Oversight— Toolkit for Political Finance Institutions

Overview

What Is Risk?

Fundamentally, risk is uncertainty of outcome. Risks are described in terms of the potential events that could impact on your intended outcomes, together with the potential causes and effects. The situations you encounter as you deliver your work inevitably contain a degree of uncertainty, and in aiming to fulfill your objectives there is a chance that various things could happen that could cause you to fail. The consequences when a political finance oversight body fails to deliver are significant. Not only will your institution lose credibility but also confidence in the integrity of the electoral system could be undermined. The “things that could happen” constitute risks, and you should seek to manage these to optimize your chances of a good outcome. Risks can stem from a wide variety of sources, such as change, legal challenge, financial factors, and errors.

For an example of the risk management approach by the U.K. government, see its “Orange Book.”

Oversight of political finance can be a particularly risky endeavor, as it includes overseeing and potentially seeking sanctions against powerful political actors who have the power to alter the legal mandate of any public institution tasked to oversee political finance.

Why Should We Manage Risk?

Good risk management allows you to:

• Have increased confidence in achieving desired outcomes.
• Effectively constrain threats to acceptable levels.
• Take informed decisions about opportunities and changes.

Some level of risk is inevitable and no successful organization can be completely risk-averse. For example, the server supporting your e-filing system may go down or you may fail to identify a potential breach of the political finance law when reviewing a campaign finance election report. It is important to realize that risk management is not about attempting to eliminate all risk. Rather, it is an approach to your work that enables you to consider risk whenever you are making decisions, beginning a new piece of work, or performing day-to-day tasks. For example, you might have considered server failure when developing your e-filing system and made provision for a backup server in the event of such a contingency. Or you may have included a secondary review of campaign finance reports to guard against the potential risk of failing to identify breaches. Risk management should be an intrinsic part of your organization’s governance, integrated into the way you work and the way you think. It should not be an extra process.

Evaluating potential uncertainties in the course of things is preferable to having to manage unexpected impacts—a risk-based approach will in the long run save you time, as it will reduce the number of unexpected issues that arise.

What Elements Make Up Risk Management?

Risk management starts with a good risk culture—an awareness across the organization that this is important. Risk management should be seen a positive approach that can enable you to identify and assess risks during planning, and to learn lessons when issues have arisen, so that risk management in relation to future, similar, situations can be improved. Openness, constructive challenge, and willingness to learn from issues should be promoted across the organization.

You may also find it useful to enshrine your approach to risk in a formal risk management framework.

Other elements include risk identification and assessment, and a risk register to record the information. A risk register is an important way of capturing the main risks you face, and the controls you have in place to help you mitigate them. The risk register also enables you to share this information regularly with your board and to have a clear view at any given time of the relative status of your risks and controls.

Components

Risk Management Framework

Your risk management framework should set out your approach to risk management, including the methods you use to identify, record, and manage risks. It should also state how you have culturally embedded risk management as a way of thinking about all aspects of your work. Your board should have oversight of the risk framework and should decide the overall level of risks that the organization is willing to take—this is referred to as the risk appetite.

Your risk framework should also indicate how risks can be escalated within the organization; that is, included in onto the risk register, regardless of where they are first noticed and who has noticed them. Risk management is a collaborative endeavor and requires the involvement and understanding of all of your staff.

In larger organizations, risk management may happen at team level as well as at corporate level. It is important that you are clear about your own approach and ensure that the different levels of risk management are coherent and can speak to each other—for instance, an operational-level risk identified within one team may take on more prominence and need to be escalated onto your corporate risk register for a period of time.

When introducing risk management into your organization, it may be helpful to establish an internal risk management group to assist with risk process development, awareness raising, internal training, and ongoing implementation and monitoring. It may also be worth appointing a senior manager as your “risk champion” to ensure that risk management becomes an embedded cultural norm.

Risk Identification

Risk identification may occur through general day-to-day recognition of new risks, but it is also a good idea to conduct a regular review. It is usually sufficient to do this exercise internally, but you may also benefit from commissioning an external risk review from time to time (perhaps in relation to individual electoral events).

