COVID-19: Important governance matters to consider

3 April 2020: The Auditor-General has written to the chief executives of a range of public agencies about important governance matters to consider during the response to the pandemic. The contents of this letter are useful matters for all chief executives and senior managers to consider.

Kia ora koutou


I realise this is an extremely busy and challenging time for you and your organisation. The priority for us all is to maintain the health and well-being of our staff while responding to the COVID-19 pandemic and maintaining critical service delivery.

Like me, you’re no doubt flooded with information. I don’t want to add unnecessarily to this but I do want to remind everyone of some important matters that we cannot lose sight of, especially in times like these. The pace, scale, and complexity of responding to the pandemic mean that getting the fundamentals right becomes even more important. It is often by confirming that the basics are in place and reinforced that you can help avoid service or other failures.

Although many of the matters below may seem obvious and no doubt are already on your mind, they are, from our experience, matters you may want to check in on in the context of your own organisation:

  • maintaining strong governance and effective systems and controls, both in terms of response activity and in the rest of your business;
  • getting the authority and approvals (including delegations) clear, documented and communicated especially in situations where emergency expenditure is being incurred or emergency powers exercised. Audit New Zealand has put out a reminder about our expectations when organisations are using emergency procurement procedures;
  • tracking spending and reporting on it accurately, including appropriations and anything authorised under the Public Finance Act’s emergency provisions;
  • being aware of increased risk of fraud if controls are compromised while the pandemic takes priority. Ensuring management teams keep a close eye on the usual controls based on oversight, sign-off, separation of duties, and evidence of delivery;
  • staying mindful of the increased risk of cyber fraud. This might include phishing attempts, attempts to hack home computers or work computers on home networks, and fake requests for approvals;
  • being mindful of sensitive expenditure, particularly for items not usually part of normal spending – you need to be clear about what is (and is not) an appropriate use of public money;
  • managing risks to normal service delivery while your organisation’s attention is focused on the COVID response, especially key projects and initiatives that may already have significant risk in delivery;
  • accessing the expertise in your audit and risk committee for advice and support and increasing the focus on risk management generally; and
  • having a back-up plan for senior staff (including yourself) and all those in critical roles, to protect your ability to continue to operate if anyone senior or in a critical role falls ill and in recognition of the extended period of disruption that is ahead of us.

Many other organisations, including the major accounting firms and the Institute of Directors, have also issued guidance material that you might find useful. Please also feel free to contact the Sector Manager you normally deal with or your appointed auditor if you have any questions that my Office could assist with.

Ngā mihi nui

Signature - JR

John Ryan
Controller and Auditor-General