VARSTVOSLOVJE, Journal of Criminal Justice and Security, year 22 no. 4
pp. 390-427
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police1
Branko Lobnikar, Kiara Roposa
Purpose:
The paper presents the findings of a study conducted on a sample of internal control providers within the Slovenian police as part of the target research project "Effectiveness of Systemic Control of the Police in Regard to Human Rights as well as the Statutory and Professional Standards of Police Work (V5-1942)". The purpose of the study was to analyse the control activity in the Slovenian police from the viewpoint of those carrying out control procedures. We were interested in their view of the control process and, through the interviews, we analysed the opportunities and shortcomings of the control activity within the Slovenian police in relation to systemic control conducted by external stakeholders.
Design/Methods/Approach:
We examined the regulatory framework of control activities in the public sector and in the police and presented the approaches used across Europe. In the empirical part, we conducted structured interviews with employees at the state level, namely with the employees tasked with carrying out control procedures in the General Police Directorate, the Criminal Police Directorate and the Uniformed Police Directorate, and we also conducted interviews with two superintendents at the Police Directorate level. We conducted a total of seven interviews.
Findings:
The research found that audits, whether carried out by the Ministry of the Interior or by the Police auditors, are seen as a vital element of the management of a police organization. The interview subjects emphasized the role of the heads of police units - both from the point of view of planning internal control activities and translating the findings of the audits into police practice. The dissemination of audit findings can be ensured through the digitization of police work processes; interviewees expressed the need for a systematic solution that would allow them to test the competencies of police officers.
1 The article was written as a part of the targeted research project V5-1942 „Effectiveness of systemic control over the police in the field of respect for human and legal and professional standards of police work". The project is carried out by the Faculty of Criminal Justice and Security of the University of Maribor and co-financed by the Public Agency for Research of the Republic of Slovenia and the Ministry of the Interior.
390
Branko Lobnikar, Kiara Ropoša
Research Limitations/Implications:
The article presents the findings from the point of view of the employees responsible for carrying out control activities within the Slovenian police. For a more complete overview of the matter, our findings should be compared with the perspective of those who are the subjects of the control activities, i.e. the police officers who have undergone the control process. The findings of the research are useful primarily for the purposes of planning the processes related to the management and administration of police work and from the point of view of improving the quality of police work.
Originality/Value:
The paper examines how the employees responsible for carrying out the control activities perceive their own work and how the processes involved in the control of police work are organized, how they function and how effective they are.
Keywords: audit, internal control, police, police powers, Slovenia UDC: 351.741(497.4)
Pomen in ocena učinkovitosti notranjega nadzora v slovenski policiji
Namen prispevka:
V prispevku predstavljamo ugotovitve raziskave, ki je bila na vzorcu izvajalcev notranjega nadzora v slovenski policiji izvedena v okviru Ciljnega raziskovalnega projekta »Učinkovitost sistemskega nadzora nad policijo na področju spoštovanja človekovih ter zakonskih in strokovnih standardov policijskega dela (V5-1942)«. Namen raziskave je bil analizirati nadzorstveno dejavnost v slovenski policiji skozi perspektivo izvajalcev nadzora, ugotavljali smo odnos do nadzorstvene dejavnosti, s pomočjo intervjujev pa smo analizirali priložnosti in pomanjkljivosti nadzorstvene dejavnosti v slovenski policiji v odnosu do sistemskega nadzora, ki ga opravljajo zunanji deležniki.
Metode:
Pregledali smo ureditev nadzorstvene dejavnosti javnega sektorja in policije ter predstavili pristope v evropskih državah. V empiričnem delu smo izvedli strukturirane intervjuje z uslužbenci na državni ravni, in sicer z nadzorniki z Generalne policijske uprave, Uprave kriminalistične policije ter Uprave uniformirane policije, in z dvema vodjema na ravni policijskih uprav. Skupno smo izvedli sedem intervjujev.
Ugotovitve:
Raziskava je pokazala, da se nadzori, pa naj jih izvajajo nadzorniki iz Ministrstva za notranje zadeve ali Policije, dojemajo kot ključni element za učinkovito vodenje policijske organizacije. Udeleženci razgovora so poudarili vlogo policijskih vodij - tako z vidika načrtovanja dejavnosti notranjega nadzora kot tudi prenosa ugotovitev nadzora v policijsko prakso. Implementacijo
391
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
nadzorstvenih ugotovitev v neposredno policijsko delo je mogoče zagotoviti z digitalizacijo policijskih delovnih procesov; sogovorniki pa so izrazili tudi potrebo po sistematični rešitvi, ki bi jim omogočila preverjanje kompetenc policistov.
Omejitve/uporabnost raziskave:
V prispevku so prikazane ugotovitve z vidika izvajalcev nadzorstvene dejavnosti v slovenski policiji. Za celovit pregled področja bi bilo koristno primerjati ugotovitve z vidikom nadzorovanih, torej nadzorovanih uslužbencev policije. Ugotovitve raziskave so uporabne predvsem za načrtovanje procesov vodenja in upravljanja policijskega dela ter z vidika krepitve kakovosti policijskega dela.
Izvirnost/pomembnost prispevka:
Bistvena dodana vrednost prispevka je, da osvetljuje pogled nadzorovalcev na njihovo lastno delo ter na urejenost, delovanje in učinkovitost procesov izvajanja nadzora nad delom policistov.
Ključne besede: nadzor, notranji nadzor, policija, pooblastila, Slovenija UDK: 351.741(497.4)
1 INTRODUCTION
In 2019, the Slovenian police employed 8,189 police officers, while in the current year, the police entered into 303 employment relationships, and 260 police officers terminated their employment for various reasons. On average, a Slovenian police officer was over 43 years old in 2019, and the Slovenian police spent EUR 378 million in the course of conducting their work that same year (Ministrstvo za notranje zadeve, Policija, 2020). In 2019, the Police received a little over half a million calls to the emergency number 113, processed 54,867 criminal offences of which more than half were investigated, police officers processed 335,843 traffic violations, 33,565 public order violations, 16,143 illegal border crossings and 11,150 persons handed over to Slovenian police officers by foreign security authorities. Police officers issued 48,384 warnings for minor offences, 269,196 penalty notices and 14,802 decisions in expedited proceedings, and filed 12,157 accusatory instruments. They carried out 169 protections of domestic protected persons abroad and 50 protections of foreigners visiting Slovenia. 11,607 preventive activities were carried out, and in 404 cases the Special Police Unit was deployed, and members of the SWAT Unit intervened in 77 emergencies (Ministrstvo za notranje zadeve, Policija, 2020). In 2019, police officers used instruments of restraint on 7,610 occasions in 3,479 cases against 3,945 individuals. In 2019, 395 general, professional and follow-up audits regarding the work of police officers and police units were carried out. Members of the public filed 358 complaints against the work of police officers, and seven of the complaints heard before the complaints panel were found to be substantiated. Most irregularities and shortcomings in the work of Slovenian police officers were identified during audits in 2019 in the area of management and decision-making in minor offences proceedings. Audits were also conducted in the area of material and financial operations, crime detection and investigation, maintenance of public order and the general safety of people and property, as well as organizational matters.
392
Branko Lobnikar, Kiara Ropoša
1.1 Control over the police
Police oversight is a complex process involving many stakeholders. The police are very likely the most controlled state repressive body in Slovenia, with functioning judicial, parliamentary and independent oversight, such as the oversight of the ombudsman and the information commissioner. An important part of police control is also exercised by the prosecutor's office through the guidance of police work and by the Ministry of the Interior through strategic guidance and professional supervision. In February 2019, the Prosecutor General and the director-general of the Police signed a cooperation agreement between the Department for the Investigation and Prosecution of Official Persons Having Special Authority of the Specialized State Prosecutor's Office of the Republic of Slovenia [hereinafter SSPO] and the Police, which sets out the rules regarding mutual cooperation and exchange of information between the signatories to the agreement. The agreement between the institutions is the culmination of ten years of work and the realization that timely mutual exchange of information is the basis for both bodies' rapid response and effective functioning. In 2019, the police referred to the SSPO 112 reports on reasonable grounds for suspicion that 110 officials employed by the police had committed an offence for which the perpetrator is prosecuted ex officio. Over the last ten years, an average of 74 such reports were filed against 72 officials (Ministrstvo za notranje zadeve, Policija, 2020).
Since the methods of police control are diverse, and we analyze them from different perspectives in this issue of the current journal, in this paper we will narrow the analysis only to those controls performed by police chiefs within a police organization. We will call it internal control. Police are generally perceived as the front line in public security provision by the state and thus the security provider that the public most frequently encounters in their daily lives. To fulfil their mission, police hold special powers that - within the frame of legally defined circumstances - temporarily allow police to limit the exercise of fundamental rights, deprive people of their freedom, and use force, including lethal force. Because of their powers and their proximity to the public, how the police fulfil their duties has a direct impact on security for individuals and communities and the character of the state (DCAF, n. d.). Internal control of police service is key to ensuring its smooth functioning. A well-structured internal control system may help in detecting and preventing corruption and unlawful behaviour among police officers. The goal of the control is to ensure that the police service operates in line with its purpose, and that its work results in an improved reputation of the police and more efficient and responsible officers (Bajramspahic, 2015; DCAF, 2019). Given the central role of the police in service provision to the population, its direct interaction with the public and the powers that are typically conferred to the police, it is vital to ensure that police officers adhere to high standards of quality and behaviour in their work. Internal control can help ensure that these standards are met, thereby preventing inappropriate behaviour or practices, abuse of power and corruption. Ideally, the work of an internal control body should be complemented by independent external oversight mechanisms (Hanin, 2014).
393
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
The tasks carried out by the internal control vary (DCAF, 2019): (a) when it comes to administration and operations: the internal control assesses whether the goals of the service, of a certain unit or a certain operation, have been met; (b) when it comes to security: the internal control checks if the police undertook all the necessary precautionary measures with a view to securing a risk zone or location, while in the police itself it checks whether confidential data have been protected; (c) when it comes to the legitimacy of the actions taken by a police officer, the internal control investigates: whether the measures undertaken were legal and proportionate, whether the relevant procedures have been followed; and (d) when it comes to ethics, the internal control stimulates and promotes the respect for values, norms and ethical rules applied in the service.
Internal control is a sensitive topic since it can lead to the questioning of certain practices that are deeply rooted within the traditions and culture of the police. Improving internal mechanisms to monitor peers, identify abusive behaviour of police officers, including the highest-ranking ones, is not an easy task. Integrity and professionalism are core values that are essential to ensuring effective internal control.
This paper consists of an analysis of the control activity in the Slovenian police from the viewpoint of the employees responsible for carrying out control activities. We were interested in their view of the control process and, through the interviews, we analyse the opportunities and shortcomings of the control activity within the Slovenian police in relation to systemic control conducted by external stakeholders (Ministry of the Interior) and bring attention to content that should be addressed in the future in the light of the findings of the interviews.
1.2 Police internal control in Europe
We begin with an outline of the control mechanisms employed by the police in European countries (Dzhekova et al., 2013). In Belgium, the main tasks of the internal control departments include supervising the operation of the local police service and all the employees of the local police with the exception of the Directorate-General, cooperating with special investigation departments, the prosecutor's office and the ombudsman, as well as investigating complaints regarding the work of the police. In 2001, Belgium changed its approach to the implementation of internal control over police work so that the new system became a management tool for guiding everyday police work (Faion et al., 2013). The organizational system of internal control thus comprises five interrelated and interdependent components, namely (a) internal environment or control environment, (b) risk assessment and management, (c) control activities, (d) information and communication, and monitoring or assessment of the internal control system (Bajramspahic, 2015). Belgium uses two approaches to ensure integrity: (a) a monitoring approach to verify the unethical conduct of police officers and to monitor police procedures, relying on the law and on a strict Code of Conduct for Law Enforcement; and (b) a stimulating approach to strengthening ethical behaviour based on providing support to police officers in responding to problematic situations. This approach involves various workshops
394
Branko Lobnikar, Kiara Ropoša
and training initiatives. The Permanent Committee for Police Monitoring (Comité P) was established in 1991 as an expert body that assists the Federal Parliament in monitoring the work of the police and assessing the use of police authority. It became fully operational in mid-1993. As is the case with the Inspectorate General, it is an external body vis-à-vis the police and is independent of the police. The goal of the external oversight is to verify how police tasks are performed (Bajramspahic, 2015).
