Practice Advice on Public Financial Management
State-Owned Enterprises: Auditing (OECD)
Summary Advice: The OCED states that auditing performance provides credibility to the performance indicators and the performance review process. It also ensures a robust basis for the accountability system, i.e. setting objectives, reviewing performance and disclosing information.
Overview of the key elements that the ownership entity should demand
Develop appropriate policies regarding the role of audit committees in supporting internal audit
- Governance policies or guidelines developed by the ownership entities for SOEs should underline the role of audit committees in supporting the independence and authority of internal auditors. They should also encourage close working relationships between the board, the audit committee and the internal auditors.
- SOE boards and their audit committees should understand the invaluable role of internal auditors to strengthen their own oversight role. They should ensure that internal auditors get sufficient resources and are well positioned within the SOE (i.e. at sufficiently high level and separated from functional areas) to guarantee their independence. Internal auditors should also have a direct reporting line to the audit committee.
- Ownership entities should particularly encourage SOE boards and their audit committees to discuss significant risk, control and governance issues with internal auditors.
Ensure that appropriate risk assessments are carried out in SOEs
- Priorities for the internal audit work are determined based on an analysis of risks faced by the organisation. The evaluation of risk exposure should cover operations, governance and information systems.
- This risk assessment should be carried out by the chief audit officer, and be discussed with senior management and within the audit committee. The risk assessment plan should be discussed and approved by the entire board or the supervisory board.
- The ownership entity should pay attention to the implementation of a risk-management system in the company and should be provided with at least a summary of the risk assessment. This is an important element to complete its knowledge of the industry and of the company, and provides a useful perspective for discussing strategy objectives and performance.
Recommend boards to follow up internal audit plans and their implementation
The ownership entities should require internal audits to be acted upon. SOE boards should discuss and follow implementation of internal audit plans. These audit plans should include the evaluation of the relevance and effectiveness of internal control systems.
The audit committees should also monitor and assess the effectiveness of internal audits. To this end, the board should ensure that senior management has undertaken appropriate follow-up based on internal audit’s recommendations.
Make performance indicators audited by internal auditors
- In evaluating the internal control systems, internal auditors could also review to what extent the performance of the SOE is consistent with its established objectives. This includes reviewing criteria or indicators chosen to evaluate performance. This also includes an audit of performance indicators as provided by the information systems.
Encourage appropriate communication among boards, internal and external auditors
- SOE governance processes should ensure appropriate co-ordination and communication among the board, external auditors and internal auditors.
- Ownership entities could develop policies encouraging such communication and remind internal auditors, when reviewing the governance of SOEs, to assess this communication and make recommendations towards its improvements.
Require SOEs to include internal control reports in their annual reports
- It is a good practice to include in the financial statements an internal control report describing the internal control structure and procedures for financial reporting.
- Ownership entities should require SOEs to include such internal control reports in their annual reports and follow up on how effectively they comply with this requirement.
Require periodic audit of internal audit departments
Recommendations on steps that could be taken by the state to ensure that SOE financial statements are appropriately audited by external and independent auditors
Require external audit by an independent auditor
Ownership entities should develop a specific recommendation, or refer to a more general code or listing requirements, requiring all SOEs above a certain size to be audited by an external independent auditor.
This requirement could be reminded in the ownership policy, the SOE code of corporate governance or any other document related to the transparency and disclosure of SOEs.
Develop procedures for the selection of external auditors
The ownership entities could develop specific recommendations regarding the selection and appointment of external auditors.
Good practice in the private sector calls for external auditors to be recommended by the audit committee of the board or an equivalent body. In the case of fully owned SOEs, external auditors might be appointed directly by the ownership entity, based on the audit committee’s recommendation. For partially owned SOEs, the usual good practice applies, i.e. nomination by the AGM following recommendation of the board audit committee.
In the case of fully owned SOEs, appointment by the ownership entity allows tightening the auditors’ accountability as regards the state owner. In any case, the ownership entity should have the capacity to follow the overall process of procurement, from the definition of criteria to the assessment of candidates and final selection.
Define criteria for independence of external auditors
It is crucial that external auditors be independent from the management as well as from large shareholders, i.e. the state in the case of SOEs.
Criteria for independence should be similar to those used in the private sector. They could include limits on providing consulting or other non-audit services to the audited SOE, as well as periodic rotation of audit partners or audit firms, as mentioned in the annotations of the Guidelines.
Ownership entities could develop policies specifying criteria for independence of external auditors. They could take inspiration from the IOSCO standard “Principles of Auditor Independence and the Role of Corporate Governance in Monitoring an Auditor’s Independence” which states that – “Standards of auditor independence should establish a framework of principles, supported by a combination of prohibitions, restrictions, other policies and procedures and disclosures, that addresses at least the following threats to independence: self-interest, self-review, advocacy, familiarity and intimidation.”
