attended a conference involving finance and administration professionals from international organizations based in Vienna Austria.  One of the side conversations that came up was managing an increasing number of audit recommendations with diminishing resources.

Public Sector versus For-Profit Auditor

There are important differences to note of the audit universe of the public sector.  For a for-profit organization, the auditor is a service another for-profit organization provides on the behest of the board and to provide assurance to the shareholders.  Even for non-profit organizations, this relationship exists – there is an inherent value for money question.

In the public sector, this relationship not only is absent but may also be perverted.  There can be an incentive of an auditor general (and its equivalents) to make comments on the public sector so as to justify the continuing existence of the auditor general.  Worse still is a ‘lime-light auditor’ who enjoys the unveiling of recommendations and the hero culture that can accrue to the auditor as a result.

The above of course is a worst case and the vast majority public sector auditors are dedicated and competent professionals with the tax payers and citizen’s interest in mind.  In addition, auditors have uncovered waste and have been effective change agents to ensure the best possible civil service for a political entity.  Alas, the vast majority are so but not all – and thus the question of how the value for money question can be applied to a public sector audit?

The Audit as a Rationale and Rotational Process

It is easier to make an audit comment (observation, recommendation, etc.) than it is to implement them.  As the public sector becomes more strapped for resources, it must balance the new audit comment against current operations, projects, public policy changes or even completing past audit recommendations.

Part of this challenge is that the public sector is abysmal at estimating the costs and the resulting benefits of operations or new initiatives.  A for-profit organization is laser focused on current operations costs.  If revenue cannot change, then costs must drop to sustain or improve the bottom line.  Alternatively, if a new project does not result in new revenue or other benefits (lower costs, regulatory compliance, operational effectiveness, etc.) then it is dropped in favour of a different investment.

The Public Sector does not always share the same rationality.  The primary financial discipline comes from the allocated budget and not overall profitability.  Additionally, public sector auditors reach into wider areas of the organization (as they should) resulting in recommendations that go far beyond the financial statements.

To go into these wider areas, public audit entities may engage outside expertise (e.g. an IT security audit firm) or they offer long-term employment to develop broad public sector expertise.  The problem with the second strategy is that there may not be enough turn over of the public sector audit organization that parallels the effect of firm rotation in the private sector world.

The Price of a Recommendation

Given the nature of both the auditors and the audit engagement are different in the public sector should not the output also be different?  How about pricing each audit suggestion (recommendation, observation, etc.)?

The auditor and management would independently develop an estimated number of hours and associated costs to implement a recommendation.  The auditor would use its larger experience from other Ministries, organizations etc. and the organization based on its insider experience.  The cost should be a full cost as if whatever is being implemented is entirely done so by a third-party with the same knowledge as current management.  For example, if there is a recommendation to perform an additional verification of a payment voucher, the cost would be as if a contractor is engaged to come in and do the verification.

The reason for this third-party approach is to avoid the pitfall of ‘wishing away the problem’.  Thus an auditor could say that the check is nominal by the payments clerk and therefore there is no cost.  In contrast, management knows that they payment clerk is doing other activities that the auditor is not factoring in and thus the cost is not free.

The auditor and management would ideally compare and agree to a high-low range of cost to implement.  These costs would be aggregated and the total cost of audit comments would be estimated (once again in a range).  The actual costs of implementation (both project and run-costs) would be reported against the past audits.  This reporting would help to fine-tune the estimations and provides a comparison point for other audit engagements.  Thus in the above example, the auditor could state that implementing an additional check in other organizations typically consumes 10-20 hours of additional effort per week as compared to management’s assertion that it would take 15-30 additional hours per week.

Pricing and Gaming the Auditor General’s Report

The above cost methodologies can be aggregated and reported as a companion piece of information with the respective audit reports.  Currently such reports provide a bias view of the recommendations.  The auditor general will list numerous infractions and the hundreds of changes they are proposing.  Implicit in this list is that these are things the public sector organization should have thought of long ago.  By pricing the suggestions it balances the report so that the public knows that perhaps a change was not done because the benefits do not exceed the costs.

The problem with applying a cost to something is that there is a risk of it being gamed.  The auditor wishing away the costs and management overestimating.  Thus the importance of the comparison function and a longer-term comparison of how good the estimates are from both the auditors and management.

Thoughts, should a public sector auditor price their recommendations?  Leave me a comment or drop me a note with your views.

 

MCEFing the Gap – Introduction

Posted on by
1

Organizations are created to achieve objectives of a board of directors or the equivalent.  The challenge has been how to enable an organization but also protect the resources entrusted to it by its owners.  That is, how do you both Control and Enable an organization? The COSO Framework frames the question of Control but does not address the other side of the coin, things like employee-motivation, capitalizing on opportunities, customer service or the outcomes of public policy.  These are examples of what I call ‘Enablement’.

Continue reading

COSO – Mind the Gap

Posted on by
1

The author completed a COSO certification course, appreciating its quality despite previous frustrations with online learning. However, the course fell short in addressing the practical deployment of COSO, leaving gaps in internal-control specifics. Nonetheless, COSO promotes adaptability for organizations, suggesting they can customize the framework to better suit their needs.

