Seventieth session
Item 132 of the provisional agenda*
Review of the efficiency of the administrative and financial functioning of the United Nations
 * A/70/150. |
Activities of the Independent Audit Advisory Committee for the period from 1 August 2014 to 31 July 2015
Report of the Independent Audit Advisory Committee
|
Summary |
|
The present report covers the period from 1 August 2014 to 31 July 2015. During the period, the Independent Audit Advisory Committee held four sessions, which were presided over by J. Christopher Mihm, Jr. (United States of America) as Chair and Patricia X. Arriagada Villouta (Chile) as Vice-Chair. Mr. Mihm was re‑elected Chair, and Ms. Arriagada was elected as Vice-Chair for 2015. The year 2015 saw the appointment by the General Assembly of one new member, Richard Quartei Quartey (Ghana), to replace John F. S. Muwanga (Uganda), whose term had expired on 31 December 2014. As has been the case during the history of the Committee, all members attended all of the sessions during their appointments. |
|
Section II of the report contains an overview of the activities of the Committee, the status of its recommendations, and its plans for 2016. Section III sets out the detailed comments of the Committee, including in response to the specific request of the General Assembly to examine the operational independence of the Office of Internal Oversight Services, in particular in the area of investigation. |
|
|
Contents
|
|
|
|
Page |
|
3 |
||
|
3 |
||
|
3 |
||
|
4 |
||
|
5 |
||
|
6 |
||
|
7 |
||
|
7 |
||
|
13 |
||
|
15 |
||
|
18 |
||
|
22 |
||
|
24 |
||
|
24 |
||
I. Introduction
1. The General Assembly, by its resolution 60/248, established the Independent Audit Advisory Committee as a subsidiary body to serve in an expert advisory capacity and to assist it in fulfilling its oversight responsibilities. By its resolution 61/275, the Assembly approved the terms of reference for the Committee, as well as the criteria for its membership, as contained in the annex to that resolution. In accordance with its terms of reference, the Committee is authorized to hold up to four sessions per year. To date, the Committee has held 31 sessions since its inception, in January 2008.
2. In accordance with its terms of reference, the Committee submits an annual report containing a summary of its activities and related advice to the General Assembly. The present eighth annual report covers the period from 1 August 2014 to 31 July 2015.
3. In its resolution 68/21, the General Assembly, recalling paragraph 13 of its resolution 64/263, requested the Committee, in the context of its terms of reference, to continue to provide advice to the Assembly on relevant issues relating to the effectiveness, efficiency and impact of the audit activities and other oversight functions of the Office of Internal Oversight Services (OIOS) as it deemed necessary. In addition, in paragraph 67 of its resolution 69/307, the Assembly invited the Committee to examine the operational independence of OIOS, in particular in the area of investigation. The observations, comments and recommendations of the Committee in that respect are contained in section III.C of the present report.
4. The Committee is required to advise the General Assembly on, among others, the compliance of management with audit and other oversight recommendations; the overall effectiveness of the risk management procedures and deficiencies in the internal control systems; the operational implications of the financial statements and the reports of the Board of Auditors; and the appropriateness of the accounting and disclosure practices in the Organization. The Committee also advises the Assembly on the steps necessary to facilitate cooperation among the oversight bodies.
5. The present report addresses the issues identified during the reporting period as they pertain to the above-mentioned responsibilities of the Committee.
II. Activities of the Independent Audit Advisory Committee
A. Overview of the sessions of the Committee
6. During the reporting period, the Committee held four sessions: from 10 to
12 December 2014 (twenty-eighth session), from 18 to 20 February 2015 (twenty-ninth session), from 27 to 29 April 2015 (thirtieth) and from 8 to 10 July 2015 (thirty-first session). All of the sessions were held at United Nations Headquarters.
7. The Committee functions under its adopted rules of procedure, as contained in the annex to its first annual report (A/63/328). To date, all members of the Committee have a 100 per cent attendance rate at its sessions. All the decisions of the Committee have been unanimous; however, its rules of procedure make provision for members to record their dissent with respect to decisions taken by the majority.
8. During the twenty-eighth session, in December 2014, the members re-elected J. Christopher Mihm, Jr. (United States of America) as Chair and elected Patricia X. Arriagada Villouta (Chile) as Vice-Chair for 2015. Additional information about the Committee can be found on its website (www.un.org/ga/iaac) in all the official languages of the United Nations.
9. Since its establishment, the Committee has submitted 20 reports to the General Assembly, 3 of which were submitted during the reporting period. They include the Committee’s annual report to the Assembly for the period from 1 August 2013 to
31 July 2014 (A/69/304) and reports to the Assembly, through the Advisory Committee on Administrative and Budgetary Questions, on the proposed budget of OIOS under the support account for peacekeeping operations for the period from
1 July 2015 to 30 June 2016 (A/69/791) and on the proposed programme budget for internal oversight for the biennium 2016-2017 (A/70/86).
