Malaysia is getting a name for the wrong reasons.
We see more cases of corruption in governance, mainly in the public sector, and more waste and losses in implementing programmes, projects and contracts. Lately, we stand accused of labour abuses in the plantation industry.
The political leaders, including the prime minister, heads of the civil service ministries and departments, including the anti-corruption agency chief, have all expressed publicly their great concern over these developments.
I outline below some suggestions on how to improve governance in the public sector, with the adoption of financial reporting procedures and practices already approved for use in the corporate sector. The suggestions are simple, with no need for new legislation.
By creating internal mechanisms with certifications to enforce ‘identifiable’ accountability, we can curb corruption and abuses of public funds.
Sure, corruption is also a problem in the private sector, but the checks and balances put in place by Bursa Malaysia, the government, investors’ interest in returns(!) and the ever-active Auditors Board ensures a more rigorous discipline over governance and management-related issues in companies, especially the listed ones.
The revelations in the auditor general’s annual reports over the years have been a source of public disquiet.
Let’s look at the Auditor General’s Report on Compliance – Federal Statutory Bodies, in particular the audit report on compliance for August 2020. This 136-page report on the audit of several specially selected projects and programmes brings to light the seriousness of the situation we are in.
Please read the executive summary on each of the programmes and projects. These spell out clearly – in subdued Malaysian-style language – the seriousness of the findings and their implications for governance in the financial management of the public sector.
The audit report for 2019 (series one) on the activities of federal ministries and departments and federal statutory bodies comes to 658 pages – and this is only series one. The conclusion lays out many issues arising in the planning, execution and monitoring of activities, programmes, projects and procurement. It also spells out, in restrained Malaysian style, the many reasons for these issues.
The concept of governance in its totality, as demanded in the corporate sector, does not seem to be in the picture in the public sector. These points have been the subject of many discussions in professional bodies elsewhere.
Is there a risk management guideline issued to ministries and departments? None that I know of until 2006.
There is a Bursa statement on risk management and internal control, issued in December 2000, and guidelines on adequate procedures.
Section 17A of the Malaysian Anti-Corruption Commission Act 2009 was recently amended to include the corporate liability of Malaysian commercial organisations for corruption offences.
On 2 December 2020 the FCPA Blog, an international website on anti-corruption compliance and enforcement, carried an article titled “Individual compliance certifications are more important than you think”.
The website’s primary focus is compliance with and enforcement of the US Foreign Corrupt Practices Act. Topics covered have included developments and trends in international anti-corruption enforcement. It has dealt with the effects on government institutions and society, and how government enforcement polices affect international relations and global investment practices.
This gave me an idea how this concept of certification can be developed to meet our requirements.
Let’s be clear at the outset: we are talking about certifications executed by employees and other applicable individuals. (The other major type of compliance certification – by third party experts certifying a company’s programme efficacy – is not the issue here.)
This is something that is not being done, though it is implied and understood to be a requirement in the standard operating procedures by all the authorities – such as the PM’s Department, the Ministry of Finance, Mampu and the Public Service Department.
Certifications should be made at the start of any work, programme or contract. They should also be made as evidence of monitoring, changes or variations to these programmes and projects, and purchases of tests over the period of the activities.
Payments, for whatever purpose, and periodic verification of progress payments and the progress of the work under supervision until completion should also be certified. Sometimes, the need to verify and ascertain later must also be considered.
We have to review the standard operating procedures issued by the Ministry of Finance and other authorities to include certification as a crucial component. Officers responsible for making payments can and must be held responsible for all disbursements, whether direct payments, deductions or transfers.
Why certify? The primary purposes of certification:
- To prevent and detect of wrongdoing
- To provide an invaluable way of focusing employees’ minds on their duties and responsibilities
- To prevent personal misconduct
- To serve as an alert to the risks of wrongdoing by others
And who should certify? Generally speaking, all employees of an organisation should be required to execute compliance certifications. Under some circumstances, it may be acceptable to exclude low-risk employees. However, all managers and control personnel should be included, in all cases.
If the organisation does not require certifications for all employees, it should base its decision on a risk assessment or programme governance document.
When does the need for certification arise? Upon commencement, approval, variations, inspection (routine or otherwise) of programmes, contracts, projects and purchases, and during inspections. The certifications should be documented and safely retained for auditors and management to inspect.
The certifications should typically attest to the employee’s ‘promise’ to follow applicable laws, rules and the code of conduct. The certifications must make it clear that employees need to report any violation that has taken place. It should include an acknowledgement and agreement to abide by the anti-corruption code of the entity.
Certification requirements are often presented to employees on a standalone basis, but the recommended practice is to have them embedded, specifically in codes of conduct. Controlling officers should be given letters of appointment detailing their duties and responsibilities.
Kanason Pothinker is a former assistant auditor general of Malaysia, who was directly responsible to the auditor general for the planning, audit and reporting on all statutory bodies, both at federal and state levels. His career spanned 33 years from July 1959 to January 1992, and he was credited with introducing performance auditing in the Audit Department. In 2005-2006, he headed a team to review financial management policies and procedures in the public sector