A workshop involving a diverse range of staff will give you a wider and more comprehensive view of your risks. A good place to start is your corporate strategy, since risks should relate to objectives. Consider what the potential risks to delivering your objectives might be.

It may also be a helpful prompt to consider some common categories of risk, and to use the PESTLE model to consider external risk factors that may have a bearing on your work (see Risk identification tool.pdf).

Risk Statement

Risks should relate to objectives: What are you trying to do? What might happen that could get in your way?

You will find that you have some generic risks with the potential to affect all of your objectives—for instance, cybersecurity threats, financial risks, or staff capacity and capability risks. Other risks will relate to a particular objective.

Once you have identified your risks, consider carefully how to state each one. The risk is the potential event leading to an impact, not the impact itself. However, you should also specifically state what the potential impacts would be if the risk occurred. Make sure your risk statements are not simply the opposite of the objective (failure to achieve the objective). You need to state precisely what could cause you to fail.

For instance, if your objective is to catch a flight to get to an important conference, your risk statement should not say “failure to arrive in time.” A correct statement could say: “Missing my flight makes me late, with the effect that I miss all or part of the conference.” This risk is clearly stated and can be controlled, for example, by ensuring that you set off in plenty of time for the airport.

In the world of political finance regulation, an example of a risk statement might be: “We may anger powerful politicians by taking strong enforcement action against them, resulting in accusations that our oversight body is politically biased and should be abolished.” The control mechanisms could include publishing a clear enforcement policy, having written procedures in place for staff to follow, and implementing solid communication and stakeholder engagement strategies.

A useful formula for writing your risk statements is:

• There is a risk of X (an event), caused by Y (a causative element), resulting in Z (the impact on your objective).

Risk Assessment and Scoring

The likelihood and impact of the risk materializing should be considered for each risk. It is also useful to think about the inherent (raw) risk and compare this to the residual risk:

Inherent risk is the exposure arising from a risk before any action has been taken to manage it.

Residual risk is the exposure arising from a risk after effective controls have been put in place to manage it.

It is common to use a 1–5 scoring system for the likelihood and impact of each risk, where 1 is very low likelihood or impact and 5 is very high likelihood. One score is multiplied by the other to get an overall risk score, which can then be rated as low, medium, or high (see Risk scoring matrix.pdf).

Using the example of the risks arising from taking strong enforcement action against powerful politicians, you might rate the likelihood at 4 with the impact of the risk at 3. This would give an overall risk score of 12, which would rank as a high risk.

Scoring risks is not always an exact science—for instance, it is easier to make a quantitative judgment about a financial risk compared to a reputational risk. The quality of the conversations you have about each risk, and the effectiveness of the control measures you put in place, are more important than the score.

Similarly, the score itself is not the end of the story. For each risk you should also consider what level of risk would be acceptable (sometimes called the risk tolerance or risk appetite). This will vary from risk to risk, and will depend partly on what degree of risk your organization is willing to accept, since risk-taking is sometimes essential when pursuing ambitious outcomes. In the example of taking enforcement action against potentially powerful politicians, one could argue this is an inherent risk in overseeing political finance regulations and that failure to act because of that risk would undermine the institution’s legitimacy. As such, it is within your risk tolerance.

If your residual risk score exceeds the tolerance you have set for the risk, you will need to consider further controls. It is also worth noting that your residual risk score should be lower than your inherent risk score since effective controls should reduce the score. If this is not the case, it is worth looking again at your inherent and residual risk scoring, and reviewing whether the controls you have listed are relevant.

Risk Controls and Mitigations

Controls to lessen the likelihood or impact of the risk should be added to your risk register, and each control should have a clear owner who will ensure the relevant actions are taken. There are four main ways of managing risks—known as the “Four Ts”:

• Tolerate the risk—in other words, the organization can live with this risk, and you will put no measures in place to mitigate it.
• Treat the risk to constrain it to an acceptable level by taking actions that reduce either the likelihood or the impact.
• Transfer the risk—for example, you may be able to take out insurance against the risk or to move the risk to an external supplier.
• Terminate the activity giving rise to the risk, thus removing the risk completely.

