Efficient central government in digital Finland: Digital processes will boost the efficiency of public administration but will require functional internal control and risk management

When public administration is efficient, we can achieve more with our shared funds. Digitalisation offers a variety of opportunities to renew and boost central government; the opportunity to standardise and automate administrative processes, in particular. In this series of articles, we describe – based on our audit information – which issues should be considered when starting the digitalisation of public administration. The observations are based on specific audits, but the same principles can be applied to broader administra-tive reforms.

Central government entities are being digitised and automated at different paces

When digitalising administrative processes, a justified target state is the automation of routine administrative tasks to free up resources for other duties. When public administration is being digitalised, good risk management and internal control are paramount, however, because digitalisation involves material risks. This is to prevent financial losses and promote general trust towards public administration.

The progress of the development of data systems and digitalisation in public administration has varied. Some of the government entities have already proceeded fairly far. The Finnish Tax Administration has been at the forefront in terms of the development of data systems and digitalisation in central government. Its goals include increasing the degree of automation in taxation and handling all of its taxation duties with less personnel resources. Standardisation and automation of duties levied by the Customs has also gone a long way: the automation of excise duty collection is functional, for example. The situation is the poorest in the case of government agencies that use very old data systems which are too primitive for the current needs. In many cases, there are also deficiencies in their internal control.

From the perspective of central government finances, the key risks of digitalisation include compromising the goals and doing things sloppily at a low price. The costs estimate has been exceeded in the case of many a central government data systems project. Some projects have had severe problems, others have been significantly delayed and yet others have not been realised at all. Another type of risk is failing to change anything and continuing with the old high-risk data systems.

Functionality of internal control and risk management will be determined when developing processes, functions and data systems

Central government finances and central government, which operates under the Government, create a whole. This enables the development of efficient processes and comprehensive arrangement of internal control. Functional internal control will ensure that the organisation complies with laws and regulations, as well as its own instructions and goals, and that the organisation’s risks remain at an acceptable level. It will adapt to its changing operating environment and produce information to support decision-making and management. Functional internal control is also needed to make the automated processes efficient in practice.

Central government finances have experienced many changes in the 2010s, and will continue to experience more as digitalisation expands and becomes deeper. Standardised customer service processes, regulations and data systems will support the efficiency of public administration. The ongoing development will clearly change the arrangement of internal control and risk management in public administration as well. If we fail to ensure good risk management and functional internal control, we risk significant errors and malpractice. They can cause major financial losses and undermine general trust towards public administration.

When carrying out reforms, however, there is the risk that we only focus on one important goal – such as flexible services – and fail to sufficiently emphasise the general legal principles of public administration and functional internal control. The internal control perspective has often been overlooked in financial and HR administration reforms, for example. Risks have not been considered to a sufficient extent when reforming the operations, and internal control processes have been dismantled or not taken into use at all because of the pressure to be profitable. On the other hand, there are also examples of projects where the efficiency of routine control measures that were previously carried out by hand has been improved by using robotics.

Whether internal control and risk management become functional is resolved when developing the processes, functions and data systems. In the case of a large project, the opportunities and risks involved should be systematically investigated. This is why internal control and risk management should always be an integral part of the planning of operations, and a successful reform merges them with the customer and efficiency viewpoints.

Digitalisation will boost internal control and risk management, but also involves new risks

Digitalisation allows for more efficient and more affordable internal control and risk management. For a long time now, data systems have made processes and control measures more efficient and reliable than manual processes and measures. Automated processes and work stages will continue to promote this development. A simple example of this is the checking of numbers: a robot is much faster and more reliable in this task than a person.

Another example of the benefits of digitalisation in the arrangement of internal control is the development of the processing and automation of data. This offers an opportunity to merge and analyse large bodies of data to investigate broader issues. In future, verifying the correctness of the information on which subsidy decisions are based will be easier, for example. Analyses of large bodies of data will also be beneficial in the prevention of the shadow economy.

Digitalisation brings with it new risks, some of which are difficult to manage. The disadvantages caused by errors and misconduct may be much larger and more veiled than before. We often hear news about huge security breaches, for example. This development requires new kind of competence and a new way of thinking from the parties active in public administration. We can only respond to the risks involved with digitalisation with the means offered by digitalisation – by applying automated control measures and by digitalising our processes well.

Significance of management is pronounced

Internal control and risk management are part of management. Only responsible management will lead to functional internal control and risk management. Large corporations consider efficient internal control part of their corporate governance. This is an issue in which there is room for improvement in public administration. Good internal control and risk management will ensure that the general public trusts the public administration.

Good management is all about trusting people – this is natural. However, internal control cannot be built on blind trust and functional control measures cannot be abandoned. The system consisting of internal control and risk management must be built as part of management by identifying and assessing risks, deciding how to react to the risks, building controls and testing the controls, and then relying on the control system functioning as intended.

When digitalising administration, it is important that the decision-makers have a shared view about the digitalisation process and that the decision-makers are committed to developing internal control and risk management alongside the development of management and the operations of the entire organisation. Public administration uses public funds, and the risks involve the use of these funds, which is why the internal control methods that are used in SMEs, where the owner carries out the internal control and bears the risks involving its own finances, cannot be used. Public administration is liable for the use of the funds to the taxpayers. The ongoing development will not change this fact.


The article is based on the following audits:
Current state of internal control and risk management in central government (13/2017)
Risk management and continuity of operations in central government (20/2018)


Other articles in this series