70 terms

Public & Private Governance

STUDY
PLAY
Public Sector
the public sector consists
of governments and all publicly controlled or publicly
funded agencies, enterprises, and other entities that
deliver public programs, goods, or services.
Public sector governance includes two domains:
1. public governance
2. organizational governance.
Public governance
refers to preconditions to run (govern)
a jurisdiction — processes and structures necessary to ensure that the government can stay in power until the end of its mandate,
Organizational governance-PUBLIC
is derived from the corporate governance experience and deals with the specific organizations that comprise the public sector. Organizational governance addresses how organizations should be structured to mitigate or eliminate conflicts of interest between their personnel and the citizens that the organizations represent.
Assessing organizational governance in the public sector
requires a firm understanding of the
characteristics, structure, and accountability processes prevalent in international, national, regional, and local governments.
Responsibilities for governance are shared among the
board, senior management, and the audit function.
TRUE
Who bears primary responsibility for organizational governance and often delegates implementation responsibilities to senior management?
The Board
Performing the assessment (gov) will require auditors to gather evidence from and consider processes and structures
related to:
•The board and audit committee.
• Strategy.
• Enterprise risk management.
• Ethics.
• Compliance.
• Organizational accountability.
• Monitoring.
• IT governance.
Governance is the processes and structures implemented
by the board to
inform, direct, manage, and monitor the
organization's activities toward achieving its objectives.
Who plans, organizes, and directs the performance
of sufficient actions to provide reasonable assurance that
objectives will be achieved (Standards)?
Management
Who is is responsible for implementing governance processes and structures.
The Board
The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
(PECC)
• Promoting
• Ensuring
• Communicating
• Coordinating
Promoting
appropriate ethics and values within the organization;
Ensuring
effective organizational performance management and accountability;
Communicating
risk and control information to appropriate areas of the organization; and
Coordinating
the activities of and communicating information among the board, external and internal auditors, and management
The internal audit activity must not evaluate the design, implementation, and effectiveness of the organization's ethics- related objectives, programs, and activities.
FALSE. (they must)
The internal audit activity must assess whether the information technology governance of the organization supports the organization's strategies and objectives.
TRUE
Control
Any action taken by management, the board,
and other parties to manage risk and increase the likelihood that established objectives will be achieved.
Risk Management
A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives (Standards).
Public and private sector organizations differ considerably
with regard to governance.
TRUE (Generally, public sector governance
is more rigid and under greater regulatory burden.)
Main Organizational Purpose

PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR VS.
Protect/Serve Public Interest

PRIVATE SECTOR
Maximize Shareholder Value
Creation PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Law

PRIVATE SECTOR
Incorporation Acts
Governance Structure -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Governing Board/Audit Committee/Senior Official

PRIVATE SECTOR
Shareholders/Board of Directors/Audit Committee
Finance -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Taxes/Revenues

PRIVATE SECTOR
Ownership/Debt/Revenues
Operational Rules -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Formal/Rigid/Law

PRIVATE SECTOR
Formal/Flexible/Informal
Accountability -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Citizenry/Legislature

PRIVATE SECTOR
Shareholders/Stakeholders/Regulators
Outside Communication -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Open/Public

PRIVATE SECTOR
Present/Potential Shareholders, Stakeholders, and
Regulators
Control Systems -
PUBLIC SECTOR VS. PRIVATE SECTOR
PUBLIC SECTOR
Rigid