B. Status of the recommendations of the Committee
10. Although it meets only four times per year, typically for three days at each session, the Committee has accomplished important achievements to date, particularly in relation to enterprise risk management and the operations of OIOS. The Committee follows up on the implementation of its recommendations as a standard agenda item at each session and looks forward to seeing the full effects of the actions taken by management and by OIOS. Some of the significant recommendations made by the Committee during the reporting period relate to:
(a) The need for OIOS to establish a long-term strategic plan that would address the following issues: strategic goals that are aligned with key United Nations risks that management had identified and the latest transformational initiatives of the Secretariat; a focus on the Organization’s major challenges, such as fraud; and annual goals for each division consistent with the strategic plan;
(b) The need for OIOS to address its persistently high vacancy rates, especially in the Investigations Division;
(c) The need for OIOS to address the delays in completing investigations;
(d) The need for OIOS to address the resource disparity in the Inspection and Evaluation Division;
(e) The decision to strengthen the investigation function (for example by moving responsibility for conducting all investigations to OIOS) to be made after the outstanding report on the terms of reference pertaining to strengthening investigation is completed;
(f) The need for OIOS to improve its website and make it more functional and to continue publishing internal audit reports and consider publishing OIOS evaluation reports;
(g) The need for programme managers to set and adhere to realistic target dates for the implementation of OIOS recommendations;
(h) The need for senior managers to ensure that enterprise risk management becomes the standard way of doing business and that it is effectively implemented and sustained throughout the Organization;
(i) The need for the Organization to monitor key milestones and the overall timeline for the implementation of Umoja by identifying and managing current and any emerging key risks to the achievement of the objectives of the project;
(j) The need for the oversight bodies to consider developing short topical or organization-specific fact sheets that bring together in one place short synopses by each of the oversight bodies that are relevant to the topic or organization.
C. Overview of the plans of the Committee for 2016
11. The Committee undertook its responsibilities, as set out in its terms of reference, in accordance with the scheduling of the sessions of the Advisory Committee on Administrative and Budgetary Questions and the General Assembly. The Committee will continue to schedule its sessions and activities to ensure coordinated interaction with intergovernmental bodies and the timely availability of its reports. In a preliminary review of its workplan, the Committee identified several key areas that will be the main focus for each of its four sessions for fiscal year 2016 (see the table below).
Workplan of the Committee for 2016
|
Session |
Key focus area |
Intergovernmental consideration of the report of the Committee |
|
|
|
|
|
Thirty-second |
Review of the 2016 workplan of OIOS in the light of the workplans of other oversight bodies |
Advisory Committee on Administrative and Budgetary Questions, first quarter 2016 General Assembly, second part of the resumed seventieth session |
|
Proposed budget of OIOS under the support account for peacekeeping operations for the period from |
||
|
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors |
||
|
Coordination and cooperation among oversight bodies |
||
|
Election of the Chair and Vice-Chair for 2016 |
||
|
Thirty-third |
Status of implementation of oversight bodies’ recommendations |
General Assembly, second part of the resumed seventieth session |
|
Report of the Committee on OIOS budget |
||
|
Review of the enterprise risk management and internal control framework in the Organization |
||
|
Thirty-fourth |
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors |
General Assembly, second part of the resumed seventieth session |
|
Coordination and cooperation among oversight bodies |
||
|
Transformational projects and other emerging issues |
||
|
Thirty-fifth |
Preparation of the annual report of the Committee |
General Assembly, main part of the seventy-first session |
|
Review of the enterprise risk management and internal control framework in the Organization |
||
|
Status of implementation of oversight bodies’ recommendations |
||
|
Coordination and cooperation among oversight bodies |
12. In planning for 2016, the Committee is mindful of the following relevant events that could have an impact on its work activities:
(a) The decision by the General Assembly, in paragraph 6 of section II of its resolution 65/250, to review the terms of reference of the Committee;
(b) The various reform/transformational initiatives on which the Organization has embarked, such as mobility, the global field support strategy, the International Public Sector Accounting Standards (IPSAS) and Umoja.
D. Observations, comments and recommendations of the Independent Audit Advisory Committee on the terms of reference for the Committee
13. Subsequent to the establishment of the Independent Audit Advisory Committee at its sixtieth session, the General Assembly, by its resolution 61/275, approved the terms of reference for the Committee, as well as the criteria for its membership, as contained in the annex to that resolution. In the same resolution, the Assembly decided to review the terms of reference for the Committee at its sixty-fifth session.
