CORPORATE GOVERNANCE AND PERFORMANCE AUDITS

Presentation to
Chartered Secretaries Australia – Public Sector Governance Conference

By Wayne Cameron,
Auditor-General of Victoria

15 August 2003

The subject of governance has received much attention in recent years, and rightly so. Yet the subject itself is not new, particularly in the public sector. As far back as 1399 in his speech to Parliament, Henry Bolingbroke (who subsequently became King Henry IV) justified seizing the throne on the basis of his predecessor’s poor “governance”¹.

But to give modern and relevant meaning to the term we need discussion, research and the codification of practice.

Good governance is about behaviour judged against an accepted framework.

In a recent presentation to the Institute of Public Administration Australia I set out such a framework – there are others. The better practice guide released by the Australian National Audit Office in early July being one such example, as are the Australian Stock Exchange guidelines and the Australian Standards Association Guidelines.

The challenge is to establish the framework most appropriate for our organisation’s needs. The framework must be relevant to the long-term (sustainable) needs of the organisation and all of its stakeholders, set in the broader context of community expectations.

While much of the available literature springs from the corporate world, increasingly more material relevant to the public sector is becoming available. The work of the National Institute for Governance being one such example. There are many others.

Most aspects of any good governance framework will translate directly to the public sector, but there are also some features unique to the public service that need factoring in.

“Companies are accountable once a year; public agencies are accountable every day.”

Corporate governance is challenged in the public service by complex structures often involving an elaborate set of relationships between Parliament, Ministers (and their advisors), Boards and CEOs; intervention by Ministers, other parts of government, or the political process; unclear or conflicting economic objectives and community service obligations; the selection process for board members – which might give rise to divided loyalties on the part of the appointee; and direct appointment of Chairs and CEOs by, or on, the advice of Ministers.

The role of the Auditor-General in good governance

In the Victorian setting, the Audit Act 1994 establishes clear objectives for the legislative auditor. In particular, in determining whether:

• the financial statements of public authorities are presented fairly;

• authorities are achieving their objectives effectively and are doing so economically and efficiently, and in compliance with all relevant Acts;

• public grants are being applied economically, efficiently and effectively, and for the purposes in which they are given; and

• there has been any waste of public resources, or any lack of probity or financial prudence in the use of those resources.

Good governance extends beyond sound financial management where a strong and secure financial base provides an essential foundation to long-term economic, social and environmental wellbeing. Good governance also includes transparency of policy development and decision-making processes, probity, integrity of decisions and actions of government, and a recognition that better practice enhances effective outcomes. The focus of my Office has, in recent times, reinforced these principles and will continue to do so.

Some of my Office’s related recent work includes audits on Risk management; Performance indicators; Electronic procurement in the Victorian government; Parliamentary control and management of appropriations;, and a program of control and compliance reviews. In the latter case, the focus last year was on payroll processes and the quality of GST administration by public bodies. This year, we will examine purchasing and accounts payable systems across the public sector.

Planned work such as the aforementioned is frequently supplemented by the conduct of special reviews and inquiries. These inquiries tend, unfortunately, to illustrate failure of aspects of good governance, e.g. report on RMIT’s finances², and the Geelong Embassy³.

Pre-requisites for effective governance

Research has shown that reasons for failure in the private sector can often be traced to one or more of the following reasons:

• lack of sound goals and objectives;

• an absence of openness and transparency;

• the deficiency of values;

• inadequate internal controls; and

• poor risk management.

The Australian National Audit Office has identified 6 main principles that public sector entities must adhere to in order to effectively apply the various elements of corporate governance⁴. Three of these principles – leadership, integrity and commitment – relate to personal qualities of those in the organisation. The other 3 principles – accountability, integration and transparency – are mainly the products of strategies, policies and processes.

