For all its subtleties and mysteries, the Westminster system of government has long contributed to stable and effective governance in Canada at the federal, provincial and territorial levels. Recent trends towards horizontal delivery of services add complexity to an already complex system.
Lines of Ministerial responsibility have the potential to become somewhat blurred with the horizontal delivery of programs and services, leading some to worry that accountability will be lost. Governments and legislatures need to be confident that systems or initiatives that cross ministerial boundaries continue to be managed efficiently and effectively.
Although horizontal delivery is not new, initiatives to network traditionally distinct organizations appear to be proliferating. For example, in New Brunswick, the government recently expanded the role of Service New Brunswick to include not just service to the public, but also the delivery of common services across government. Additionally, services such as human resources or information technology have been centralized with a mandate to deliver across ministries. Projected savings are reported to be achieved primarily through the modernization of technology, automated systems and business processes and strategic procurement.
Whereas centralization creates one organization to service many, sometimes two or more ministries may be called upon to help deliver a single program. For example, the regulation of agricultural products at the federal level is a responsibility shared by the Canadian Food Inspection Agency, Health Canada and Environment Canada.
To add even more dimensions to the complexity, governments are also working together across jurisdictional boundaries. For example, the Canada-Atlantic Provinces Agreement on International Business Development helps Atlantic Canadian businesses find international markets. Partners include three federal departments and the four provincial governments in Atlantic Canada.
Searching for assurance
In an effort to assist organizations in such scenarios control risks and provide accountability across organizations, the Institute of Internal Auditors provides some guidance. The “3 lines of defense” in effective management and control are:
• Management control;
• Oversight; and
• Independent assurance.
Independent assurance is usually performed by an organization’s internal audit function. Internal audit provides independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.
Audits for horizontal initiatives can take several forms. For example:
• A centralized audit function can conduct a horizontal audit across multiple organizations.
• Independent audit groups in organizations participating in an initiative can each audit their own organization’s activities and share the results.
• Audit groups in participating organizations can jointly plan and conduct an audit of an initiative or a common business process.
A strong internal audit function can contribute to the provision of horizontal assurance in the public sector and enable efficiencies to be gained by leveraging the successful strengths of one ministry to be applied to another ministry for the same activity.
Begin at the beginning
Internal audit can be a very effective management support when it is engaged at the beginning of an initiative, i.e. at the design stage, rather than called in to conduct audits after the initiative is underway or complete. This is particularly true for horizontal initiatives. When multiple organizations are involved, the potential exists for gaps to appear in oversight and control measures – gaps that internal auditors may be able to spot and recommend clarity around roles and responsibilities.
By participating in the design phase of an initiative, the audit function can advise on risk and control measures upfront so that adequate measures are put in place. Early prevention is much better than later detection.
On the other hand, the existence of independent oversight and control measures in multiple organizations engaged in a common endeavour could result in oversight duplication and audit burden. This is particularly relevant where one organization provides a service for many other organizations. There is potential for chaos if each client organization plans to audit the service provider in its own way.
An independent audit conducted by the service provider in consultation with the audit groups of the client organizations may prove sufficient to meet everyone’s needs, or at least provide a foundation for the client organizations’ own audit activities.
For their part, centralized audit functions can help reduce the audit burden for government ministries when they conduct horizontal audits of activities that are carried out in multiple ministries, such as procurement or grants and contributions. The audit group can select a handful of ministries to audit on the basis of risk; once it assesses the results of the audit, it can provide best practices and lessons learned to all ministries.
Similarly, when programs are delivered cooperatively by several organizations, an audit by one organization – if designed collaboratively – may meet the needs of all, and free up resources for other priorities.
In addition, 100 % coverage may often not be practical to achieve when conducting horizontal audits. The identification of key themes and lessons learned from those in scope as part of horizontal audits can be quite valuable. These themes and lessons learned can allow for broader awareness across organizations that are not in scope and that may be able to self-assess, consider potential relevance/impacts, and take necessary actions. This approach also allows for internal audit to consider any better practices identified in the course of horizontal audit work, so that these too can be shared for the benefit and consideration of other organizations not in scope.
Pay attention to the details
In complex situations, such horizontal collaboration requires that all parties understand why the parties are collaborating, who is responsible for doing what, and within what timeframes. Issues that may need to be addressed include:
• A clear understanding of shared objectives and expected results
• An articulation of roles and responsibilities
• The tailoring of assurance activities to meet the differing needs of the parties, such as differing risk tolerances
• Coordination and integration of audit planning and assurance activities
• An agreed decision-making process
• The provision of human and financial resources
• Agreed upon audit and evaluation procedures
• Agreed upon audit criteria that are relevant to shared definitions of a successful initiative and a common understanding of risks
• Agreed upon information sharing arrangements during the audit process
• Provisions for problem-solving and dispute resolution
• Shared approaches for consulting stakeholders
• Timelines for the completion of different phases of an audit
• Agreed upon mechanisms for reporting audit results
• Shared public information strategies.
• Consideration for leveraging a corporate or enterprise-wide audit committee that can oversee the approval of a horizontal audit plan and reporting of horizontal assurance activities.
• Agreed upon mechanism to assign ownership of taking action on recommendations.
Often a Memorandum of Understanding (MOU) or Service Line Agreement (SLA) may be the best tool for ensuring that all parties are on the same page on these issues.
Ideally, the MOU or SLA would be part of a broader strategy covering all three lines of defence: assurance relies not only on auditing but also on effective management and oversight. Each line of defence plays a distinct role in a horizontal assurance framework, and each may need to apply different tools, practices or methods to fulfill their distinct roles.
Sorting such issues out in advance can greatly simplify and strengthen horizontal assurance efforts. And if agreement can be achieved at the beginning of an initiative, human and financial resources can be lined up in advance. As horizontal delivery of programs and services becomes more prevalent, auditors will need to learn how best to audit such arrangements.
Deidre Green is the Assistant Comptroller – Audit and Consulting for the Province of New Brunswick. She is a member of the Government Internal Auditors Council of Canada, which brings together the heads of internal audit of Canada’s federal, provincial and territorial governments.