Effective risk management aligns with government’s objectives and aids managerial decision-making. Risk assessments help governments to identify and understand the root causes of risks, how to mitigate them and the players involved.
Internal control and audit
Robust internal control, audit and risk management systems are essential for upholding public integrity. Effective frameworks reduce vulnerability to fraud and corruption by providing reasonable assurance that the organisation is achieving its objectives and managing risk, and help to ensure value for money by ensuring governments are optimally delivering programmes.
Key messages
Internal control processes protect governments from fraud, corruption, waste and abuse. They help governments to measure value-for-money, assess risk, and ensure compliance with laws, regulations and policies. Managers are the first responsible for internal control activities. Others, including risk managers, inspectors and internal auditors, also contribute, providing advice and independent assurance.
This is done by both internal and external auditors. Internal auditors provide decision-makers with unbiased perspective on the performance of programmes, policies as well as emerging risks. The Supreme Audit Institution (SAI) is a government entity whose external audit role consists in overseeing public expenditures and conducting financial and compliance audits but also more and more to support more informed policy-making.
Context
OECD countries' application of internal control and audit regulations could be improved
OECD countries have strong regulations on internal control, risk management and audit to counter corruption risks. According to the OECD Public Integrity Indicators, OECD countries on average fulfil 76% of criteria for regulations on internal control and risk management, and 55% of criteria for internal audit.
However, the application of these regulations in practice could be improved. Criteria for strong practices include ensuring that internal control and audit systems are developed by a central function, and the inclusion of integrity risks in public organisations’ risk assessments.
OECD countries on average fulfil 33% of these criteria on practices for internal control and risk management, and 27% for internal audit.
Internal audit is only effective if it can cover an adequate part of the public budget
Internal audit is most effective when it has sufficient coverage of key risk areas within the public budget. Regulation and practice vary significantly across OECD countries. On average, while internal audits cover 82% of OECD countries’ national budget organisations, only 62% of them have been internally audited in the last five years.
Four countries have full coverage both in legislation and in practice: Ireland, Mexico, the Netherlands and Türkiye. Six countries have full coverage in legislation but have not internally audited all entities in practice: Greece, Latvia, Lithuania, Portugal, the Slovak Republic and Slovenia.
What drives effective co-operation between internal and external auditors?
Respondents to an OECD survey on co-operation between internal and external auditors in the public sector perceived reducing audit duplication, efficient utilisation of audit resources, improved governance within audited organisations, and increased audit impact as highly beneficial.
When asked about the influencers of the effectiveness of co-operation, respondents believed that the legal framework has the greatest impact, followed by mutual trust and understanding.
Co-operation between internal and external auditors can yield significant advantages. Despite challenges, effective collaboration can be promoted in many ways, including clear communication channels, joint training programmes and formal agreements.
Related publications
Related policy issues
-
The OECD Public Integrity Indicators (PIIs) assess public integrity systems to help governments strengthen their resilience to corruption risks. Based on official data covering regulations and safeguards implemented in practice, the PIIs provide evidence for policy makers and various stakeholders to support the design of effective integrity policies and reforms.Learn more
-
Preventing and managing conflicts of interest in the public sector is crucial to help governments strengthen and enhance public integrity. Left undetected or inappropriately managed, they can undermine the integrity of public officials, decisions, agencies and governments. If conflicts of interest are left unresolved, they may ultimately lead to private interests capturing the policy process.Learn more
-
A wide range of stakeholders should have a fair and equitable opportunity to contribute to public decision-making, allowing policymakers to decide on the best course of action on any policy issue. Public decision-making however may at times only consider the interests of a few, and undue influence can also be exercised through opaque or deceptive means rules on lobbying and influence need to reflect new realities, including rapid technological change, and influence on behalf of foreign state actors, and respond to calls for increased transparency, integrity, and access.Learn more