In Austria, delinquency audits in police organizations are provided by a specialised audit unit - the Bureau of Internal Affairs, which must be distinguished from internal audit procedures; internal audit is not a part of the PIC - public internal control system (European Commission, 2011). The function directly responsible undertakes to provide for specific implementing measures within a fixed term of no longer than 12 months. Within the fixed term, this function is required to present a report to the internal audit. The implementation/failure to implement the approved measures is monitored and reported quarterly to the minister and the secretary-general. If fraud and/or irregularities are identified during an audit, the Bureau for Internal Affairs of the Ministry of Finance is notified. This bureau initiates a separate investigation. The two investigation processes run in parallel and are coordinated. A clear separation exists between a financial inspection and an internal audit. In the sense of a single audit concept, an internal audit is distinctly higher than an internal financial inspection. On the one hand, an internal audit takes into account the financial inspection results when creating the annual audit plan and when performing the individual audits.
Regarding the oversight of police in Austria, the Federal Bureau for Internal Affairs (BIA) was established. The BIA is an autonomous agency of the Austrian Federal Ministry of the Interior that operates outside the traditional law enforcement structures. In its capacity as an independent organizational unit that is not bound by instructions regarding the cases it handles, it conducts security and criminal police investigations in cases of corruption or suspected malpractice by public officers. In such cases, the BIA co-operates directly with the competent public prosecutor's offices and courts. The BIA conducts investigations nationwide and, given its sphere of responsibilities, represents a centre of competence for all other security services. Other important tasks performed by the BIA are training programmes and the prevention of corruption. In addition to organizing and conducting courses, seminars and advanced career coaching programmes at the Austrian Security Academy for their colleagues from the Ministry of the Interior, BIA staff members have repeatedly been invited to give lectures at national and international educational institutions and conferences. The BIA acts as the Ministry's contact point for all anti-corruption matters and delegates staff members to Austrian and international meetings of experts. Furthermore, it interacts with several local government bodies, NGOs and interest groups involved in anti-corruption activities (OSCE, n. d. a). Shooting incidents are investigated by the Cobra Special Forces.
In Bulgaria (European Commission, 2011, 2014), managerial accountability/ responsibility is the foundation of the public internal control system. In accordance with the law, internal control is established as an integral process of
395
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
an organisation's activities and is carried out by the organisation's management and employees. Internal control consists of five interrelated components — control environment, risk management, control activities, information and communication systems and monitoring according to the law. An internal audit is a managerial tool for monitoring. Managerial responsibility is legally delegated to politically elected persons such as ministers, mayors or other managers. Chief secretaries carry out administrative and managerial activities assigned to them by managers. On the other hand, managers at lower levels of the organisation also have managerial responsibilities (e.g. all other senior employees such as directors of directorates and heads of departments). They are obliged by law to report to their seniors on the internal control established in the units and structures they manage. Top managers are allowed to delegate managerial responsibilities to subordinate managers. Any such delegation does not relieve top managers of the responsibility for implementing the powers delegated. Therefore, top managers request periodic reporting on the implementation of delegated powers via direct communication with subordinate persons in managerial positions and lower-level officers.
The internal audit activity is carried out by an internal audit unit, which comprises a manager and internal auditors. These persons report directly to the manager of the organisation for which they work. The manager of the organisation bears the responsibility for ensuring the independence of the internal auditors when planning, carrying out and reporting on the internal audit results. The appointment or dismissal of the head of internal audit is carried out by sanction of the minister. The internal audit unit reports directly to the manager of the organisation, which ensures the internal audit's functional and organisational independence. The law also sets out the minimum internal audit areas on which the internal audit unit is to report to the manager of the organisation and, if such exists, the audit committee. The internal auditors are obliged to report immediately to the manager of the organisation whenever indications of fraud or irregularities are identified. They also make proposals for taking steps and notifying the competent authorities. If the manager of the organisation fails to take any steps within 14 days of notification, the internal audit unit notifies the competent authorities and, if such exists, the audit committee (European Commission, 2011, 2014).
The Ministry of Internal Affairs of Bulgaria is the main governmental body tasked with enforcing laws and protecting public order in the country. It serves as an overarching authority for four directorates tasked with different areas of responsibilities: National Police General Directorate, General Directorate for Combating Organised Crime, Border Police General Directorate and Fire Safety and Civil Protection General Directorate, as well as a Special Unit for Combating Terrorism (OSCE, n. d. d). Oversight of the General Directorate Border Police activities is exercised by two Directorates: the Inspectorate Directorate and the Internal Security Directorate. In addition, the Secretary-General also has oversight responsibilities.
In Cyprus, the Internal Audit Service (IAS), an independent service headed by the Commissioner of Internal Audit, assumes the responsibility for carrying out
396
Branko Lobnikar, Kiara Ropoša
assurance and consulting activities (European Commission, 2011). The Internal Audit Service operates independently from the Audit Office, which is headed by the Auditor General. Internal Audit reports are always communicated to the National Audit Office. The findings of the audit service are taken into account when preparing the annual audit plan, and there may be an exchange of views in certain cases. However, there is no other interaction with the audit function. It is noted that certain ministries or departments have established internal audit/control functions which operate independently from the Internal Audit Service and report to the ministry/ department top managers. These services do not have a uniform structure or methodology. The Commissioner of Internal Audit is appointed by the Council of Ministers for a period of six years and reports to the Internal Audit Board. An audit report is prepared, which includes details of audit findings and recommendations covering measures to be taken by the auditee to address the weaknesses identified. Once the contents of the report have been discussed and agreed upon with the auditee, an agreed action plan is prepared, which includes details of recommendations as well as an implementation timetable.
The Internal Affairs Service of the Police became operational in March 2018, following the adoption of the Law on the Establishment and Operation of the Internal Affairs Service of the Police. The Internal Affairs Service of the Police is considered an autonomous Service under the Law. It reports directly to the Chief of Police while its powers are directly supervised by the Attorney General of the Republic. The main task of the Internal Affairs Service of the Police is to tackle the phenomenon of police corruption by preventing, investigating and prosecuting corruption offences committed by members of the Police. Regarding police oversight, the Professional Standards and Inspection Directorate (PSID) is established within the Cyprus Police. The mission of the Professional Standards and Inspection Directorate is the application of professional standards, with the improvement/upgrade of the internal practices and procedures that are followed by the members of the Police and the introduction and implementation of mechanisms for the prevention, inspection, detection and combating of deviant or delinquent behaviour by the members of the Police. Additionally, the Directorate carries out inspections for the purposes of establishing the effectiveness of both the general administration and policing system and the correct execution of police duties, according to the defined methods and procedures (Cyprus Police, n. d.).
In the Czech Republic, Internal audit (IA) serves as a critical and independent observer of the governance process of the chapter administrators. IA should provide the management authority of the chapter administrator with an analytical perspective on issues related to the methodical approach to risk management, control processes and governance. The internal auditor does so on the basis of its exceptional status (European Commission, 2011). Its audit reports must be completely independent of the opinions of top management, thereby making it clear that the IA system is not part of the administrative and financial services of a chapter administrator but reports directly to the management authority. IA regularly ensures that the chapter administrator abides by all the relevant legislation, that it has established effective management and control mechanisms and that it takes measures to avoid conflicts of interest, fraud and corruption. It also
397
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
regularly reports on the implementation of self-regulatory mechanisms through which the professional practice of IA is managed. Performance measurement and IA quality assurance follow standards, ethical principles and best practices. The top manager is responsible for meeting the objectives and for implementing the policies set by the management authority of a chapter administrator, who can be a minister at the level of ministries. Ministers are politically nominated. The hazy boundaries between political and administrative responsibility are a potential risk to maintaining continuity in the approaches of executives not only in the field of developing an adequate PIC by the chapter administrator but also in its implementation (European Commission, 2011).
According to previous legislation, external controls of the Czech Police corps were carried out by Police Inspection, a body of the Police charged with uncovering and investigating the crimes committed by Police officers and employees (Mares & Suchánek, 2015). The director of this Inspection force was appointed by the government and in organisational terms, the Inspection fell under the Ministry of the Interior. The establishment of the General Inspection of Security Corps was a significant step. This new department (although many employees of the abolished Police Inspection were transferred to it) brought a change in the approach to the investigation of offending members of selected security corps. Cases of offending Police officers have been newly investigated outside of the Police of the Czech Republic itself (Mares & Suchanek, 2015). The General Inspectorate of Security Corps (GIBS) (Generální inspekce bezpecnostních sboru) is a Czech independent government agency tasked with investigating crimes of the officers of the Police of the Czech Republic, Customs protection, Prison Service, inspection workers or civil employees of these institutions (GIBS, n. d.)
The Danish state (European Commission, 2011, 2014) has not set out a PIC (public internal control) framework in a separate document or in a set of rules. There is a clear framework for the responsibilities allocated to state institutions to ensure appropriate internal controls and management of the institution. Accountability is placed, to some extent, on the local institution, in particular through requirements for objectives and performance management, appropriation management and procedures for the approval of accounts. For this reason, internal control and accountability are closely linked. The Danish public sector is divided into ministerial portfolios, whereby each portfolio has a department with subordinate agencies and institutions, which together constitute a portfolio group. The minister bears the ultimate political responsibility for his/her portfolio. Powers of allocation and inspection have been delegated to the administrative level. Reporting and approval are based on a hierarchy that basically consists of central government agencies and departments. Reports are approved on a monthly, quarterly and annual basis. An internal audit unit may be organised by agreement between the minister concerned and the Auditor General. Normally, an internal audit will be part of the organisation as an independent staff function, reporting directly to the head of the institution. There is no requirement that an internal audit body must be a part of the organisation — it may also be an external auditor or audit firm which carries out the task, although this is primarily the case _in subsidised non-profit institutions, e.g. schools, and public enterprises which are
398
Branko Lobnikar, Kiara Ropoša
mainly financed by the state. Internal auditors report to the head of department, NAO and top management of the agency being audited. Internal auditors endorse the accounts and produce the auditors' statement, notes on the audit and any management letters. On concluding the annual audit, internal auditors produce a written report on the work they have done and conclusions that may be drawn from the report for the institution's management and the head of the department.
In the Nordic countries, the primary focus of external oversight is on individual accountability. In Denmark, the Danish Independent Police Complaints Authority (IPCA) was established in 2012. It handles investigations of criminal cases committed by police officers and considers and decides complaints of police misconduct. Headed by a council and a chief executive, the Police Complaints Authority exercises its functions in complete independence of both police and prosecutors. The goal of the independent complaints against the police as an independent authority is to help ensure legal security for all parties involved in the process of complaints against the police, maximize the confidence of both the public and the police in dealing with matters relating to the police and to ensure proper implementation and rapid procedures, including decisions on an objective basis. The IPCA carries out its tasks with high-quality service and efficiency, ensuring a high degree of accessibility for citizens, information dissemination and giving citizens an overview of the management of complaints against the police (IPCAN, n. d. a; n. d. b). Holmberg (2019) reports that complainants are dissatisfied with their experience with the system. The author argues that disappointment is related to the fact that the IPCA focuses almost exclusively on individual wrongdoing (rarely finding sufficient evidence to act), whereas complainants seek recognition and wish to hold the police organization accountable.
In Estonia, the concept of public internal control consists of the control environment, risk assessment, control activities, management of the information and communication process, and monitoring. Internal audit departments have been established in all ministries, and a person responsible for internal audit has been appointed in the state chancellery. The internal audit function is centralised at the ministry level in the governing areas of four ministries. The final managerial responsibility in the public sector is assigned to the head of the respective authority by law (who is politically appointed at the ministry level). As a rule, the sole management principle is usually applied in governmental authorities. The chain of responsibility is such that the lowerlevel manager is accountable to a higher-level manager. The delegation of responsibilities and liability and granting officials the rights necessary for them to perform their work duties are decided upon by the head of the organisation. Internal audit reports directly to the head of the authority, although the head of the internal audit function has the right to forward audit outcomes to other persons to ensure implementation of recommendations made during an audit. According to the standards, the head of internal audit has to design and implement a monitoring system for monitoring the implementation of recommendations submitted to the management. When fraud is discovered during an audit, the internal auditor has to inform the head of the authority first (European Commission, 2011, 2014).
