Item 130 of the provisional agenda**
Review of the efficiency of the administrative and
financial functioning of the United Nations
* Reissued for technical reasons on 3 September 2014.
Activities of the Independent Audit Advisory Committee for the period from 1 August 2013 to 31 July 2014
Report of the Independent Audit Advisory Committee
The present report covers the period from 1 August 2013 to 31 July 2014. During the period, the Independent Audit Advisory Committee held four sessions, which were presided over by J. Christopher Mihm, Jr. (United States of America) as Chair and John F. S. Muwanga (Uganda) as Vice-Chair. This year saw the appointment by the General Assembly of three new members, namely, Patricia X. Arriagada Villouta (Chile), Natalia A. Bocharova (Russian Federation) and Maria Gracia M. Pulido Tan (Philippines), to replace three members whose terms had expired. As has been the case during the history of the Committee, all members attended all of the sessions during their appointments.
Section II of the report contains an overview of the activities of the Committee, the status of its recommendations, and its plans for 2015. Section III sets out the detailed comments of the Committee, including in response to the specific request of the General Assembly for comments regarding the forthcoming mandate review of the Office of Internal Oversight Services and on the pilot project for the public disclosure of internal audit reports.
1. The General Assembly, by its resolution 60/248, established the Independent Audit Advisory Committee as a subsidiary body to serve in an expert advisory capacity and to assist it in fulfilling its oversight responsibilities. By its resolution 61/275, the Assembly approved the terms of reference for the Committee, as well as the criteria for its membership, as contained in the annex to that resolution. In accordance with its terms of reference, the Committee is authorized to hold up to four sessions per year. To date, the Committee has held 27 sessions since its inception, in January 2008.
2. In accordance with its terms of reference, the Committee submits an annual report containing a summary of its activities and related advice to the General Assembly. The present, seventh annual report covers the period from 1 August 2013 to 31 July 2014.
3. In its resolution 68/21, the General Assembly, recalling paragraph 13 of its resolution 64/263, requested the Committee, in the context of its terms of reference, to continue to provide advice to the Assembly on relevant issues relating to the effectiveness, efficiency and impact of the audit activities and other oversight functions of the Office of Internal Oversight Services (OIOS) as it deemed necessary. In addition, in paragraph 2 of section III of its resolution 67/258, the General Assembly requested the Committee to review the practice of publication of the internal audit reports and to report thereon to the Assembly at the main part of its sixty-ninth session. The observations, comments and recommendations of the Committee in this respect are contained in the body of the present report under section III.C.
4. The Committee is also required to advise the General Assembly on, among other things: the compliance of management with audit and other oversight recommendations; the overall effectiveness of the risk management procedures and deficiencies in the internal control systems; the operational implications of the financial statements and the reports of the Board of Auditors; and the appropriateness of the accounting practices and disclosure practices in the Organization. The Committee also advises the Assembly on the steps necessary to facilitate cooperation among the oversight bodies.
5. The present report addresses the issues identified during the reporting period as they pertain to the above-mentioned responsibilities of the Committee.
II. Activities of the Independent Audit Advisory Committee
A. Overview of the sessions of the Committee
6. During the reporting period, the Committee held four sessions: from 11 to 13 December 2013 (twenty-fourth session), from 19 to 21 February 2014 (twenty-fifth session), from 8 to 10 April 2014 (twenty-sixth session) and from 9 to 11 July 2014 (twenty-seventh session). All of the sessions were held at United Nations Headquarters.
7. The Committee functions under its adopted rules of procedure, as contained in the annex to its first annual report (A/63/328). To date, all members of the Committee have a 100 per cent attendance rate at its sessions. All the decisions of the Committee have been unanimous; however, its rules of procedure make provision for members to record their dissent with respect to decisions taken by the majority.
8. During the twenty-fourth session, in December 2013, the members re-elected J. Christopher Mihm, Jr. (United States of America) as Chair and John F. S. Muwanga (Uganda) as Vice-Chair for 2014. Additional information about the Committee can be found on its website in all the official languages of the United Nations (www.un.org/ga/iaac/).
9. Since its establishment, the Committee has submitted 17 reports to the General Assembly, 2 of which were submitted during the reporting period. They include the annual report for the period from 1 August 2012 to 31 July 2013 (A/68/273); and a report to the General Assembly, through the Advisory Committee on Administrative and Budgetary Questions, on the budget of OIOS under the support account for peacekeeping operations for the period from 1 July 2014 to 30 June 2015 (A/68/773).
B. Status of the recommendations of the Committee
10. Although it meets only four times per year, typically for three days at each session, the Committee has accomplished important achievements to date, particularly in relation to enterprise risk management and the operations of OIOS. The Committee follows up on the implementation of its recommendations as a standard agenda item at each session and looks forward to seeing the full effects of the actions taken by management and by OIOS. Some of the significant recommendations made by the Committee during the reporting period relate to:
(a) The need for OIOS to balance resource requirements between the regular budget and peacekeeping budgets in regard to the inspection and evaluation function of OIOS;
(b) The need for OIOS to address the delays in completing investigations;
(c) The expectation of more positive results following the establishment of a proactive risk-based workplan for investigation;
(d) The need for the Management Committee to address the root causes of the growth in past due recommendations;
(e) The need for the Organization to systematically identify, as a matter of priority, the key enterprise risks that need to be brought to the attention of the General Assembly;
(f) The need for the Organization to expedite the finalization of a comprehensive assessment of the status of enterprise risk management in the Secretariat;
(g) The need for the Organization to develop an integrative approach to risk management that looks across the Organization’s units;
(h) The need for the Organization to take, as appropriate, duly justified management decisions with respect to some issues pertaining to the International Public Sector Accounting Standards (IPSAS).
C. Overview of the plans of the Committee for 2015
11. The Committee undertook its responsibilities, as set out in its terms of reference, in accordance with the scheduling of the sessions of the Advisory Committee on Administrative and Budgetary Questions and the General Assembly. The Committee will continue to schedule its sessions and activities to ensure coordinated interaction with intergovernmental bodies and the timely availability of its reports. In a preliminary review of its workplan, the Committee identified several key areas that will be the main focus for each of its four sessions for fiscal year 2015 (see the table below).