Adopt international audit standards
The state as an owner should require that its large SOEs adopt highquality internationally recognised auditing standards.
This will also depend on the circumstances under which listed companies in the private sector use these standards, for example whether these are used only as an option or for consolidation. It will also depend on the point to which domestic standards can be considered as effectively consistent with international standards.
Require oversight of the relationship with external auditors by the audit committees
The ownership entities should develop recommendations towards ensuring oversight of external auditors by audit committees. This board oversight underlines the fact that the external auditors are accountable not only to the state shareholder but also to the board. Their duty is to the company and not to the managers they interact with in the course of their audit.
Effective oversight of the relationship with external auditors by audit committees is necessary to ensure that the SOE gets appropriate value from this audit. It also requires adequate financial expertise within these committees. The audit committees should also follow the implementation of the audit findings and ensure that external audits, as well as internal audits, are acted upon.
Assess external auditors’ work
Inform on SOEs’ external auditors and related fees
Recommendations on what should be the scope and focus of state audits
Define clearly the scope of state audits
The ownership entity could disclose clearly which SOEs are concerned by state audits and what will be the scope and timetable of such audits.
The ownership entity could discuss with the SAI and other relevant institutions, such as the Parliament, what could be the most appropriate criteria for submitting specific SOEs to state audit, such as percentage of control, financial results, etc. It could be useful if it could also request the audit of a specific SOE. The scope of state audits could also be discussed on a case-by-case basis to target more specifically the audits according to relevant strategic issues or challenges.
A generic discussion could be undertaken on the appropriate scope of such audits, taking into consideration the complementarities with internal and external audits. This could lead to an increased focus on performance audits. State audits institutions should consequently be given the capacity to carry out performance audits on both SOEs and ownership entities.
Ensuring regular indepth performance reviews of SOEs
Ownership entities could develop a policy through which the SAI will be asked to undertake a performance audit of most SOEs in a regular manner. These performance audits are instrumental in building up the knowledge base of the ownership entity. They will also feed substantially the accountability towards the Parliament. Finally, they might be essential tools for the review of SOE mandates.
Request performance audit of ownership entities
The performance of the ownership entities with regard to the overall objectives of state ownership could also be reviewed regularly by state auditors.
The ownership entity should co-operate appropriately and support this audit. This includes providing adequate information and access to staff.
The results of the ownership entity review could also be discussed with the Parliament and disclosed to the general public. This could make the general public better informed about the effective behaviour of the state as a shareholder and allow broader participation in related debates.
Support the work of state audit institutions
The ownership entity could develop guidelines or recommendations supporting and facilitating the audit work of SAIs in SOEs. This will include specific requirements ensuring that SOEs give appropriate access to information, both in terms of access to documents and records, capacity to request complementary information and access to staff.
Discuss results of state audits with SOE boards
Ownership entities could put in place specific processes to discuss in a systematic manner the results of state audits with the concerned boards. These discussions could cover the comments on state audit results as well as action plans prepared by SOE management to address issues identified by the audit.
To ensure appropriate co-operation and follow-up action, it is important that the audited entity agrees on the audit findings. Open discussion of these audit findings and agreement on the final report is a critical step in this regard.
Disclose appropriately results of state audits and performance reviews
The ownership entity could adopt a policy by which state audits, including performance reviews of SOEs, are in principle disclosed to the public, or at least meaningful summaries highlighting most strategic issues. An effective means for dissemination of state audits is to post them or their summaries on the SAI’s website. However, any disclosure policy in this area should give appropriate consideration to the need for protecting government, commercial, industrial or trade secrets, and not put the SOEs in a difficult situation as regards their competitors.
Take action based on state audit institutions' audits
Ownership entities and the audited SOEs themselves are required to take appropriate measures in response to audit findings. This includes providing comments on the audit findings in a timely manner and explaining which actions will be taken to remedy weaknesses identified by the audit.
The ownership entity could develop a systematic follow-up of actions taken as an answer to audit findings, including asking SOEs concerned to regularly report on these actions and ensure dialogue with the SAI to validate their appropriateness.
Source: OECD (2010). OECD, “Accountability and Transparency: A Guide for State Ownership” Corporate Governance, OECD Publishing at http://www.oecd.org/daf/ca/corporategovernanceofstate-ownedenterprises/accountabilityandtransparencyaguideforstateownership.htm (accessed 17 February 2013).
Page Created By: Matthew Seddon. The content presented on this page is drawn directly from the source(s) cited above, and consists of direct quotations or close paraphrases. This material does not necessarily reflect the official view of the publishing organization.