399
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
The institution of the Chancellor of Justice is established by the Constitution of the Republic of Estonia. Under the Chancellor of Justice Act, with regard to issues of police authorities, the Chancellor is competent to verify the conformity of legislation with the Constitution and existing statutes (i. e. constitutional review competence) and to verify the activities of Internal control in Finland (European Commission, 2011, 2014) refers to procedures included in the agency's guidance and operating processes, organisational solutions and operating methods. Risk management has the same goals as internal control. Ideally, internal control and risk management procedures are integrated into the agency's usual planning, management and operating processes. The management of each agency is responsible for the arrangement of internal control, as well as its appropriateness and adequacy. The top management of an agency bears the primary responsibility for the arrangement and management of internal control, in the same way as it is responsible for meeting the organisation's targets and arrangement of related activities. The management carries out the measures necessitated by this responsibility by delegating tasks to various levels of the organisation in accordance with their management system. The internal control assessment can be implemented in different ways. It can be carried out through self-assessment by the management group, through decentralised self-assessment, through assessment supported by internal audit or through information gathering and assessment with assistance from an external specialist. Management at ministries and agencies are responsible for the due implementation of internal control and risk management processes. There is variation between ministries and government agencies in how internal audit is arranged. Many of the smaller agencies, in particular, do not carry out separate internal audits. In many agencies, internal auditing is a function carried out by one person. The agency's management decides on the organisational status of the possible internal auditing unit. Most commonly, internal audit is directly subordinate to a ministry or the senior officials of an agency. In this case, internal audit reports directly to top management and gets its powers from the top management (European Commission, 2011, 2014).
In Finland, the Parliamentary Ombudsman and the Chancellor of Justice can deal with administrative complaints against the police. However, the Ombudsman is considered more specialised in police matters (den Boer & Fernhout, 2008). In the Finish police, there are mainly two types of internal control: control of legality and internal/external auditing. The independence of these types of control is achieved through reporting lines (to top management bodies) and organisational autonomy (not attached to, and distinct from, operational activities) (GRECO, 2017). Regarding the control of legality, it aims at ensuring that all exercise of public powers is based on the law; it comprises the following measures: the handling of administrative complaints and citizens' letters submitted to the authority; investigations launched on the authority's own initiative; monitoring of the processing of personal data; inspections; reporting on matters related to the oversight of legality. The Ministry of the Interior draws up an annual report on the oversight of legality. As for internal auditing, it aims at a systematic assessment of the effectiveness of risk management, control and internal governance processes. It follows the principles of the respective internal audit charter developed by the
400
Branko Lobnikar, Kiara Ropoša
relevant body. The internal audit function does not have any operational power, nor a genuine decision-making power, although the recommendations emanating from the control performed are followed in practice. Internal auditing processes are supplemented by external audits developed by the Ministry of the Interior and private external auditors hired for this purpose at regular intervals (i.e. every five years). GRECO (2017) expressed concern as to the efficiency and effectiveness of oversight structures in the Police regarding the various irregularities (e.g. bribery, abuse of office, conflicts of interest, mismanagement of data, witness intimidation, etc.) occurred. The Finish Police are working on implementing changes, but it remains crucial that changes are not only restricted to that police station, or the particular division in that station where corruption occurred, but rather, that lessons are learnt from this episode and improvements are made to control the procedures of the entire organisation.
In France, the internal control system is based on accounting and financial processes. Therefore, internal audit activity was first developed in relation to the accounting and financial functions, and was afterwards extended to the budgetary area. A draft decree lays down the organisation and functioning principles of the internal audit system within the state administration. It establishes the obligation of implementing a risk management system based on the internal control and internal audit within each ministry and provides for an internal audit harmonisation committee composed of the heads of the internal audit function from each ministry (European Commission, 2011, 2014).
The rules of professional conduct governing the work of public and private security officials alike are set forth in various codes and charters. They cover such matters as professional secrecy and discretion, integrity, discernment, impartiality, respect for the population and rules governing the use of force. In France, the Defender of Rights is the authority in charge of ensuring these rules of good practice are followed (la Défenseure des droits; n. d.). All security officers are covered: national and municipal police officers, gendarmes, prison administration staff, customs officers, public transport surveillance officers, and private security service officials. Since September 2018, 44 territorial delegates in the field of security ethics are responsible for ensuring, through amicable settlement, the processing of files concerning refusals to register a complaint or inappropriate remarks concerning representatives of the police or gendarmerie. A person who believes that he or she has been the victim of a refusal to register a complaint or inappropriate remarks by a police officer or the national gendarmerie, can turn to the delegate of the Defender of rights who will directly deal with the matter through the mediation process or forward it to the territorially competent delegate (la Défenseure des droits; n. d.).
In Germany, top managers assume their responsibility for establishing an adequate internal control system by setting up and supporting an organisational control unit called the 'Interne Revision', hereafter internal audit. Managerial accountability is carried out by the head of the authority. The internal audit unit does not take instructions from top management when drawing up audit reports. After completing an audit, it immediately submits the final audit report to the management of the directly superior authority. The internal audit
401
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
unit reports directly to the management, which cannot transfer its competence to other offices in authority. The authorised officer is to report directly to the head of the department. Internal audits are carried out in all departments of the federal administration. There is no legal basis, but all departments follow the 'Recommendations for internal audits in the Federal Administration', produced by the Federal Ministry of the Interior in agreement with the other ministries. The internal audit unit does not accept duties that are outside the scope of internal audit but fall under managerial responsibility, including the implementation of rules to solve conflicts of interest. The internal audit unit takes suitable measures to ensure the quality of its work. These can include task-specific basic and further training, the exchange of experiences with other internal audit units and observing other internal audit units. The relevant ministries ensure the exchange of internal experiences, while the Federal Ministry of the Interior ensures the exchange of cross-ministerial experiences. There is no public certification procedure. Depending on their focus, the audits are carried out according to the following criteria in particular: legality, correctness, security, costefficiency, durability, usefulness/ effectiveness and impact (European Commission, 2011, 2014). Regarding police accountability, police matters normally fall within the competence of the different Länder. Therefore, the regional Committees on Petitions or Ombudsmen deal with them. There are also federal police with certain specific competences. Oversight over the Federal Police is exercised by the Federal Ministry of the Interior, for Building and Community. The Committee on Petitions of the Bundestag (Federal Parliament) deals with complaints against these federal police institutions (den Boer & Fernhout, 2008).
In Greece, the internal control system as the overall system of managerial and other controls, including controls of the organisational structure, methodologies, procedures and internal audit, is implemented by the administration on the operations of an agency in order to support the pursuit of its objectives in an efficient, effective and economical manner. Other internal audit services are the Inspector-Auditors' Body for Public Administration, the General Inspector of Public Administration, and the General Secretariat of Financial Policy of the Ministry of Finance (European Commission, 2011). The Inspector-Auditors' Body for Public Administration is responsible for carrying out inspections, audits and investigations, carrying out disciplinary prosecutions and referring the individuals responsible to the competent public prosecutor's office so that accountability is attributed, conducting audits on the assets of the employees of audited bodies, carrying out preliminary examinations or investigations at the request of the public prosecutor and collecting evidence for criminal or disciplinary prosecution. The scope of SEEDD (the Inspector-Auditors' Body for Public Administration) audits covers public services, legal entities of public law, first and second-degree local authorities, state legal entities of private law and public enterprises. SEEDD is headed by the Special Secretary of the Inspectors' Body of Public Administration, who holds political office. SEEDD is staffed by 80 inspectorauditors and employees of the Secretariat Directorate and carries out audits and investigations following orders independently issued by the Special Secretary or following orders by a minister, secretary-general of a region, the General Inspector of Public Administration, the Greek Ombudsman or the head
402
Branko Lobnikar, Kiara Ropoša
of an independent administrative authority. The General Inspector of Public Administration on his own initiative orders SEEDD and particular inspection and audit bodies to carry out inspections, audits & investigations on public services, legal entities of public law, first and second-degree local authorities, state legal entities of private law and public enterprises, monitors the action and progress of audits carried out by SEEDD and particular inspection and control bodies and evaluates their work, carries out audits, repeat audits and investigations into public services, legal entities of public law, first and second-degree local authorities, state legal entities of private law and public enterprises, and carries out audits on the annual financial statements of all inspection and control bodies. The General Secretariat of Financial Policy of the Ministry of Finance is responsible for public internal control. Its directorates will be responsible for carrying out its audit work, including internal audit procedures of the audited bodies and an evaluative assessment thereof. The conclusions of its checks, the evaluation of its findings and the assessment of the work of the internal control teams (together with the relevant recommendations) are contained in the directorategeneral's annual report (European Commission, 2011, 2014). In the Police, the Police Department of Internal Affairs was established in 1999 to stamp out cases of corruption within the Hellenic Police. It is located in Athens and its responsibility extends throughout the entire Greek state. This division operates under a special statutory framework and falls directly under the Chief of the Hellenic Police. Its investigation tasks are supervised by a Court of Appeal Public Prosecutor and it reports annually through its Head to the Institutions and Transparency Committee of the Parliament. It also co-operates with the Group of European States against Corruption (GRECO) (Ministry of Citizen Protection, n. d.).
In Hungary, control is carried out through the so-called "Regulation pyramid", which has a four-level structure. The first level consists of the regulation of the field of control through the operation of the Public Budgetary Organizations. This is where responsibilities for the establishment of internal control and for the development, operation, monitoring of the proper functioning of the control environment are defined, as well as risk management policies, competencies of the control activity, methods of communication and monitoring of the measures implemented. The second level is the government decree level, which includes the definition of the control environment, risk management measures, specific control activities, information and communication, and monitoring. The third level represents Internal control standards and Internal audit standards, and operates following the same organizational principles as the second level. The last level consists of the Internal control manual and the Internal audit manual. The essence of the internal control system as an integrated approach to corporate governance is that it covers regulations, procedures, functional methods and organisational structures aiming to achieve the objectives of management. Internal control shall prevent, detect and/or correct events that endanger such objectives. The head of the subordinated public budgetary organisations (PBOs) must report on the functioning of the internal control system of the PBO to the head of the budgetary chapter (i.e. line ministry), who reports directly to the Minister for National Economy about the internal control systems (including internal audit)
403
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
of the ministry and the subordinated PBOs (European Commission, 2011). Since 2010 the operational head of the ministry (as a PBO) is the Administrative State Secretary. The minister is the political manager. In the case of ministries, the Administrative State Secretary is responsible for the establishment of the internal control system of the ministry and for the accountability of the organisational unit managers. The internal auditor or the internal audit unit perform their duties directly subordinated to the head of PBO and report directly to him/her. The audit team leader is responsible for drafting the audit report and drawing conclusions. Internal auditors are responsible for the trustworthiness of the audit results. The Law on Internal Affairs provides that "internal control is performed by the police officer authorized to conduct internal affairs. There is a denial of police authority to the Internal Control and a claim that the Criminal Procedure Code does not recognize police officers of Internal Control as the police. This makes it impossible for the Department of Internal Control to carry out its work in a full legal capacity, especially when it comes to more complex crimes, like corruption and organized crime cases, to which police officers are not immune either. The advantage of the Internal Control in relation to the Criminal Police Department is having focus only on the work of the police, and thus the possibility of high specialization for work on these cases, while for the Criminal Police Department these cases are just one of many varieties of cases they handle. It is of uttermost importance to enable access of Internal Control to all the instruments for collecting data on irregularities in the work of the police and put all the legal possibilities provided under the Criminal Police Department at their disposal (Bajramspahic, 2015).
