Changing Role of Assurance with Lakshman Gunaratnam

Principal Consultant Lakshman Gunaratnam has extensive Federal Government experience across business improvement (organisational and process), assurance advisory (internal audit, risk and forensic) and evaluation disciplines.

Changing Role of Assurance with Lakshman Gunaratnam

Principal Consultant Lakshman Gunaratnam has extensive Federal Government experience across business improvement (organisational and process), assurance advisory (internal audit, risk and forensic) and evaluation disciplines.

Prior to joining Apis he worked with a number of international professional service firms, including the then Arthur Anderson and Ernst and Young, in Australia and overseas. After three years heading up Deloitte’s Assurance Advisory practice in Canberra he made the move to Apis in November 2014 because of what Apis offered in the market: a focus on implementation practices and a specialisation in Federal Government.

We had a chat with him about what developments he sees taking place within the world of audit and assurance.

Can you explain a little bit about the basic principles of assurance and how they might differ in the public and private sectors?

The whole idea of assurance for any organisation is to determine whether the organisation is operating efficiently, effectively and meeting its stated overall business outcomes. Put simply, it’s about defining ‘what must go right’ and then understanding the risks (or ‘what can go wrong’) in achieving these outcomes.

In the private sector this is predominantly around maximising shareholder value, whereas in the public sector it’s about ensuring public funds are expended effectively, efficiently and ethically. In more recent years, it has also been about a shifting construct where there is a greater delivery of services to achieve Government outcomes, not just objectives.

How should we think about risks?

Historically whenever I talked to organisations, the moment I used to ask someone what their risks were, there were inherently negative connotations. People would become defensive, which is human nature, and say they didn’t have any risks.

So, instead I look at how an organisation needs to do things and use the term: ‘What must go right?’  When you talk in a positive way about the things an organisation or business needs to do, before flipping that around and asking what elements could impact the business’ ability to meet those objectives, you quickly learn the things that can go wrong.

So how has that evaluation of risk been managed historically within government agencies, and has it evolved?

There has been a significant shift since early 2000 where the Federal Government is now much more involved with delivery of services around the country. So whether it is delivering services nationally itself, or continuing to work with State Governments, Federal Government Departments have a heightened awareness about the need to proactively manage key risks to ensure projects and programmes deliver their stated objectives and in doing so work towards delivering on Government outcomes.

The concept of risk is now being considered more as an enabler of organisational improvement and success.

That shift must have had an impact on the role of Internal Audit within Government. What developments came about as a result?

Internal Audit (and related assurance mechanisms) have traditionally been seen as ‘necessary’ functions, but more often than not, were not used to help drive organisational improvement.

A highly competitive professional services market in Federal Government, focused on price, rather than outcomes has often seen the Internal Audit functions being viewed as commodity-based compliance offerings.

As a result, there is a growing view across senior management that internal audit does not actively contribute to the management (stewardship) of an organisation. Consequently, they are losing relevance to other risk and compliance functions within the organisation.

Increasingly though, Federal Government clients are looking for a provider to:

To what degree has the internal audit function changed the profession and those who work within it?

There’s been a shift in the model to adding value and facilitating change. At Apis, we call it proactive assurance. It means the individuals in the profession have to evolve. Increasingly you can find yourself in a challenging situation being asked very challenging questions. You might not necessarily know all the answers, but you have to know where to look and be able to build a body of evidence behind a decision that you’re making or an assertion that you’re putting forward.

Therefore the onus is on us to work collaboratively with our clients, to provide foresight and an informed capacity to act on existing and emerging risks. And we would do this in order to make informed decisions that create and maintain a resilient, competitive and sustainable organisation.

What have these changes meant for your role personally and how you work?

The changes were one of the key reasons I moved to Apis. Having worked with Federal Government departments for over a decade, I realised they want more from their Internal Audit and Assurance providers. They want someone to work with them, rather than simply identifying what has gone wrong.

An opportunity exists to work with our clients to define and shape a proactive assurance offering that resonates with their senior management because it’s aimed at helping them deliver their outcomes.

At Apis, we have a truly unique offering that comes from the extensive experience working with clients to deliver change, and I believe the strength of our offering lies in our implementation experience – our proven ability to partner with our clients and gain buy-in to ensure success. Supporting this is our dedicated senior personnel with practical hands-on experience.

And that’s where Government is starting to see real value. Any number of consultants can come in and make sweeping comments and recommendations, but more often than not the report is parked on a shelf, even for significant pieces of advisory work. Agencies will just look at it and not know where to start. And that’s the shift in assurance. Clients are saying: work with us to implement this change and help us embed this change as it impacts our people (culture), our key business processes and how we better leverage technology.