Typically, most controls will be aimed at treating the risk. In the enforcement action scenario, there are a number of controls that could be instituted to reduce the risk. As noted earlier, you could publish an enforcement policy that sets out the criteria used when taking enforcement action. You most certainly will want to have written procedures in place to guide staff in their work and require staff to declare any possible conflicts of interests in matters assigned to them. Good stakeholder engagement will enable you to convey how you work and your commitment to impartial decision-making. And a well-considered communication strategy could help deflect the impact of accusations of bias and counter the calls for the institution’s abolishment.

Once you have identified controls for each risk, these should be reviewed and evaluated regularly for effectiveness—an activity known as risk assurance. Your reviews should consider the status of the controls listed and should include fresh consideration of the residual risk score against the tolerance level you have set for the risk.

The frequently used term “three lines of defense” refers to the different levels at which risk management activities occur within an organization.

• First level: management and internal control measures, owned and implemented by management.
• Second level: risk management or oversight functions that ensure effective risk management is in place.
• Third level: internal audit, independent from management, to evaluate how effectively the organization is managing its risks.

There is also external assurance, which sits outside of the organization—for instance, external auditors or independent regulatory or accreditation bodies that provide scrutiny.

These levels of risk management may be useful to bear in mind when you are considering what controls you could put in place to manage each risk.

General Risk Register

Your general risk register should be a living, dynamic document that is regularly reviewed and updated. The design of your risk register is a matter of choice, but it should contain:

• Delineated, well stated risks, and information about the possible causes and impacts of the risk materializing.
• An inherent risk score for each risk, assessing the likelihood and impact of the risk if no controls were in place.
• A list of the controls or mitigations in place for each risk.
• A residual risk score for each risk, assessing the likelihood and impact of the risk with effective controls in place.
• A tolerance score (or risk appetite) for each risk, stating the level of risk the organization is prepared to tolerate without instituting further controls.
• An owner for each control.

You may also choose to add some management commentary about the current status of each risk, especially when submitting the latest version of your risk register to your board or audit committee for consideration.

Risk should be removed from the register (or marked as closed) once the risk has passed or the level of risk has decreased to a very low level. Some organizations remove risks as soon as they reach a “low” score (4 or less); however, if your organization’s risks are volatile, it may be wise to retain low-scoring risks for a period of time in case the score increases again.

For an example of a general risk register template (see Example of risk register layout.xlsx).

Overview of Performance Management of Operations

What Are Performance Management and Performance Measurement?

Performance measurement is the regular monitoring of metrics that an organization has decided are useful. The purpose of the measures is to enable management to discern whether the delivery of objectives is progressing smoothly, and to have oversight of whether the relevant internal processes that contribute to delivery are functioning effectively. If any of the measures are not on track, management can then consider whether any intervention is needed to bring about improvement and to manage performance against set objectives, based on the performance measures.

The agreed set of performance measures (usually stored in a document or spreadsheet) is sometimes referred to as a “scorecard” or “balanced scorecard.” The raw data collected from month to month is analyzed and used to generate management reports.

Performance management occurs when decisions are made, actions taken (which may include a decision to continue with no change where the data indicates all is proceeding as planned), or new goals set, based on consideration of the latest performance data.

Why is Performance Management Useful?

In short, what gets measured gets improved. Monitoring and analyzing performance is an important way of measuring effectiveness. It helps you to detect and understand problems and identify improvements.

Some fluctuations in performance over time are natural and inevitable. Minor fluctuations may come and go, but they should still be monitored so that you notice any emerging trends. Understanding the reasons for the fluctuations can yield valuable information that leads to improvements that make performance better or more stable. Major fluctuations will probably be obvious, with or without measurement, but armed with some proper performance data you will be able to understand what is going on more readily. Longer, slower changes over time may not be apparent at all if data has not been collected, which could mean performance gets worse without any action being taken.

