control, and governance
INSULATING AGAINST FRAUD
An auditor general’s report on Australia’s federal government home insulation program has found the normal risk management practices were largely ignored as part of a stimulus scheme, according to an article published in The Sydney Morning Herald. The report also identified significant deficiencies in the administration of the program, particularly the risk management practices applied by the Department of Environment. Under the program, 1.1 million roofs were insulated at a cost of AUD $1.45 billion. Of the 13,808 roofs inspected, at least 29 percent were deficient. Homeowners continue to report that they had not had insulation installed at their home even though the department had received a claim for a rebate.
There are two main lessons to be learned from this situation. First, it is important to conduct a risk assessment up front and ensure that appropriate controls are in place when dealing with programs where public institutions perform work and are reimbursed under a government program. The risk assessment should include finance, internal auditing, and the program managers. For example, controls should be in place to validate that applicants meet program requirements and have not applied two or more times, and that suppliers perform the work to acceptable standards. Further, a review of the work should be performed. In this case, only 1.25 percent of the roofs were inspected, and 29 percent failed.
Second, reports — particularly audit reports — should include all significant issues even if the “problems have been identified and acted upon.” Not only do they serve to document the findings (e.g., recommendations and management action plans), but they also can be a useful learning tool for future audits.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.