In Ireland, the internal audit function may be required from time to time to carry out special investigations and provide a consultative role to management. An internal audit report (called hereafter the Mullarkey Report) recommends that accounting officers should ensure that the internal audit unit, including the head of internal audit (who should not have other responsibilities), has sufficient status and access within the organisation to promote the unit's independence and to ensure follow-up on its recommendations. The Mullarkey Report recommends that each department and office has, by the end of 2003, a formally constituted audit committee (or in the case of small offices that cannot justify having a separate committee, they should have access to one, e.g. a committee that covers a number of smaller offices). Systematic risk assessment and management is becoming an increasingly important part of internal control, as identification and management of risk is seen as necessary to maximise the likelihood of achieving desired outcomes. As part of this process, formalised risk management is becoming an increasingly important element of the internal control framework in central government internationally (European Commission, 2011, 2014).
The Garda Síochána Ombudsman Commission deals with complaints against the police (or Garda) in Ireland (den Boer & Fernhout, 2008). The Garda Síochána Ombudsman Commission works side-by-side with other independent agencies, notably the Garda Síochána Inspectorate and the Policing Authority, as well as with the Department of Justice and Equality, to deliver on different elements of Garda oversight. The Garda Síochána Act 2005 (as amended) sets out the legal basis for the establishment and functions of the bodies. The Garda Síochána Inspectorate
404
Branko Lobnikar, Kiara Ropoša
was established in 2006. Its objective is to ensure that the resources available to the Garda Siochana are used to achieve the highest levels of effectiveness and efficiency in its operation and administration, as measured against best international practice. It does this by carrying out inspections or enquiries on the operation and/ or administration of the Garda Siochana. These can be done as a result of a request by the Minister for Justice and Equality, or by the Policing Authority, or on the Inspectorate's own initiative. The Inspectorate's other main function is to provide advice to the Minister and to the Policing Authority with regard to best-policing practice. The Policing Authority was established with effect from January 2016. It has a range of functions, including overseeing how the Garda Siochana performs its policing functions and ensuring that they use their resources in a way that achieves the highest levels of efficiency and effectiveness. The Policing Authority is responsible for putting a Code of Ethics in place, to set standards of conduct and practice for members of the Garda Siochana. They approve the Garda Siochana Strategy Statements and Policing Plans and setting priorities and levels of performance. They also make nominations for appointments, by the Government, to the posts of Garda Commissioner and Deputy Garda Commissioner, following a selection process undertaken by the Public Appointments Service, and appoint/ remove persons to/from the ranks of Garda Superintendent, Chief Superintendent and Assistant Commissioner. The Policing Authority is also responsible for reviewing arrangements for the recruitment, training and development of Garda members and civilian staff (Garda Ombudsman, n. d.).
The Italian public administration has not developed a legal basis for an internal audit in the strict sense of the term. Nevertheless, many of the tasks that are part of an internal audit, above all financial and accounting activities, are performed by the offices of the Ministry of the Economy and Finance (Central Accounts Offices and Territorial Accounts Units), with the aim of increasing the efficiency and efficacy of public expenditure. No laws or regulations refer to internal audits and no apparently equivalent terms indicate the function of internal audit in the strict sense of the term. Nevertheless, forms of internal audit are found in various bodies owing to the organisational independence that they are given by the regulatory set-up, which has enabled them to be given their own responsibilities and activities under their articles of association or through their standing rules governing the organisation of offices, responsibilities and activities pertaining to their functions. This function is performed in each body or administration by an independent evaluation body (individual or collective person) that is coordinated by a central committee known as the Independent Commission for the Evaluation, Integrity and Transparency of Public Administrations. Although the function of evaluation of public employees does not coincide with that of internal audit, there are some points in common: first of all, the independent nature of the body responsible, the scheduling of the activity that is the object of the control and the planning of the control. It is thus clear that the degree of independence of the internal auditor, where this function exits, varies according to the body, how it is set up and its size. In general, this function is assigned to a manager, who is assigned a department or structure that does not have any distinguishing features as regards its position
405
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
or dealings with the directorate or administrative board of the body, compared with all the other departments or structures. If, on the other hand, the functions of the internal audit were developed as part of an independent evaluation setup, greater independence from the body would obviously be assured. The offices for departmental control collaborate directly with the head of the department and they are coordinated by the independent organisms for performance evaluation (European Commission, 2011, 2014).
Pursuant to Latvian law, heads of bodies are responsible for organising the execution of the functions of the bodies and for managing administrative activities so as to ensure continuity, performance and legitimacy. The head of the institution is responsible for establishing, monitoring and improving the internal control system. The head of a body is an officer who is a civil servant or an employee of the body and who is appointed or employed on the basis of professional criteria. Internal audit in Latvia is an independent and objective activity of an internal auditor resulting in the auditor's statement or consultation aimed at improving the operation of the internal control system in a ministry or an authority. The internal audit unit is independent from other units of the body in planning its operations, carrying out internal audit and reporting the results of its operation. The internal auditor is not engaged in direct functions of the ministry or body, in the implementation of programmes and projects wholly or partially financed by the European Union or implementation of foreign financial aid, in the preparation of specific projects and programmes, or in the establishment of the internal control system. The internal auditor may be engaged in performing these functions in the capacity of a consultant.
Regulations of the internal audit unit are approved by the head of the body. Regulations of the internal audit unit specify the status, aims, functions, tasks, essence of consultations, scope of work, structure and rights and responsibilities of the internal audit unit. The internal audit unit submits reports on internal audits to the head of the body. Additionally, the head of the body specifies officers to whom the contents of internal audit reports are to be made known. The head of the internal audit unit must ensure that the contents of internal audit reports are made known to the responsible officers. The head of the internal audit unit is responsible for preparing a review of the operation of the internal audit unit over the previous calendar year and submitting this review to the head of the body. The procedure for the monitoring of internal audit recommendations is specified in the internal regulations of the internal audit within each body. The head of the internal audit unit is responsible for informing the head of the body about the progress in implementing recommendations (European Commission, 2011, 2014).
In Lithuania, internal audits of a public legal entity performed by internal audit units (IAUs), which are subordinate and accountable to the head of a public legal entity. Other legal entities are audited by a centralised internal audit unit of a superior institution. IAUs of public legal entities report on their activities directly to the Ministry of Finance on an annual basis. In Lithuania, the responsibility for the creation and functioning of effective internal control in the public legal entities is assigned to the heads of these legal entities. Each year the top manager (the head) of the public legal entity presents a report on the state of financial
406
Branko Lobnikar, Kiara Ropoša
control (an annual statement) in the public legal entity, including the public legal entities subordinated to it or assigned to its management area. The principle for submission of the report is based on the principle of accounting to the superior public entity — inferior entities summarise the data on public legal entities and report on the activities they have performed. The report comprises essential aspects of financial control (European Commission, 2011, 2014).
In Luxembourg, the law concerning the General Inspectorate of Finance does not specifically set out an internal audit function but provides for it indirectly. Audits are performed at the explicit request of the government, usually following information on potential issues within a state administration or service. The Directorate for Financial Control is responsible for carrying out the first-level control of EU funds under Interreg, ESPON, etc. It also conducts, among others, the second-level control (certification) of all other EU funds (control of conformity with European legislation) (European Commission, 2011).
The General Police Inspectorate (IGP) is the external control body of the Police of the Grand Duchy of Luxembourg. It was created in 2000 according to the dispositions of the law of May 1999 about the Police and the General Police Inspectorate (IGP) in order to ensure the proper functioning of the police. The IGP is a service placed under the direct authority of the Minister of Internal Security and under the functional authority of the Minister of Justice, the General Attorney and the other judicial authorities (The Luxenbourg Government; n. d.)
In Malta, control activities occur throughout the organisation, at all levels and in all functions in the form of supervisory checks and second signatures, separation of duties and delegated limited powers of authorisation. It is the duty of each unit head to ensure that such controls are observed and maintained to guarantee adequate control and that the predetermined objectives are achieved. The head of each unit carries out an annual performancemanagement procedure with the officers under his/her remit in order to measure their effectiveness, productivity and training needs. This procedure is repeated with each public officer. Reports on progress against objectives are carried out annually through the performance agreement. Top managers have the responsibility to comply with and respond adequately to the recommendations on internal controls provided by the internal auditors in order to ensure that objectives are achieved. While all employees are responsible for the quality of their internal controls, the Internal Audit and Investigations Department (IAID) assists management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the systems of internal control. Managerial accountability is not only exercised by top administrative managers. While they have a significant impact on an organisation's system of internal control, every employee of the organisation has a responsibility and a role in ensuring that the system is effective in achieving the organisation's mission. Hence, it is the responsibility of every permanent secretary, directorgeneral, chairman, chief executive officer and/or head of department to ensure that an effective internal control system is in place in order to safeguard accountability, transparency and delivery. The ministers, when charged with the responsibility for any department, exercise general direction and control over that department and, also, the
407
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
department would be under the supervision of a permanent secretary. One of the reasons for enacting the Internal Audit and Financial Investigations Act was to provide the directorate with strict functional independence from ministries, other departments and divisions (European Commission, 2011, 2014).
In the Dutch political system, ministers are individually responsible and accountable to parliament. Relations between a minister and parliament (external control and accountability) and between a minister and his ministerial officials/ managers (internal control and accountability). There is no accountability relationship between parliament and ministerial officials (European Commission, 2011). The law foresees that the National Ombudsman is the body for complaints against the police (den Boer & Fernhout, 2008). A network of controls has been laid down in Dutch legislation so as to guarantee the manageability of the police. It is in keeping with Dutch tradition that no single body should have sole authority over the police, but that authority should be divided between the Minister of the Interior and Kingdom Relations and the Minister of Justice on the one hand and the provincial and municipal authorities, such as the Queen's Commissioner, mayor and municipal councils, on the other. The Minister of the Interior and Kingdom Relations is responsible for the central administration of the police in the Netherlands. One of the mayors ("burgomasters") in a region (often the one with the largest municipality) is the force administrator. Together with the chief public prosecutor, he has ultimate responsibility for administering the police service. Authority is vested in the "burgomaster" for the maintenance of public order and care, who is accountable to the city council. When the police are deployed to investigate a punishable offence, they follow the instructions of the public prosecutor who is a member of the Public Prosecution Department. The Public Prosecution Department, which falls under the Ministry of Justice, is responsible for maintaining legal order where it concerns violations of the Criminal Code (OSCE, n. d. c).
The Netherlands uses several types of controls to investigate various forms of police misconduct (Lamboo, 2010): external oversight and control, internal or external initiated investigations, the relevant procedures, and reactive and pro-active investigations. In 1995, the Ministry of the Interior set a number of general rules regarding a police integrity policy. One of these was the establishment by the police forces of a "structural provision for conducting internal investigations". Since then, all police forces have installed a Bureau of Internal Investigation. The police force manager, the public prosecutor and the chief officer are primarily responsible for the internal investigations. Internal investigations based on disciplinary regulation are ultimately overseen by the police force manager. Internal investigations based on criminal law are overseen by the public prosecutor. A preliminary investigation can be used to review a signal of alleged misconduct to determine if the signal warrants a disciplinary or criminal investigation. In the Netherlands, a disciplinary procedure can be held independent of a concurrent criminal investigation. Generally, the supervisor of an investigation is a district or division chief. Usually, only the more serious cases of misconduct are investigated by the BII's while the districts or divisions investigate less serious cases. The Bureau of Internal Investigation can only
408
Branko Lobnikar, Kiara Ropoša
conduct investigations at the request of a district or division chief; they are not allowed to conduct pro-active investigations (Lamboo, 2010).
In Poland, the Department of the Public Finance Sector Audit of the Ministry of Finance supports managerial accountability and functionally independent internal audit (European Commission, 2011). Internal audit is an independent and objective operation the aim of which is to support the minister in charge of the branch or the head of the entity in order to implement objectives and tasks by systematic assessment of management control and consulting activities. The head of the internal audit unit reports directly to the head of the public finance sector entity and, in the government administration offices, within the remit specified in a separate statute, to the director-general. Within 14 days after having received the audit report the manager of the audited unit shall inform the management of the public finance sector entity and the internal auditor of which recommendations are considered well-founded and appropriate, when and how they will be implemented and who is responsible for implementing them. If the manager of the audited unit refuses to take action, the head of the public finance sector entity is obliged to set out when and how the recommendations considered valid will be implemented and who is responsible for implementing them. There is no unified formal procedure in the public finance sector entities as to how to inform the managers of the unit if indications of fraud and/or irregularities are identified during the course of an audit. In each case, internal audit standards require the auditor to report fraud risk to the management of the entity (European Commission, 2011).