Workplan of the Committee for 2015
Key focus area
Intergovernmental consideration of the report of the Committee
Review of the 2015 workplan of OIOS in the light of the workplans of other oversight bodies
Proposed budget of OIOS under the support account for peacekeeping operations for the period from 1 July 2015 to 30 June 2016
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors
Coordination and cooperation among oversight bodies
Advisory Committee on Administrative and Budgetary Questions, first quarter 2015
General Assembly, second part of the resumed sixty-ninth session
Status of implementation of oversight bodies’ recommendations
Report of the Committee on OIOS budget
Risk management and internal controls
Coordination and cooperation among oversight bodies
General Assembly, second part of the resumed sixty-ninth session
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors
Proposed programme budget for OIOS for the biennium 2016-2017
Coordination and cooperation among oversight bodies
Preparation of the annual report of the Committee
Advisory Committee on Administrative and Budgetary Questions, second quarter 2015
General Assembly, main part of the seventieth session
Workplans of OIOS for 2016
Proposed budget for OIOS under the support account for peacekeeping operations for the period from 1 July 2016 to 30 June 2017
Review of the enterprise risk management and internal control framework in the Organization
Election of the Chair and Vice-Chair for 2016
General Assembly, second part of the resumed seventieth session
12. In planning for 2015, the Committee is mindful of the following relevant events that could have an impact on its work activities:
(a) The decision by the General Assembly, in paragraph 6 of section II of its resolution 65/250, to review the terms of reference of the Committee;
(b) The various reform/transformational initiatives on which the Organization has embarked, such as the accountability system, the global field support strategy, IPSAS and Umoja;
(c) The end of the terms of office of two of the five members of the Committee, whose three-year terms expire in December 2014.
III. Detailed comments of the Committee
A. Status of the recommendations of United Nations oversight bodies
13. Under paragraph 2 (b) of its terms of reference, the Committee is mandated to advise the General Assembly on measures to ensure the compliance of management with audit and other oversight recommendations. During the reporting period, the Committee reviewed the status of the implementation by management of the recommendations of United Nations oversight bodies, as a standard practice.
Board of Auditors
14. According to the report of the Board of Auditors on the United Nations peacekeeping operations for the 12-month period from 1 July 2012 to 30 June 2013 (A/68/5 (Vol. II), chap. II), the rate of implementation of the recommendations made for the financial period ended 30 June 2012 in respect of peacekeeping operations was 55 per cent, which is significantly higher compared with the 45 per cent rate for the period ended 30 June 2011 (see figure I.A below). The Board noted that the Administration improved the monitoring of the implementation of its recommendations and reinforced the guidance to the missions on the issues concerned. The Committee joins the Board in welcoming the progress, while encouraging management to intensify its effort in implementing the remaining recommendations.
Implementation trends for the recommendations of the Board of Auditors
A. Peacekeeping operations
B. Regular budget
15. With respect to the regular budget, the Board of Auditors, in paragraph 11 of its report on the financial statements of the United Nations for the biennium ended 31 December 2013 (A/69/5 (Vol. I), chap. II), noted that in the light of the strategic nature of some of its recommendations, the implementation rate of 63 per cent for the biennium 2010-2011 represented “good progress”. In annex I to that report, the Board of Auditors reported that the overall implementation rate of its recommendations for prior periods was 76 per cent, which is a major improvement. As shown in figure I.B above, this rate is one of the highest since the biennium 2002-2003, when the Committee started reviewing the trends in the implementation rates.
16. The Committee welcomes the upward trend with respect to the implementation of the Board’s recommendations. The Committee therefore agrees with the sentiments of the Board, and believes that management has made significant progress to date with respect to the implementation of the Board’s recommendations. In that regard, the Committee continues to acknowledge the role of the Management Committee in ensuring that the main recommendations of the Board are implemented on a timely basis.
Office of Internal Oversight Services
17. As reported in its activity report for the period from 1 July 2010 to 30 June 2011 (A/66/286 (Part I)), effective 1 January 2012, OIOS changed the way it prepared its audit reports and classified its recommendations. The Committee was informed that the Management Committee had accordingly adjusted the way it monitored outstanding critical OIOS recommendations. In this regard, all critical recommendations are brought to the attention of the Management Committee for follow-up action and focus is placed on those that are past due. The Committee received quarterly updates from OIOS and the Department of Management on the implementation of critical recommendations. Figure II below provides cumulative and quarterly trend analysis of the implementation rate and past due critical recommendations issued by OIOS.
Trend analysis of quarterly past due critical recommendations of the Office of Internal Oversight Services
18. In paragraph 22 of its previous report (A/68/273), the Committee expressed its concern that the quarterly past due recommendations continued to rise. Consequently, the Committee recommended that the Management Committee determine the causes of the growth in the number of past due recommendations and ensure that programme managers adhere to the target date that they had set for the implementation of OIOS recommendations.
19. During the course of its deliberations, the Committee met with the Management Committee and the Department of Management and received quarterly reports from OIOS on the status of implementation of its critical recommendations. The Committee was assured that the issues it had raised were receiving the requisite attention from all the stakeholders. For instance, senior managers were required, as part of their compact with the Secretary-General, to include implementation of the recommendations of oversight bodies as a key performance indicator, and managers were advised to set realistic implementation target dates. Each past due recommendation was reviewed, and an explanation was provided to the Management Committee accordingly.
20. As can be seen from the cumulative implementation rate, the efforts of the Management Committee and senior managers in following up with programme managers is proving effective. After a slow start in 2012, the overall implementation rate has continued to improve, from a low of 56 per cent at the beginning of 2013 to 83 per cent in the second quarter of 2014. At this rate, it is possible that programme managers will be able to meet the target rate of 90 per cent for the implementation of critical recommendations due on or before the end of 2014.
21. The progress cited above notwithstanding, the Committee noted some areas for improvement. For instance, as shown in figure II, during the first quarter of 2014 OIOS reported that management had targeted the implementation of 33 critical recommendations. Following its review, OIOS reported that only 6 recommendations had been implemented by the target dates and 27 were past due. In the second quarter of 2014, 30 recommendations were targeted for implementation by 30 June 2014; however, only 5 were implemented and the remaining 25 were past due.