Monitoring your metrics will provide insight, flagging up when something has changed so that you can investigate why it is happening and work out what to do to improve performance. It can also tell you if a particular measure is no longer valuable and perhaps should be replaced.

What Does Performance Management Involve?

It involves:

• Identifying and crafting a good set of indicators that support objectives.
• Setting up a performance scorecard tracking system.
• Regular measurement and recording.
• Management commentary and reporting.
• Regular controls to ensure that performance data is being reported by staff accurately and consistently.

Although you will want someone central to run the system and ensure that tracking, reporting, and data quality checks occur, the wider organization will need to commit to providing the raw data and giving management explanations for fluctuations on a regular basis. It is important that staff contributing to the performance management system understand what they need to do, why it is valuable, and why accuracy and consistency are paramount.

 Setting Key Performance Indicators (KPIs)

It is important first to identify what is, and what is not, meaningful to measure. There are many things you can measure—the question is whether they are worth measuring. Will doing so tell you something valuable? And if the measure does not achieve its target, is there anything you can do about it?

For instance, counting the paperclips in your stationery cupboard will not tell you anything useful about the efficiency of your stationery ordering system. Even if there are too many or too few paperclips in the cupboard at the time, counting them will not tell you whether something has gone wrong with the ordering system or whether there are any trends in the number of paperclips available. And knowing the number of paperclips will not have any substantive effect on your ability to achieve the goals set out in your strategy.

The starting point for determining the right key performance indicators should therefore be your strategy, rather than making a list of “things you can measure.” Your KPIs should relate as directly as possible to your goals. You can find more information about KPIs here and here.

For instance, let us suppose you have just launched a new website with extensive guidance on the rules governing political finance and information about the activities you undertake. Let us further assume that your goal is to ensure that as many people as possible are aware of the website and can find the excellent information you are providing there. You will want to know how well you are doing in working toward that goal. So you could set a KPI to track your progress, with a target of achieving, say, at least 500 new home page views per month. The number of unique page views is measurable and useful to collect. That way, when you promote the new website on social media in a given month, for example, you will be able to measure the difference between the number of page views before you publicized the website, the number of page views afterward, and how long the positive impact of your efforts lasted. You will also be able to see when you are not achieving your target and should do more, or something different, to promote the website to a wider audience.

Another KPI for political finance oversight institutions might be the percentage of annual financial reports political parties submit on time. This type of indicator serves a dual purpose. First, it ties into goal of promoting transparency of political finance. Second, it demonstrates that you have some responsibility for getting parties to comply with the law. Your stakeholder outreach, training, and guidance efforts should help bolster a higher level of compliance with reporting requirements. If you fail to reach the KPI of percentage of reports filed on time, then you may need to consider what improvements you can make in assisting parties to understand and meet the filing deadlines.

Other examples that might be relevant for political finance oversight institutions include:

• The speed at which data is processed, checked, and published; for example, in the context of supporting transparency by publishing information about donations or spending.
• The percentage of positive responses from stakeholder surveys; for example, measuring whether your training helped stakeholders to understand their responsibilities, find information, or complete forms.
• The achievement of key milestones or adherence to budget for key projects; for example, the introduction of a new system.

There will also be some functions within your organization that are vital to the delivery of all of your objectives, regardless of what they are—for example, your finances and budget and your workforce, without which you will not be able to deliver anything. So you will also want to establish some KPIs around those—for instance, to monitor your balance figures and your staff turnover or sick leave.

It is also possible to set performance measures that are future-focused, relating to the future realization of objectives—for instance, “By X date we will produce publication Y.” These measures function rather like the milestones you would set when planning out a project—as markers along the route from A to B. Such performance measures, sometimes referred to as objectives and key results (OKRs), would only be retained for the duration of the objective they relate to.

In comparison, KPIs are normally long-term, and relate to the quality of ongoing delivery rather than to reaching short-term objectives.

It is perfectly permissible to have both types of measure in your scorecard.

For information about how to design effective performance metrics, see Hints and tips guide.pdf.

