Part 3: Governance report

Annual report 2003-04.

What we set out to achieve in 2003-04

Our key objectives for 2003-04 in relation to governance

1. Implement our governance (and risk management) framework (see page 5 of our Annual Plan 2003-04).

2. Improve our own measurement and reporting of governance.

Our governance framework

The Office has in place a sound governance framework.

We define governance as “the system by which the Office is directed, managed and held to account.” It incorporates the culture, structures and processes for decision-making, accountability, control and behaviour. It provides the framework within which:

  • the Auditor-General is accountable to Parliament for his stewardship of the resources entrusted to him;
  • the strategies and goals of the Office are set, promoted and achieved;
  • the key risks to the Office are identified and managed; and
  • ethical values and behaviours, and responsible decision-making are promoted, and inappropriate actions and behaviours are sanctioned.

During 2003-04, we undertook a review of a key part of our governance framework; i.e. our strategic and operational management of the Office (what we call our “leadership model”). The following framework incorporates the revisions in this area. Our leadership model is described in detail on pages 46-47.

We have developed our framework to be generally consistent with good practice in governance arrangements. This is drawn from international and local sources, including from our counterpart organisations in Australia and the United Kingdom, and from guidance provided by the State Services Commission, the Crown Companies Monitoring and Advisory Unit, and the various Stock Exchange/Securities Commission organisations. This has been modified to reflect the public sector environment we operate in.

Our key governance principles

The Office will:

  • clearly define, and seek common agreement on, our Strategy and Purpose;
  • maintain a sound system of risk oversight and management, and internal controls;
  • actively promote a leadership culture which values and models ethical behaviour, openness, integrity and accountability;
  • clearly assign governance roles and responsibilities;
  • encourage open and effective working relationships and information flows within the governance structure;
  • ensure timely and balanced disclosure of material matters affecting the Office;
  • monitor management effectiveness and commitment;
  • maintain a structure to independently verify and safeguard the integrity of the Office’s financial reporting;
  • recognise our legal and other obligations;
  • operate mechanisms for stakeholder inclusion and feedback; and
  • review and continuously improve our governance arrangements.

Our key governance relationships are between:

  • the Auditor-General and Parliament (through the Officers of Parliament Committee), in relation to his stewardship (Note: the Auditor-General is independent from Parliament and Executive Government in relation to the performance of his duties);
  • senior management and staff, in relation to the strategic leadership and management of the Office; and
  • the Office and its stakeholders, in relation to the provision of services we provide.

These governance relationships define the accountability and reporting parameters of the Office.

Our governance framework can be represented as follows:

Governance framework.

Each component of our governance framework is described below:

Strategy and purpose

Our governance framework operates within the context of the Office’s Strategy and Purpose. Our purpose is set out in the Public Audit Act 2001. The Auditor-General proposes his Strategy to Parliament through the Officers of Parliament Committee at least every three years. The current Auditor-General has recently proposed his Strategy for the next five years (the balance of his term), and this has been endorsed by Parliament.

Risk management framework

Our risk management framework is an integral component to our governance framework. It sets in place the system by which risks to the Office can be proactively identified and managed. Our risk management framework is fully outlined in the Risk Report on pages 59 to 66.

Governance activities

There are two primary activities over which governance is required. They are:

  • Strategic Leadership, and
  • Management.

We define “Strategic Leadership” as:

  • The development of Strategy
  • The translation of Strategy into action (through Planning)
  • The establishment of linkages between strategy and performance and remuneration
  • The strategic management of capability (including succession planning for key senior positions)
  • The provision of guidance on the expectations of ethical behaviour, and
  • The communication of Strategy.

We define “Management” in two categories: “Operational management” and “Business management”. “Operational management” encompasses:

  • Professional management
  • Practice management, and
  • Project management.

“Business management” includes:

  • Human Resource Management
  • Financial Management
  • IT Management
  • Administration/Procurement Management, and
  • Communications Management.

Dimensions of governance

We consider our governance activities against four dimensions of governance. These are:

  • Decision-making
  • Accountability
  • Control, and Behaviour.

Considering our governance activities against these dimensions enables us to determine the appropriate culture, structures and processes we need for effective governance.

Decision-making includes such things as:

  • Governance structures
  • Information flows, and
  • Stakeholder inclusion and feedback mechanisms.

Accountability includes:

  • Roles and responsibilities within the governance structure, and
  • Key accountability documents.

Control includes:

  • Management controls, and
  • Supporting governance bodies/structures.

Behaviour includes:

  • Leadership culture.