22. Against this background, the Committee acknowledges that management was making important progress with respect to addressing OIOS recommendations. The Committee nevertheless reiterates its previous recommendation that programme managers adhere to the target date that they set for the implementation of these recommendations. Alternatively, management should revisit their implementation plans to ensure that in future realistic target dates are set.
Joint Inspection Unit
23. The Committee received an update from the Chair of the Joint Inspection Unit on a number of issues, including the acceptance/implementation rates of the recommendations made by the Unit. The Committee was informed that the aggregate acceptance rate by the Secretariat for the period 2004-2012 was 62 per cent, compared with 64.2 per cent for 2004-2011. On the other hand, the implementation rate for the same period 2004-2012 was 58 per cent, which is higher than the 56.9 per cent reported for the period 2004-2010 (see figure III).
Status of acceptance/implementation of recommendations of the Joint Inspection Unit by the Secretariat
24. The Joint Inspection Unit indicated that these rates (acceptance and implementation) were lower than the averages of the eight largest organizations of the United Nations system, which stood at 75 and 66 per cent, respectively. According to the Unit, the lower rates were due in part to recommendations addressed to the General Assembly for which the Secretariat does not have the authority to accept and/or implement in the abscence of direction from the Assembly.
25. According to management, the rates for the recommendations of the Joint Inspection Unit would be comparable to those of the eight major entities if the Unit reported the implementation rates of recommendations addressed to the General Assembly and those addressed to the Chief Executives Board separately.
26. The Committee commends management for the effort it has put into the improvement in the implementation rate of the recommendations of the Joint Inspection Unit. The Committee believes that the Unit should coordinate with management a reporting system whereby the recommendations addressed to the General Assembly are accounted for separately from those directed to management, including the Chief Executives Board. This will provide a realistic view regarding the implementation rates achieved by the Secretariat.
B. Risk management and internal control framework
27. Paragraphs 2 (f) and (g) of the terms of reference of the Committee (see General Assembly resolution 61/275, annex) mandate the Committee to advise the Assembly on the quality and overall effectiveness of risk management procedures and on deficiencies in the internal control framework of the United Nations.
Enterprise risk management
Key risk identification and the status of enterprise risk management
28. In paragraph 29 of its previous report A/68/273, the Committee recommended that, consistent with paragraph 24 of General Assembly resolution 66/257 and paragraph 32 of the report of the Advisory Committee on Administrative and Budgetary Questions (A/67/766), the Organization systematically identify the key risks that needed to be brought to the attention of the Assembly as a matter of priority. Furthermore, in paragraph 40 of its 2012 report (A/67/259 and Corr.1 and 2), the Committee called for a comprehensive assessment of the status of the enterprise risk management system.
29. During the discussions with the Management Committee and the Department of Management, the Committee was updated on the progress made in this regard. Moreover, in paragraphs 40 to 45 of his third progress report on the accountability system in the United Nations Secretariat (A/68/697), the Secretary-General reported on the actions taken in this respect, including the establishment of a Secretariat-wide risk assessment process. With respect to the identification of key risks, the Committee was informed that preliminary results had been finalized and presented to the Management Committee and that the subsequent discussions had led to a shared understanding of the major strategic risk areas and their criticality.
30. The Committee welcomes the progress made by management and recommends that the Management Committee, which doubles as the enterprise risk management Committee, continue to be engaged in the enterprise risk management process to ensure that enterprise risk management becomes an integrated and important management tool used to direct the Organization.
31. In its reports and at its previous sessions, the Committee identified and reported on various departments (risk champions) that had reported having systematically embedded risk in their respective programmes. The Committee also indicated, in paragraph 36 of its 2012 report (A/67/259 and Corr.1 and 2), that the Department of Management (with the exception of some offices) and OIOS, which were at the vanguard of enterprise risk management in the Organization, did not have systematic risk management systems in place. The Committee has since been informed that OIOS, in coordination with the Department of Management, has embarked on a risk management process for its own internal operations. The Committee welcomes this initiative and reiterates its prior recommendation that all the Departments that have not yet embedded risk in their operations do so as a matter of priority. The Committee will continue to closely review the efforts of OIOS and management to establish robust enterprise risk management processes.
Risk mitigation and the silo effect
32. Given the interdependent nature of the various Departments and Offices in achieving the Organizational goals and objectives, the Committee, in paragraph 45 of its previous report (A/68/273), recommended that the Management Committee and the Under-Secretary-General for Management, who is the official responsible for enterprise risk management in the Organization, undertake every effort to ensure a genuinely enterprise approach to risk management that looks across the Organization’s units and ensures a coordinated and comprehensive approach to identifying and managing risk. The Committee noted that success would be achieved only through a concerted push of breaking down or avoiding silos — in other words, by managing the holistic portfolio of risk facing the Organization.
33. As indicated above, the Committee was pleased to note that the Secretariat had finalized the preliminary Secretariat–wide risk assessment. The Committee also noted that management had not only identified the top risks, but also assigned a “corporate risk owner” — key responsible official — for most of those risks. In addition, risk treatment working groups, composed of members from various departments, have been identified to manage the individual risks. The Committee was further informed that management expected the working groups, operating under the supervision of the corporate risk owners, to work with support from the enterprise risk management focal point in the Office of the Under-Secretary-General for Management to finalize a revised version of the risk register and to develop detailed risk treatment and response plans by the end of November 2014.
34. The Committee commends the enterprise risk management committee and management for the dedication and progress shown in breaking down silos and making enterprise risk management an integral and important management tool of the Organization. These are important first steps, but they are only first steps. Top management will need to continue to actively lead enterprise risk management efforts to ensure that systematically identifying and managing risks becomes a standard way of doing business. The Secretary-General must also ensure that his Office and the departments have the capacities they need to effectively implement and sustain enterprise risk management. The Committee will follow up on these and other enterprise risk management issues as a major priority at its subsequent sessions.
C. Effectiveness, efficiency and impact of the audit activities and other functions of the Office of Internal Oversight Services
35. The terms of reference of the Independent Audit Advisory Committee provide for it to advise the General Assembly on aspects of internal oversight (General Assembly resolution 61/275, annex, paras. 2 (c)-(e)). In undertaking its mandate, the Committee has maintained its standard practice of meeting with the Under-Secretary-General for Internal Oversight Services and other senior OIOS officials during its sessions. The discussions have been focused on OIOS workplan and budget execution, with significant findings reported by OIOS, operational constraints (if any), post incumbency and the status of the implementation by management of OIOS recommendations, including the critical recommendations, strengthening investigations and funding arrangements.