The Minister of the Interior and Administration supervises the Chief of the Police. Supervision of the Municipal Guards is conducted by the Mayor and the voivode who (with assistance from the Voivodship Police Commander) control exercising of powers, the use of firearms and means of direct coercion and record-keeping. Control Bureau of the Border Guard (Straz Graniczna) HQ performs controls of the Border Guard units and departments activities and deals with complaints. Border Guard Internal Affairs Bureau is responsible for the prevention and revealing of offences and crimes committed by BG officers (OSCE; n. d. d).
In Portugal, The White Book — Internal Audit in the Public Sector was issued (European Commission, 2011) and all the ministries were grouped in three different areas: the white area (no internal audit unit at all); the grey area (lowcapacity internal audit units, not well developed, but with at least some skilled people who could work with the CHU as counterparts to develop internal audit); and the green area (where the internal audit concept and function was known and already operating, even if with different levels of professionalism). However, some internal audit units already existed in some public organisations before this reform started. Internal audit units now exist in all line ministries and throughout most of the public sector in Portugal, with the main exception being in smaller organisations (European Commission, 2011, 2014).
The Inspectorate General of Home Affairs (Inspegao-Geral da Administrado Interna - IGAI) was created September 1995. The implementation of the IGAI took place with the nomination of its first Inspector General of February 1996. The
409
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
purpose of its creation was to endow the Ministry of Home Affairs with a service of inspection and supervision especially focused on the defence of the rights of the citizens and on a better and more expedited disciplinary justice in situations of greater social relevance. The IGAI is an independent organism of external control of police activity. It works directly under the authority of the Ministry of Home Affairs (Ministério da Adminstragao Interna - MAI) and its control includes all security forces and services that depend upon this Ministry, ensuring the compliance with the rights of the citizens, with special emphasis on the protection of human rights and the maintenance of public order (Inspegao-geral da administragao anterna., n. d.).
In Romania, responsibility is an essential obligation for all the managers in the public sector and is regulated, in all cases, by legislative acts such as laws, government decisions, authorities' rules and regulations, etc. Internal/managerial control comprises the ensemble of control mechanisms exercised at the level of the public entity, including internal audit, established by the management in accordance with its objectives and the legal provisions in force, in order to ensure an economical, efficient and effective fund management; this also refers to the organisational structure, methods and procedures. Public internal audit in the public sector of Romania consists of the Public Internal Audit Committee (PIAC), the Central Unit for the Harmonisation of Public Internal Audit (CHU PIA), and public internal audit structures within public entities. Public internal audit structures/departments are established within each public entity and are directly subordinated to the manager or the collective management body. The results of the internal audit missions, that is, the findings and recommendations presented by the internal auditors, are materialised in internal audit reports, which are submitted for endorsement to the top management of the public entity, accompanied by a summary of the main findings and recommendations. The internal audit reports, endorsed by the top management of the public entity, are submitted to the audited structures, Where the management of the public entities does not assume a part or the whole of the internal audit recommendations, the current legislative framework stipulates that the public internal audit structure should inform the CHU PIA or the hierarchically superior body on the recommendations that were not assumed by the management of the audited public entity and on the consequences of their nonimplementation. Where, during internal audit missions, the internal auditors identify irregularities or possible damages, they report them immediately to the management of the public entity and to the authorised internal control structure, as they are not authorised to investigate them (European Commission, 2011; 2014).
Regarding the independence of the internal auditor, in the Slovak Republic, the system is set so that the head of the audited entity must ensure that no interference that could have an adverse impact on the performance of internal audits by internal auditors is in place. Internal auditors or internal audit units may not be assigned to any duties that go beyond the scope of internal audits or that interfere with the independent execution of internal audit tasks. The internal auditor/internal audit unit must have an independent position and reports directly to the head of the central authority, is independent from the activities audited,
410
Branko Lobnikar, Kiara Ropoša
thereby ensuring their objective assessment, which is essential for the proper performance of internal audit and impartial advice to the audited entity; and must have no internal, external and personal interests, and should be free from any political interference. The member of the audit team shall submit a partial audit report to the head of the audited entity and to the head of the relevant central authority and, if there is a suspicion of a criminal offence, the report shall also be sent to law enforcement bodies (European Commission, 2011; 2014). A Specialised body for complaints about police officers misconduct Section of Control and Inspection Service (Sekcia kontroly a inspekcnej sluzby ) is established within the Ministry of Interior of the Slovak Republic. In criminal proceedings, the police are subject to supervision by the state prosecutors (den Boer & Fernhout, 2008).
In Spain, they use the preliminary control of legality. The preliminary control of legality covers the control, prior to their approval, of acts of the state public sector resulting in the recognition of rights or the incurring of expenditure, and the revenues and payments arising therefrom, and the investment or general application of its public funds, in order to ensure that their management complies with the provisions applicable in each case (European Commission, 2011; 2014). In Spain, the national Ombudsman is competent to deal with complaints against the national Police (Policía nacional). However, if legal proceedings are pending, the Ombudsman will suspend all action until the judgement. As regards Pais Vasco and Catalunya, citizens can submit their complaints to the regional Ombudsmen who are competent to deal with them in view of the fact that in those regions the Police is not 'national' but 'regional' (den Boer & Fernhout, 2008).
In Sweden, the organisational setup of the internal audit is based on the Internal Audit Ordinance. For an agency to establish an internal audit department it requires the mandate of the government. The boards serve as the principal of the audit departments. In the absence of a board, the directorgeneral fulfils the function as principal. The internal audit department shall be led by a manager who is employed by the agency. An agency may coordinate its internal audit with the internal audit department of another agency, which however does not detract from the authority of its own management. The internal audit shall carry out an organisational and also, in relation to the activity which is being audited, an otherwise independent and objective auditing and advisory activity. To ensure the requirements of objectivity, independence and integrity, the internal audit unit shall be freestanding from the operative activity and shall administratively report directly to the directorgeneral of the agency. The result of the audit shall be reported by internal audit in the form of observations and recommendations to the management of the agency (the board or the directorgeneral). The management of the agency shall decide on measures resulting from the observations and recommendations of internal audit. At least once a year, internal audit shall submit an audit report to the management of the agency on the observations and recommendations from the audit year. The internal audit shall be carried out in accordance with generally accepted internal auditing standards and rules of professional ethics for internal auditors (European Commission, 2011; 2014).
In Great Britain, the Independent Office for Police Conduct (IOPC) oversees the police complaints system in England and Wales. We investigate the most_
411
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
serious matters, including deaths following police contact, and set the standards by which the police should handle complaints. We use learning from our work to influence changes in policing. IOPC is independent, and make decisions entirely independently of the police and government. The IOPC was established in January 2018; before this, the police supervision was provided by the Independent Police Complaints Commission (Independent office for police conduct, n. d.). In Northern Ireland, the Police Ombudsman provides an independent, impartial system for the handling of complaints about the conduct of police officers. We will deal with those complaints in a manner which is free from any police, governmental or sectional community interest and which is of the highest standard (Police Ombudsman, n. d.).
European approaches to performing internal audits (European Commission, 2011; 2014), can be divided into two groups. Luxembourg and Spain have developed a unified control system within the framework of their public administration and all other institutions that rely on public funds. Both countries have established specialized bodies to perform control tasks; Spain - Intervención General de la Administración del Estado (IGAE) and Luxembourg - Inspection Générale des Finances, which acts independently of other bodies. These are known as centralized internal control systems. Other countries opt for an integrated approach by the government that aims to establish, maintain and monitor integrated internal control management processes within each public entity. These are known as decentralized internal control systems.
After the presentation of internal controls over the police in European countries, we will focus the analysis on the methods of implementation and the challenges faced by internal control providers in the Slovenian police.
2 METHOD AND SAMPLE DESCRIPTION
For a more detailed insight into the control activities in the Slovenian police, we drew on the findings of a study on the system of controls within the Ministry of the Interior (see articles by Modic and Flander in this issue of Journal of Criminal Justice and Security). Based on these findings, we conducted interviews with seven Slovenian police officers from the competent sector of the General Police Directorate, the Criminal Police Directorate, the Uniformed Police Directorate and two regional Police Directorates. The interviewees were high-level police professionals, experienced police superintendents and highly experienced auditors. We can therefore conclude that the interviews were conducted with an expert group of interviewees. All the interviews were conducted in person, the interviewees were made aware of the purpose of the interview, and participation in the interview was voluntary.
We used the qualitative research method and opted for a structured interview format as a data collection method. This research method was chosen to help explain certain behaviours, events, and understand how the organization that was the subject of analysis functions. The qualitative research approach employs various methods to obtain a large amount of primarily unstructured data, which must then be translated into a coherent report. For this purpose, we use
412
Branko Lobnikar, Kiara Ropoša
qualitative data analysis, which we take to mean an overview and interpretation of observations for the purposes of identifying the basic meanings and patterns of interpersonal relationships, rather than an analysis based on numbers alone. The research strategy used is inductive, constructionalistic, and interpretive in the majority of cases (Dimovski et al. 2008; Roblek, 2009).
The questions for the structured interview were formulated on the basis of a preliminary analysis of the legal framework of control systems that exist within the Slovenian police and on the basis of research material, audit reports (25 examples of reports) and opinions on the basis of reporting requirements (14 opinions), as well as interviews conducted with auditors from the Division for System Guidelines and Supervision of the Police, which operates within the Police and Security Directorate (see Flander & Modic in this issue of the journal).
3 FINDINGS
In the following section, we present the answers given by the interviewees, grouped into various sets depending on the topic. Each set of answers is preceded by the question posed to the interviewees. The interviews are followed by a synopsis of the main findings and recommendations for future practice.
3.1 The control function
Question: In your opinion, how important is the control function within the Ministry of the Interior in relation to the police and within the police in relation to the employees? There are lines or two groups that perform control functions. The first line of control performed by the Ministry and the other one is the control function performed by the service of the Director-General of the Police, following along the »lines«. We are interested in your opinion and assessment of the cooperation between these two institutions that carry out the control function. From your perspective, what the current state of this function and do you find that it is appropriately integrated as a system? What are the main challenges in carrying out these audits? In the past, there was much more focus on coordination between the auditors of the Ministry of the Interior and the Police. In your assessment, how crucial is this cooperation?
"All open issues are dealt with by the council for police administration and police powers. The council consists of a representative of the ombudsman, the criminal police, the uniformed police, the SGDP (Service of the Director-General of the Police ) and the DPDVN (Police and Security Directorate). A representative of the police serves a term as committee chair and then the next term is served by a representative of the DPDVN. We resolve controversial issues. Then, with the help of other experts, we agree on a unified opinion. It's a mechanism. There is no final decision-maker. If we cannot agree on an opinion, the auditor's decision basically prevails".. ."There have been attempts to follow an annual control plan, but we are not implementing it. This is a function of the SGDP. We prepare a list for the GPU (General Police Directorate) that is harmonized and cannot be duplicated. In the past, 30 auditors from the Ministry of the Interior and the GPU
413
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
would storm one unit and stop all its operations for a month. That is why this kind of general audit was discontinued years ago. The main problem with the way audits are done now is that they are sort of scattered. I firmly believe that work should be evaluated. This means evaluating each and every segment and not just specific areas. We are interested in the whole product." So, the problem lies in the "fragmentation" of these audits? "That is correct." (Interviewee 4, November 11, 2020)
"The control function is one of the main tools for police management, as it helps ensure greater compliance with the law, professionalism and efficiency. I have to point out that the police carry out about 350 audits a year. This is the average of all audits, which includes expert, general and follow-up audits. This is quite a large number. About 30 of these audits are conducted by the General Police Directorate, where the subjects are police directorates, while all the other audits are carried out by police directorates, where the subjects are individual police units..." (Interviewee 5, 11. 2020)
"I have always viewed the control function as an opportunity for improvement in areas where mistakes occur. Evaluating certain processes, activities of individual services, and areas of work is a good thing, so I do not have any concern about any content being distracting and inappropriate. In the past, we focused only on how and in what way things are done and on whether too much or too little is done, as well as on who should do what. The choice of contents to be audited was the result of societal responses to police activity." (Interviewee 6, November 13, 2020)
"My personal opinion is that the control activity as a function in the police is very beneficial, mainly because it allows an external factor or external persons to take a look at some of the police procedures that are carried out by our police officers, with fresh eyes. Sometimes, as the chief, commander and director, you may not be able to see everything, but an auditor may see things with »different eyes«, or you may be absolutely sure that everything is as it should be. Sometimes, it may turn out that everything is not as it should be. I personally think that control is a good thing and don't see any issues with it. If a chief is self-assured and competent, he should have no concerns about an audit not being performed in line with written guidelines." (Interviewee 5, November 13, 2020).
