• Cart
Log in

Log in

home page banner blank


Practice Guide to Auditing Oversight


Oversight Functions

Oversight bodies are created to fulfill specific mandates. The list in Table 2 defines the main functions exercised by oversight bodies to fulfill their oversight mandate. The functions are categorized according to the part of the Plan, Do, Check, Act management model they belong to. (While some of the functions may be exercised in more than one stage of the management cycle, the table has been simplified.)

Often, an oversight body needs to exercise many functions in order to provide adequate oversight of a single process. For example, boards of directors and other oversight bodies usually play many oversight functions in relation to corporate risk management. They can approve risk management policies, make decisions on risk tolerance levels, review risk profiles, monitor the implementation of risk assessment processes, and communicate information on corporate risks.

However, not all oversight bodies will exercise all functions. Each oversight body's functions are defined in its mandate. It is therefore important that auditors have a good understanding of the oversight mandate of the organization(s) they have decided to audit.

It is also important to note that even where there is no discrete, independent oversight body responsible for overseeing a major initiative, it can still be reasonably expected that the functions presented in Table 2 would have to be exercised somehow. In other words, all major initiatives should have effective governance and oversight. In such situations, auditors could use the oversight functions as a starting point to develop their audit criteria.

Table 2 – List of Oversight Functions

PLAN Functions
1. Planning Determining how and when oversight actions will be taken by the oversight body
2. Defining information Defining what information is needed by the oversight body to fulfill its responsibilities
DO Functions
3. Challenging Requesting an explanation or justification; calling into question
4. Advising Offering suggestions about the best course of action to adopt
5. Approving Officially agreeing to or accepting something as satisfactory (or in compliance)
6. Deciding Coming to a resolution after having considered relevant factual information and potential options
CHECK Functions
7. Monitoring Maintaining regular, systematic surveillance over a process, system, program, project, or service, and comparing performance against expectations.
8. Reviewing Formally examining or assessing some aspects of an organization with the possibility or intention of instituting change if necessary. This may include reviewing:
  • audit reports,
  • evaluation reports, and
  • investigation reports.
ACT Functions
9. Taking corrective actions Taking actions to correct an observed deficiency once its cause has been identified, either directly, by adopting a new rule or policy or amending an existing one, or indirectly, by ensuring that management effectively implements adequate measures.

In addition to the functions in Table 2, oversight bodies can play other important roles, including facilitating continuous improvement, setting the tone at the top, communicating key decisions, and indicating the preferred behaviour and values (through a code of conduct) that are to be adopted and demonstrated by an organization’s personnel. As with the functions listed in Table 2, these roles could be audited.