36. In its resolution 68/21, the General Assembly, recalling paragraph 13 of its resolution 64/263, requested the Committee, in the context of its terms of reference, to continue to provide advice to the Assembly on relevant issues relating to the effectiveness, efficiency and impact of the audit activities and other oversight functions of OIOS, as it deemed necessary. In addition, in paragraph 2 of section III of its resolution 67/258, the Assembly requested the Committee to review the practice of publication of the internal audit reports and to report thereon to the Assembly at the main part of its sixty-ninth session.
1. Comments on the effectiveness, efficiency and impact of the Office of Internal Oversight Services
37. In the context of its terms of reference, the following paragraphs provide the comments, views and opinions of the Committee in the light of the forthcoming review of the mandate of OIOS. The Committee focused its assessment on three broad areas: (a) strategic planning, OIOS effectiveness and performance measurement; (b) OIOS internal management and efficiency; and (c) the coordination and collaboration of audit, evaluation and investigations across the United Nations Secretariat. Area (c) is addressed in section E below.
Strategic planning, OIOS effectiveness and performance measurement
38. During 2014, the Committee looked at several aspects of OIOS operations centring on the effectiveness of the Office. In this regard, the Committee examined OIOS planning for beyond the one- or two-year workplan; whether such a long-term strategic plan for the OIOS divisions was fully integrated; and whether the goals and tasks of OIOS were aligned with the key United Nations risks. The Committee also sought to know whether OIOS was sufficiently focused on the challenges indicated in the reports and trends of other United Nations oversight bodies, and what annual goals OIOS set for its divisions.
39. The Committee found that OIOS did not have a long-term strategic plan for the Office other than the two-year plan.
40. The Committee recommends that OIOS establish a fully integrated long-term strategic plan for the Office, which will address the following issues, among others:
(a) Strategic goals and strategies that are aligned with key United Nations risks and the latest transformational initiatives of the Secretariat, including mobility, IPSAS, Umoja and the capital master plan;
(b) A focus on the challenges and tendencies, such as procurement fraud, that are apparent in the financial statements of the oversight bodies;
(c) Annual goals for each division that are consistent with the strategic plan.
41. With respect to aligning the goals and tasks of the Office with the key United Nations risks, OIOS informed the Committee that since the key United Nations risks had been defined only recently, such alignment had not been possible until now. OIOS indicated, however, that it intended to integrate the risk register into its risk-based workplans for the first time in 2014.
Effectiveness of OIOS and performance measurement
Programme impact pathways
42. The Committee examined how OIOS measured its effectiveness and performance both overall and within its divisions. For example, in paragraph 62 of its report (A/66/16), the Committee for Programme and Coordination recommended that the Secretary-General ensure that OIOS evaluation reports also focus on programme impact and results achieved, by improving the methodology for conducting assessments and, in particular, ensuring regular follow-up on the progress made and more comprehensive conclusions. The General Assembly endorsed that recommendation in its resolution 66/8. During the reporting period, the Committee has had interaction with OIOS on the need for the Inspection and Evaluation Division to provide feedback on how useful the evaluation reports have been, and whether management has the capacity to use such reports.
43. In paragraph 11 of its report of 1 March 2013 (A/67/772), the Committee recalled Standard 2000 of the Institute of Internal Auditors, which provides that a chief audit executive must effectively manage internal audit activity to ensure that it adds value to the Organization.
44. In its subsequent reports and follow-up on this matter, OIOS informed the Committee that it had established the programme impact pathways for each division and for OIOS as a whole. The Committee, in paragraph 50 of its previous report (A/68/273), noted the progress made in this regard, but remained concerned at the slow progress in fully addressing this matter.
45. The Committee has since received the programme impact pathways for OIOS as a whole and for the respective divisions. The Committee noted that OIOS had provided extensive key indicators (quantitative and qualitative) for each activity, output and outcome. The Committee also noted that OIOS had gone a step further and established impact indicators, which could help to address the recommendation of the Committee on Programme and Coordination mentioned in paragraph 42 above regarding programme impact and results. OIOS further informed the Committee that it intended to make the programme impact pathways a management tool that would integrate the work of the respective divisions and assist in breaking down the silos that currently exist in the Office.
46. The Committee views the development of the programme impact pathways and the commitment to use them as very positive developments. The Committee recommends that, building on this progress, OIOS should establish specific goals — with associated performance measures — for its divisions and for OIOS as a whole. This will provide OIOS as well as stakeholders with a clear view of where the organization is headed, what results are being achieved and what opportunities for improvement exist. The Committee also believes that these programme impact pathways provide the opportunity to strengthen the workplan for each division and the corresponding budgets.
47. To supplement the programme impact pathways, the Committee requested OIOS to provide the results of the surveys from its clients. The Committee received surveys from the Internal Audit Division and the Inspection and Evaluation Division. Overall, management expressed satisfaction on the usefulness of internal audit reports in the identification and management of key risks and the cost-effectiveness of internal control. The Committee noted that no surveys had been done for the Investigations Division or for OIOS as whole.
48. The Committee believes that well-designed surveys, aimed at the stakeholders and conducted frequently, are useful tools to measure performance and improve effectiveness. The Committee therefore recommends that OIOS ensure that all the divisions of the Office, and OIOS as whole, conduct surveys, as appropriate. For divisions, not only should a survey be conducted annually, but, where practical, especially for the Internal Audit Division and the Inspection and Evaluation Division, a survey should also be conducted after each engagement.
Effect of the operational and budgetary independence of OIOS on its effectiveness
49. The Committee recalled paragraphs 20 and 21 of its 2009 report (A/64/288), in which it had addressed operational independence. The Committee also recalled that, in its resolution 64/263, the General Assembly had endorsed some aspects and taken no actions on other aspects of the recommendations contained in these two paragraphs. In the course of its deliberations, the Committee has been informed by OIOS of aspects of operational independence that need to be addressed if the effectiveness of the Office is to be enhanced.