Good governance also requires, in my view:

1. That clear roles and responsibilities are established and documented throughout the organisation (and these roles and responsibilities are understood by the incumbent and others);

2. The formation of constructive relationships and accountabilities based on those roles;

3. Effective internal monitoring systems to reinforce those accountabilities:

4. An effective governing body;

5. Effective monitoring arrangements, including internal audit, and an audit and risk committee;

6. A systematic and integrated risk management system be maintained; and

7. Transparency through good external reporting.

Governance is not, however, just about compliance and control. It is about a framework of principles that facilitate an organisation’s ability to achieve its long-term objectives efficiently and effectively. It is also about maintaining sustainable performance over the long-term. To do that, any governance framework needs to demand attention to long-term requirements such as:

• adequate long-term planning; and

• developing and maintaining capability (e.g. personnel skill, technological investment etc.)

Virtually all public sector entities have, at least in some form, the elements of good governance present. However, it is not enough to simply define what good governance is about. Yes, we need a documented framework; yes we need to monitor compliance, but at the end of the day governance is about behaviour, set in the context of agreed values. The challenge is, therefore, to ensure that the elements of good governance are integrated into a coherent organisation-wide approach, which is well understood and applied.

The tone is set at the top. Not just in what is said, but also in how senior staff act out corporate values. Do you, for example, walk the talk? – value divergent views, encourage innovation or compliance, carry out your duties diligently, transparently?

Integration

Our audit work shows that more work is still required in the public sector to present the elements of public sector governance in a meaningful way, so that people in the organisation can readily understand and accept the purpose and manner in which the relevant elements combine to achieve required organisational performance and discharge accountability obligations.

Integration requires improvements to the operational alignment of strategic and business plans, as well as refinement of the organisational structure and improvements in channels of communication.

Roles and responsibilities

A well-governed organisation will have clearly documented objectives, roles and powers of the governing body and its committees; roles and responsibilities of staff; and clear and widely communicated policies on conflicts of interest, internal control, human resource management, information technology management, and standards of professional and ethical behaviour.

One of the themes to draw from this list of expectations is the constant need for clarity. Not only of responsibility but also in respect of accountability. This becomes particularly acute (confused) when committees or task forces are formed to oversee activities. Who is accountable for what remains a major issue in the public sector, and problems attaching to poorly determined boundaries of responsibility and accountabilities must rate as one of the most telling areas of vulnerability.

The complexity of public sector governance can, at times, lead to tensions arising from the interaction between Ministers, boards and the CEO. Therefore, it is critical that the relationship between the board, the Minister and the CEO, and the central agencies, is well defined.

Remember, ministerial advisory staff are frequently not governed by public sector legislation or codes of practice. The Commonwealth is currently reviewing this area – report due October 2003.

Boards

Boards should establish what the rules of the game are and get them in writing. Draft a charter for the Board and get the Minister to approve it. Clarify government’s priorities/expectations of the board. Get ministerial; directions in writing. If you can’t, then write to the Minister confirming your understanding of the Minister’s wishes. Don’t take responsibility in silence!

Boards need to establish a system for getting intelligence on what’s happening that affects their organisation.

Ensuring the independence of the board from management is crucial to developing effective board structures and operation. The board should be primarily responsible for formulation of strategy, policy making and monitoring performance against approved plans.

As part of the corporate planning framework, the corporate objectives must be carried forward into operational action and supported by an effective performance information framework.

Monitoring and reporting

The provision of information to the governing body and monitoring the organisation’s performance remains, for some, a significant issue. The effectiveness of a governing body relies on access to appropriate, timely and accurate information, sufficient time to allow directors/councillors to carry out the specified duties, and a willingness by governing members to ask the hard questions. It is best to be explicit, setting the minimum expectation of information required in order to discharge accountability requirements.

My June 2003 Report on RMIT’s finances found that information submitted to the University Council was unreliable and did not allow Council members to effectively review and challenge the performance of management. Forward financial projections had not been prepared and faculty operational plans had not been prepared in a format that facilitated central monitoring and review. That report is well worth a read in the context of the topic of good governance.