(to KPI template and test tool.pdf)

Types of KPIs

There are many types of KPIs. The main ones are listed below to help prompt your own thoughts about what would be useful in your own organization:

Lead Indicators

A lead indicator is a measurable variable that influences your future success.

For example:

• If you wanted to get fit, a good lead indicator might be the number of hours you spend in the gym each week.
• If you wanted to make sure chief financial officers know the rules they should adhere to, a good lead indicator might be the number of them attending training workshops.
• If you ran a building site, the percentage of people wearing hard hats would be a lead safety indicator.

Lead indicators can be useful if there are certain measurable prerequisites for success. However, they are forecasts of success rather than standalone indicators of success, so they should be used in balance with other indicators that measure actual outcomes. For instance, spending three hours per week in the gym will not, on its own, guarantee that you get fitter; neither is it the only factor in getting fit. You would need to measure your actual fitness in some way to know for sure, but spending that time in the gym certainly makes it more likely that you will become fitter overall.

Lag Indicators

A lag indicator shows actual performance after the event.

Using the examples from the paragraph above, good lag indicators might be:

• The number of minutes you can run on a treadmill or the number of push-ups you can do in one go.
• The number of annual reports submitted by the deadline.
• The number of accidents on your building site or the number of accidents resulting in injury.

Lag indicators are generally more numerous and easier to identify. They are a good way of measuring performance over time and of detecting the impacts of change (for example, a new process).

Input Indicators

Input indicators relate to the resources available to you for reaching an objective. They are measures of the availability of resources, or a way of tracking the efficiency with which you are using the resources, and they are especially used in large projects.

Some examples would be staff time, budget available, or the rate at which materials are being used up.

Output Indicators

Output indicators are often used to measure the delivery of products or outcomes.

Examples include financial surplus or profits, the number of people helped, the number of training courses delivered, or the number of leaflets distributed.

Process Indicators

Many of the KPIs you set will relate to the performance over time of a particular system or process. For instance, how long it should take to complete a particular process from end to end; for example, resolution of IT support tickets or handling of complaints.

The data collected can help to show whether any aspects of the process could be more efficient, or might require additional attention or resource. These indicators are also useful for spotting externally or internally driven changes that are impacting on your processes, so that you can address them.

KPI Tracking

After agreeing what your KPIs should be, you will need to establish a system for collecting performance data.

First, it is vital that the staff who will be responsible for providing the data are given a good understanding of how it will be used and why it is important. It is also important that any necessary training in how to source and report the correct indicator data is provided, so that you have confidence in the data supplied.

Team managers should also be involved, since they will need to provide some management commentary alongside the data to provide context and explain the data. For instance, if you are tracking a KPI about the response time to public enquiries and this is below target in a given month, it would be helpful to know if a particular issue that month resulted in twice the usual number of enquiries, explaining the dip in apparent performance.

You will need to provide somewhere for people to put their data. This is usually done in a spreadsheet, with one staff member taking on overall management of the spreadsheet and reporting. This performance manager can then prompt other staff to supply their data on a monthly basis (or any other agreed reporting frequency), and they will review the data provided and turn it into a regular management report for your senior team and/or the board.

Ideally, the person responsible for running the system should be numerate and capable of using a spreadsheet; for example, working with formulas and performing common sense checks on the validity of data entered. It will be necessary for them to have a deep understanding of the KPIs themselves.

Periodic controls should be done, comparing the information provided with the source data for each KPI, to check that the staff responsible for entering the data into the tracking spreadsheet have been doing so consistently, accurately, and from the correct source. Mistakes can lead to misinterpreting performance, and they can also be embarrassing; for instance, if retrospective corrections have to be made to board performance reports.

(Performance tracking spreadsheet.xlsx)

(Model performance report.pdf)

Management Commentary and Reporting

You may track as many KPIs and OKRs as you wish, but it is best to try to limit the numbers. Pick those that tell you the most valuable information. A suggested limit would be 12 KPIs and 5 OKRs.

After receiving raw data from teams around the organization on, say, a monthly basis, a report summarizing the latest performance data should be produced for review by the senior team and/or the board.

