22 / 32
22
/ Canadian Government Executive
// March 2016
C
anadians expect their public ser-
vices to be delivered in a way
that demonstrates cost-savings
and efficiency. To date, the ability
of the public sector to achieve great results
has been hindered by a risk-averse culture.
One symptom of this aversion to risk is an
environment of excessive controls over
business processes with multiple layers of
oversight and verification. To address this
impediment, federal public sector leaders
have been emphasizing the importance of
intelligent risk-taking. This concept refers
to the empowerment of public servants to
make decisions by considering risk, rather
than avoiding decision-making due to a
fear of failure. As such, intelligent risk-
taking will require federal departments
and agencies to reconsider their service
delivery models to reduce unnecessary
bureaucracy, while continuing to ensure
that sound stewardship and accountability
are maintained.
The Government of Canada has imple-
mented several measures over the past
few years to strengthen accountability
and increase transparency in the public
sector, including bolstering the role of in-
ternal audit. Since the implementation of
the Treasury Board’s Internal Audit Policy
in 2006, internal audit has established it-
self as an effective internal oversight tool
for deputy heads and as trusted advisors
to senior management across the public
service. As a result, the number of inter-
nal audit recommendations has signifi-
cantly increased and directly contributed
to the strengthening of stewardship and
accountability through improvements to
management controls and frameworks.
These recommendations; however, have
also led to an increase in the number of
organizational controls in place as well as
the bureaucratic processes required for
their implementation.
Within this context, internal audit has a
critical role to play in this transformation
by contributing to their department as en-
ablers of intelligent risk-taking. Tradition-
ally, internal audit has been focused on
providing assurance on the efficiency and
effectiveness of governance, risk manage-
ment, and control frameworks with an
emphasis on mitigating risks identified
by management, rather than questioning
whether risks actually warrant the con-
trols in place.
By challenging management’s under-
standing and appetite for risk and assess-
ing the cost-effectiveness of controls in
place, internal audit has an opportunity
to make significant contributions to the
reduction of bureaucracy and elimination
of redundant controls. This includes as-
sessing whether risks are well understood
in the first place; determining whether
risk tolerance is well communicated by
senior management; and whether exist-
ing controls remain relevant to address
the current risk environment. Positioning
internal audit as an enabler of intelligent
risk-taking; however, may be challenging,
considering the risk averse culture of both
public sector managers and the internal
audit function itself.
Although deputy ministers and senior
executives often refer to the need for in-
telligent risk-taking, public sector manag-
ers may be conflicted between efficiencies
gained from eliminating redundant con-
trols and the perceived consequences of
a control failure. Ultimately, all controls
were created to address risks identified
at a given time, sometimes in response to
a previous control failure. Management’s
aversion to risk inherently conflicts with
the willingness to eliminate existing con-
trols, even when their cost-effectiveness
and value may not always be clear. For
example, redundant controls such as mul-
tiple approval layers often add limited
value and cloud accountabilities; how-
ever, they continue to broadly exist in all
departments and agencies. Some public
sector managers may be reluctant to ac-
cept audit recommendations that elimi-
Internal Audit
ZIAD
SHADID
INTERNAL AUDIT –
An Enabler of Intelligent
Risk-taking at NRCan