Continue reading

New Gig Planning

Posted on by
Reply

Next January I am off to a new gig, it is back with the Alberta Public Service. In December I will be leaving the Vienna Based International Organization (VBIO) I am currently work for.  It has been a good/strange/learning ride and have met some great people and have had a few successes – but time to get back to reality (and my pridwife, shoveling snow, etc.).

Just Like the First Day of School

One of the upsides of starting a new role is that you get to leave your baggage behind and start afresh.  Ideally you take what you have learned from your past mistakes and ask yourself how you can be a better person, employee and boss.  The following is in my spirit of my ‘Phrankisms‘, homage to Steven Covey and also a (non) secret plan of how I hope to carry myself into my new role in a few months.

Knowing the Shark Tank you are Swimming In

Ideally you should know the shark tank you are easing yourself into wearing your brand new (metaphoric, I hope) Speedo on your first day. A word to the wise, work communities are surprisingly small.  I have been in about 6 separate work-eco-systems (Health, ERP Implementations, Consulting, NATO, Vienna and the Government of Alberta).  In all cases, the community members had a high degree of connection – even before social media tools such as LinkedIn.  When you are a young pup the pool is large; as you take on more senior roles the shark tank gets smaller.

What does this mean?  One’s brand becomes more important and it becomes increasingly more difficult to shed a ‘poor-brand’ within a given Shark Tank.  I don’t have a specific set of actions for my new gig other than to carry a simple awareness that brand matters and don’t be surprised who has heard of you from obscure corners.

My New Gig Desired Brand (and my LinkedIn Summary): Accomplished Professional Accountant with proven success in corporate budgeting/reporting, strategic planning, system implementations, process improvement, internal controls, contracting and organizational change. Specialties: Budgeting, Strategic Planning, Process Design and Improvement.

Articulate a Noble Purpose

We have all sat in marathon mission statement drafting sessions in which the merits of a definite versus indefinite articles are discussed ad nauseam.  This is something I discussed in a risk management context: Purpose: Why Does the Organization Exist, what are its objectives?.

Is there a consistent and wide spread understanding of what the organization does?  Widespread is both top-down and inside-out.

Whether or not an organization has a purpose, the unit a person is working for should have a reason to exist.  In my chosen profession, finance and accounting, we are ultimately in the business of client service.  Certainly we need to consider risk, controls and compliance – but ultimately we are there to make the rest of the organization successful.

My New Gig Leadership Maxim: I will take pride in the work I am doing.  I will seek to improve the craftsmanship and quality of the product or service of my team’s efforts to help the rest of the organization be successful.

The Boat Metaphor and Image

Leadership varies by circumstances and individuals.  There are a few individuals who are larger than life and leadership comes naturally to them.  For most, it is a skill and behaviours to be learned – and that is the good news!  Good leadership is not innate and can be practiced and improved upon.  Have you ever heard of the leadership boat metaphor?  ‘There are some who need to row the boat and a few who need to steer it‘ (2×2 courtesy of Governance Today).

Courtesy of Governance Today.

I would suggest the maximum can be expanded a wee bit to be more complete:

My New Gig Leadership Maxim: ‘Leadership is recognizing that a large group of rowers must be well led by a smaller group who steer.  These two groups are in turn shoved into the water by fewer individuals who can provide a general direction of where to take the boat and then who must trust the rowers strength and the skill of those who will steer‘.

Seek First to Shut Up (with apologies to Covey)

Now that we all have our places in the boat and ready to start rowing or steering or shoving, now onto my next reminder: Shut Up and Listen. Steven Covey said this more eloquently in his fifth habit (of Seven): Seek first to understand and then be understood.

There is an inverse relationship between one’s seniority and the amount one should talk.  Of course it is hard not to talk, the more senior you are the more reverently people file into the meeting room, eyes diverted waiting for a divine message.  However, unless you can process tap-water into a nice Merlot, you had better be listening:

My New Gig Leadership Maxim: The person who talks the least and softest is often listened to the hardest.

If necessary, after asking a question, I will silently count to a number (e.g. 30, 60, etc.) before saying anything else.  Silence is okay and it allows people to respond in a more intelligent fashion.

Kick the email habit

As an extension of the above, it is easy to use email as a form of conversation.  As a result, sending an email at 9PM on a work night or early Sunday AM may seem nothing more than ‘chatting’.  However, the more senior one becomes the less latitude you have to send emails out of all hours.  Your staff will wonder if they should respond and wonder if is it an expectation that they be available and online during these periods?

The reality is that unless there is a baby dying or building burning to the ground, almost nothing requires an immediate response.  Also, the last person to join the email conversation often has the greatest impact on the conversation (see the above for more on this).

My New Gig Leadership Maxim: Email belongs in work hours; use delay send and other functions to keep it there.  Alternatively let emails stew in the draft folder.  If the email is complex or controversial, send it after going for a walk or a good night’s sleep.

I will make better use of messenger like tools (e.g. Lync/Skype) for informal communication rather than email.  A messenger tool allows me to ask discrete question without the implied formality of an email – better still; a messenger tool means that email is seen as more formal and therefore has more impact.  To this end, I will also try to start each email with Thank You and Great Work and then the email content. Of course walking over to the person or telephoning them builds even better person connections.