This report should include an executive summary highlighting key performance information—for example, consideration of any indicators on which you are currently performing poorly (red indicators)—and any new indicators or adjusted targets since the last report.

For your most important indicators, it may be useful to include a graph showing performance trends over, say, the last six months, alongside management commentary to explain or highlight any variations or dips in performance.

You may also sometimes need to make recommendations for actions to improve performance, since this may require changes to processes or additional resources, and such changes may have other implications that need to be considered at senior level.

What Is Stakeholder Engagement and Why Is It Important?

Political finance regulation is of interest to many stakeholders, and not all of their interests will be the same. For example, political parties and candidates may not share the same interest in transparency as civil society organizations, and academics may have a different perspective on what constitutes adequate transparency than that held by journalists. Political finance regulators need to understand different stakeholder perspectives to reach the best decisions. This will sometimes involve compromise, and not every stakeholder will be satisfied every time with the decisions taken.

Understanding stakeholder views is, therefore, vital and is primarily achieved through engagement. From the outset, stakeholder engagement should be viewed as a two-way process. It enables you, as the oversight institution, to communicate key messages to stakeholders, and it provides you with a means to get input from them that can make your job easier and/or more effective.

Stakeholder engagement can be defined as “the systematic identification, analysis, planning, and implementation of actions designed to influence stakeholders.” It is a structured process used to achieve a better understanding of the different perspectives, needs, and motivations of those with an interest in your organization. This understanding can then inform how best to engage with each stakeholder. The importance of solid stakeholder engagement should not be underestimated for political finance oversight bodies, as it can be an effective tool to:

• Help ensure high rates of compliance by those who must comply with the law.
• Increase visibility and educate voters about money in politics and how it is regulated.

• Garner support from government sources for resources or changes in the law.
• Promote good working relationships with other public institutions.

How To Develop a Stakeholder Engagement Plan?

The first step is to undertake a stakeholder analysis—a technique used to identify who is affected by the oversight institution’s work and how best to engage with them. This process will help you think about how to:

• Gain support of key people/groups or minimize their opposition.
• Draw on their input to make your work more successful.
• Allocate your time and efforts.

The second phase of developing a stakeholder engagement plan consists of using the results of the stakeholder analysis to prioritize which stakeholders warrant the most of your attention. Those who rate as having both the greatest interest and the greatest influence will be the stakeholders you need to focus on the most. By contrast, those who have the lowest level of interest and the least amount of influence may only require minimal, but regular, contact.

Having prioritized your stakeholders, you will need to come up with a plan for how to engage with each one of them. In developing the plan, it is important to learn more about each stakeholder’s interests, what they want from you, and the type/method of engagement that suits them. It is also relevant to consider how they can help/harm your work overseeing political finance and, having done so, to assess what type of information you wish to share with them. Finally, it is good to consider whether to formalize your engagement arrangements. There are a variety of ways to do so ranging from a formal memorandum of understanding (often used when the stakeholder is another public body) to regular meetings (often used with political party panels).

In addition to your general engagement plan for key stakeholders, it can be very beneficial to develop stakeholder engagement plans for specific projects or events. Such targeted plans help ensure that you consider all key stakeholder issues arising from the specific project or activity in question (see Stakeholder engagement template.pdf and Hypothetical stakeholder engagement plan.pdf).

Undertaking a Stakeholder Analysis

The first step is to identify your stakeholders. Ask yourself:

• Who is influenced/affected by the work of the oversight body?
• Who has influence/power over you?
• Who is interested in what you do?

There is no one set of answers to these questions that will apply to all political finance oversight institutions. However, it would be likely that these questions would generate a list of answers that would include political parties, candidates, and other regulated entities; civil society organizations; media and investigative journalists; ministers and parliamentarians; academics; and voters. These are just examples and you will definitely want to add to and subtract from this list depending on your situation.

The second step is to consider each stakeholder’s role by asking yourself:

• How is each stakeholder affected by your work?
• Why are they interested in your work (for example, what motivates them)?
• What influence do they have over you?
• Who are your natural supporters and who are your key challengers?