50. While noting the role of the Committee in mitigating the potential impairment of the independence of OIOS caused by the Office’s dependence on funding from entities that received its oversight services, OIOS informed the Committee of some concerns that required consideration. Such concerns included, among other things: the fragmentation of funding sources; internal inconsistency in seeking funding for OIOS activities; the inflexibility of resources between internal oversight functions; timing and governance arrangements for a client’s budget cycles; and the lack of financial independence, especially with respect to extrabudgetary resources. OIOS has developed a list of options for possible improvements in the funding arrangement that it believes will address those concerns.
51. The Committee recommends that OIOS formalize the options into concrete and specific set of proposals, develop business cases for recommended options and submit them to the General Assembly in the context of the long-awaited report on the funding arrangement requested pursuant to General Assembly resolution 61/275. The Committee looks forward to reviewing the proposal and will be especially looking to options that ensure and, as appropriate, strengthen the financial independence of OIOS.
52. The Committee was informed of the challenges faced by OIOS with respect to obtaining legal advice on a number of issues affecting its work, such as the potential conflicts of interest in which the Office of Legal Affairs at times actively provided advice to both management and OIOS, who might find themselves on opposite sides of a management issue.
53. The timing of making referrals of suspected criminal activity to national authorities was also cited as a challenge. The Committee was informed that currently the Legal Counsel made referrals only on the basis of a referral to it by management, based upon a substantiated allegation, which in turn is based on a completed investigation. In the view of OIOS, waiting for a substantiated allegation was not the most effective timing, since it often takes 12 to 18 months to complete complex investigations. Furthermore, the Committee was informed that, given the Office’s limited power and authority, the process of conducting investigations into credible allegations of criminal behaviour (particularly by third parties) involves such activities as the handling of evidence and contacts with alleged perpetrators, which is likely to frustrate and even obstruct the subsequent efforts by national authorities to successfully investigate and prosecute these matters. OIOS maintains that if, in the course of its work, it determines that there is an allegation of serious criminal activity, it should be in a position to begin working with the national authorities immediately. To address this matter, OIOS indicated that the interest of the Organization would be better served if such referrals were made upon determining that the allegations were credible, which would be prior to completing an investigation.
54. After receiving the views of the Office of Legal Affairs and obtaining additional clarifications from OIOS, the Committee understands that the matters raised in the present section are subject to further discussion. The Committee will await the outcome of the discussions between OIOS, the Office of Legal Affairs and other relevant offices and departments before it can fully address the merits of the concerns of OIOS.
OIOS internal management and efficiency
55. During its deliberations, the Committee looked at how OIOS designs and implements its workplan. The Committee reported its observations and recommendations with regard to OIOS workplans in its report on the budget of OIOS under the support account for peacekeeping operations for the period from 1 July 2014 to 30 June 2015 (A/68/773) and its report on the proposed programme budget for OIOS for the biennium 2014-2015 (A/68/86).
Vacant posts in the Office of Internal Oversight Services
56. In its previous reports to the General Assembly, the Committee has consistently expressed concerns about the high number of vacancies in OIOS — a sentiment also expressed by the Board of Auditors in some of its prior reports. During its meetings with OIOS, the Committee followed up on this matter and noted that the overall vacancy rates for OIOS as at 31 May 2014 had edged slightly higher, at 15.4 per cent, compared with the 14 per cent reported by the Committee in its previous report (A/68/273). However, the vacancy rate for the peacekeeping section of the Investigations Division continues to be unacceptably high at 33.9 per cent.
57. The Committee remains very concerned about the persistently high vacancy rate in investigations, especially in the field, which in turn calls into question the ability of OIOS to fulfil its mandate. The Committee reiterates its prior recommendation that OIOS address this issue as a matter of priority.
Resource disparities in Inspection and Evaluation Division resources
58. The Committee, in paragraph 20 of its report (A/68/773), recalled its previous observation that to evaluate programmes funded from the regular budget, with a total expenditure of about $5.31 billion, the Inspection and Evaluation Division had 23 posts at its disposal. However, with respect to peacekeeping operations, whose expenditure during the previous fiscal year was about $7.54 billion, the Division had only three posts.
59. The Committee was informed that some of the evaluation in peacekeeping operations was covered in the context of the audits undertaken by the Internal Audit Division. That assurance notwithstanding, the Committee still believes that OIOS needs to review this matter further, especially in the context of the key risks to the Organization and OIOS efforts to ensure that it has adequate audit coverage over those key risks.
Cost-effectiveness of implementing a recommendation
60. The Committee was informed by management that in some instances, oversight bodies had made recommendations without bearing in mind the cost-effectiveness of implementing such recommendations. The Committee was informed of such examples, including the case in which an oversight body had recommended that, without waiting for Umoja implementation, the Organization enhance the internal documentation on the preparation of the financial statements. According to management, this would have meant making the same fixes twice at a very high cost. The Committee was also informed of a case in which an oversight body had recommended that a mission install CarLog systems on all its vehicles — when in fact all the vehicles in that mission came with electronic counters and tracking systems installed.
61. The Committee recommends that in the current financial environment, the oversight bodies endeavour to include the cost-effectiveness of implementing a recommendation, as necessary, remaining well aware that the cost of implementing a control measure should not exceed the benefit.
How OIOS reports have helped to inform the decision-making process of the Organization
62. Given the fact that OIOS reports are intended first and foremost to assist programme managers in carrying out their duties, the Committee wanted to find out from managers how OIOS reports had informed their decision-making process. The Committee was informed that comprehensive reports were useful to management, as they provided a much broader perspective on the functioning of the Organization. Specifically, management cited the OIOS reports on the capital master plan and the report on air travel as having been very useful, and stated its view that more of such reports, as opposed to the narrowly focused reports, would go a long way in helping management. Given the role of OIOS reports in assisting programme managers in carrying out their duties, the Committee agrees with management that OIOS should embark on the conduct of more strategic and comprehensive audits based on the major organizations’ risks.
Adequacy of the investigation function
63. Without prejudice to the awaited report on the strengthening of the investigation function of the Organization, the Committee requested comments from management on the state of the investigation function. The Committee was informed that the current investigation function in the Secretariat was not measuring up to the new, professional justice system, comprising the United Nations Dispute Tribunal and the United Nations Appeals Tribunal. In addition to OIOS, ad hoc panels, made up of heads of offices and departments, the Department of Safety and Security, special investigations units in peacekeeping missions and so on, were involved in the investigation process. According to management, most of the investigations conducted by these ad hoc panels are carried out by non-professional investigators. According to management, having OIOS conduct all investigations would be a more effective and efficient approach.
