Risk & Governance
Although arguably necessary to bring order to public financing,
the impact of the accelerated public sector funding cuts represents
an unprecedented scale of funding reduction. This has created risks
and opportunities and has particular implications for governance,
risk management and internal control. Boards and senior management
are increasingly looking for their advisers to work in partnership
with them as they radically review their strategic priorities and
demonstrate increased transparency around the use of public
funds.
Internal Audit
While internal audit's role to support compliance (policies and
procedures) continues to be important, clients increasingly expect
added value and forward-looking insights into emerging risks. By
focusing on our clients' strategic risks and drawing on our
experience of working across Whitehall departments, universities
and charities, we help our clients to manage risks associated with
funding reductions and organisational change. We provide a range of
flexible models for delivering internal audit, including full
outsourcing of the internal audit function, partnering/co-sourcing
with in-house internal audit functions and one-off 'internal audit
type' reviews.
Governance
Good corporate governance is a fundamental building block of
oversight and effective control in public sector organisations. It
has recently received added impetus from the coalition government,
for example, by defining a more meaningful role for non-executive
directors on key governance forums. In a climate of transformative
change, governance has a central role in providing constructive
challenges to management as they make difficult decisions around
what services are offered, to whom and the resources to support
them.
We support our public sector clients with benchmarking,
diagnostics, auditing and consulting in a way that ensures
relevance to the current challenge. This includes:
- performance evaluations of the key structures, processes etc
associated with governance forums
- governance health checks detailing the organisation’s
predisposition to governance related failings
- processes used to recruit, retain and develop non-executives,
including performance management processes
- reviews of terms of reference and standing orders, considering
their compliance with best practice frameworks.
Risk management
Increased pressure to cut costs has placed a greater onus on
management and audit committees to provide sharper focus on their
real risks. This has led to legitimate scrutiny of whether risk
management processes and systems offer real value and impact for
public sector clients. Organisations are now looking afresh at
their risk management principles and processes.
We work with public sector bodies to keep their risk processes
simple so that they can focus on their key risks. We provide risk
management reviews, risk strategy development and risk management
implementation support services. Using proprietary, sophisticated
web-based survey tools to assess risk maturity, we enable clients
to better understand which practical aspects of their risk
processes are working well and what can be improved further.
We work flexibly with our clients to:
- put in place a risk management framework, giving best practice
examples that can be tailored to requirements
- support the identification and assessment of risks, usually by
facilitating workshops with managers and staff
- provide training to the board and audit committee on their
governance roles and responsibilities.
Technology Risk
Public sector organisations rely significantly on IT, yet in the
current economic environment poor returns on major IT investments
are perhaps the major concern of IT directors and those responsible
for risk management. Recent publications on public sector
investment in IT have highlighted significant failings from a
tendency for projects to be too big and leading to greater risk and
complexity, to a reluctance on the part of public bodies to adapt
'off the shelf' systems, as well as a failure to develop
interoperable systems.
Grant Thornton's technology risk service provides pragmatic
assurance and/or advisory services. This includes the evaluation of
IT strategy and governance, analysis of IT applications, IT risk
and controls assessment and infrastructure, as well as security,
internet and firewall testing, to provide assurance to IT and risk
directors. On the advisory side we provide hands on support for
implementing specific IT solutions.
This includes:
- implementation of software solutions for purchase invoice and
payment automation, through a partnership with Basware. This
automation solution enables a 40%-60% reduction of an
organisation’s invoice processing of workload and costs, removing
the need to manually check, internally distribute or archive
paper-based invoices.
- SAP software implementation services, particularly for small
and medium size public sector entities. Business ByDesign is a
complete solution delivered as an on-demand service via a secure
Internet connection and a standard Web browser. The integrated
suite is delivered in modules, which means that the client can
start small and add modules as they grow.
Irrespective of whether organisations have assurance or advisory
needs (and regardless of subject specialism) we offer one point of
contact that provides the right tailored experts and solutions to
meet clients’ challenges. Our effective engagement with senior
management and boards ensures that our work is focused on client
specific context. Our business risk services team is a dedicated
national team of 120 risk and assurance professionals, with
significant experience of working in partnership with government
departments, non-departmental public bodies and other public
bodies. We also have proven international capability and experience
of adding value to clients’ risk, internal audit and business
process change programmes.