PRIVATE SECTOR
Flexible
In democratic governments, the executive function is
responsible for
for planning, directing, and controlling daily
operations, while the legislature is responsible for authorizing the executive budget and government expenditures. The legislative auditor audits and reports on the performance of the executive branch.
The board's actions are subject to laws, regulations, and
the needs of stakeholders.
TRUE
Who are are accountable to the board.
The organization's executive leadership and senior management
Public sector audit functions can provide their organizations with governance ______ &___________
assurance and advisory services.
The audit function can play numerous roles in assessing
and contributing to the improvement of organizational
governance.
True. (For example, auditors can:
• Provide advice on ways to improve the organization's
governance practices if they are not mature.
• Contribute to the organization's governance structure
through internal audits, even if those audits are not
focused specifically on governance.
• Act as facilitators, assisting the board in governance
self-assessments.
• Observe and either informally or formally assess
governance, risk, and control structural design and
operational effectiveness, while not being directly
responsible for them.)
The appropriate role for the audit function and the
resource commitment to each of these roles depends
largely on the maturity of the governance system and
the organization's size and complexity.
TRU
The ______should discuss and reach an agreement with the board on the audit function's role in assessing organizational governance.
CAE
The Three Lines of Defense model (three levels of assurance providers:)
1. operating or line management,
2. organizationwide functions, and
3. independent activities such as the audit function.
First line of defense:
operational management functions that own and manage risks.
Second line of defense:
risk management and compliance functions that monitor
risks.
Third line of defense:
an internal audit function that provides independent assurance.
When internal audit is also responsible for second line of defense functions, such as risk management and compliance, it is essential to implement safeguards to protect independence and/or objectivity and to routinely validate that the safeguards are operating effectively. (T/F)
TRUE
The main desirable characteristics of an effective audit
committee are the
independence and competence of its members.
The composition of public sector audit committees
varies, but a minimum requirement of ____ members
is considered a general rule.
3
In assessing audit committee performance, government
auditors should focus on a three-pillar framework:
• Assessing compliance with charter obligations.
• Assessing the participation of audit committee members.
• Assessing value-added activities pursued and outcomes
achieved.
Strategic planning
where an organization is going over the next few years and how the entity proposes to get there.
Subsidiary Strategies
Strategies that are concerned with how the organization will successfully operate in particular areas. Subsidiary strategies involve decisions about choice of services to be delivered, meeting community needs, influencing political agendas, and exploiting or creating new opportunities.
Organizational Strategy
The highest level strategy, organizational strategy is concerned with the overall purpose and scope of the organization to meet stakeholder expectations. (This is the most critical level because it is heavily influenced by stakeholder budgetary allocation and acts to guide strategic decision-making throughout
the organization.)
Strategies should:
• Be developed through a disciplined process and supported by the best available information.
• Be commonly understood by organizational personnel.
• Serve as a platform for all major decisions.
• Enhance stakeholder value.
• Align with other strategies, both top-down and across
the organization.
• Be clearly reflected in objectives, structures, and
operations at all levels.
• Enable alignment of measurement and rewards.
• Eliminate redundancies.
• Be documented.
• Manage/maintain risks within risk tolerance limits.
• Allow risk expectations to be well understood by
stakeholders such as regulators, interest groups, citizens,
rating agencies, and capital markets.
_________members have primary responsibility
for promoting strong ethics.
Senior management
Evaluating the ethical climate is sensitive and can be
highly subjective. To succeed, auditors should:
• Get sponsorship and agreement on the evaluation
methods from the board and senior management.
• Consider using a maturity model for the evaluation,
because no ethical climate is completely good or bad.
• Consider using self-assessment methods such as surveys
or workshops
Operational Strategies
At the operating level, strategies are focused on how each activity or function will deliver organizational and subsidiary strategies. Compared to organizational and subsidiary strategies, operational strategies are much more detailed and focused on resources, processes, people, etc. All material discrete activities and functions should have operational strategie
The litmus test
is the process by which the stakeholders can act to address inappropriate actions and reward
exemplary performance.
The CAE should use a ______ in defining the
scope of the governance assessment or assessments.
risk-based approach
A periodic plan for auditing governance should consider
the relationships among ________,_________,&________
governance, risk management, and internal controls.
The ____ should review the audit universe and
modify it as necessary to ensure that governance processes and structures are included,
CAE
When assessing accountability, the audit function
should consider:
• The organization's legal or legislative appointment,
legal structures, and applicable laws and regulations.
• Formal and comprehensive "delegated authorities"
and "powers reserved."
• Documented acknowledgement of their accountabilities
by key personnel.
• Processes to monitor accountabilities and corrective
actions taken when accountabilities are not met.
According to the Standards, IT governance consists of _____,________, and______________
leadership, organizational structures, and processes that
ensure that the enterprise's IT supports the organization's
strategies and objectives.
maturity models can
be used to:
• Evaluate governance effectiveness.
• Develop plans for improving the organization's
governance structures, processes, and arrangements,
either taken as a whole or by individual governance
process (e.g., ERM, compliance, and internal audit).
These plans are particularly useful when varying
levels of maturity exist or are desired among different
processes.
• Track improvement progress.
• Benchmark governance best practices.
• Map governance activities to those responsible for
their design and operating effectiveness.
____________providers include functions
such as risk management, compliance, quality assurance,
environmental auditors, health and safety auditors, and government auditors.
Internal assurance
The overall objective of organizational governance
in the public sector is to
best serve and protect
the public interest and ensure appropriate management
accountability and communication to its key stakeholders.
In providing assurance, auditors normally use a two-step
approach:_____&____________
1. Review the design and
2. test the operating effectiveness
of key processes and structures
PRIVATE
...
__________providers such as external auditors,
third-party assurance providers, and regulatory examiners
will give the board, executive management, and stakeholders' additional comfort on aspects of the organization's performance and compliance.
External assurance
The starting point for internal audit in providing assurance
is to gain an
understanding of the context within which its
organization operates, identify the key stakeholders and their requirements, and determine how the organization defines governance.
SRO (Self-regulated organizations)
is an organization having certain
limited regulatory authority over its members. (Ex, largest stock exchange)
The board, through its audit committee, should look to
the CAE for periodic reports on the audit activity's quality
assurance and improvement program and ensure that
the program provides for an independent assessment at
least every _______years.
5
For each specific governance activity or process, there
may be different types of objectives. Generally, objectives
can be categorized as:
(ORCS)strategic, operational, compliance,
and reporting.
Organizational governance-PRIVATE
involves the set of relationships among the organization's stakeholders, board, and organization management. (same as gov)
The___ is the link between the stakeholders and
the organization's executive management.
The board
The__________is ultimately responsible for implementing the organization's governance system.
CEO/SENIOR MANAGEMENT
YOU MIGHT ALSO LIKE...