64. As a follow-up on this matter, the Committee requested that management provide data showing all the cases that were appealed at the tribunals of the Organization. Figure IV shows all the cases (since the inception of the new justice system) investigated by OIOS that ended up in the tribunals, while figure V shows all cases investigated by non-OIOS investigators.
Cases investigated by OIOS that end up at the tribunals (45 cases since inception)
Abbreviations: PTF, Procurement Task Force; UNAT, United Nations Appeals Tribunal; UNDT, United Nations Dispute Tribunal.
65. As indicated in figure IV, of the 45 cases that went to the tribunals, 58 per cent (26 cases) were won, lost or settled by management without any problems in respect of the conduct of the investigation being cited by the judges. On the other hand, 20 per cent (9 cases) were won or lost with weaknesses in the conduct of the investigations cited by the judges.
66. With respect to investigations conducted by non-professional investigators, 27 cases were appealed at the tribunals. Of these, 70 per cent of the cases (19) were won or lost without any problems regarding the conduct of the investigation being cited by the judges. A slightly higher percentage, 26 per cent (7), of the cases handled by non-professional investigators were the subject of criticisms from the judges. The Committee noted that although both the OIOS and non-OIOS investigators fared relatively well at the tribunal level, investigations conducted by OIOS tended to perform slightly better.
Cases investigated by non-OIOS investigators that end up at the tribunals
(27 cases since inception)
67. The Committee was further informed that looking at cases that ended up in the tribunals alone did not tell the whole story. Management said that it sometimes decided to close cases without disciplinary action (which is normally the trigger for tribunal cases), partly because it believed that some of the cases would not hold in the face of the current justice system. In that respect, the Committee’s attention was drawn to the four recent reports of the Secretary-General on disciplinary matters (A/65/180, A/66/135, A/67/171 and Corr.1, and A/68/130), which showed that a total of 180 cases had been closed with no action. However, it is not clear how many, if any, of these were not pursued owing to a management concern about the investigation.
Categorization of the cases for investigation
68. The Committee was briefed on the two categories of cases in the Secretariat, categories I and II. Category I cases were described as cases that would normally include the following: serious or complex fraud; other serious criminal acts or activity; abuse of authority or staff; conflict of interest; gross mismanagement; waste of substantial resources; all cases involving risk of loss of life to staff or to others; substantial violation of United Nations regulations, rules or administrative issuances; and complex proactive investigations aimed at studying and reducing risk to life and/or United Nations property. Category II cases would include: personnel matters; traffic-related inquiries; simple theft; contract disputes; office management disputes; basic misuse of equipment or staff; basic mismanagement issues; infractions of regulations, rules or administrative issuances; and simple entitlement fraud.
69. Over time, the distinctions have not been clear in some instances, with the result that some cases have been referred back to management when in fact they should have been handled by OIOS, and vice versa. The Committee, in discussion with OIOS, was informed that from the categorizations above, it might not be practical for OIOS to assume all investigations. OIOS further informed the Committee that other options, including centralizing the intake process and/or training pools of investigators in others units, could go a long way in strengthening the overall investigation function.
70. In the absence of compelling data one way or the other, and since the Committee was not able to obtain an analysis of the 180 cases dismissed with no action, the Committee is not prepared to make a recommendation on the best course of action in this regard. Rather, the Committee is of the view that the decision to strengthen the investigation function should be made after the outstanding report on the terms of reference pertaining to strengthening investigation is completed. To be helpful, that report will include a thorough analysis of the cases that are closed with no action, the categorization of the cases, the cost to the Organization of the cases lost owing to cited weaknesses in the investigation, and the whole universe of cases that require investigation.
2. Public release of OIOS internal audit reports
71. In paragraph 2 of section III of its resolution 67/258, the General Assembly called on the Committee to review the practice of publicly releasing OIOS internal audit reports, including those on the relationship of the Office with management, the reputation of the Organization and the effectiveness of the new report format, and to report thereon to the Assembly at the main part of its sixty-ninth session. To respond to the request, the Committee examined any changes in the nature of the reports in terms or satisfactory versus unsatisfactory ratings, review data on client satisfaction and on downloads of the published reports and held meetings with senior managers and oversight bodies. These meetings were aimed at trying to find out management’s view on the new report format and on their views regarding the public disclosure.
New reporting format
72. Since July 2011, OIOS has embarked on a new reporting format, whereby ratings are assigned to internal audit reports regarding the adequacy and effectiveness of the governance, risk management and internal control system examined (see A/67/297 (Part I), para. 13). According to OIOS, these ratings, “satisfactory”, “partially satisfactory” and “unsatisfactory”, communicate clearly the level of assurance being provided on the basis of the audit work conducted, including the significance of any deficiencies identified (ibid.).
73. According to the Institute of Internal Auditors, the grading system of internal activities is a common practice. The Institute further asserts that when using such a grading system to communicate a positive assurance, such words should be clearly defined. The Committee notes that OIOS has defined the three ratings of “satisfactory”, “partially satisfactory” and “unsatisfactory” in its recently finalized document known as the “List of key oversight terms”. These definitions, however, are not explicit in the individual audit reports to programme managers. Since these reports have been designed with public dissemination in mind, and since some programme managers and the public may not have easy access to the document containing the key oversight terms, the Committee recommends that OIOS include in each report the definition of each audit engagement opinion/rating assigned to the report.
74. Subsequent to the finalization of the present report, the Committee was informed that OIOS had decided to include, as a footnote, the description of each ranking used in its reports henceforth.
75. In addition, when asked for comments on the new reporting format, management informed the Committee that some managers could be devoting more attention to the overall ratings than to the contents of the reports. Management further contended that the content of the audit reports under the new format had become less informative, which might negatively affect the level of information needed by programme managers for decision-making purposes. In the light of these views, the Committee requested client satisfaction surveys from OIOS. Although the exact question on the new format of the internal audit reports was not included in the survey questionnaire, most respondents expressed overall satisfaction regarding the usefulness of internal audit reports in the identification and management of key risks, and the cost-effectiveness of internal control.