"I think that the control function is properly integrated as a system Especially on paper, but how it is done in practice is another matter. From a regulatory point of view, I think it is properly regulated and I do not see any problem here. Of course, certain deviations occur when controls are carried out, either at the regional or local level. There are many things that could be improved there."... "The main challenges are not related to issues of expertise related to the implementation of control activities, as we start from the assumption that this is one of the four basic components of management. I have been doing this for many years and I have concluded that it all depends on the approach used and on how top management is perceived within the police. There is a noticeable difference, especially lately, as there have been many changes in leadership." (Interviewee 7, November 11, 2020)
"I must point out that they have a very specialized office at the Ministry of the Interior and plenty of time to deal with control activities. We perform regular tasks, from operational to strategic ones. In addition, we carry out about 10 audits a year. This is the system's maximum capacity. The Ministry of the Interior, on the other hand, has months and months to prepare for a security audit, which can pose a problem for an jndividual police officer. These auditors have master's and doctoral degrees and they come
414
Branko Lobnikar, Kiara Ropoša
and conduct audits of police officers. We must understand that a police officer cannot have the same level of expertise as an auditor from the Police Directorate." (Interviewee 4, November 11, 2020)
The interviewees noted that the control activity is a crucial element of the management and governance of an individual police unit. The interviewees concurred that the audits performed by the auditors of the Ministry of the Interior and those of the Police are interdependent and complementary, but the audits must be coordinated and well planned. The interviewees emphasized the importance of external control as it enables us to look at police activities from different perspectives. At the same time, the auditors' expertise in this highly specialized area brings expert insight into an individual process. The interviewees also emphasized the disproportion between the competencies of police officers, who are expected to possess a wide array of knowledge and skills and the expertise of the auditors; the latter aspect should also be taken into account in setting expectations as conveyed by audit reports.
3.2 Translating audit findings into police work
Question: Analyses of auditor reports by the Police and Security Directorate of the Ministry of the Interior show that police officers in police units are relatively poorly acquainted with the auditor's routine, non-routine and follow-up audit reports conducted within the control system, as well as their recommendations and reporting or recommendation requests. There are some issues when it comes to communicating audit findings to police officers. What is your opinion on this?
"I can confirm that there is an issue. On a purely academic level, everything is impeccable on paper. The problem, however, arises due to the extensive regulatory framework of all these procedures. Take, for example, the uniformed police. This area covers 22 areas and sub-areas of responsibilities, which is a lot. The problem arises when we detect an irregularity and impose measures to correct it. However, we will be going back to the old established practice in the very near future. In my view, the biggest issue lies with the unresponsiveness of senior management, which means that we are all aware of the fact that there are irregularities and are simply unconcerned with them. In a way, we want to try to find ways to make them legal. This is where I see the biggest risk, and this is what makes us very vulnerable. Police officers are convinced that they are doing things right, until something goes wrong, and an external institution decides to conduct an audit. This is where is see the role of the control activity, which has many weaknesses, in my opinion." (Interviewee 7, November 18, 2020)
"As a rule, the units that have been the subject of an audit are notified and can submit their comments on the auditors' findings. If it's a systemic matter where the guidelines change, but in actuality, they find that the report as such has not been distributed throughout Slovenia. We must keep in mind that the amount of paperwork involved is astounding. We are talking about 30 to 60 pages. It is unreasonable to expect every police officer to read these things. That is why the main findings are then translated into practice in other ways. Not with the report itself, but with measures implemented by experts in the field - whether through guidelines or a training program. This is especially
415
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
important in cases where we find that we interpret regulations differently." (Interviewee 4, November 11, 2020)
"The procedural rules have always been such that in cases where the audit was completed, the findings were first presented at the advisory board meeting of the director-general of the Criminal Police Directorate. This is followed by the results of the audit and recommendations on how to address the weaknesses identified, which were submitted during the Criminal Police Directorate staff working meeting. However, if decisions were made in the field of financial crime that were more important for the profession as a whole, the report and measures were further discussed by the agency and department head advisory boards. Each head who is a member of the advisory board of the director-general of the Criminal Police Directorate is obliged, according to the hierarchical function in his/her units, to inform his/her subordinates about the report and possible measures to be implemented going forward. If the nature of the problem requires certain measures to be implemented, the head is expected to implement such measures or delegate this responsibility to his/her subordinates." (Interviewee 1, November 4, 2020)
"To some extent, I agree with this, because, at the regional level, the auditor informs the immediate supervisor or commander either at the end, when he/she writes a report or during the audit. If any irregularity or shortcoming is detected, we instruct the commander to pass the information on to his/her subordinates. At the police directorate, we strive to instruct the head or the commander to pass the findings to the end-user. In the case of a systemic task discussed at a working meeting or, where appropriate, we conduct interviews with individuals who should be made aware of the audit findings. Of course, the question remains of to what extent each individual who receives this information actually understands it." (Interviewee 6, November 13, 2020)
"I believe that we should work towards eliminating administrative burdens. In this area as well, we need to establish trust in the fact that if auditors have written something, if they have pointed out something and forwarded it to the police with measures to eliminate the identified irregularities, we need to establish trust and we, as the General Police Directorate, need to ensure that the information is passed on to the regional level and from there to the local level. Should they determine, while conducting their follow-up audits or any other audits, that this is not the case, it would be fair of them to let us know and enable us to take immediate action. They have done this on a few occasions and we find this to be a positive thing. However, us having to report back to them that we have informed them seems like a lot of unnecessary paperwork to me. Trust needs to be strengthened through mutual cooperation, both formally and informally." (Interviewee 2, November 4, 2020) "This is also the way I see the problem. I can give you a specific example. We provide guidance to police officers, in terms of how they should behave when interacting with victims of crime. We've done this many times, several times a year. This is probably what auditors had in mind when they wrote "to inform those present at the working meeting, at the director-general's extended and internal advisory board meeting" and so on. What can happen sometimes is that one of the employees was not present at any of these scheduled meetings, for objective reasons, due to being absent from work, on sick leave ... the point is that a lot of time can go by and content that is highly relevant can become obsolete after some time. I ask to be informed of who was briefed on the content in question by name. There are certainly some reservations here, but the question is whether the employees are willing to tackle this huge amount of findings, guidelines, and so on. So, the bigger
416
Branko Lobnikar, Kiara Ropoša
question may be how to ensure that everyone is constantly and continuously being briefed on the relevant content, by taking into account all the recommendations made based on the irregularities identified." (Interviewee 5, November 11, 2020)
Question: You described the organizational measure that you have implemented to ensure that at least the first briefing is conducted. You also highlighted one of the problems you have encountered: the willingness or ability (or lack thereof) on the part of police officers to familiarize themselves with all these new guidelines or findings. Do you think that another systemic change is warranted, or should we be thinking about unified approaches? It might be helpful if all the information pertaining to the audits was accessible in one place, where each and every police employee can get acquainted with it.
"That is an excellent suggestion. In the past, we have tried different approaches to grouping all the guidelines according to their individual areas. However, we are still having difficulties ensuring the information reaches everyone. To give you an example from the criminal police sector - the heads of the departments personally went to their co-workers' desks and collected all the old detention forms from them. 14 days later, the old detention form, which was no longer in use, appeared on the desk. So, having all these controls is pointless if some exceptions still occur. Because when the ombudsman visits a police unit and finds this form, it will not matter to him/her, at least not as much, whether a person has been detained properly and whether medical assistance was provided to the person - the only thing that will matter is that the wrong form was used. What kind of system should we set up is a question that always topical. In my assessment, despite everything, we have a well-functioning system. For example, border matters are dealt with by the border sector and referred to the border police units, whereas cases involving transport are dealt with by them..." ... "Ultimately, we are all striving for a certain degree of computerization of these procedures. E-police is a project that, in my opinion, has been getting good results, as it helps guide police officers and prevent them from making mistakes when filling out forms. There could be more of that. And then there is the system of continuous learning and education. Certain matters require more attention than just being read at a working meeting, because sometimes it seems, at least to me, that 15 guidelines could not have been discussed at a working meeting, even if the minutes state so. How can that be? When it takes an hour and a half or two hours, which is how long a meeting lasts, to even introduce 15 guidelines properly. Which brings us back to the same old issue. One person is interested in one thing, and another person is interested in another thing. However, it is crucial that what is found during the audits, regardless of the organizational level, is implemented in the work, to the extent that, as a rule, no errors occur." (Interviewee 5, November 11, 2020)
Question: We have found that one of the most challenging areas is conveying audit findings to the police officers. What changes can be made in this area?
"The heads are tasked with passing on the information. But they have to deal with so many different instructions, guidelines, recommendations and procedures. Additionally, they lack persistence. Too often, they just pass the information on to a lower level, to the executors of police procedures, and their involvement stops there. I dare say that monitoring our own work is a weak spot within the police, monitoring the work of the heads, to their direct subordinates, the executors, the direct heads." (Interviewee 7, November 18, 2020)
417
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
"I will share our police directorate's experience. Typically, a report is sent to the police unit, that is, the unit, the commander, and their subordinates are briefed. Our practice at the police directorate is to inform all police units and internal organizational units of all irregularities from other units every six months or at the end of the year, which means that the commander is not only made aware of the irregularities or shortcomings found at his/ her unit but also of any shortcomings or irregularities occurring in other police units. The commander can then extrapolate from these irregularities or shortcomings, to determine whether there might be "something fishy" going on in his/her unit." (Interviewee 6, November 13, 2020)
Question: Do you think that this is related to employee performance reviews or how they might be impacted?
"We have recently changed the rules for conducting audits. We went from numerical assessment to descriptive assessment. Having numerical ratings almost escalated into "negotiating for ratings". It makes sense for this rating to be taken into consideration during managerial staff performance reviews. We have shifted from very good, excellent, good, satisfactory, to legal, illegal, professional, unprofessional. But once again, there was the question of who would assess the legality, as this is a matter that can only be decided by a court. We decided that we would be assessing the compliance of part of the unit with the regulations. It sounds less harsh, and by doing that, I wanted to motivate the managers, so that they would not resist the audit, but welcome it. If you accuse someone of doing something illegal in the course of doing their job, they can take that personally. In a negative sense. Instead of being motivated by it, they are discouraged from implementing the findings of the audit." (Interviewee 7, November 18, 2020)
Passing on the findings of the audits, especially those carried out by the auditors of the Ministry of the Interior, is seen as a crucial point of the control activity. The reason lies in the sheer volume of the documentation involved, making it impossible to be shared with the police officers in a satisfactory and efficient manner. From the point of view of internal control as an element of the management of a police organization, the interviewees emphasized that conveying the findings is the responsibility of police unit leaders. Audit findings should be directly included in guiding daily police work, in the processes of continuous training, and it is imperative that managers constantly check to make sure that the findings have been implemented in daily police work. The process of passing on the findings of the audits can also benefit from the digitization of the work processes of police officers, where the findings could be entered into ready-made form templates within the framework of the e-police project.
3.3 Knowledge of police powers
Question: Knowledge of police powers and quality performance of police tasks is the basis of police work. The auditors have found, among other things, that police officers have relatively limited knowledge of police powers. Do you think that the introduction of mandatory qualifications checks for police officers, which used to be done in the past, could be one of the possible ways to maintain quality standards in police work?
