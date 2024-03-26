As measured against OECD standards on risk management, which include internal control and internal audit, Estonia fulfils 88% of criteria for regulations and 35% for practice, compared to the OECD average of 67% and 33%, respectively.

Estonia is among the top performers in the OECD in terms of its regulatory safeguards for internal control and risk management. The Government of the Republic Act defines internal control policies according to international standards, the objectives of internal control, managerial responsibility for internal control, and annual reporting activities. Standards of conduct for ministers, members of parliament, civil servants and other political appointees are also available. The existing risk management framework explicitly addresses public integrity risks, and the Risk Management Handbook supports public bodies through the steps of the risk management process.

In practice, integrity, corruption, and fraud are frequently included in the scope of public organisations’ audit plans. However, not all organisations have conducted risk assessment exercises in the past three years or have established a system for documenting the results of risk assessments. Less than half of organisations’ have recently conducted risk assessments covering integrity risks. Additionally, not all public bodies sampled have an audit charter in place. In Estonia 61% of audit recommendations issued were implemented within one year, but there is no data on how many public organisations were internally audited.