Elevate aged care governance with independent audits for operational compliance. Learn why it's crucial for better risk management.
Blog by Brendan Moore, General Manager Member Services, Leading Age Services Australia.
All organisations engage independent, external auditors for their financial reports. However, there is a strong case for governing bodies to engage independent, external auditors for their operational performance.
While internal audit plays a key role in the corporate governance structure to provide ongoing assurance on the effective management of risk within an organisation, there are many organisations that do not have a formalised, structurally independent role of internal audit within their business.
For those organisations that do have such a role, there is a case to be made for a fourth line of defence in the form of an external auditor of operational compliance.
According to the Chartered Institute of Internal Auditors (CIIA), ‘internal audit is a cornerstone of an organisation’s corporate governance’.
Many aged care providers will be limited in their ability to resource such a function and governing bodies will be reliant on the first and second lines to provide reports via senior management.
There have been notable instances in the Aged Care Royal Commission where such an approach has been found wanting for a variety of reasons (e.g. management withholding information, inadequate systems for documenting and interpreting risk information, processes not identifying key risks).
For these reasons, boards need to be aware of potential conflicts of interest and ensure they take measures to safeguard the objectivity of internal audit.
The CIIA lists four key issues for Directors to ask about and be reassured upon in regards to any internal audit function:
Leading Age Services Australia (LASA) is engaged by many operators to conduct ad hoc gap analysis/mock audit services. These engagements are invariably by management, who sometimes may be a contributing factor in operational compliance—for better or worse.
As the diagram indicates, using LASA to substitute for internal audit in compliance risk/audit can be appropriate to circumstances where resourcing capability to fill such a role internally is not possible.
While ad hoc, it is fair to say ‘at least it is happening’. For organisations that do not engage a substitute, or employ their own internal audit function, or an external audit service reporting to the governing body, only the first, second and fifth lines are active. With the fifth line being the regulator, this represents a risk retention setting that has left some aged care providers exposed to adverse compliance findings. Often stated responses such as ‘we didn’t know’ or ‘this result has completely surprised us’ do not invoke confidence in the regulator about the organisation’s audit and governance processes.
Research conducted in 2019 with attendees at LASA’s Governance in Aged Care workshops indicated that governing bodies could increase their focus and time on ensuring statutory and regulatory compliance, particularly with the heightened focus on organisational governance in Standard 8 of the Aged Care Quality Standards.
Reliance on management by governing bodies may expose them to liabilities and risks that independent audit of varying areas of operational performance may identify, mitigate and possibly eliminate.
If you are a Director of an age services provider, the following questions are worth reflecting on:
Discover the true value of accreditation in healthcare and its impact on patient care, quality, satisfaction, and cost reduction.
Learn how boards in aged care are addressing the crucial issue of hearing the voice of the consumer to create a person-centered care framework.
Discover the evolving challenges facing directors in today's dynamic landscape and innovative strategies to strengthen your board's resilience.