"Managers are obliged to ensure that their staff have the necessary professional qualifications, through internal training, which, for example, we are actively implementing
418
Branko Lobnikar, Kiara Ropoša
in the field of economy. However, as police officers, we have been noticing that younger members of the staff in particular or those who came into the police from outside, possess much less knowledge in this area, which means that we have to put in a lot more effort to ensure that they have this knowledge." (Interviewee 1, November 4, 2020)
"Yes, I do. It could be replaced by another approach, which has not taken root. This approach is regular monitoring of the police officer's work by his superiors. When a police officer returns from work, on his return from work, if he and his superior, whoever that is, or the shift manager, the assistant commander, or any other head at the regional level, if they could promptly resolve individual problems on the spot, the matter would be very simple." (Interviewee 7, November 18, 2020)
"Definitely. I think this could also be done under the AIDA program that the police are implementing, at least once a year. Just as we perform confirmations in order to access classified information when we have to pass an annual test, in order to be able to extend the validity of access to classified information. I think that it would be sensible to perform a basic test of basic police powers in the police once a year." (Interviewee 2, November 4, 2020)
"This used to be prescribed by law but was not enforced. When we had the "milica", this was carried out, but later they discontinued it. What was then Article 71 now existed only on paper, and it was determined that there were no material resources and "sports equipment". Which meant that the practical part would be very difficult to carry out. That is why they introduced the system of mandatory attendance at training on police powers with the basics of self-defense. We could have a system that allows an instructor to require someone who is not qualified enough or has not attended the training to take an exam." (Interviewee 4, November 4, 2020)
"I thoroughly support this idea. A very good example is AIDA, which allows us police officers to test our knowledge in the field of data protection from time to time and there haven't been any problems, which means that we do actually read things and go into all the details. You can log in with your password and answer some questions. One additional question arises for me. We always conclude that this should be done during working hours. However, it would be very interesting to start a conversation about whether a person who wants to be in this profession and do this job, whether this person would be willing to look at the questionnaire and fill it out at home. In the end, someone will always say "during working hours", but when we talk about this time that could be spent adopting and implementing findings, including audit findings and all these regulations, innovations, and then this is the time that covers operational activities, which break down our models and schedules for training and knowledge testing. These are organizational problems that should also be addressed appropriately." (Interviewee 5, November 11, 2020)
"I don't think so. In principle, I have nothing against such a system. In the police, we have the AIDA system, which we use to test peoples' knowledge on classified information and other areas. You could use this system." (Interviewee 1, November 4, 2020)
"I find it interesting that we are always talking about police officers not being familiar with their powers. We never mention that prosecutors and judges should also be trained. On the other hand, we can have a police officer who has also taken the bar exam. The question is whether the police officer has an adequate decision model to help him decide. There are no decision-making models for police officers to use when making decisions." (Interviewee 3, November 4, 2020)
419
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
Question: We also found that the problem is that police officers carry out police duties based on a very large number of regulations that are constantly changing and they cannot be expected to simply internalize these regulations in order to perform their duties well all the time.
"That is true. This is a big problem, the constant influx of regulations. I sometimes ask myself whether we are even giving the profession a chance to develop. We have made things so that they are too "set in stone" and prescribed in the tiniest detail. Sometimes I get the feeling that police officers are just crossing things off their to-do list without even thinking. But these are people we are dealing with, with a constantly developing human mind. All we can do is set some frameworks and prescribe some standards, but we cannot prescribe them in detail. You have asked me a serious question, but on the other hand, I wonder how long can we keep issuing regulations and instructions, or have we already crossed a line and are we now hindering the development of the profession." (Interviewee 7, November 18, 2020)
Question: Do you think that part of the solution could also be found in relieving the police of some of their current workload by transferring it to some other organization, even if it is not the state police, such as a private security organization? Could we improve the quality of policing by reviewing all police procedures and determining what could be simplified or eliminated altogether, so that it would no longer be done by the police, but some other body or agency?
"Absolutely. Vehicle damage cases are one such example. These are minor issues that involve two parties. A police officer who comes to the scene is there because of the insurance case that is behind the whole policing process. The police officer spends about an hour or two at the scene and then spends even more time entering data into various applications. I think that this kind of work could be done by someone else."..."By eliminating this "administrative junk", we could take some of the weight off peoples' shoulders. I think that this is our biggest burden. It consumes a lot of our valuable time, which is why police officers are not on road sections where traffic accidents occur, it's why police officers are not out there, where they should be. I would say we are rarely seen among people and people are no longer used to us." (Interviewee 7, November 18, 2020)
Question: Should police training institutions, such as the Police Academy, be included in the process of promoting awareness of police powers?
"A school program that only takes two years results in a very busy schedule. However, it is the constant changes in legislation that represent the biggest problem. Each year, we "experience" 10 new laws or amendments, and keeping up with all these changes is a big problem. Changes in laws and by-laws did not use to happen this fast and case law was much more of a constant. There should be a body in charge of summarizing all court decisions, to help us keep everyone updated on the latest case law. Auditors can be prepared on these subjects. We, on the other hand, do not have a legal unit within the service of the Director-General of the Police to monitor this closely.". "The AIDA program enables distance learning and solving various tests. Especially on the subject of working with classified information. It is currently being extended to include individual police powers." (Interviewee 4, November 4, 2020)
Question: In what way could the current mandatory training in practical procedure and police powers be used to improve knowledge of police powers? Could this be done with the help of instructors?
420
Branko Lobnikar, Kiara Ropoša
"That is one possibility. But there is also the question of how training is organized. It should be tailored to individual groups. There should be more emphasis on specific content. One type of content for patrol officers and a different, more advanced one for criminal investigators (detectives). Of course, combined with the right approach on the part of the instructors who should possess the appropriate references. I think that the instructors' qualifications should be checked first. And these instructors would pass on this required knowledge on the subject to the police officers. In my opinion, it would be pointless and a waste of time to train a police officer on the subject of certain powers that are exercised exclusively by specialized units. Because, as we know, certain special operational methods and means are mainly used by criminal investigators. A police officer should know the basics, but in-depth knowledge is pointless."
"During self-defence training, instructors convey a great deal of knowledge, including some theoretical bases. This knowledge is then upgraded, mostly with the use of physical force and other powers. This is definitely an upgrade. At our police directorate, we have two instructors who are very well-versed on their subjects and have a very pragmatic way of conveying information, as well as giving certain recommendations, preparing training exercises and training officers. We definitely have all that, but the theoretical part is missing. For example, in the field of financial crime, or in the field of all these innovations in road transport, when you're required to fill in forms; filing an accusatory instrument for a truck driver requires more work than filing criminal charges. This minor offense procedure is quite gruelling and even though we are training new criminal offense inspectors, we are still often not up to the task because the procedures are so complex. We often wonder whether it would be possible to simplify these procedures a little bit." (Interviewee 5, November 11, 2020)
The interviewees acknowledge that ensuring a good understanding of police powers is essential and should be a crucial content of any future activities. The interviewees agree that there should be a system in place for monitoring the level of police officers' knowledge on this subject, which could be done using the systems that are already in place, such as the AIDA platform and the instructors. The Police Academy could provide adequate training and guidance for the instructors, who would then transfer the content to police officers divided into groups, according to the competencies they require to perform their tasks. While there is a strong consensus among the interviewees on the need to regularly test the police officers' knowledge on the subject of police powers, they are yet to reach a consensus on exactly how this would be implemented. In addition to the use of digital platforms (AIDA), it has been suggested that instructors should play a key role in this area. In addition, there should be an examination board or any other way of evaluating the knowledge of police officers and identifying any gaps in it. The evaluation of competencies in the area of police powers should be systematically regulated. In any case, it would be a good idea to consider introducing various decision-making models that police officers could use in individual police procedures - the introduction of such decision-making models would facilitate the standardization of police procedures. Any such models should be supported by databases, which would make it possible to monitor all current events promptly and directly in a particular area - the lower quality of knowledge on the subject of police powers among police officers is also a result of constant
421
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
changes in police work legislation. Constant changes and ill-conceived legislation are thus also some of the causes of insufficient knowledge about police powers.
3.4 Internal security measures
Question: The next question is related to internal security measures. When criminal conduct by police officers is detected, the case is automatically referred by the police to a specialized state prosecutor's office, while the police continue their proceedings in terms of ensuring the integrity of the institution. In your opinion, is the existing internal security set-up adequate, or are substantial changes necessary, based on experience gathered so far? Do you believe that the powers once held by investigators should be transferred back to the police in this area as well, at least in part?
"In my assessment, the current set-up and the measures that are taken when we detect deviations are adequate. Speaking for our police directorate, we have tried to recruit people who are competent and capable, who have the necessary knowledge, abilities and skills to do the job to point that we can be confident, regardless of the final outcome. Ultimately, when there is a suspicion that a crime has been committed, which is then reported to the specialized state prosecutor's office, we are still required to implement certain measures to determine whether the individual in question can continue working with us at the moment. And here I have to say that our team does everything in its power to respond to the slightest violations and investigate any suspicions, which means that the matter is dealt with both in terms of personnel and procedure. Believing that things cannot be improved on is unacceptable, of course. Given the current scale of the problem, I believe that we are up to these challenges." ... "One thing is the resignation alone, and the other is the fact that it is in our interest to perform any actions we can perform on our own. While the specialized state prosecutor's office is in charge in these matters, the current system of procedures allows us to perform certain checks. Especially in cases when an event or a police officer's misconduct can affect the entire unit, meaning that it has an impact on the organization's efficiency and performance. We try very hard not to limit ourselves to reporting the matter and thinking "it's someone else's problem now" - we don't just sit and wait but try to get things done. The same goes for labour law procedures, where we are bound to very tight deadlines and have no time to wait around. Perhaps I would like for the specialized state prosecutor's office to be more cooperative, as they tend to view everything as interfering in their work or exerting pressure on them. Exchanging information should perhaps be faster and more open. I do not remember any instance of anyone abusing anyone. If there are procedures to be done, perhaps they should try answering the phone sometime and let us know. Sometimes some things are done less formally." (Interviewee 5, November 11, 2020)
"I would say that it is adequate. The internal security procedure is meant to monitor all the circumstances and actions of a police officer or employee, up to the point where he crosses a line and commits a crime, a misdemeanour or commits any other form of misconduct, which is where our jurisdiction ends. At that point, the matter is taken over by the specialized state prosecutor's office or some other body." (Interviewee 6, November 13, 2020)
"We don't keep our findings secret. However, when we are talking about a police officer and a citizen, it's obvious that the matter should be dealt with by an external body. There is a huge handicap here. Nothing happens for a long time. When we report that a
422
Branko Lobnikar, Kiara Ropoša
police officer has done something wrong, we do not get any feedback. At the same time, we are dealing with labour law procedures. I think that our investigators could handle the matter better than they do. There should be a distinction between the exercise of powers against third parties and what are the procedures within the police or in a situation where the police officer does not exercise his powers."..."The specialized state prosecutor's jurisdiction should perhaps be limited to offenses committed by a police officer in the performance of police duties." (Interviewee 4, November 11, 2020)
"Legislative changes in this area would be worth considering. I think that the police have the leverage and the instruments to solve certain problems on their own. It just seems unnecessary to me that these activities must be handed over to the specialized state prosecutor's office. I do not see such a problem here because, in the end, most of the cases that are taken over by the specialized state prosecutor's office are first identified by the police themselves. However, the law requires us to hand over these cases." (Interviewee 7, November 18, 2020)
"In doing our work, we are constantly deciding what is more important from the point of view of the final procedure - the police officer's accountability or better oversight over his work, or perhaps something in between, which we tried to achieve with our internal security rulebook. We make sure a police officer is accountable for his actions and striving for integrity, and we then try to guide him with guidelines regarding gifts, conflicts of interest, and sideline activities. I personally do not see a problem with the specialized state prosecutor's office itself. As soon as someone says, for example, that officer NN has committed a crime, we are required to refer the case to them, and they then have to investigate. Which is not a problem, because the rules of internal security are designed in such a way that they do their thing, while we have our own parallel system that allows us to move the matter forward. Why have we organized our work in this way? Because we can't wait a year for someone to investigate and say that there isn't enough evidence in the end. That is, someone decides that a police officer is not guilty from a legal standpoint or the prosecutor decides not to prosecute the case. Meanwhile, we still have to deal with an individual who poses a problem. The officer is found not guilty, but I know that this person has disclosed the information. To give a specific example: Someone tells someone else that a certain license plate belongs to you, which results in you being the victim of extortion. No threats were made, but we know for a fact that this police officer gave your information to individual B and individual B came to you and tried to blackmail you. We can determine the exact order of events. In line with current practice, the prosecutor will say that it's a case of misuse of personal data, a criminal offence under Article 143, but for the time being, he will not prosecute because it's a first offence, which also means that he will not notify the information commissioner. Meanwhile, we have someone who is disclosing personal data in our midst. The state prosecutor determines that the matter is a misdemeanour and decides not to prosecute. According to Article 162 of the ZKP (Criminal Procedure Act), the state prosecutor has this option because the individual does not pose great danger. But for us working with this individual is a problem. The individual must come back to work and work with the same people as before who now barely tolerate him. And suddenly, all the trust is gone. And then we need to manage and guide the manager on how to manage these risks and, on the other hand, motivate the employees." (Interviewee 3, November 11, 2020)
423
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
Question: Could such a situation be handled through disciplinary proceedings?
