In our recent Auditor-General’s insights report on audit committees in state government entities, we highlight the importance of audit committees and how they can catalyse better governance. An effective audit committee can provide entities with independent support, advice, and oversight. You can read the full report here: Effectiveness of audit committees in state government entities (Report 2: 2020–21).
COVID-19 has forced Queensland public sector entities to make big decisions and changes in a condensed time frame. This increases the risk that things could go wrong, and means the role of public sector audit committees becomes even more critical to provide oversight for these activities. Audit committees can help entities maintain focus on their core governance systems while making the necessary changes to what they do and how they do it.
In this blog, we provide audit committees with some key areas of focus to help entities continue to navigate the COVID-19 environment.
The horse has well and truly bolted on the risk of a global pandemic disrupting entities’ businesses. With this risk now realised, audit committees should ensure their entities recalibrate their risk management to identify and mitigate new or evolving risks.
Pick any area of your business and it is almost certain that the nature or impact of related risks have changed. Here are just a few examples:
Workplace health and safety
Procurement and fraud
Audit committees should encourage their entities to revisit and reassess the completeness of their existing risk registers and the appropriateness of their risk ratings and mitigations.
Meaningful performance reporting should help entities assess whether they are delivering against their stated objectives. With the pervasive impact of COVID-19, measuring performance becomes far more difficult. Performance targets may be unrealistic or even irrelevant in the COVID-19 environment, and those that are still relevant may be difficult to interpret. For example, is an observed decline in output entirely or partly a result of COVID-19, or is COVID-19 exacerbating an underlying performance issue?
This does not mean performance reporting is redundant. Performance measures are critical inputs for effective decision making. Audit committees can help entities to adapt their performance reporting to ensure it accounts for the impact of COVID-19 by asking questions like:
- Are we still getting complete and accurate data to measure this?
- Do we have new objectives to consider and are we measuring our performance against them?
- Are our baselines for measuring performance on existing measures still relevant?
- Is there sufficient rigour in management’s explanations of the impact of COVID-19 on our results?
Monitoring significant projects
Audit committees should scrutinise whether their entity has considered the impacts of COVID-19 on its significant projects. They should emphasise that entities need to continuously assess strategic and operational questions, like:
- Does COVID-19 change the value proposition of this project?
- Is the composition of governance and steering committee membership still appropriate?
- What are our contingency plans for an outbreak among employees, contractors, or suppliers?
- Are there positive or negative cost implications? What does that mean for our strategy?
We recently published a blog on project steering committees for digital transformation projects. It focuses on the membership of steering committees and structure of project governance.
In 2020–21, audit committees should continue to monitor areas of increased financial reporting risk due to COVID-19. As the economic impacts evolve, audit committees should challenge management to reconsider and modify their assumptions accordingly.
Audit committees should continue to challenge management on how they review the design and implementation of controls and monitor their operating effectiveness. This could include questions like:
- Were you required to make changes to the design and implementation of your internal controls, particularly manual controls?
- Has internal audit or a third-party provider assessed the design of new or modified controls?
- What has been the impact of COVID-19 on controls at our shared service provider(s)?
- Have we identified any issues in information technology system performance during the pandemic? Has that impacted on the operating effectiveness of our controls?
- Have we implemented any temporary or stop gap measures to keep operating in the initial stages of the COVID-19 pandemic? Is a more permanent solution possible, and, if so, in what time frame?
We recently published a blog on key areas that entities need to consider as they change their working arrangements in response to COVID-19.
As we noted in our Auditor-General insights report on the Effectiveness of audit committees in state government entities, several audit committee chairs saw room for improvement in their oversight of entities’ compliance frameworks.
COVID-19 may present an opportunity for audit committees to reset or enhance this oversight as entities grapple with both existing and new or emerging compliance requirements. There is also an increased risk that entities may have lost sight of their existing compliance obligations while shifting their focus to responding to COVID-19.
Audit committees could ask questions such as:
- What has been the impact of COVID-19 on our existing compliance obligations?
- Have we noticed any increase in non-compliance in existing compliance reporting?
- Is there any change in our resourcing to identify and respond to non-compliance?
- Have we sought advice or conducted a review of new compliance obligations under COVID-19?
- Have we assigned ownership to specific officers for our new obligations?
For more information, please see the full report Effectiveness of audit committees in state government entities (Report 2: 2020–21).