The public sector faces expectations for good governance, regulatory compliance, and risk management just like any other industry. Indeed, given the heightened attention, public agencies get because they serve the public and spend taxpayer dollars, in many ways the public sector faces higher expectations for governance, risk, and compliance than private industry.
Today, we’re going to cover frequently asked questions around governance in the public sector and what best practices indicate good governance.
What do we mean by the public sector?
When we say “the public sector,” we mean government agencies that deliver services to the public directly; other businesses paid by the government to deliver services to the public; and the elected officials throughout various levels of government that manage these services.
In practice, these services can include the military, basic infrastructure (roads, highways, sewers, electrical grids, telecommunications), public transit, public education, healthcare, the legislative bodies that adopt laws and the courts that adjudicate disputes, and much more.
How can corporate governance be applied to the public sector?
In the public sector, good governance consists of policies, procedures, and internal controls to assure that the agency in question delivers its intended outcomes from citizens. That also means the agency clearly identifies those objectives it’s supposed to achieve, and achieves them while obeying relevant laws and regulations at all times.
Corporate governance technically refers to businesses in the private sector, but many principles of corporate governance apply equally to both public and private sectors. These include accountability, transparency, ethical business operations, and use of performance measures so stakeholders can evaluate performance.
Are there specific ‘good governance’ considerations for the United States versus other countries?
Yes. Most developed nations have governance codes for their public and private sectors, such as Britain, New Zealand, Australia, and members of the European Union. The United States is no exception.
For example, the federal government has extensive ethics rules for employees of public agencies, and requirements such as anonymous internal reporting hotlines so that employees can raise allegations of improper spending or an abusive work environment. The federal government also has voluminous rules about bidding on government contracts, including requirements that contractors can provide assurance over the effectiveness of their cybersecurity programs.
State and local governments also have their own ethics and compliance requirements, so the total amount of good governance requirements is considerable.
How is risk related to governance?
As previously mentioned, good governance is about providing goods and services to the public, while conforming to ethics and compliance obligations. Risks to that goal abound. Agency leaders might fail to perform their duties well, employees might commit misconduct, or business operations might not happen according to legal and regulatory requirements.
A public agency’s compliance program aims to mitigate those potential risks. That, in turn, allows the agency to be managed in accordance with good governance principles.
Broadly speaking, the compliance program should help the agency to:
- Achieve the agency’s objectives;
- Meet regulatory requirements from any applicable laws, regulations, and other rules; and
- Prevent officials from abusing their roles at the agency to serve their own interests.
What are the principles of good governance?
1. Leaders should act with integrity, a commitment to ethics, and high regard for the rule of law.
Not only are local government and other public sector entities accountable for their budgets; they must also display good stewardship through their financial performance.
This means being held to accountability standards dictated by legislative bodies, and being subject to audits of financial and operational performance at any time.
2. Keep stakeholders informed and engaged.
Good governance means being transparent with all stakeholders, consumers of government services, taxpayers funding public agencies, and lawmakers enacting objectives that agencies must fulfill. Communicating clearly, promptly, and in good faith is critical.
3. Define all objectives, including financial, social, economic, and sustainability goals.
Public agencies serve many constituencies, and they often have missions with no fixed conclusion. (For example, public schools and the armed forces are never “finished” with their work.) Given those fundamentals, it’s important for a public agency to define its objectives, so that all stakeholders understand why the agency is taking whatever specific steps it’s taking.
Moreover, clearly defined objectives help to assure that any public procurement process (that is, the agency spending taxpayer money to do things) stays within the confines of ethical standards and serves the agency’s mission and goals.
4. Define organizational structure and leadership to enforce accountability.
Public sector entities should have a hierarchy in leadership to assure that the organization can meet its objectives, and to enforce policies and procedures meant to check unethical behavior by appointed individuals. The leadership structure should include personnel who know how to audit governance.
5. Define the risk management strategies necessary to avoid straying from intended outcomes.
Risk management strategies for the public sector include implementing the right level of supervision and accountability so that all decisions are made according to ethical standards and in pursuit of defined objectives.
Risk management should also include monitoring and oversight by relevant governing bodies (say, a legislative committee or a board of trustees); and a system of internal control over financial reporting to enforce financial discipline, proper allocation of resources, effective service delivery, and accountability.
6. Support transparency and accountability through reporting and auditing.
Public sector governance should include regular reporting of the agency’s activities; and audits of financial and operational performance. Such steps help to assure that an agency’s leaders are held to high standards of accountability. Public sector entities should always be prepared and ready to answer to an audit committee or auditor general on their activities.
Frequent internal audits and effective record-keeping and documentation are the only way to ensure that a public sector entity is always prepared for an audit request.
How ZenGRC Can Help With Your Public Sector Governance Strategy
Security and compliance risks within the public sector are significant. Public sector agencies face numerous compliance obligations, such as the Health Insurance Portability and Accountability Act (HIPAA) for personal health information or the Gramm-Leach-Bliley Act for financial information. Agencies must also meet significant regulatory requirements such as the Federal Risk and Authorization Management Program (FedRAMP) for cybersecurity risk management, and state laws on consumer privacy and breach disclosure.
With ZenGRC, you can leverage one platform for all your compliance, audit, risk, governance, and policy management applications. ZenGRC provides your compliance teams with a single, integrated experience that reveals all risk across your business.
ZenGRC simplifies audit and compliance management with complete views of control environments, easy access to information necessary for program evaluation, and continual compliance monitoring to address critical tasks at any time.
Worry-free public sector governance is the Zen way! Learn more by scheduling a free demo today.