I just spent most of the day in a conference on public sector internal audit. At the end of the conference, a well considered panel touched on several aspects, including the aspect of single audit. And as usual, the discussion touched on the feasibility and the need for single audit. And again, everyone confirmed the intent to have single audit.
A quick prediction: it ain’t going to happen anytime soon.
The issue not covered is that even when the intent of the audit executives is good, the content they aim for in their reports (or what they need to position themselves on), the audit report recipients (the entities giving the auditors the mandate to audit) and the reference frameworks within which they audit are fundamentally different. If not at least aligned, this will fundamentally undermine the single audit concept in terms of practical implementation.
The idea will stay just an intellectual exercise which may have amused a couple of academics.
Let’s look at the different ‘auditors’ in play in the public sector.
The external auditors
Granted, they are not always present or required Appointed by the board, reporting to the audit committee of the board, with a focus on compliance with private sector reporting requirements, they conform to the standards as imposed by their governing body, in Belgium the IBR/IRE.
The Court of Auditors
Created by a law, they report to the members of Parliament, and conform to the Standards of INTOSAI, an international body. Their mission is clearly defined by law.
The Inspection of Finance
Also created by law, they report to both the Minister of the budget and their functional minister. They have an internal set of stringent guidelines to adhere to, and their mission is clearly defined by law.
Either established by law or by a decision of the board, often in the context of a governance requirement, internal audit reports to the audit committee and is governed by the international standards of the governing body of its profession, the Institute for Internal Auditors.
For single audit to become a reality, the reporting requirements (and thus ultimately the needs of the audit report recipients) need to become aligned.
What I am not saying is there needs to be a single purpose. What I am saying is that is single audit is an objective – and it should be in current budget conditions – we need to make sure to be clear first on the purpose and mission of each of the auditing entities. What steps will take us there?
- In order to do that, we need to execute a needs analysis at each of the audit report readers first. So, recipients, what type of information do you need (from an audit perspective) in order to be able to do your job?
- Then, let’s assess which audit entity is best placed from a professional perspective, to execute the required audit actions to provide audit assurance on that information. Let’s devide the work based on that.
- Finally, let’s redraw the audit execution responsibilities according to these competencies, not according to reporting lines.
This, according to me, is an effective and transparent route to single audit.
What is keeping us?
Honestly, perhaps the fear of having to face a disruption of traditional operating models?
Welcome to the future!