Recent risk-management failures in Washington, D.C., have reflected what happens when an organization with so many risks associated with the achievement of its mission fails to anticipate and manage those issues effectively.
The consequences can be dire. Loss of public confidence and widespread reputational damage can be devastating at any level of government, but especially when it occurs on a national or international scale.
Government auditors play a central role in fostering trust. Without them, citizens would lack credible insight into the soundness of the many inner workings of government. The professionals who audit federal, state, and local governments or other public entities must cope daily with career-threatening political risks from which private-sector internal auditors are largely immune.
The IIA’s 2011 Supplemental Guidance on The Role of Auditing in Public Sector Governance (PDF) offers considerable insight into public sector auditing and best practices. I also recommend McKinsey & Company’s excellent 2011 working paper, Strengthening Risk Management in the U.S. Public Sector (PDF), which lists seven risk-management challenges and offers five solutions. Although this paper was written from a U.S. perspective, I think the recommendations are universal.
Almost every scandal I can recall involving a federal agency in the past 40 years has involved a lack of control or lack of implementation of internal controls to mitigate key risks. You want to make sure that the criteria and controls you design are fair and transparent, and that you don’t have the ability for any one individual or any group of individuals to decide that there is a different set of criteria by which they will view one group over another.
Internal controls are a means to mitigate the risk that can threaten an organization or help keep it from achieving its objectives. I would like to get your thoughts on this issue.