The third step is to chart your stakeholders on the following grid according to their respective levels of interest and power:

Having plotted out your stakeholders on the grid based on their influence over your institution and their level of interest in your work, you can begin to prioritize the level of engagement each requires, using the grid below:

It is tempting to think your job is done once you have set your strategy, developed your corporate and operational plans, and undertaken the scheduled work. However, there is another very significant step to undertake—to review what has transpired and assess where improvements can be made. In addition, there are other avenues to explore including learning from the experience of other political finance institutions, undertaking training programs, and seeking assistance from international organizations.

Internal Reviews

Internal reviews can greatly enhance your internal accountability, and in planning such reviews you can benefit from referring to the IFES Autonomy and Accountability Framework. The type and scope of internal review undertaken should be commensurate with the activity and its importance in delivering your objectives. For larger, more significant projects such as the development of a new e-filing and reporting database, you will probably want a more formal process. Formal reviews might entail:

• Establishing a review committee involving representatives from various departments within your organization.
• Writing terms of reference for the committee that sets out the scope, methodology and timeline for the review.
• A mechanism for the committee to report on its findings and recommendations.

Not all reviews need to be undertaken on such a formal basis. Some can be done on a team basis; for example, a systematic review of the process for receiving and controlling election finance reports could be undertaken by staff members and managers within the political finance unit. Again, guidance should be provided to staff about why they are undertaking the review (for example, to assess what worked well, what could be improved) and what areas they should focus on.

In addition to systematic reviews, where an entire work process is looked at in detail, you can review internal procedures on an ongoing basis through quality audits. These audits allow you to assess whether current procedures are being followed or need to be improved. In some cases, staff may have failed to understand the procedure; in others, the procedure may need to be altered and improved. For more on quality audits, see What Are Quality Audits and Why Conduct Them?.

External Reviews

In many countries, there are state audit offices that undertake reviews to ensure public institutions are delivering value for money. It may be worthwhile to propose an area within the political finance unit’s remit for such a review. There are also commercial companies whose services can be retained to assess the development, testing, and rollout of large technical projects. In either case, having an outsider perspective on your operations can be informative. To make such an exercise worthwhile, you will have to dedicate sufficient effort and time to educate the external reviewer about what you do, why you do it, and how you do it. Otherwise, their findings and recommendations may not be well-founded or meaningful.

Training Programs for Staff

As detailed in the section on ensuring appropriate resources to deliver the oversight institution’s role, the political financial oversight role requires staff with a variety of skill sets and experience. It is unusual to be able to recruit staff who have all the ideal skills and experience. This can be addressed by ensuring ongoing training and learning opportunities for staff.

Examples of staff training options include:

• Tailored programs in specific areas such as financial audits, investigations, and guidance delivery.
• A guest speaker series featuring presentations by local experts in related fields; for example, academics who specialize in elections, former election campaigners, or representatives from civil society organizations.
• A monthly session where staff are encouraged to share and discuss their experiences on a given work-related topic or theme; for example, assessing the valuation of in-kind donations, a recently closed investigation, or a problematic review of an annual report.

Participation In or Creation of Regional Networks

It is useful to access peer support from other organizations and networks around the world or in your region. Some networks may only be just starting to address political finance issues, but your involvement can help shape the dialogue and give prominence to this area.

In some parts of the world, political finance practitioners have formed associations to share knowledge and experiences. For example, the Council on Government Ethics Law (COGEL) is a professional organization for government agencies and other organizations working in ethics, elections, freedom of information, lobbying, and campaign finance. Although its membership comes predominantly from North America, membership is open to entities from around the world. COGEL collects and publishes data on campaign finance regulation and holds annual conferences.

There is no reason why political finance oversight institutions in other regions cannot come together to explore common issues and challenges. It will require some effort to organize meetings, whether in person or virtual, but the rewards can be immeasurable. Being the political finance regulator can be a lonely and challenging role and connecting with others who occupy similar positions in other countries can foster solidarity and a valuable exchange of experiences and lessons learned.