AuditGovernmentManagementPublic Sector
March 21, 2016

Internal Audit – An Enabler of Intelligent Risk-taking at NRCan

To continue to be viewed as a credible and relevant partner, internal audit must increase its focus on reducing costly bureaucratic processes, while still maintaining its credibility through the provision of assurance on relevant and efficient controls and processes. By challenging management’s understanding and appetite for risk and assessing the cost-effectiveness of controls in place, internal audit has an opportunity to make significant contributions to the reduction of bureaucracy and elimination of redundant controls.

Canadians expect their public services to be delivered in a way that demonstrates cost-savings and efficiency. To date, the ability of the public sector to achieve great results this has been hindered by a risk-averse culture. One symptom of this aversion to risk is an environment of excessive controls over business processes with multiple layers of oversight and verification. To address this impediment, federal public sector leaders have been emphasizing the importance of intelligent risk-taking. This concept refers to the empowerment of public servants to make decisions by considering risk, rather than avoiding decision-making due to a fear of failure. As such, intelligent risk-taking will require federal departments and agencies to reconsider their service delivery models to reduce unnecessary bureaucracy, while continuing to ensure that sound stewardship and accountability are maintained.


The Government of Canada has implemented several measures over the past few years to strengthen accountability and increase transparency in the public sector, including bolstering the role of internal audit. Since the implementation of the Treasury Board’s Internal Audit Policy in 2006, internal audit has established itself as an effective internal oversight tool for deputy heads and as trusted advisors to senior management across the public service. As a result, the number of internal audit recommendations has significantly increased and directly contributed to the strengthening of stewardship and accountability through improvements to management controls and frameworks. These recommendations; however, have also led to an increase in the number of organizational controls in place as well as the bureaucratic processes required for their implementation.
Within this context, internal audit has a critical role to play in this transformation by contributing to their department as enablers of intelligent risk-taking. Traditionally, internal audit has been focused on providing assurance on the efficiency and effectiveness of governance, risk management, and control frameworks with an emphasis on mitigating risks identified by management, rather than questioning whether risks actually warrant the controls in place. By challenging management’s understanding and appetite for risk and assessing the cost-effectiveness of controls in place, internal audit has an opportunity to make significant contributions to the reduction of bureaucracy and elimination of redundant controls. This includes assessing whether risks are well understood in the first place; determining whether risk tolerance is well communicated by senior management; and whether existing controls remain relevant to address the current risk environment. Positioning internal audit as an enabler of intelligent risk-taking; however, may be challenging, considering the risk averse culture of both public sector managers and the internal audit function itself.
Although deputy ministers and senior executives often refer to the need for intelligent risk-taking, public sector managers may be conflicted between efficiencies gained from eliminating redundant controls and the perceived consequences of a control failure. Ultimately, all controls were created to address risks identified at a given time, sometimes in response to a previous control failure. Management’s aversion to risk inherently conflicts with the willingness to eliminate existing controls, even when their cost-effectiveness and value may not always be clear. For example, redundant controls such as multiple approval layers often add limited value and cloud accountabilities; however, they continue to broadly exist in all departments and agencies. Some public sector managers may be reluctant to accept audit recommendations that eliminate such controls, as they provide management with a sense of security against perceived risks.
Another driver of risk aversion is the perceived consequences of non-compliance with policies and related ‘rules’. There are several cases where departmental and government-wide procedural policies may be out of date or misinterpreted, particularly with regards to corporate service related functions such as travel and staffing. Rather than applying the spirit of a given policy, burdensome processes are often created to ensure compliance with rules, when the rules themselves may be unclear. An example of this is the varying degree to which departments and agencies have interpreted the 2013 Treasury Board Directive on Travel, Hospitality, Conference and Event Expenditures (the Directive).

The internal audit community is equally risk averse. Although identifying efficiencies is part of internal audit’s mandate, auditors may be reluctant to recommend eliminating excessive controls for fear that their removal may result in future control failures as well as potential impacts on their credibility. Traditionally, internal auditors have maintained the view that it is management’s responsibility to identify risk tolerance levels and establish control frameworks. As such, auditors often place a greater emphasis on examining the effectiveness of existing controls and the efficiency in administering them, rather than challenging the established risk tolerances or whether the controls should be maintained based on the current risk environment. This is often seen in audits that focus on procedural compliance, rather than questioning the existence, relevance, and value of the procedures themselves.
The pressure is mounting on the federal government to provide better public services with fewer resources. This transformation of the public service inherently conflicts with the current risk averse culture in our institutions. To continue to be viewed as a credible and relevant partner, internal audit must increase its focus on reducing costly bureaucratic processes, while still maintaining its credibility through the provision of assurance on relevant and efficient controls and processes.
The Internal Audit Branch (IAB) within Natural Resources Canada (NRCan) has begun its own transformation towards becoming an enabler of intelligent risk-taking, in pursuit of greater efficiencies and a reduction of bureaucratic processes. To achieve this transformation IAB has recruited internal auditors with the right experience, professional designations, and necessary leadership competencies to succeed. Furthermore, building strong relationships with senior management as trusted advisors and value-added partners has been critical in establishing ourselves as an effective agent of organizational change, including challenging management’s appetite for risk. The following are recent examples of when IAB questioned risk tolerances, resulting in the elimination of redundancies:

