Thanks to recent policy reviews and changes to legislation, local councils now have the potential to make better use of internal audit processes as a means to improve management, governance and performance. The historic focus on the ‘conventional’ functions of internal audit around risk, financial management and sound corporate governance is now widening to address other elements of the performance and accountability of councils as democratic, elected bodies serving local communities.
Centium has recently commissioned a research paper by Adjunct Professor Graham Sansom which describes the varied ways in which internal audit can be scoped and implemented. The paper outlines moves towards a ‘creative’ approach that puts more emphasis on improvement, self-regulation and community-focused governance.
Given the potentially very broad scope of internal audit now identified in legislation, and the limited resources available for this function, questions of balance and priorities loom large. What package of internal audit activities deliver the most value to a council’s operations – and to the community that the council serves?
Management of risk, together with appropriate internal controls and processes to ensure legislative compliance, probity and sound corporate governance, constitute the foundations of what might be termed ‘conventional’ internal audit. Properly conceived, risk management can and should be a value-adding process, not only finding solutions to actual or potential problems but also identifying opportunities that can be grasped by taking calculated risks.
Monitoring and review of council’s financial management controls, including fraud prevention activities, is another cornerstone of internal audit. As many councils grapple with the mismatch between community needs and demands for infrastructure and services on the one hand, and limited resources on the other, effective and appropriate use (and oversight) of available funding is essential.
In several states, audit committees are now expected to play a significant role in monitoring the outcomes of strategic and corporate planning processes, service reviews and performance monitoring and improvement. This was the key change made in the 2016 amendments to the NSW Local Government Act, complementing the earlier legislation of ‘Integrated Planning and Reporting’ requirements in 2009. A great deal of information is being collected that can be used to benchmark the performance of councils against similar counterparts, whether across-the-board or in specific areas of service delivery or governance. This information can subsequently form the basis for programs or projects to bring about required improvements.
The guiding principles now being incorporated in local government Acts blend established thinking about sound corporate governance (meeting statutory requirements, ethical administration, accountable and transparent decision making, handling complaints, etc.) with newer concepts of community governance (robust local democracy, active citizenship, community engagement, etc.). One is primarily focused on the council organisation, the other on its external relationships, especially its citizens and electors. "Good governance” needs to combine the two, with meaningful accountability to the local community as a common task and goal.
All elements of internal audit are concerned with the quality of governance. But the challenge posed by recent legislation is to move beyond a model that is largely inward-looking, to one that ensures local councils work more effectively as democratic entities. This is consistent with the requirements for councils relating to performance monitoring and reporting discussed above, as well as those for strategic planning, service reviews and closer engagement with the community and key stakeholders. Councils need to adapt to changing community needs, be more accountable for their actions, and play a stronger role as a partner in Australia’s system of government.
There is now widespread agreement that audit committees should have a majority of independent members with relevant expertise and an independent chair. The role of councillors in audit committees remains open for discussion, with a decision expected from NSW OLG in early-mid 2021.
An expanded role for internal audit would highlight the need to ensure its freedom from unwarranted interference by the elected council and senior management, whilst at the same time building effective working relationships. In the final analysis close cooperation and trust amongst the key players – the committee chair, the chief executive and the internal auditor (or chief audit executive) are indispensable.
Internal audit and the audit committee must be adequately resourced. Historically, all forms of audit in local government have been under-funded, largely due to competing priorities, but perhaps also because the value of informative audits that can lead to more efficient and effective operations – and thus better outcomes – was not understood. Nevertheless, the fact remains that in the great majority of councils resources are scarce relative to needs.
Any moves to expand internal audit and the role of audit committees will therefore have to be phased-in over an extended period, as now proposed in NSW. By the same token, however, councils would do well to consider:
The remit of audit committees and the scope of internal audit functions is set to expand. Moroever, the mix of functions and activities appears certain to change significantly with the emergence of a distinctive approach to internal audit attuned to the particular characteristics of local government. Particualry, its complex relationships with both state governments and diverse local communities.
More wide-ranging internal audit, coupled with more independent and authoritative audit committees, offers the potential to enhance both the operations and status of local government. It can ‘shift the dial’ to improvement and added value. This does not mean abandoning traditional core elements of internal audit such as risk, compliance, probity and financial management. However, it will require incremental moves to make room for activities such as oversight of the implementation of strategic and corporate plans, performance monitoring and service reviews. Those moves may involve finding additional resources or adjusting priorities within existing budgets.
Centium has over 30 years' experience working with government organisations in ensuring that internal audit presents a balanced picture of performance that identifies both weaknesses and strengths, whilst pointing to avenues of improvement. More than constructing ‘defences’ against risks, we adopt an approach that encourages innovation and embraces future opportunities.