On the following pages, we outline our specific governance responses for both of our governance activities against these dimensions of governance.

Monitoring and reporting framework

Key to our governance framework is an integrated system of monitoring and reporting. This enables us to demonstrate internally and externally, our performance (against our outcomes, risks, outputs and business strategies) and conformance (compliance with legislation, regulations and published standards and how we meet stakeholder expectations of probity, accountability and openness).

We have recently reviewed our monitoring and reporting framework across the Office to ensure it is aligned to our Strategy, and to promote “one-time reporting” of information.

Review and continuous improvement

We are committed to the ongoing review and development of our governance framework. This will include, from time to time, independent review of our governance framework.

We also intend to develop measures to assess the quality, effectiveness and appropriateness of our governance framework.

Decision-making

Governance structure

Our leadership model

Over the 2003-04 year, we reviewed how we manage and lead the Office to ensure alignment with our Strategy, and its ongoing appropriateness from a governance perspective.

As a result, we have made some key changes to our “leadership model”.

  • We have made a clearer distinction between the strategic leadership of the Office and our operational management. This means we have better defined the roles and responsibilities of the various management groups across the Office to ensure they exercise the appropriate oversight and are consistent with our Office-wide Strategy.
  • Secondly, we have strengthened the relationship between the two operational parts of the Office: Audit New Zealand and OAG Operations. Over the past ten years under the contestable environment for auditor appointments, the two parts of the Office had, by necessity, become quite distinct. The removal of contestability creates the opportunity to work closer together in terms of knowledge and resource sharing.
  • And thirdly, we have sought to involve more people in the ongoing development and leadership of our Strategy. This reflects our desire to be more innovative and flexible, and become “product leaders”.

There are four new leadership groups. They are:

  • The Strategy Governance Team (SGT)
  • OAG Operations (OAG Ops)
  • Audit New Zealand Executive Leadership Team (ELT), and
  • The Combined Management Group (CMG).

They are configured as follows:

Figure 3.

The purpose of each group is outlined below.

  • SGT is responsible for advising the Auditor-General on achievement of the OAG Strategy, including delivery of agreed annual objectives.
  • OAG Ops is the management team with collective accountability for the operational performance of the OAG.
  • ELT is the management team with collective accountability for the operational performance of Audit New Zealand.
  • CMG includes all members of SGT, OAG Ops and ELT, and is responsible for participating in the development of OAG strategies and policies.

Stakeholder feedback

We have some well-established stakeholder validation and feedback mechanisms – both internally and externally. These include:

  • The Auditor-General’s meetings with Select Committee chairpersons, parliamentary party leaders and public entities
  • The Local Government Advisory Committee
  • Client satisfaction survey (Audit New Zealand)
  • Staff survey (Audit New Zealand)
  • Internal client survey.

We have also trialled a pilot focus group of key stakeholders. In addition, we receive extensive feedback from our ongoing liaison with sectors and entities.

In our Annual Plan 2004-05, we have proposed that we will review our stakeholder validation and feedback mechanisms. This will include developing an overall framework for external stakeholder feedback, and aligning our internal staff and client surveys across the Office.

Accountability

Roles and responsibilities

In addition to having agreed purposes for the respective groups in our leadership model (outlined on page 47), the Office has:

  • job descriptions for all positions, and
  • terms of reference for our Project Office approach.

For all performance audits, major inquiries, research and development, and major corporate projects, the Office has recently introduced more formal project specification and proposal requirements. We expect to fully implement these project disciplines during 2004-05.

Through these mechanisms described above we are able to ensure greater clarity of roles and responsibilities in the governance of the Office.

Key accountability documents

Under the Public Audit Act 2001, the Auditor-General is required to submit:

  • An Annual Plan, and
  • An Annual Report.

The Auditor-General also submits a Strategic Plan (at least every three years), which incorporates a three-year Business Plan for funding. This is done so consistent with the requirements under the Public Finance Act 1989.

During the development of the Office’s five-year Strategic Plan, the Officers of Parliament Committee (OPC) has sought further reporting from the Office along the lines contemplated in the Public Finance (State Sector Management) Bill. Specifically that the Office will report on:

  • Impact evaluation of our performance audits (to commence in 2005), and
  • In three years, an evaluation of the implementation of the Strategic Plan.

At a management level, the Office has a range of internal accountability documents. These are:

  • Business Unit Business Plans
  • Team Plans
  • Individual Performance Plans.

These accountability documents form the basis for active monitoring and reporting internally and externally.