  • Challenging the type of files regularly reviewed by a senior level committee, resulting in a significant reduction of files reviewed and a shift towards providing risk-based advice and decision making, rather than an informal ‘approval’ mechanism.
  • Questioning mandatory training originally planned for all employees, resulting in targeted training of a number of employees based on their specialized responsibilities and job requirements.
  • Reducing burdensome reporting and oversight processes for low-risk funding transfers to other federal government departments.

As IAB seeks to further increase its value to NRCan, we believe opportunities exist to play a significant role in the early stages of program development. This would enable IAB to leverage its knowledge and expertise to support senior management in the development of controls and processes at the onset of new initiatives. Such an approach could lead to leaner processes, a reduction in bureaucracy, and improved service delivery to Canadians.

It should be noted that in spite of its contribution towards intelligent risk-taking, NRCan’s audit function remains committed to providing assurance on the effectiveness of relevant controls and processes as part of its mandate. Audit recommendations to strengthen controls related to legislative and government policy requirements are essential to sound stewardship and are areas that will always benefit from assurance activities.

As part of assurance services; however, the value of providing recommendations that challenge risk tolerance levels and result in the elimination of redundant controls is equally important. Ultimately, this approach to the provision of audit services would allow senior management to view internal audit not just as an ‘assurance’ function, but as an effective mechanism to reduce and eliminate costly bureaucratic processes. As an enabler of intelligent risk-taking, internal audit is well positioned to support departments in achieving greater cost savings and efficiencies that Canadians expect from their government.

 

 

Ziad Shadid is Director of Audit Operations, Natural Resources Canada

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Audit
 
The Annual Financial Report of the Government of Canada Fiscal Year...
 
The role of internal audit in the public sector has changed...
 
We are excited to share with you the October/November 2018 edition...
 
Over the last several months, as a participant in the OCG’s...
 
Management in the Government of Canada is continuously searching for new...
 
We are happy to share with you the September 2017 issue...
 
In 2016, Deloitte undertook a global internal audit research study on...
 
We are thrilled to offer the July/August issue of Canadian Government...
 
We are happy to share with you the May/June issue of...
 
In today’s world of heightened focus on good governance and accountability...
 
At a recent meeting, a colleague asked me how I became...
 
In this special episode of CGE Radio, your host John Jones...
 
In the latest issue of CGE, the cover story is based...
 
Risk is always present in any undertaking, no matter the size...
 
The latest issue of Canadian Government Executive is currently available. Some...
 
The non-profit sector is operating within an era of increased accountability,...
 
The latest issue of Canadian Government Executive is now available. In...
 
While internal auditing has been considerably strengthened in most jurisdictions in...
 
The October issue of Canadian Government Executive on Focusing on Customer...
 
Responding to the growing demands for departments to gain greater insights...
 
In a little more than a year, Canadian banks and lending...
 
As an executive you’ve probably experienced frustration when you ask for...
 
Veterans Affairs Canada is not adequately managing the drug component of...
 
Whether responding to emergencies back home or assisting regular troops abroad,...
 
Canadians expect their public services to be delivered in a way...
 
Q: Where is Comptrollership going? Comptrollership in the Government of Canada...
 
Performance auditing can lead to more efficient, effective, and economical program...
 
The latest Auditor General’s report on Shared Services Canada (SSC) and...
 
Written By Chris Brown To deliver results that senior executives value,...
 
The government of Canada has implemented several measures over the past...
 
Whether at the territorial, provincial or federal government level, internal audit...
 
An organization’s reputation can take years to build but it can...
 
Today’s business environment changes rapidly to adjust to evolving conditions and...
 
Most professionals don’t need more than a sentence at a cocktail...
 
Recent research by the Institute of Internal Auditors Canada aims to...
 
After the Auditor General’s (AG) report was released on April 30,...
 
CGE Vol.13 No.1 January 2007 IT projects Ms. Fraser, your recent...
 
CGE Vol.13 No.9 November 2007 Independent audit committees are an integral...
 
In 2006 the world was feeling the aftershocks of a number...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
The Annual Financial Report of the Government of Canada Fiscal Year...