Collaborative and proactive involvement with inspectors and auditors can help agencies identify and monitor risks, and develop action plans to mitigate problems before they progress.
Most people are familiar with the IG's role to conduct audits, investigations, and inspections, and to prevent and detect fraud, waste, and abuse in government agencies. The balance of the IG's mission, set by the U.S. Inspector General Act of 1978, often receives much less attention and includes:
- promoting economic, effective, and efficient use of resources
- reviewing pending legislation and regulations
- keeping the agency head and Congress fully and currently informed.
These roles, which are more forward-looking and advisory in nature, cannot be overemphasized. Having spent 26 years in the public sector, including stints as the inspector general of the Tennessee Valley Authority and deputy inspector general of the U.S. Postal Service, I can tell you it was always far more satisfying to proactively identify and help mitigate risks than to investigate a fraud or failure and assign blame after the problem had already occurred.
The nation's 73 IGs, and the thousands of men and women who work in the offices of inspectors general, operate independently of the agencies they serve. Yet the IGs, government auditors, and public managers are bound by a common interest. They are unsung heroes working in anonymity, cognizant that they work in the fishbowl of the political theater—their efforts invisible to the public they serve until something goes wrong.
Partners in Prevention
Partnership between public managers and IGs (or other government auditors) in risk management and control is best illustrated by the Three Lines of Defense model, endorsed by the Institute of Internal Auditors (IIA). The model illustrates just how closely management and auditors must work together to manage risk effectively. The three lines of defense include:
- Operational management, who owns and manages risks and is responsible for implementing corrective actions to address process and control deficiencies.
- Risk management and compliance functions, which are established by management, either formally or informally, to help build or monitor the controls in the first line of defense.
- Auditors and IGs, who provide the governing body and senior management with comprehensive assurance based on the highest level of independence and objectivity with the organization.
Almost every scandal I can recall involving a federal agency in the past 40 years has involved a breakdown in these three lines of defense. Only when all three lines are working in concert can risks be managed effectively.
When a failure occurs, it reflects badly on everyone involved. After reporters ask, "What happened?" and "Who's to blame?" they ask, "Where were the auditors?" And whether you are talking about fraud, conflict of interest, or technical failure—such as the recent challenges in the launch of HealthCare.gov—a managed risk is always better than an after-the-fact forensic investigation.
Public managers willing to work collaboratively with their IGs or auditors can leverage their knowledge and expertise to help identify key risks, establish ways to monitor those risks, and develop action plans to mitigate problems before they develop—or at least be ready to respond quickly if they do develop.
By working with the auditors, public managers set a tone of cooperation for their staff, which reinforces and models desired behaviors. The right tone at the top can be a powerful incentive to encourage positive behavior, making risk management a top priority and discouraging negative behavior that may lead to waste, fraud, or abuse.
Like the public managers they serve, IGs are federal employees with many of the same concerns. In fact, according to a recent survey by Kearney & Co., their top concerns are budget, recruitment and retention, and timely reporting.
Also like public managers, IGs and government auditors are being forced to do more with less. In the recent sequestration, IG offices dealt with the same resource challenges and furloughs. Budgets remain extremely tight.
Budget restrictions and hiring freezes are driving auditors toward more automated processes and data analysis. This move to embrace technology and big data is changing the way they operate, creating a need for tech-savvy staff and data analysts.
A well-trained audit staff equipped with the right analytic tools can serve as a public agency's reputation lifeguard. Auditors can scan for anomalies and emerging risks, unhindered by the daily tactical details that necessarily preoccupy agency staff. This symbiotic relationship is key to effective governance.
A Matter of Trust
Auditors perceive themselves to be guardians of trust. They look out for the public's interest. They provide a detailed and objective assessment of what's going on inside government agencies, and make recommendations for efficiencies and other improvements. They provide taxpayers with an objective assessment of operations, following the philosophy of "trust, but verify." Essentially, IGs and government auditors can help protect the sense of trust between the public and their government officials.
I often counsel IGs and auditors, particularly less experienced ones, to keep in mind that we're human, as are the people we audit. And our human nature makes us all subject to fallibilities and ethical compromises.
Like all public officials, IGs and government auditors must be held accountable. Part of being accountable includes taking responsibility for how our actions affect others.
This does not mean that we avoid identifying and reporting on controversial issues. It does mean treating others with respect and compassion—recognizing, with empathy, the unique pressures that come with being a public sector official. And that goes both ways. A trustful and productive working relationship between the IG and public manager is one where there is an open, honest, and respectful dialogue.
I have found that if you are honest with people and if you treat them with empathy and respect, they will be more likely to listen to objective advice and constructive criticism. I call it "winning the right to be heard."
By putting themselves in the shoes of the public managers they audit, IGs and auditors are more likely to present their findings in a way that's focused on practical and sustainable solutions, rather than "gotcha" reports. The goal, after all, is to assure ethical and responsible governance. There is nothing to gain by embarrassing the public managers, who ultimately will be acting on, or ignoring, the auditors' findings and recommendations.
Watchdogs, Not Lapdogs
While I believe that auditors should make every effort to respect the dignity and professionalism of public managers and the hard work they do, it is also true that they serve a vital function by providing independent insight and preventing and detecting fraud, waste, and abuse. This is one of the most beneficial services an IG or government auditor can perform, and also the most difficult, because it can be isolating and adversarial. But just as it is imperative that we are fair, the job also requires an assessment unbiased by either friendship or animosity.
IGs and auditors want to be liked. That's human nature. But the job requires they hold themselves separate and apart.
Just as I would advocate empathy for the public managers they audit, I also would encourage managers to empathize with auditors' difficult position and respect their need for objectivity and independence. Again, the tone at the top will determine how the rest of the staff will react. A culture of accountability and transparency and a good system of internal controls will pave the way for a smooth audit experience.
When assessing tone at the top, IGs and government auditors look at words as well as actions. All of the IGs who participated in the Kearney survey reported that the tone at the top of all federal agencies was "very good" or "excellent."
All reported that they held regular meetings with top agency staff, including one that meets weekly with the secretary and staff. All reported that the meetings were substantive and productive. Even more gratifying to me, all IGs reported that the senior management in their agencies value their input and oversight.
In the 45 years since the creation of the first 12 inspector generals under the Inspector General Act of 1978, great progress has been made. The tone public managers are setting by embracing the value auditors provide goes a long way toward making their organizations successful.
Looking ahead, I have every reason to believe that this great spirit of cooperation will continue.