While the difficulties in developing and reporting adequate indicators of performance across government are acknowledged, my April 2003 report on Performance management and reporting – Progress report and a case study observed little progress and a number of shortcomings in many important areas of performance reporting. In particular, departmental objectives accompanying performance indicators were very broad and sometimes link poorly to government outcomes. Measures of progress and performance indicators are often poorly specified and do not allow the easy tracking of overall performance or assessment of contribution to achievement of government outcomes.

Control environment and risk management

The existence of effective control structures within a corporate governance framework provides assurance that an agency is operating effectively, and has established clear lines of responsibility and accountability for its performance. This is reinforced by the interrelationship of risk management strategies with the various elements of the control structure. The control structure should be tailored to each organisation’s specific situation and adapted over time as the organisation’s risk profile changes.

Risk management is a critical element of corporate governance and is necessary for satisfying both performance and conformance responsibilities. While there have been considerable advances in risk management by public sector agencies in recent years, a reactive approach to risk management is no longer sufficient. Strategic direction in setting risk management focus and practices needs to improve. The lack of expertise (understanding) in risk management continues to be a constraint in the public sector.

My March 2003 report on Managing risk across the public sector found that two-thirds of the public sector organisations examined include risk management explicitly in their governance processes, and just over half incorporate risk management into strategic and business planning processes. Overwhelmingly, organisations with a formal approach to risk management recognised other organisation-wide benefits - such as more robust corporate planning, improved understanding of risk exposures, improved assurance of risk controls, and improved contingency planning and incident response.

Around one-third of organisations examined did not explicitly identify and assess their key risks, or have a risk management strategy or policy in place. Many organisations did not rigorously assess risk and evaluate risk controls. This has the potential to lead to inefficiencies in prioritising and allocating resources to manage risk at both the organisational level and State-sector levels.

Audit committees

Increasingly, the charter of audit committees is being broadened to encompass the oversight of risk management. This involvement invariably leads to better governance and oversight of risk management at Board or executive management level. Audit committees actively take a risk management leadership role in about 40 per cent of Victorian public sector organisations⁵. This needs to increase.

Audit committees are a crucial part of any accountability model. Audit committees should be chaired by an independent member and have a majority of independent persons as members. All members must possess sufficient skills to undertake their responsibilities.

One of the greatest challenges we face in the public sector is finding people who are independent of the organisation, who can serve as audit committee members but who have sufficient knowledge of the organisational arrangements and risks bearing on the organisation to make an effective contribution and assessment of those risks.

In future, members of audit committees will have to increase their understanding of the nature of the risks within an organisation in order to discharge their responsibilities.

I believe that there remains a lack of clarity in departments about the membership and, at times, the role of audit committees, since I all too frequently see staff on audit committees who must clearly at times be placed in a position to have to comment, or examine at least, their own part of the organisation’s performance. I don’t believe staff should be placed in this position.

Other influences on public sector governance

The following developments are expected to have a growing impact on good governance arrangements in the future.

Partnership arrangements – As governments continually reassess their role in society, they are being required to develop new approaches to policy making and service delivery arrangements. These are increasingly likely to involve the establishment of partnership agreements. Public sector reform is also resulting in government objectives requiring the co-ordinated efforts of 2 or more agencies/parties/levels of government – joined-up government.

As a consequence, governance arrangements will have to increasingly cross organisational boundaries to better align activities and reduce barriers to effective co-operation and co-ordination. Programs involving more than one agency/level of government will need to be appropriately focused and co-ordinated, and effective relationships developed with stakeholders as part of the corporate governance framework to avoid fragmentation and overlaps in government programs.

This requires a robust governance framework that clearly defines responsibilities and accountabilities.

The Canadian Auditor General⁶, in a study of collaborative partnerships involving government and non-government sectors in delivering services and policy making suggested that while the Minister is clearly accountable to Parliament for the involvement of a federal department or agency, in a collaborative arrangement, partners could be held accountable for the achievement of results.