76. The Committee also tried to establish whether the decision to publish internal audit reports had affected management’s willingness to be open and direct about potential problems and solutions during the audit process. From the discussions with management and OIOS, the Committee did not find any indication that publishing internal audit reports affected management’s willingness to be forthcoming during the audit process.
Impact of the public release of the internal audit reports
77. In the light of the request made by the General Assembly in resolution 67/258, the Committee made an effort to analyse the extent and impact of the public disclosure of the internal audit reports on the reputation of the Organization and on management.
Extent of public disclosure
78. The Committee requested an analysis of the information available regarding visits to the website and downloads of its reports since OIOS had started publishing its internal audit reports. The Committee was informed that since the implementation of the policy on 1 June 2013, 151 reports had been listed and 139 reports had been published on the website. At the discretion of the Under-Secretary-General for Internal Oversight Services, 12 reports had been redacted and two reports had been withheld for reasons of confidentiality and security.
79. The Committee was further informed that publication of the reports had been attracting the interest of both internal and external visitors in the work of OIOS. According to OIOS, as at 30 June 2014, almost 2,000 visitors (1,252 external and 716 internal) had browsed the website and 480 of them (319 external and 161 internal) had downloaded OIOS reports (see figure VI below).
Distribution of website visits and downloads of OIOS reports
80. As figures VII and VIII below show, external visitors visited the OIOS website more than internal visitors (64 and 36 per cent, respectively). When it comes to actual downloads of the OIOS internal audit reports, the number of external downloads was slightly higher than internal ones (66 and 34 per cent).
Distribution of visits to the
Distribution of downloads from the OIOS website
81. OIOS does not routinely track how many times each of its reports is downloaded or who is downloading/reading them. Such information is important, because it would help OIOS to know whether it is meeting the expectation of Member States, key stakeholders and the public for information to ensure transparency and accountability. The Committee draws the Office’s attention to the recently published statistics contained in the World Bank report entitled “Which World Bank reports are widely read?” In that report, the writers provide useful statistics that can help the World Bank to make policy improvements to ensure that its reports appeal to a wider audience.
82. The Committee therefore recommends that OIOS undertake deeper analysis on a continuing basis to help meet the needs of the intended users of its reports. There are publicly available automated tools that could assist OIOS in this effort. The first step, however, is a more pronounced customer focus — through the use of automated surveys, for example — to determine how the website is being used and how it could better meet the needs of its users.
83. The Committee found that the OIOS website search functionality was not user-friendly. In this respect, the Committee recommends that OIOS improve its website, for example, by improving the organization of the site and the search function so that visitors (especially external visitors who may not be familiar with the United Nations system) can search for and easily find what they are seeking.
Views on the policy of public disclosure
84. Programme managers expressed the fact that the knowledge that their reports would be made public had caused them to be more prudent and focused in addressing the weakness identified in the reports. Sentiments were also expressed to the effect that the publication of the reports had helped to increase the level of accountability in the Organization since the senior managers’ compacts included the implementation of oversight recommendations as a key performance indicator. Management also informed the Committee that to date, there had been no negative and/or unintended consequences of public disclosure on the various programmes covered in the reports that had been published on the OIOS website.
85. As part of its evidence-gathering process, the Committee requested views from the oversight bodies on the public disclosure of the internal audit reports. The Joint Inspection Unit informed the Committee that publication of reports had been the norm with the Unit, with no adverse effects. Contending that the publication of such reports helped the public to know what was happening, the Unit also informed the Committee that it viewed the publication of OIOS internal audit reports as a welcome development and that all the Representatives of Internal Audit Services of the United Nations Organizations and Multilateral Financial Institutions who were publishing such reports had expressed satisfaction with the process.
86. OIOS was of the view that public disclosure had demonstrated the organizational value and supported transparency. More specifically, it had had a positive impact on the quality of the reports and management action plans. OIOS informed the Committee that the pilot had gone smoothly, with no serious issues noted, such as an inappropriate disclosure. With respect to the costs associated with the public disclosure, the Committee was informed that so far they had been very minimal. OIOS informed the Committee that, on the basis of the success of the pilot, OIOS would like to see the publication of internal audit reports continued. OIOS would like to see the pilot extended to include inspection and evaluation reports as well.
87. The Committee strongly believes that the presumption should be in favour of public disclosure and transparency. That is, absent compelling reasons to the contrary, Member States, key internal and external stakeholders and the public should have access to the work of OIOS, with appropriate safeguards in place to guard against the inappropriate disclosure of private and sensitive information. Transparency fosters greater accountability, helps to ensure that audit findings and recommendations receive the attention that they deserve, and provides stakeholders and the public with the information that they need to inform their judgements.
88. In the light of the apparent success of the pilot so far, the Committee endorses the continued publication of internal audit reports. The Committee also believes that, as a next step, consideration should be given to including the publication of OIOS evaluation reports as well.
D. Financial reporting
89. Under paragraphs 2 (h) and (i) of its terms of reference, the Committee has the responsibility to advise the General Assembly on the operational implications of the issues and trends apparent in the financial statements of the Organization and the reports of the Board of Auditors, and on the appropriateness of accounting policies and disclosure practices, and to assess changes and risks in those policies.
90. During the reporting period, the Committee engaged in discussions with the Board of Auditors, the Under-Secretary-General for Management, the Controller and the Project Director of Umoja on a number of issues relating to financial reporting. The issues discussed included:
(a) The status of implementation of IPSAS in the United Nations, including recent progress, challenges faced and the synchronization of the IPSAS timeline and strategy with that of the enterprise resource planning project (Umoja);
(b) The benefit realization plans for both IPSAS and Umoja;
(c) The implementation of Umoja, the interdependence of Umoja with full IPSAS implementation, the progress made following the launch of cluster 2 (Umoja Foundation), the challenges ahead, including the launch of Umoja Foundation and Extension integration pilot in the United Nations Stabilization Mission in Haiti in July 2014, and the challenges ahead following the redeployments;
(d) End-of-service liability and its implications for the organizations and the financial statements.