Walk Around to Listen and Observe

‘Walking the Ship before the Battle’, ‘Management by Walking Around’ or ‘Eat One Lunch a Week in the Staff Cafeteria’.  These are all examples of the importance of moving beyond formal positional authority and building casual informal contact with both direct reports and the organization in general.

By being visible at least once per day, creates a human connection which builds trust and a shared sense of community.  By having lunch in the cafeteria you are building on a very strong human connection between food and community.

My New Gig Leadership Maxim: Strive to say good morning to my staff and try to physically visit other staff at least once per week in an informal setting (e.g. popping in, saying hello, a coffee, walk, etc.). Visit to listen, visit to understand but don’t commit – that requires a formal setting‘.

Build a Foundation Underneath

Humans are hard-wired to seek out community and affiliation.  If the work environment is not providing this environment then the humans will create their own affiliation and management will have no control over its direction, values or purpose.

This human foundation is based on realistically aligning the somewhat immutable organizational objectives to the honourable personal objectives of the staff.  This alignment is based on trust; the staff must believe that the leader has their individual and collective backs.  This does not reduce personal accountability or responsibility – but it does mean that when they honourably screw up you won’t throw them under the bus.

A side benefit of building the trust and community is receiving ‘organizational-intelligence‘ from your staff about the organization.  As with all information though, never believe/react to information blindly, trust your sources but verify before you act.

My New Gig Leadership Maxim: I will create a client service focused organization that people are proud to be a part of.  I will help people understand the larger organizational objectives so they can align their personal objectives to them.

Related to this, I will set up periodic team and 1:1 meetings with my staff.  These are the most important meetings in my calendar and protect them accordingly. 

I will set up a method to track our operational and project work to not only make people accountable but also so they have a tool to prioritize their work and in due course remember the good work they did for when they go on to their next gig.

Float ideas rather than direct them.

While leaders and managers are expected to have vision of what the organization should be and where it should go, the best vision is one that is collectively formed rather than a messiah-like-prophecy.  Invite others to contribute to the vision by not starting off with the position of ‘do it this way’.  Participation leadership increases group cohesion and helps to teach leadership.  To be clear, accountability remains with the leader and in a few instances a ‘GO DO IT‘ mantra is needed.

My New Gig Leadership Maxim: ‘I will strive to ask for input and recommendations before making significant decisions.  I will make it clear that their contributions does not reduce my accountability but it does increase my team’s participation in the decision and helps them learn decision making‘.

Practice Strategic Indifference

Strategic indifference means picking your battles and recognizing the principle of Control, Influence and Affect – CIA.  You are not going to win all or even most of your battles so get over it.  Steven Covey discussed this in Habit 3: Put First Things First Manage your life according to your needs and priorities. Spend time doing what fits into your personal mission, observing the proper balance between your production and building your production capacity.

My New Gig Leadership Maxim: I will seek to pick my battles carefully applying my team’s limited resources to the highest priority operational and project work.  Having said this, it is my expectation that my team constantly becomes more efficient and effective so as to absorb higher work loads with static resources.

Bonus!  Some bonus questions to ask as you receive information:

  1. Can you trust and verify the information?
  2. What is the worst that will happen if do nothing with this info (procrastination as an option)?
  3. Is what I am being told the problem or a symptom of a larger problem?
  4. If I am going to do something – what will I choose to stop doing to get this done?

Planning and then Learning from Failure

That is quite a list and I already know that I will have varying levels of success.  Once again, the upside of starting a new role is the ability to become a better person, leader, manager and mentor to my staff.  Wish me luck and I will let you know when I start the NEXT gig as to how this one fared.

Measuring Control – Challenges

Posted on by
Reply

The article discusses the challenge of measuring internal control effectiveness within organizations, specifically within the COSO framework. It emphasizes the need for reasonable assurance rather than absolute control, encouraging periodic checks on high-risk processes. It suggests organizations regularly review and update controls for relevance and effectiveness to ensure organizational objectives are met.

Continue reading

COSOPS: COSO for the Public Service

Posted on by
3

COSOPS is a modified version of the COSO framework applied to public sector organizations. COSOPS highlights internal controls aimed at efficiency, reliability of reporting, and compliance with laws. Key changes include emphasizing public accountability, the role of civil service, fiscal matters, and external oversight, aiming for improvement in public policy functions.

Continue reading

COSO Competitors

Posted on by
1

This is the third in a series of the internal control.  The first blog, Internal Control and COSO, introduced this framework including highlighting some of its short comings.  The second blog, A List of Internal Controls, attempted to create the most comprehensive list of controls ever constructed (or that at least I could find). This blog asks the question, “does COSO have competitors or is there a better control framework out there?“.

Continue reading

An Excel Tool to Document File Directories

Posted on by
1

The network file structure is now about 50+ years old but is still the backbone for a lot of corporate and personal data management [1]. At the same time, how often have you heard stories of people losing all of the family pictures because they failed to back up or backed up the wrong directory.

Continue reading