Norwegian Directorate for Civil Protection

Quality Assurance Through Auditing Ministries and Agencies OECD workshop, Oslo, Norway, 17 September 2014

Erik Thomassen Head of Unit; Analyse

Royal Decree 15 June 2012 Instructions for the ministries` work with civil protection and emergency preparedness, the Ministry of Justice and Public Security`s coordinating role and auditing function and central crises management

• Basic principles • Obligations and

responsibility in the field of Civil Protection on Government level

• The Ministry of Justice and Public Security`s coordinating role

• Audits of the ministries` civil protection work

• Central crisis management

Background • First audits were conducted in

2002 • Regular audits started in 2005 • Third round of audits is

ongoing now • The Ministry of Justice and

Public Security is the formal auditing authority

• Audits performed by DSB • Basis is requirements and

obligations in Royal Decree 15 June 2012

The Ministries` Basic Obligations

“The ministries´ efforts in the field of civil protection and emergency preparedness should be targeted, systematic and traceable and integrated into the ministry`s planning system, management systems and management dialogue with subordinated enterprises”

Issues in Audits

• Organization • Governance, structure of objectives,

follow-up of subordinated agencies and enterprises

• Overview of risks • Contingency plans • Exercises • Learning from events and exercises • IT-security

Method and Process • Preparations • Examination of documents • Official opening meeting with high rank officials and experts in

the ministry • Interviews in the ministry (number varies from less than ten to

more than 30 depending on ministry`s significance) • Interviews or meetings in subordinated agencies • Final meeting, report presented • Ministry responding to the report • Final report submitted from the Ministry of Justice to the ministry

subject to audit • Follow-up-plan presented to the Ministry of Justice • Findings in audits presented to the Cabinet • Follow-up meeting(s)

No Formal Sanctions

• Lack of compliance with the standards in the Royal Decree is not met by any kind of formal sanctions

• The auditing regime is basically an internal governmental control system

• Up to now the Minister of Justice have in some cases notified a cabinet colleague that his or her ministry fails to live up to the standards required

• However the hidden threat of losing reputation both within the government and in the public may have some effect

• Audits of safety & security issues also performed by Office of the Auditor General, who reports to Parliament (fewer – and not systematically)

Reports now open to the public

• The Government have decided that new audit reports as of April 2014 will be open to the public

• The first public report was the report from the audit in the Ministry of Justice and Public Security

• The Government has also decided that findings in all reports should be presented to the Cabinet

“Butchering the contingency work in the Ministry of Justice”

Status

• Audits have developed over time. More structured, more focused. Reports more explicit.

• Auditors well received in ministries – their report in some cases to a lesser extent

• Auditors have been given access to all relevant documents – even internal and classified ones

• Many interviewees are relatively outspoken • Remains to be seen how the ministries will react knowing

that the report will be publicized

Does Audits Work?

• All ministries have improved their performance in the field of safety and security since 2005 – some more than others

• The extent of causality is difficult to assess • Experience from events, exercises and the increasing

general awareness in society of the importance of safety and security issues do also play a role

• Audits must be regarded as part of a toolkit

How Does It Work?

• Audits puts safety and security higher on the agenda both for ministers and in the civil service

• Enhances a common standard across ministries and sectors

• Actuates processes in the ministries towards a more systematic approach to risk and crises management

• Instigates tidying operations before the arrival of the auditing team

Audits as Part of a Learning Process

• A presumption for continuous improvements is systematic evaluation, identification of faults and weaknesses and designation of improvement measures

• Learning from events and exercises is essential • Scrutinizing internal systems and routines on a regular

basis is equally important • An external investigation like an audit may strengthen

other learning processes apart from being a basis for learning in itself.

Limitations and Challenges I. Are Ministries That Important? • If the aim is to make Norway a more resilient society, are

ministries the right place to focus? • Agencies, municipalities, public and private enterprises

are the ones running the country on a daily basis • County Governors audit municipalities. Regulators audit

enterprises • Audits in ministries have been extended to encompass

government agencies, but auditing them is challenging. No common standard as in the ministries. Need for expertise in auditing teams

Limitations and Challenges II. Difficult to Assess Ability • Audits focus on systems and documentation • Systems are important, but not sufficient • Ability is achieved through knowledge, skill and

motivation • Assessing motivation and leadership is challenging • Documents and systems may some times be

produced primarily to satisfy auditors

The 22 July Commission's Conclusions

• The ability to acknowledge risk and learn

from exercises has not been sufficient • The ability to implement decisions that

have been made, and to use the plans that have been developed, has been ineffectual

• The ability to coordinate and work together has been deficient.

• The potential inherent in information and communications technology has not been exploited well enough.

• Leadership's willingness and ability to clarify responsibility, set goals and adopt measures to achieve results have been insufficient.

Strengthening Audit`s Influence on Motivation and Leadership

• Sanction Based Motivation – Informal sanctions are

strengthened: • Findings in audit reports

presented to the Cabinet by the Minister of Justice

• Reports are now open to the public

• Inner Motivation • The emphasis put on

audits in the Government visualizes expectations and importance of safety and security issues

Current Development and Way Forward

• Audits are to a larger extent differentiated. More attention given to ministries with responsibility for core functions in society, less to others

• Guidelines for ministries based on Royal Decree will be revised – making obligations more distinct

• Reports are increasingly explicit in concretizing deviations from the standards of the Royal Decree

• More standardized reports – a better basis for benchmarking

Conclusions

• Audits must be regarded as part of a toolkit

• Audits may strengthen a process of continuous learning

• It is challenging to assess and influence motivation and leadership

• Audits will probably have a stronger impact on motivation, leadership and ability in the future – given the emphasis the Government puts on it – and the fact that reports from now on are open to the public

erik.thomassen@dsb.no