Dear Editor,
The incoming government needs to get smarter about internal controls, risks, and governance. Two functions worthy of implementing within each ministry are internal audit and enterprise-wide risk management.
An internal audit function will provide risk-based and objective assurance, advice, and insight for a better-run ministry, while an enterprise-wide risk management effort will enhance internal oversight and coordination between departments, and institutionalise robust decision-making, thus ensuring value for public funds being spent.
In most private organisations, the existence of a risk management effort, a structured approach that aligns strategy, processes, people, technology, and knowledge to manage risks and uncertainties the organisation faces, is a best practice. Resources are deployed to the greatest effect while problems are identified long before they take root ultimately leading to improved outcomes. If adopted by government agencies (as some governments around the world are doing), tremendous benefits can be realised.
A well-structured and equipped internal audit effort is a critical element in the governance structure of an entity, especially public sector agencies where it can cover areas not ordinarily covered by the Auditor General. Its mandate encompasses extensive financial, operational, value-for-money, systems, and special audits within that ministry to embody:
• Integrity and use of financial and operating information;
• Systems and controls;
• Whistleblowing complaints;
• Compliance with government policies;
• Safeguarding of public assets; and
• Recommending operating improvements.
For example, South Africa, Israel, Sweden, and Canada all have internal audit functions in ministries while some have enterprise-wide risk management efforts or are at various stages of implementing one in each government agency. The investment they made in establishing an internal audit section in each ministry is having a huge payback in terms of savings, identifying inefficiencies, wastage, duplication, nepotism, and corruption. I was on the Government of Canada’s Treasury Board Internal Audit Advisory Committee back in 2005 that oversaw establishing an internal audit function in each federal agency. Huge savings have been realised and there is significant value-for-money on tax dollars spent. Research has now proven that having an effective internal audit function that mirrors that of the private sector can be key to preventing and detecting frauds, scandals, and failures, particularly in government departments. This will save on audit costs, expedite the annual audit (done by the Auditor General’s Audit Office) and be a value-added service to the ministry.
An internal audit is there throughout the year and builds good knowledge of how a ministry works. Such a repository of knowledge can be unleashed to assess operations within that ministry by looking at the economical acquisition and use of resources, efficiency of routines, and effectiveness in the discharge and application of government policies. Also, such a function complements that of the Auditor General’s mandate, which will go a long way to ensuring that high risk areas in each ministry are audited, financial reporting is prompt, audit costs are reduced and accountability is enhanced.
The local chapter of the Institute of Internal Auditors (IIA) celebrates 20 years of existence this year and there are resources and appropriately qualified members (some holding one or more of the Global IIA’s eight certification programmes backed by solid experience) that can be leveraged and who can step up to the plate to take the lead toward this initiative.
Having an effective internal audit and risk management functions that are aligned with each other and that of the ministry and sharing information will most certainly beef up internal controls, prevent and detect fraudulent activities, and strengthen the government’s ability to forecast and mitigate risks by improving the internal oversight of all its decision-making. Risks should be properly identified and managed before public money is spent. An internal audit and risk effort will enable the government to make smarter decisions and embed a respect for taxpayer dollars within government itself. As a result, all Guyanese can expect improved services, better value for their money and smarter government.
Both functions can leverage such technologies as digital transformation, analytics, cloud computing, robotics process automation, artificial intelligence, blockchain, internet of things, and cybersecurity to bring modern audit tools and techniques to a 21st century Guyana government. All stand to gain.
Recent research has proven that the benefits to be gained far outweigh the costs incurred in implementing an internal audit and a separate risk management function in a government agency.
Yours faithfully,
Lal Balkaran
Internal Audit Consultant
Past President (IIA-Toronto) and Founder, IIA-Guyana
Scarborough, Ontario