Canadian experience and that of others, suggests the following important elements should be present in a good (collaborative) governance framework. These could be developed through, for example, a charter or accord:

• a common language;

• mutual understanding;

• clarity of goals and expectations of each sector participants;

• clear statement of respective roles and responsibilities;

• agreement on outcomes to be evaluated;

• joint dissemination of information; and

• early agreement on dispute resolution processes ⁷.

Community consultation/
Participatory governance and policy development

Governments are increasingly outsourcing services and partnering with other agencies and sectors in delivering outcomes. The mood is clearly moving towards the private and community sectors wanting greater direct involvement in public policy making based on the knowledge they have accumulated in service delivery.

One of the key governance challenges arising for the public service in the future will, no doubt, be how to accommodate this interest from outside of government in decision-making and policy development.

The traditional framework for policy development sees governments undertaking formal consultation with non-government participants usually around the middle of the process of developing policy; for example on the basis of a discussion paper. But this is changing. The community may be involved in the first stage of the policy process of defining the problem at hand, and (also beyond decision-making) and in implementation and evaluation.

Governments are uncertain about how to act in moving away from this limited consultation model of policy development. Common concerns include accountability issues, relationships across the sectors, loss of control over policy outcomes, and time and resources required.

More than one formal stage of consultation may be required if governments are to cope better with the increasing complexity of relationships.

E-government

The changing environment in which the Government operates also surfaces information technology issues (possibilities) about co-ordination, collaboration and development of shared databases and greater integration to achieve seamless service delivery.

Robust corporate governance processes are required to help agencies manage issues and high-risk areas emerging from increasing reliance on information technology. The risks involved also raise issues about privacy and confidentiality of records⁸. Such risks need revisiting in the light of the rapidly changing environment and a renewed level of awareness required to be instilled about security and privacy risks, and the policies and practices required to effectively to manage them.

The increasing use of e-mail for the communication of policy and administrative decisions poses a significant challenge in terms of record keeping. Good record keeping is an integral part of a sound control environment and should be subject to a regularly reviewed risk management strategy. Clear policies about record keeping are, therefore, required which reflect the changing ways that public business is transacted.

Conclusion

The ongoing challenge for the public sector will be in meeting performance and accountability expectations in a changing environment. This will increasingly require that governance arrangements be well understood and accepted by all those concerned. These arrangements will need to be dynamic and flexible to meet the needs of participants, including citizens.

The main elements of corporate governance must be integrated within a framework that best suits the objectives, legislation and operating environment of each agency. Moreover, good governance requires the application of effective governance principles by the management and staff within each organisation to effectively implement the designated governance frameworks, controls and guidelines.

Applying good governance practices will not guarantee that an organisation will achieve its performance and conformance objectives. It is, however, a crucial element and increases the probability of success in these areas. It is highly likely that an organisation that pays little attention to governance matters will eventually face serious issues, which impact upon its operations.

____________________________________________________

References

¹ Quoted at http:/www.dur.ac.uk/r.h.britnell/seminar%2002.htm

² Victorian Auditor General, Report of the Auditor General on RMIT’s Finances, June 2003.

³ Victorian Auditor General, City of Greater Geelong’s involvement with the Geelong Business and Trade Centre, Report on Public Sector Agencies – Results of 30 June 2001 financial statement audits, November 2001.

⁴ Mr Pat Barrett, Auditor General for Australia, Expectation and Perception of Better Practice Corporate Governance in the Public Sector from and Audit Perspective, Presentation at CPA Australia’s Government Business Symposium, Melbourne, September 2002.

⁵ Victorian Auditor-General, Managing risk across the public sector, March 2003

⁶ Canadian Auditor General, Report of the Auditor General, April 1999, Chapter 5.

⁷ Meredith Edwards, Participatory Governance, Canberra Bulletin of Public Administration No. 107, March 2003

⁸ Mr Pat Barrett, Auditor General for Australia, Corporate Governance in the Public Sector Context, Canberra Bulletin of Public Administration No. 107, March 2003.