Control

Management controls

The key elements of the management control environment within the Office are:

Strategic leadership

  • Code of Conduct (which includes the process and disclosure mechanisms for identifying and managing conflicts of interest, confidentiality provisions, non-discrimination, care of property and other resources, and working with colleagues)
  • Risk management policy and process
  • Planning and monitoring processes
  • People Management and Communication Strategies
  • Process for Protected Disclosures.

Operational and business management

  • Policies and procedures for operational (practice) and business management activities
  • Human Resources policies and procedures
  • Finance and accounting systems and controls
  • Auditing standards
  • Auditing manuals
  • Methodologies
  • Professional indemnity insurance
  • Professional development programme
  • Performance reviews
  • Delegations
  • Independence declarations by all staff – at least annually (moving to six monthly)
  • All staff sign-offs of IT acceptable use policy
  • Business continuance plans.

While we have sound corporate (HR and Finance) policies and procedures, they are, in some instances, different across the OAG and Audit New Zealand. This reflects the different operating environments of the two parts of the Office and the separation which was necessary under the contestable audit model for selecting auditors to carry out annual audits.

Where appropriate, we intend to look for alignment and consistency of our corporate policies and procedures over the 2004-05 year.

In addition, we have identified the need to enhance our policies and procedures in the areas of Sensitive Expenditure and Employee Fraud, and to undertake a review of the Office’s legislative compliance.

Supporting governance bodies/structures

We have in place a range of supporting governance bodies/structures which are designed to strengthen the effectiveness of the Office’s governance.

The key supporting governance bodies/structures are:

Audit committee

The Auditor-General has appointed an independent committee to review and advise him on:

  • Risk management and internal control
  • Internal audit
  • Financial and other external reporting, and
  • Compliance with legislation, policies and procedures.

The Audit Committee has four members – three of whom are from outside the Office. The Deputy Auditor-General is the fourth member.The Audit Committee meets approximately four times a year.

Internal audit

To support the Audit Committee, the Auditor-General has also established an internal audit function. The purpose of internal audit is to provide assurance that risk identification has occurred and that risk mitigation strategies are in place, and internal controls operate and are effective. The internal auditor develops and implements an annual audit plan which is approved by the Audit Committee.

External audit

Under the Public Audit Act 2001, the House of Representatives appoints an independent external auditor for the Controller and Auditor-General. CST Nexia Audit, a private sector chartered accounting firm, is the current external auditor. The role of the external auditor is to:

  • conduct an audit and form an opinion on whether the annual financial statements published in the Auditor-General’s Annual Report fairly present the Auditor-General’s financial results, cash flows, financial position and service performance achievements; and
  • be alert to any issues relating to the Auditor-General’s performance, stewardship of resources, and the probity of management behaviour.

Opinions Review Committee (ORC)

An Opinions Review Committee (convened on an as-required basis) provides assurance as to the consistency of non-standard and potentially non-standard audit reports in certain circumstances, and ensures a consistent approach to major accounting and auditing policy issues affecting the Office. The Committee considers most cases in which a non-standard audit report is contemplated by an approved auditor.

Our quality assurance regime

Our quality assurance (QA) regime is the means by which we assure ourselves that all the “products” of the office meet the necessary standards of quality. Currently, our QA regime applies predominantly to annual audits. We intended to complete a review of QA over all products of the Office by 30 June 2004. However, this was unable to be completed due to competing priorities. It will now be completed in the 2004-05 year.

We aim to review each Appointed Auditor’s performance once every 3 years. Follow-up reviews may be initiated if we identify a need for improvement.

Our QA programme:

  • aims to ensure that auditors fulfil the requirements of the Auditor-General’s Auditing Standards and relevant audit briefs;
  • is part of the continuous improvement programme within the Office; and
  • provides feedback to the Office’s policy, sector and technical managers.

To carry out QA of an annual audit, we undertake desk reviews of audit files and also visit Appointed Auditors in their offices to:

  • review the systems they have in place to ensure compliance with the standards set; and
  • review working paper files for evidence of compliance with those standards.

Internal peer review

We require all Audit Service Providers (including Audit New Zealand) to subject all audits over 500 hours (and for high risk audits less than 500 hours) to an independent peer review by a second Partner or Director of the firm.

For our other assurance products, especially performance audits and inquiries, we maintain rigorous peer review and substantiation procedures.

External peer review

In 2002-03 we adopted a policy of selecting two reports of performance audits a year to be reviewed by external reviewers – a New Zealand academic and a group based at the London School of Economics (LSE). The criteria for these reviews are based on those that the LSE devised for the same purpose with the United Kingdom National Audit Office.

