Internal Auditor Repost: Champions of trust

The most effective internal auditors are those with enough fortitude to blow the whistle before trouble ensues. They see troubling issues in the formation stage, raise a concern, and take a stand to ensure things are done right.

But, as I discovered years ago, there has to be a high degree of trust between internal auditors and those whom they are cautioning about pending wrongdoing or calamity. Without trust as a basis for engagement, the conversation can become awkward or even polarizing.

Ethics is an area that plays a significant role in my view of outstanding internal audit performance; so much so that I decided to feature ethical resilience as my first area of focus. I’ve been known to characterize ethics as “table stakes” for those wishing to engage in internal auditing. It’s a strong statement, but I stand by it. Internal auditors can’t accomplish their mission without a diligent, unceasing commitment to ethical behavior.

Richard Chambers outlines an auditor’s need to demonstrate and commit to ethical behavior in this post.

A commitment to ethical behaviors means committing to integrity, honesty, and trustworthiness. Auditors can be flexible around the scope of work done, are willing to engage in continuous learning and professional improvement, but must be able to support, stand behind, and be accountable for the work that they do. At times, that may require a degree of courage. But we as auditors must behave ethically if we are to be trusted, and we must ask the same of others.

Accountability and Media Featured

Harvard Business Review Repost: Why ethical people make unethical choices

Despite good intentions, organizations set themselves up for ethical catastrophes by creating environments in which people feel forced to make choices they could never have imagined.  Former Federal Prosecutor Serina Vash says, “When I first began prosecuting corruption, I expected to walk into rooms and find the vilest people.  I was shocked to find ordinarily good people I could well have had coffee with that morning. And they were still good people who’d made terrible choices.”

Employees that make unethical decisions are not necessarily “bad” or even poorly intentioned. Sometimes making- or not making- the unethical choice hinges on there being too few good choices available, or from the pressure to constantly perform at unrealistic or unsustainable levels.

Ron Carucci outlines some of the reasons behind unethical decision making in organizations, and suggests ways to head off some risky behaviors before they happen. Read the post here.

Accountability and Media Featured

Audits and Oregon’s Integrity Ranking

The Center for Public Integrity recently issued a report that assessed the systems in place to deter corruption in state government. The report offers a different perspective on some of the issues in the sphere of an auditor’s work. Oregon didn’t fare well this year, 44th among the 50 states, and the allegations against former governor Kitzhaber were a key element in the scoring. Oregon’s F grade was not unique, with thirteen other states flunking, and only three earning better than a D+.

Oregon_rank

Considerable effort goes into the evaluation. Each state undergoes an in-depth analysis by a reporter or researcher familiar with that state. I was interviewed by Lee van der Voo about our auditing responsibilities and activities and she also obtained other viewpoints.

One gauge of integrity is the presence of laws related to the 13 evaluated categories. While I think that laws can be an important element of clean government, the absence of a law should not be equated with a lack of ‘integrity’.

As we all know, the law and a structure of enforcement are not always a sufficient deterrent to criminal behavior.  Government ethics laws are common, and commonly broken. Some ethicists argue that it is more effective to characterize good behaviors than to try to define all prohibited activities.

Ms. van der Voo seems to recognize Oregon’s values in her title “Land of ethics, manners hurt by rare scandal.” When I looked at our Washington neighbor’s rankings, the reporter stated that, “A 2012 report by the University of Illinois at Chicago, for instance, concluded that only Oregon had a lower per-capita rate for federal corruption convictions.”

I think public officials should examine the deficiencies identified in this review, but I would also caution that additional laws may not necessarily improve Oregon’s integrity if there exists a higher expectation among its citizens, government employees, and elected officials.

Auditing grade

I hated whiners in school who appealed a grade, so instead I’ll look at why we didn’t get an “A” and figure out what would improve the grade next time.

Foremost, it is gratifying to see that the C+ for the auditing section was the best grade, from these very tough graders, for Oregon. (Electoral Oversight and State Budgeting got Cs.)

I continue to cringe though when I see the category name ‘Internal audit’ for us. I actually had several conversations and emails with the director and reporter, trying to educate them about the categories of auditing. I explained that an internal auditor often answers to the executive of an agency, which can affect what topic is selected and whether the results will ever be released. I urged them to consider using the Government Auditing Standards term ‘independent’ for auditors who are elected, or answer to a legislature. It is obvious I was not persuasive. (Even ‘Audit Oversight’ would be an improvement.)

Below is a breakdown of the factors and scores that comprise the C+ grade. The factors have links on the website with some discussion and sources of information.

internal_auditing

“In law, the leadership of the audit entity is protected from political interference”: I understand the group’s intent and I don’t think there is much we could do to raise this score. We follow the national Government Audit Standards which assures objectivity and independence. The Secretary of State is the state auditor as set out in the Oregon Constitution and is protected from political interference. I wonder whether there might be some inconsistencies between scorers. The score for Washington’s elected state auditor is ‘yes’ and describes a structure very much like ours. I don’t know what protections are afforded Washington’s Audits Director but it may be different the position in Oregon, which is ‘at will.’

Washington’s overall internal auditor score is B+. While we did worse on the leadership issue above, we got 100s in the next two, better than Washington’s 75s, regarding the practical aspects of independence and sufficient funding.

Oregon got a 75 on government action of audit findings. We get about 80% implementation of our recommendations so this coincidentally aligns with the score. Incidentally, I think it is tricky to place a big value on this statistic because the content of recommendations can vary drastically. Some may be simple adjustments for an agency, others may require substantial resources and time to accomplish. We can get 100% action on trivial recommendations that are easily implemented. The most important dimension is difficult to measure: the benefit of the audit recommendations for Oregonians.

“In law, the audit agency is required to report on its investigations, activities, and advisory opinions.” I think I may have misunderstood the question and we could raise this score next time. In fact, we are required by law (ORS 197.180) to produce an annual Hotline report on our investigations, which is on our website. I’m not sure what ‘activities’ or ‘advisory opinions’ mean, but we if we do them, we would report on them. (If ‘activities’ and ‘advisory opinions’ refer to consulting-type services, we don’t do those, because that would violate our audit standards.)

“In law, citizens can access audit reports.” Again, perhaps more discussion of the reporting requirements imposed upon us by our audit standards could raise the score next time. We are required by state law to follow those standards and they require we widely distribute our audit reports. All our reports are on our website, accessible to everyone, and we make our workpapers public once the audit is complete.

Lastly, the ‘open data format’ is a category that puzzles me. Wikipedia identifies a number of formats that meet those standards and the pdf format of our audits is listed as acceptable. We ensure that our pdf reports are ADA compliant, and no one has ever complained about difficulties accessing our audits. As technologies advance we will continue to examine ways to publish our audit reports, and keep this criterion in mind.

So, next time we’re contacted, we’ll compare our structure to Washington’s to see if that will bring our score up. We’ll cite ORS 177.180 which requires that we report our Hotline investigations annually to the Legislature.  We’ll also point to our audit standards on audit reporting requirements to see if that might improve the score.

Gary Blackmer OAD Director

Gary Blackmer
OAD Director

Accountability and Media Featured Noteworthy