Implementation of the International Public Sector Accounting Standards and benefits realization
91. With respect to the implementation of IPSAS, the Committee was routinely apprised of the progress made, including an overview of the milestones achieved to date, such as the opening balances for the non-peacekeeping operations (January 2014), the dry runs, the finalization of the policy framework and benefits realization, Board of Auditors reviews and peacekeeping financial period closure. The Controller also continued to note challenges that the project faced, including the alignment with and potential delays in Umoja implementation.
92. With respect to inventory and assets valuation, the Committee had recommended that in instances, especially where IPSAS was silent on an issue, the Secretariat would have to take duly justified management decisions. The Committee has since been informed that the issues of inventory/assets valuation have been resolved.
93. The Committee has been following up with management on the issue of benefits realization with respect to the major transformational projects, including Umoja. During 2014, it has received several briefings on benefits realization for IPSAS. The Committee has been informed that the benefits for IPSAS were more qualitative than quantitative, and that most of the quantifiable benefits would come in conjunction with the full implementation of Umoja.
94. The Committee agrees with these sentiments and welcomes the progress that the Secretariat has made in implementing IPSAS. Against that backdrop, the Committee plans to review the benefits realization plan at its twenty-eighth session, to be held in December, and make further comments in its subsequent reports.
Implementation of Umoja
95. With respect to Umoja, the Committee held several sessions with the Project Director on the progress made thus far. The Project Director informed the Committee that there had been good progress and that the project was on schedule, albeit with some challenges. This progress was exemplified by the finalization of the opening balances and the fact that the actual financial statements for peacekeeping operations were on track. Accordingly, the Committee was informed that in spite of the progress made to date, the project remained a high-risk undertaking. For instance, the Committee was informed that the ability to achieve organizational readiness by adopting all the changes that would be needed as a result of Umoja continued to be a challenge. The Committee welcomes the progress achieved in implementing Umoja, and calls upon management to continue to rigorously monitor key milestones and the overall timeline for implementation by identifying and managing current and any emerging key risks to the achievement of the objectives of the Umoja project.
96. With respect to the end-of-service liability, the Committee recalled its prior recommendations contained in its report of 25 August 2008 (A/63/328), in which the Committee had called on the General Assembly to decide whether, how and to what extent the liabilities would be funded. In its report (A/69/5 (Vol. I)), the Board of Auditors noted that the costs of the end-of-service liability fund would continue to rise. Because of a lack of investment that matches the growth in the underlying liability, the increase in liability during the biennium shows an increase in cash costs to the Organization in future financial periods. The Board further contended that this could impact the future funds available for the delivery of mandates.
97. The Committee reiterates its recommendation that the General Assembly address this matter to ensure that funding for end-of-service liabilities are placed on a sustainable path and that the resources needed to address those liabilities do not “crowd out” other important priorities and mandates of the Organization.
E. Coordination among United Nations oversight bodies
98. During the reporting period, in addition to its regularly scheduled meetings with OIOS, the Committee met with other oversight bodies, such as the Joint Inspection Unit and the Board of Auditors, including the Audit Operations Committee.
99. The Committee also sought input from management with respect to the coordination of programmes of work of the oversight bodies. The Committee was informed that in management’s view, more needed to be done.
100. Within its mandate, the Committee sought comments from the three oversight bodies, all of which underscored the existing coordination mechanisms among themselves, including the sharing of their programmes of work. In separate meetings with the Board of Auditors, the Joint Inspection Unit and OIOS, the Committee took note of the positive relationship fostered through the tripartite coordination meetings of the oversight bodies and the sharing of workplans in an effort to avoid duplication.
101. The Joint Inspection Unit indicated that it was considering ways of increasing the level of its communication with other oversight bodies in the system with a view to getting a better contribution to its programme of work from other oversight bodies.
102. The Committee was informed that the Board of Auditors considered that examples of effective coordination had been found, especially in the context of the audits of IPSAS, Umoja and the capital master plan, where there had been a legitimate need for concurrent audit activity. The Board also indicated that where management had raised issues with regard to cooperation and collaboration, the oversight bodies had made every effort to address those issues.
103. The dialogue between the Board and the Committee allowed for the sharing of perspectives on matters of mutual concern and provided a useful opportunity for cooperation among United Nations oversight bodies.
104. Without prejudice to the respective mandates of the various oversight bodies of the Organization, the Committee considers that the oversight bodies could explore undertaking, on a pilot basis, collaborative reviews of a single topic or organization.
105. In addition, the Committee recommends that the oversight bodies consider developing short topics or the organization of specific “fact sheets” that succinctly bring together in one place short synopses by each of the oversight bodies that are relevant to the topic or organization, particularly where the oversight bodies have legitimately examined similar topics. The intent is to bring together the collective good work of the oversight bodies in one place so that decision makers and stakeholders can more easily see the key matters that need to be addressed. This synergy will go a long way towards strengthening the oversight regime of the Organization and thereby contribute to improvements in effectiveness, transparency and accountability.
F. Cooperation and access
106. The Independent Audit Advisory Committee is pleased to report that it received the full cooperation of the Joint Inspection Unit, the Board of Auditors, the Office of Internal Oversight Services and senior management in the Secretariat, including the Department of Management, in discharging its responsibilities. The Committee was also given appropriate access to staff, documents and information that it needed in order to undertake its work. The Committee looks forward to continued cooperation with the entities with which it interacts in order to discharge its responsibilities, as set out in its terms of reference, in a timely manner.
107. Within the context of its terms of reference, the Independent Audit Advisory Committee presents the above observations, comments and recommendations, as contained in paragraphs 16, 22, 26, 30, 31, 34, 40, 46, 48, 51, 54, 57, 59, 61, 62, 66, 70, 73, 75, 76, 82, 83, 87, 88, 94, 95, 97, 104 and 105, for the consideration of the General Assembly.
Based on a figure of $10.63 billion for the biennium ended 2011 (see A/67/5 (Vol. I) and Corr.1 and 2, chap. II).
See A/67/5 (Vol. II), chap. II.
Category I cases were normally handled by OIOS and category II cases were to be handled by entities other than OIOS.
Institute of Internal Auditors, “Practice guide: formulating and expressing internal audit opinions” (April 2009).
Doerte Doemeland and James Trevino, “Which World Bank reports are widely read?” Policy Research working paper 6851 (May 2014).