"No. These are mainly terminations without notice. Recently, we have started to monitor the phenomenon from the point of view of strengthening integrity. And we also monitor offences such as a police officer driving without a seatbelt in their personal vehicle or parking in parking spaces reserved for the disabled. These are minor offences that can also be interpreted as part of a subculture. If we have police officers committing these offences, for example, driving under the influence of alcohol, driving too fast or aggressively, then these minor deviations from the rules could be an indication of other types of criminal conduct or some other risks that we should be investigating. We then try to insert this data into predictive models. I do not think that the number of internal security procedures in one police unit is a relevant piece of data. The data on how many internal security procedures are currently open doesn't tell us anything. The correlation between risky behaviours and risky individuals, however, tells us something entirely different. Our work is designed in such a way that we are able to identify risky behaviours and try to act in accordance with predictive analysis." (Interviewee 3, November 11, 2020)
The interviewees deem the internal security measures set-up as adequate. They understand the importance of handing over investigations to the specialized state prosecutor's office but emphasize that from the point of view of ensuring the integrity of the police organization, this does not mean handing over accountability. Therefore, they propose, at the very least, enhancing cooperation between the police officers carrying out internal security measures and the employees of the specialized public prosecutor's office, and believe that this cooperation should be based on partnership and direct and continuous communication. This is the only way to ensure both a proper investigation of the incident and the preservation of the integrity of the police unit. Given the experience gathered so far, it may also be time to consider systemic changes in this area, by enabling police investigators to investigate deviant behaviours of police officers that are not related to the exercise of police powers. This would mean that the investigators of the specialized state prosecutor's office would have to deal with fewer cases of police misconduct, resulting in improved efficiency, while police investigators would be empowered to ensure the integrity of police units fully.
4 DISCUSSION
If we compare the Slovenian system of internal control in the police, we can see that this system is decentralized, as in most European countries. At the same time, we point out that internal control is also overshadowed by other forms of control, which puts Slovenia in a comparable position with the analysed European countries.
The purpose of internal control over the work of police officers, according to the Police Rules (Pravila Policije, 2013), is to determine the compliance of police officers with regulations, evaluate their professionalism, assess the quality and timeliness of their tasks and economy in using resources used by police officers in the course of their work (Pravila za izvajanje nadzora v Policiji, 2020). The purpose of internal control is to determine whether individual police units are achieving their goals set at the level of organization with regards to the work of
424
Branko Lobnikar, Kiara Ropoša
an individual police unit. Through the process of routine, expert or follow-up audits, the reasons for deviations from expected work standards are identified, audited police units and police officers are provided with professional assistance to eliminate any irregularities. In addition, measures for the systemic elimination of irregularities and shortcomings are prepared based on audit outcomes. Audits also serve the purpose of incorporating examples of good practice into the work of other police units (Pravila za izvajanje nadzora v Policiji, 2020).
The research found that audits, whether they are carried out by the Ministry of the Interior or by the Police auditors, are seen as a vital element of the management of a police organization. The interview subjects emphasized the role of the heads of police units - both from the point of view of planning internal control activities and from the point of view of translating the findings of the audits into police practice. The dissemination of audit findings can be ensured through the digitization of police work processes - the interviewees mentioned the AIDA project and the e-police project. The use of various digital platforms is also essential in enhancing knowledge of the subject of police powers. Here, the interviewees expressed the need for a systematic solution that would allow them to test the knowledge of police officers on this subject - this is another area that could benefit from the use of established processes such as the AIDA system. The interviewees also emphasized the role of police instructors in this area. They also emphasized the need for various decision-making models that police officers could use in individual police procedures - the introduction of such decision-making models would facilitate the standardization of police procedures. Decision-making models could be derived from the catalogue of standards of police procedures already established in the Slovenian police. Any such models should be supported by databases, which would make it possible to monitor all current events promptly and directly in a particular area - the lower quality of knowledge on the subject of police powers among police officers is also a result of constant changes in police work legislation. Constant changes and ill-conceived legislation are thus also some of the causes of insufficient knowledge about police powers. The interviewees assessed the current internal security set-up within the police as adequate but nevertheless suggested strengthening cooperation between the police officers carrying out internal security measures and the employees of the specialized state prosecutor's office. Cooperation should be based on partnership and direct and continuous communication. However, we also found that based on experience gathered so far, a discussion on systemic changes in this area is warranted, whereby police investigators would regain some competencies to investigate those deviant behaviours by police officers that are not related to the exercise of police powers. This would allow the investigators of the specialized state prosecutor's office to deal with fewer police misconduct cases, while police investigators would be empowered to ensure the integrity of police units fully.
Internal control is a sensitive topic since it can lead to questioning certain practices that are deeply rooted within the traditions and culture of the police. Improving internal mechanisms to monitor peers, identify abusive behaviour of police officers, including the highest-ranking ones, is not an easy task. Integrity and professionalism are core values that are essential to effective internal control (Hanin, 2014).
425
The Importance and Effectiveness Assessment of Internal Control in the Slovenian Police
REFERENCES
Bajramspahic, D. (2015). Internal control of police - Comparative models. Institute Alternative.
Cyprus Police. (n. d.). Professional Standards, Audit and Inspection Directorate. https://www.police.gov.cy/police/police.nsf/All/A35134A9578F1161C225844 90038FCBB?OpenDocument DCAF. (n. d.). The police roles and responsibilities in good security sector governance. https://www.files.ethz.ch/isn/195680/DCAF_BG_7_The%20Police.11.15.pdf DCAF. (2019). Toolkit on police integrity. https://www.dcaf.ch/sites/default/ files/publications/documents/DCAF_PIBP_Toolkit_ENG_2019_web.pdf Dzhekova, R., Gounev, P., & Bezlov (2013). Countering police corruption: European
perspectives. Center for the Study of Democracy. Dimovski, V., Škerlavaj, M., Penger, S., Ghauri, P. N., & Granhaug, K. (2008). Poslovne raziskave/Business research. Pearson. den Boer, M. G. W., & Fernhout, R. (2008). Policing the police. Police oversight mechanisms in Europe: Towards a comparative overview of ombudsmen and their competences. ASEF.
European Commission. (2011). Compendium of the public internal control systems in the EU Member States 2012. Directorate-General for the Budget. Publications Office of the European Union. https://data.europa.eu/doi/10.2761/72506 European Commission. (2014). Compendium of the public internal control systems in the EU Member States 2014. Directorate-General for the Budget. Publications Office of the European Union. https://op.europa.eu/sl/publication-detaiV-/ publication/f5d1aca3-f349-11e6-8a35-01aa75ed71a1 Garda Ombudsman. (n. d.). Organizations overseeing the Garda Siochana. https://
www.gardaombudsman.ie/about-gsoc/garda-oversight/ GIBS. (n. d.). Generalni inspekce bezpečnostnich sboru. https://www.gibs.cz/ GRECO. (2017). Fifth evaluation round. Preventing corruption and promoting integrity in central governments (top executive functions) and law enforcement agencies. Finland. CoE. https://rm.coe.int/fifth-evaluation-round-preventing-corruption-and-promoting-integrity-i/1680796d12 Faion, M., Shentov, O., & Yordanova, M. (Ed.). (2013). Countering police corruption - European perspectives: Internal control units. Center for the Study of Democracy.
Hanin, A. (2014). 10 Tips for police internal control. International Security Sector Governance (ISSG) blog. DCAF - Geneva Centre for Security Sector Governance. https://issat.dcaf.ch/Share/Blogs/ISSAT-Blog/10-Tips-for-Police-Internal-Control
Holmberg, L. (2019). In service of the truth? An evaluation of the Danish independent police complaints authority. European Journal of Criminology, 16(5), 592-611. https://journals.sagepub.com/doi/pdf/10.1177/1477370819856514 Inspegao-geral da administragao anterna. (n. d.). Mission. https://www.igai.pt/en/
AboutUs/Mission/Pages/default.aspx Independent office for police conduct. (n. d.). Who we are. https://www.policeconduct.gov.uk/who-we-are
426
Branko Lobnikar, Kiara Ropoša
IPCAN. (n. d. a). Danish Independent police complaints authority. https://ipcan.org/
members/the-danish-independent-police-complaints-authority IPCAN. (n. d. b). Chancellor of justice of the Republic of Estonia. https://ipcan.org/ tag/estonia
la Défenseure des droits. (n. d.). Respect for the ethics of security. https://www.de-
fenseurdesdroits.fr/en/respect-for-the-ethics-of-security Lamboo, T. (2010). Police misconduct: Accountability of internal investigations.
International Journal of Public Sector Management, 23(7), 613-631. Mareš, M., & Suchánek, M. (2015). Reform of the police of the Czech Republic: An unfinished business? Central European Papers 2015, 3(2), 78-98. https://cep. slu.cz/pdfs/cep/2015/02/07.pdf Ministrstvo za notranje zadeve, Policija. (2020). Letno poročilo o delu policije [Annual report on the work of the police]. https://www.policija.si/images/sto-ries/Statistika/LetnaPorodla/PDF/LetnoPorotilo2019_popr.pdf Ministry of Citizen Protection. (n. d.). Division of internal affairs. http://www.astynomia.gr/index.php?option=ozo_content&perform= view&id=49&Itemid=40&lang=EN OSCE. (n. d. a). Country profile - Austria. https://polis.osce.org/country-pro-files/austria
OSCE. (n. d. b). Country profile - Bulgaria. https://polis.osce.org/country-pro-files/bulgaria
OSCE. (n. d. c). Country profile - Netherlands. https://polis.osce.org/country-
profiles/netherlands OSCE. (n. d. d). Country profile - Poland. https://polis.osce.org/country-profiles/ poland
Pravila Policije: Dokument št. 007-167/2013/40, sprejet 21. 10. 2013 [Police Rules: Document no. 007-167/2013/40, accepted 21. 10. 2013]. (2013). Internal document.
Pravila za izvajanje nadzora v Policiji: Dokument št. 0602-55/2020/13 [Rules for the implementation of audits: Document no. 0602-55/2020/13]. (2020). Internal document.
Police Ombudsman. (n. d.). Police ombudsman for Northern Ireland. https://www.
policeombudsman.org/Home Roblek, V. (2009). Primer izpeljave analize besedila v kvalitativni raziskavi [Example of deriving text analysis in qualitative research]. Management, 4(1) 53-69. The Luxenbourg Government. (n. d.). General Police Inspectorate. https://igp.gou-vernement.lu/en/service.html
About the authors:
Branko Lobnikar, PhD, Full Professor of Security Studies at the Faculty of Criminal Justice and Security Studies, University of Maribor. E-mail: branko.lobnikar@fvv.uni-mb.si
Kiara Ropoša, postgraduate student at the Faculty of Criminal Justice and Security Studies, University of Maribor. E-mail: kiara.roposa@student.um.si
427