5 minute read
Compliance governance and the need for a fourth line of defence model
Aged care governing bodies need independent audits to reassure them of operational compliance.
All organisations engage independent, external auditors for their financial reports. However, there is a strong case for governing bodies to engage independent, external auditors for their operational performance.
While internal audit plays a key role in the corporate governance structure to provide ongoing assurance on the effective management of risk within an organisation, there are many organisations that do not have a formalised, structurally independent role of internal audit within their business.
For those organisations that do have such a role, there is a case to be made for a fourth line of defence in the form of an external auditor of operational compliance.
According to the Chartered Institute of Internal Auditors (CIIA), ‘internal audit is a cornerstone of an organisation’s corporate governance’.
Many aged care providers will be limited in their ability to resource such a function and governing bodies will be reliant on the first and second lines to provide reports via senior management.
The model of the Three Lines for Defence, with the fourth and fifth lines of external audit and the regulator at right. There have been notable instances in the Aged Care Royal Commission where such an approach has been found wanting for a variety of reasons (e.g. management withholding information, inadequate systems for documenting and interpreting risk information, processes not identifying key risks).
For these reasons, boards need to be aware of potential conflicts of interest and ensure they take measures to safeguard the objectivity of internal audit.
The CIIA lists four key issues for Directors to ask about and be reassured upon in regards to any internal audit function:
1. It must be structurally independent and report directly to the governing body. (Noting that any internal audit also needs to have access to management information and have a good relationship with management.)
2. The function must be properly resourced and staffed by a person with appropriate knowledge, skills and experience.
3. It should focus on the greatest risks to the organisation and have a plan executed to respond to these.
Continued on page 22
NATIONAL UPDATE
Continued from page 21 4. The scope of activity is the whole business and it should be statutory and regulatory compliance, particularly with the unrestricted in pursuing its role purpose. heightened focus on organisational governance in Standard 8
Leading Age Services Australia (LASA) is engaged by many of the Aged Care Quality Standards. operators to conduct ad hoc gap analysis/mock audit Reliance on management by governing bodies may expose services. These engagements are invariably by management, them to liabilities and risks that independent audit of varying who sometimes may be a contributing factor in operational areas of operational performance may identify, mitigate and compliance—for better or worse. possibly eliminate.
As the diagram indicates, using LASA to substitute for If you are a Director of an age services provider, the following internal audit in compliance risk/audit can be appropriate to questions are worth reflecting on: circumstances where resourcing capability to fill such a role internally is not possible. 1. Do you have a compliance plan that considers the r egulatory framework and a stand-alone compliance/clinical
While ad hoc, it is fair to say ‘at least it is happening’. For governance committee supplemented by independent organisations that do not engage a substitute, or employ their auditing? own internal audit function, or an external audit service reporting to the governing body, only the first, second and fifth lines are active. With the fifth line being the regulator, this represents a risk retention setting that has left some aged care providers exposed 2. Ar e you confident you are fully informed of the areas you are ultimately accountable for under Standard 8 of the Aged Care Quality Standards? to adverse compliance findings. Often stated responses such as 3. Is ther e sufficient focus on quality, safety and clinical
‘we didn’t know’ or ‘this result has completely surprised us’ do governance within your governing body’s activities? ■ not invoke confidence in the regulator about the organisation’s Brendan Moore is General Manager Member Services, Leading audit and governance processes. Age Services Australia.
Research conducted in 2019 with attendees at LASA’s Governance in Aged Care workshops indicated that governing bodies could increase their focus and time on ensuring If your organisation needs assistance with creating a third or fourth line independent operational auditing function, please contact Brendan on brendanm@lasa.asn.au or 1300 111 636. To support Australian made, is to support Australian jobs and help secure the future of our economy and our children.
Australian Made
Quality, Comfort, Custom Made EMAIL sales . wentworthcare . com . au WEB www . wentworthcare . com . au PH 03 9408 9710 22
Safety & Quality Management System
Your helping hand to a compliant future —now with clinical audit functionality!
Gain the confidence you need in a changing regulatory environment with the LASA Safety & Quality Management System. This affordable, flexible online solution will help improve quality management, policies and procedures for organisations big and small. Designed to help you manage your compliance with all eight Aged Care Quality Standards, the system includes a core suite of over 80 policy and procedure templates. New audit functionality includes an ACQS self-assessment tool and unique targeted tools to assist in areas of high risk (eg restraint), new risks (eg anti-microbial stewardship) and contemporary risks (eg infection control). Find out why hundreds of providers have signed up to the LASA Safety & Quality Management System.
FEATURES
Tenterfield Care Centre.
Carrington Care Quality & Clinical Safety Coordinator, Jeannette Farkas.
20% discount for LASA Members! 20% discount for rural and remote organisations!
BENEFITS
Compliant Policy and Procedure Templates Targeted Clinical Audits
Easy Access Anywhere Anytime Supports Staff to Improve Work Practices
Regular Updates Maintain Your Compliance
Identify Gaps for Continuous Improvement
Call for an obligation-free demonstration today. 1300 111 636 quality@lasa.asn.au www.lasa.asn.au/SQMS