In a month where billionaire entrepreneurs are reaching for the stars (or at least the edge of space), we thought it was timely to share our research and recent experiences about the audit topics that are trending in the Local Government audit universe.
Councils are probably aware that the NSW Audit Office has recently published an annual summary of its Local Government Internal Audit Program. This informative document (and there’s a short video for the time-poor) includes trends and patterns that might be of interest when planning a risk-based, local internal audit program.
More importantly, with Local Council elections postponed until December 2021, we expect that Council strategic and operational planning will be similarly pushed back. This presents an opportunity for internal audit to provide assurance regarding the management of high risks and the effectiveness of governance frameworks prior to the commencement of a new Council.
To ensure long-term effectiveness of frameworks and that new councils are well-positioned to continue to produce the best service delivery outcomes, Local Government internal audits should consider the following high-risk areas:
- Asset Management – Councils have millions (possibly billions) of dollars’ worth of assets under management, and as such, it is critical to have sound, robust controls over the asset lifecycle. An internal audit could look at governance arrangements; planning and reporting; maintenance and replacement; and/or data and systems coverage. This audit could also apply to Council’s broader asset management framework, or a sample of asset classes managed by Council. For example, roads, plant and fleet, property, leisure and community facilities, natural environment and waterways. Importantly, this audit complements the external audit program, which looks at the valuation of various asset classes and their recognition in Council’s Financial Statements.
- Investments & Commercial Ventures – Investments and commercial ventures represent a strategically significant function for most Councils in ensuring financial sustainability and performance. All investment decisions involve a degree of risk or uncertainty, which can result in potential financial shortfall and loss of investor (i.e. community) confidence. In the case of commercial entities, there are often additional risks associated with legislative or regulatory non-compliance and inadequate management of conflicts of interest (i.e. where Council is responsible for enforcing their own legislative and regulatory compliance).
- Fraud & Corruption Prevention – Councils in NSW are required to align their fraud and corruption prevention frameworks with the ten fraud control attributes outlined by the Audit Office of NSW. There is also a new Fraud and Corruption Control Standard that includes the minimum requirements of an effective fraud and corruption control system. An audit can evaluate the potential for the occurrence of fraud and provide assurance that a Council is managing its fraud risks appropriately. It can also identify and test high risk fraud areas to ensure controls are in place to mitigate risks to an acceptable level and, where not, recommend an appropriate improvement plan/remedial action.
- Work Health & Safety – The importance of minimising workplace injury and illness cannot be overstated. Councils have a primary duty of care to their workers and visitors to their workplace, including contractors and volunteers. There are numerous strategies and processes that employers and businesses need to have in place to comply with workplace health and safety legislation. An audit or health check against recognised standards can identify any gaps in compliance, minimise risks and suggest improvements. Alternatively, you could consider an audit of WHS culture or embeddedness to check that policies, procedures and good intentions are being adopted across Council.
- Procurement & Tendering – Still one of the highest risks for Local Councils, the controls over procurement and tendering are essential in minimising financial and reputational risks. A procurement and tendering audit can compare a Council's policies and procedures with good practices outlined by the Audit Office and/or ensure that these policies and procedures are understood and followed by staff at all levels of Council.
- Environmental Protection & Sustainability – Councils have numerous environmental obligations, including with regards to coastal and land management, Crown Land reforms and asbestos remediation. There are also annual environmental reporting obligations for Councils managing waste management facilities and/or water and sewer services. An audit of environmental initiatives, including one or more of its compliance obligations, can provide assurance that Council is taking all reasonable steps to mitigate its environmental (and associated reputational and financial) risks.
- Recruitment and Selection – the ICAC made a number of findings in its report into Operation Dasha that relate to the appointment of senior personnel within Councils. These findings are particularly topical given the period of organisational change expected to follow the December 2021 elections. An internal audit of the end-to-end recruitment process could provide reasonable assurance of compliance with in-house policies and procedures. Importantly, given the ICAC’s recommendations, such an audit might also consider the appropriateness and currency of Council’s policies and procedures in the context of relevant legislative provisions and the OLG’s standard contracts of employment.
- Cyber Security – Strong IT controls are critical in protecting a Council's systems, networks, and programs. Cyber-attacks aim to disrupt/interrupt normal business processes; gain access to information with the aim of stealing, changing or destroying content; and/or extort money from individuals or organisation. A cyber security audit against a recognised Standard will determine whether Council has strong and effective controls in place to protect sensitive information and minimise business disruption. This audit is included on the Audit Office of NSW’s forward program for 2022-23 to 2023-24.
Centium's Approach to Internal Audit
An effective risk-based, internal audit plan enables well-run Councils to focus resources on their highest risks - as well as areas that may be perceived as being of concern for new and incoming Councils.
Centium offers an independent, insightful and practical perspective. Importantly, we develop strong partnerships with our clients to provide assurance, build capacity and facilitate ownership of outcomes. We are also available to provide advice and facilitate management discussions regarding risk.
Browse Centium's range of Risk & Assurance services or talk to us about how we can help.