We continued to implement this policy in the 2003-04 year. However, while we received comment from the NZ academic, we did not receive a report from the LSE and ended our contract with them. We are now seeking to replace them as our external reviewers.

In addition, we invited the Australian National Audit Office to review 2 of our performance audits, with particular emphasis on the methodologies we are using and how well we are using them. The reports chosen were Local Authorities Working Together and Accident Compensation Corporation: Case Management of Rehabilitation and Compensation.

Independence Review Committee (IRC)

The Independence Review Committee provides assurance that judgements made on independence matters are appropriate, having regard to:

  • professional and the Auditor-General’s standards and guidelines on independence; and
  • the Auditor-General’s duty to act independently, as required by section 9 of the Public Audit Act 2001.

Local Authorities (Members’ Interests) Act Review Committee

The Local Authorities (Members’ Interests) Act Review Committee provides input into decisions on significant investigations under the Local Authorities (Members’ Interests) Act 1968, including whether to initiate proceedings against members of local authorities after an investigation by the OAG’s Legal Group.

Project Steering Committees (PSC)

All of our performance audits have a PSC to provide oversight, project monitoring and quality control. This is a key element in ensuring that our reports to Parliament and the public are of a high quality.

Project management

Over the past year, we have started to introduce a “project office approach” to our major work in the Office. This includes performance audits and special studies, major inquiries, research and development, and major corporate projects. This involves increased project management disciplines around scoping and monitoring of our work.

Independent evaluation of auditor appointments

An independent evaluator, Mr David Gascoigne, is currently retained to evaluate auditor appointment processes and report on their probity. His report for 2003-04 is provided on pages 116-117.

Behaviour

Leadership culture

The ability of the leaders of the organisation to promote and model ethical behaviour, openness, integrity and accountability is fundamental to successful governance. It is, however, perhaps the most difficult area of governance to both develop and measure.

Given the nature of our role and purpose, it is incumbent on the Office to demonstrate a high standard of ethical behaviour. The core values which the Office relies on for its credibility and reputation are integrity, independence and competence. We are therefore committed to maintaining and enhancing a leadership culture which supports this behaviour and these values.

We currently reinforce the demonstration of our leadership culture through:

  • clear communication of our expectations of ethical behaviour through our Code of Conduct (which includes Conflict of Interests, Confidentiality and other professional behaviours) and our Independence Standards;
  • seeking ongoing assessment of the perceptions of staff (through the Staff Survey – Audit New Zealand only) of:
    • Management’s demonstration of our values
    • The clarity of our vision and purpose
    • The extent to which co-operation exists within the Office
    • The clarity around performance expectations
    • The degree to which staff feel involved in the organisation and decision-making
    • How satisfied staff are with the level of recognition and reward, and
    • The extent to which staff believe there is opportunity for their development;
  • undertaking 360-degree feedback of key senior staff across the Office;
  • carrying out internal surveys to assess staff perceptions of the accessibility of information, the usefulness of internal systems and procedures and the quality and relevance of services;
  • completing “organisational aptitude” assessments of all Audit New Zealand staff to assess the extent of alignment with the Office’s Strategy; and
  • seeking stakeholder feedback about the perceptions of the Office’s credibility and relevance.

Each of these mechanisms provides indications of the leadership culture within the Office. We expect to do further work in this area.

Measuring our governance

Little work has been done internationally on measuring the quality, appropriateness, adequacy or effectiveness of the governance arrangements of entities.

Typically, reporting is focused on describing the nature of the roles and relationships between the key players. For some time, as an Office, we have advocated for both stronger reporting and measurement of governance.

There were no measures proposed in our Annual Plan for 2003-04. We intend to continue to work on developing suitable measures of governance over the 2004-05 year. We will report on our progress in next year’s Annual Report.

Summary

1. Did we implement our governance (and risk management) framework?

During 2003-04, we reviewed and aligned our governance framework to be consistent with our Strategy. This included:

  • The review of our leadership model;
  • The finalisation of our risk management framework and the integration of it within our business planning process; and
  • The development of a framework for monitoring and reporting across the Office.

Areas within our governance framework that we have identified as requiring further improvement are:

  • QA over all products of the Office;
  • The enhancement of our policies and procedures for Sensitive Expenditure and Employee Fraud; and
  • A review of the Office’s legislative compliance.

We intend to address some of these areas over 2004-05, the remainder in successive years.

2. Did we improve our own measurement and reporting of governance?

We consider that we have made some progress in our own measurement and reporting of governance. Significant further work is required.

We have presented the information on our governance framework in this Annual Report as an example of emerging good practice in governance reporting.

page top