Who audits the auditor?

·         Getting the right balance between rigorous oversight of audit bodies and protection of their independence is a big challenge

A good governance structure is fundamental to the effectiveness of public audit organisations. It is something that must apply to all, without exception. This is particularly true for what are known as supreme audit institutions.

SAIs, owing primarily to their role in public financial management, must be in the vanguard of good governance. They have a critical responsibility to scrutinise the work of government entities.

As such, they often issue none-too-complimentary opinions or views, frequently provoking the ire of government officials, who may well ask: “Who audits the SAI?” I am sure many colleagues have been asked this question, usually following an unfavourable audit report or opinion.

These moments are a reminder of the awesome responsibility that one has, as head of an SAI, to ensure that all of its activities are beyond reproach. So what then are the key requirements for independent audit, in the context of the structures in Jamaica?

First, our constitution gives the minister responsible for finance the duty to audit and report on the accounts of the auditor general’s department. The minister is also granted right of access to all records relating to the accounts, which have to be audited annually. The report that results is submitted to the Speaker, who is required to lay it before the House of Representatives.

Second, under Jamaica’s Financial Audit and Administration Act (2011), the Internal Audit Unit is identified as the body that undertakes the review of the accounting records of the auditor general’s department. It is intended to be a sober reminder of the need for checks and balances.

Although these audits have not to date identified significant weaknesses, the minor issues they raise reinforce the need for robust review and oversight. The need for such regular reviews has become established, albeit in a simple form.

Third, there is the Audit Committee, established at the request of Jamaica’s SAI, and which is comprised primarily of private sector representatives, in an attempt to safeguard independence.

These safeguards have together established a robust governance structure for the supreme audit authority. The question remains though as to who should conduct the SAI audit – and whether there should there be limits on the extent of that review. This depends largely on who the primary auditors are and who they report to – a view substantially influenced by the need to safeguard the independence of the SAI.

Constitutional responsibility

Two important factors come into play here. First, Jamaica’s SAI has a constitutional responsibility to audit all government entities, departments and units, including internal audit units. This arrangement means that the SAI reviews the work of the IAU of the Ministry of Finance, as part of our assessment of the extent to which we can rely on the work of that unit when finalising our audit plan – as well as to assess the performance of the unit. On the other hand, the IAU has a responsibility to review the accounting records of the auditor general‘s department. This potential circularity suggests that both the SAI and IAU are exposed to risks of impaired independence and objectivity.

This has not hitherto given rise to any particular difficulties. But we also need to be mindful that the role and function of the internal auditor has been evolving. The occupation has been transformed from that of “old school auditor” to one more akin to a management consultant, focusing on value added. As a result, an internal auditor, much like with an SAI, is not solely interested in the accuracy of accounting records, but also in the effectiveness of an organisation’s business activities.

The main business activity of an SAI is to conduct audits. This was brought home to me forcefully when a request was made for our risk-based audit plan. I was taken aback by the fact that our internal auditor was able to request such information, to assess the efficiency of our audit planning strategy.

The Jamaican Constitution states that the Auditor General shall not be subjected to the direction and control of any person or authority. However, the internal auditor reports administratively to the financial secretary, who reports to the Minister of Finance – who in turn has a constitutional obligation to commission the audit of the SAI.

Of course, the Minister of Finance receives a copy of our strategic plan on an annual basis. But unlike the risk-based audit plan, specific entities are not identified in it. In Jamaica’s case, this is an issue that would exist whether the SAI was subject to audit by independently appointed auditors or not.

A second consideration is that SAIs and IAUs are operating in an environment of scarce resources, and need to collaborate to avoid duplication and to employ resources in the most efficient and effective manner. However, any collaborative effort or agreement with the Internal Audit Unit of the Ministry of Finance would likely further impair objectivity and independence.

Even so, it is not obvious that external auditors are the solution. Government being rules-based, it is fundamental that an audit of any public sector body should encompass a regulatory review of its operations. Public sector auditors are more likely be more familiar with these rules and therefore to more readily identify breaches. A downside is that it is not the role of an internal auditor to form a true and fair opinion of financial statements or appropriation accounts.

On the other hand, the involvement of auditors outside the public sector can also pose a challenge, due to their lack of familiarity with the issues. But this is not always the case – it simply means that non-public sector auditors must be carefully selected, to ensure that the review’s objective is achieved.

Rigours of oversight

Whatever the case, SAIs must not escape the rigours of oversight. This could be from within (as in the case of Jamaica) or by external auditors, and should not be limited to financial performance or the execution of fiduciary responsibility. However, SAIs (as ‘apex’ institutions) need real independence to carry out their mandates.

In that respect, peer reviews should be encouraged between SAIs to bolster their governance structure, effectiveness and knowledge sharing, while protecting their independence. In this way SAIs would benefit from organisation-wide reviews that foster best practice between them. We should consider making such SAI peer reviews mandatory.

Ultimately though, it is the effectiveness of the audit function that counts. That depends more on the governance structure than on who provides oversight. My view, largely influenced by the requirements of reporting to the Minister of Finance, is conditional on there being adequate operational independence for SAI and IAUs.

Alternatively, SAIs could report to an independently constituted panel, such as a public accounts commission, or obtain the support of an advisory council. Where that is the case, independent auditors could undertake financial and performance audits. Whatever the model, I believe that SAIs can benefit from independent assessments of their quality and effectiveness – an approach that can help validate strategies and identify areas for improvement.

Source: Public Finance (News & Insight for public finance Professionals) – By Pamela Monroe Ellis