copy the linklink copied!9.4. Risk management and internal audit for public integrity
Risk management and internal audit are critical functions for better governance and are the cornerstone of an organisation’s defence against corruption and other unethical practices. Effective risk management and internal audit policies and processes reduce the vulnerability of public sector organisations to fraud and corruption while ensuring that governments are operating optimally to deliver programmes that benefit citizens, thereby also increasing trust in government. Furthermore, such activities help to ensure value for money and facilitate decision-making. Mature internal control and risk management policies and procedures help governments to balance an enforcement-focused model with more preventive, risk-based approaches
Risk management is the starting point for proportionate, efficient and effective control measures to mitigate the identified risks. Over the last decade, with an increased focus in international integrity standards on managing and assessing risks, countries have adopted policies, practices and tools to identify and assess risks. Nonetheless, more can be done to integrate a fraud and corruption perspective into risk management and risk assessments. According to the results of the 2018 Questionnaire on Public Integrity in Latin America, 36% of the countries had explicitly outlined specific principles and practices to manage the risks of fraud and corruption. Another 45% only had general references to fraud and/or corruption in a broader context of risk management activities. Ecuador and Peru reported not having any principles nor practices to manage risks of corruption.
In turn, internal auditors in public sector organisations play an important role by providing independent, objective assessments of whether public resources are being managed effectively to achieve the intended results. Their objective, value-based insights and evidence can support senior management in public sector organisations to better manage and assess integrity risks. In addition to their contributions to the evaluation of integrity risk factors, internal auditors can play a critical role by assessing whether internal controls to manage integrity risks are operating effectively and efficiently and by flagging high-risk areas for integrity breaches such as third-party relationships, outsourced activities or procurement. According to the survey results, 73% of countries have an internal audit unit in every ministry, and 27% only have such unit in some of them. In Peru, with the exception of some public entities, there is currently no internal audit function. There is, however, an Office of Institutional Control in each public entity, which depends functionally and administratively on the Office of the Comptroller General of the Republic, the supreme audit institution of Peru. This could lead to a confusion between internal and external controls by public managers (OECD, 2017).
Indeed, to implement effectively risk management and internal audit policies, it is key that all public officials understand their own role and responsibility in identifying and managing integrity risks through adequate internal control. In countries such as Costa Rica, Ecuador, Honduras and Peru where the supreme audit institution leads the internal audit policy framework, there is a risk that public managers may more easily be confused about their own role and responsibility, tending to see the control function as being the responsibility of the external actor. In turn, when the lead responsibility rests within the executive, as in Argentina, Brazil, Chile, Colombia, Mexico, Paraguay and Uruguay, the relevance of risk management and internal audit can be embedded in broader public management policies, improving the ownership of the public administration.
Data are drawn from the 2018 OECD Questionnaire on Public Integrity in Latin America and cover 11 countries. Respondents were predominantly senior officials in central government, supreme audit institutions and electoral commissions.
The internal audit function examines the adequacy and effectiveness of public sector organisations’ internal control systems, procedures, governance arrangements, risk management processes, and performance of operations (IIA, 2016). In turn, external audit resides outside the organisations’ structures, overseeing and holding the government to account for its use of public resources, facilitating policy learning and ensuring the impartial enforcement of laws and regulations.
Further reading
IIA (2016), International Professional Practices Framework (IPPF) – Standards and Guidance, Institute of Internal Auditors, Lake Mary, FL, https://na.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx.
OECD (2019), La Integridad Pública en América Latina y el Caribe 2018-2019, OECD Publishing, Paris, https://www.oecd.org/gov/ethics/integridad-publica-america-latina-caribe-2018-2019.pdf.
OECD (2018), Integrity for Good Governance in Latin America and the Caribbean: From Commitments to Action, OECD Publishing, Paris, https://doi.org/10.1787/9789264201866-en.
OECD (2017), OECD Integrity Review of Peru: Enhancing Public Sector Integrity for Inclusive Growth, OECD Publishing, Paris, https://doi.org/10.1787/9789264271029-en.
Figure notes
9.10 The names of the coordination institutions are available online.
Source: OECD (2018) OECD Questionnaire on Public Integrity in Latin America.
Source: OECD (2018) OECD Questionnaire on Public Integrity in Latin America.
Source: OECD (2018) OECD Questionnaire on Public Integrity in Latin America.
Metadata, Legal and Rights
https://doi.org/10.1787/13130fbb-en
© OECD 2020
The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at http://www.oecd.org/termsandconditions.