14. In the annex to its report for the period from 1 August 2009 to 31 July 2010 (A/65/329), the Committee provided its observations, comments and recommendations on its terms of reference as laid out in resolution 61/275. After consideration of the report of the Committee, the Assembly, in paragraphs 4 and 6 of section II of its resolution 65/250, reaffirmed the terms of reference and decided to review them at its seventieth session.
15. At its thirty-first session, held in July 2015, the Committee unanimously agreed to provide its observations, comments and recommendations on the terms of reference, for review by the Assembly at its seventieth session.
16. After eight years of existence, the Committee has gained reasonable experience and believes that it is important for the Committee to have an advisory role in the selection of the head of OIOS. This is consistent with best practice.
17. The Committee recommends that the Secretary-General, in selecting the head of OIOS, consult with the Committee to ensure that the candidates under consideration have relevant leadership expertise in the functions of internal audit, inspection and evaluation and investigation.
III. Detailed comments of the Committee
A. Status of the recommendations of United Nations oversight bodies
18. Under paragraph 2 (b) of its terms of reference, the Committee is mandated to advise the General Assembly on measures to ensure the compliance of management with audit and other oversight recommendations. During the reporting period, the Committee reviewed the status of the implementation by management of the recommendations of United Nations oversight bodies, as a standard practice.
Board of Auditors
19. The Board of Auditors reported that the rate of implementation of recommendations for the 12-month period from 1 July 2012 to 30 June 2013 in respect of peacekeeping operations was 51 per cent, which is 8 per cent higher than the adjusted figure of 43 per cent for the period ended 30 June 2012 (see figure I).
Figure I
Implementation trends for the recommendations of the Board of Auditors with respect to peacekeeping operations
20. With respect to the regular budget, the Board, in compliance with IPSAS requirements, now reports annually rather than biennially. Consequently, there are no comparable trend analyses of the rate of implementation of regular budget recommendations.
21. The Board, in the summary of its report on the financial statements of the United Nations for the year ended 31 December 2014 (A/70/5 (Vol. I), chap. II), noted that management had fully implemented 5 (11 per cent) of the recommendations, while
19 (40 per cent) were under implementation, 18 (38 per cent) had not been implemented and 5 (11 per cent) had been closed. While noting the overall commitment of management to the implementation of its recommendations, the Board called for a more urgent implementation of the recommendations in such areas as strengthening counter-fraud measures, enterprise risk management, business transformation and financial management and accounting.
Main recommendations of the Board that are more than two years old
22. The Committee followed up with management regarding the recommendations that were two or more years old as at 31 March 2015 that were before the Management Committee. The Committee was informed that, of the
12 recommendations with respect to the regular budget that were before the Management Committee, 1 had been implemented, 2 had been either closed or overtaken by events and nine were in progress. According to management, the
9 outstanding main recommendations related mostly to ongoing projects, such as the implementation of enterprise risk management, IPSAS and Umoja, as well as results-based budgeting. The Committee was also informed that only one recommendation pertaining to the capital master plan was before the Management Committee. That recommendation, which relates to flexible workspace strategies, was being implemented. With respect to peacekeeping operations, management indicated that there were no main recommendations outstanding for two or more years. Management informed the Committee that the Board was reviewing all the outstanding recommendations and planned to submit its report on the matter at the seventieth session of the General Assembly.
23. According to annex I to the Board’s report (A/70/5 (Vol. I)),
19 recommendations were outstanding for more than two years as at July 2015, of which 6 had been either closed or implemented, 7 were under implementation and
6 had not been implemented. The Committee will follow up with management on the issue.
24. The Committee continues to acknowledge the effort of the Management Committee to oversee the implementation of the Board’s recommendations. The Committee agrees with the sentiments of the Board that the importance of the transformation projects under way calls for urgent implementation of the associated recommendations.
Office of Internal Oversight Services
25. All recommendations categorized as “critical” by OIOS are brought to the attention of the Management Committee for follow-up action, and special focus is placed on those whose implementation is past due. The Committee receives quarterly updates from OIOS and the Department of Management on the implementation of critical recommendations. Figure II provides a quarterly trend analysis since June 2013 of the critical recommendations issued by OIOS that were past due.
Figure II
Analysis of critical recommendations whose implementation is past due
Abbreviations: DFS, Department of Field Support; DM, Department of Management; PKO, peacekeeping operations; UNHCR, Office of the United Nations High Commissioner for Refugees.
26. The critical recommendations addressed to the Department of Management that were past due exhibited a declining trend since the second quarter of 2013. However, critical recommendations related to peacekeeping missions and the Office of the United Nations High Commission for Refugees (UNHCR) showed an upward trend. At the same time, the number of critical recommendations that were past due in the first quarter of 2015 showed a sharp rise, reversing the declining trend in the previous quarters since September 2013.
27. As figure II shows, during the second quarter of 2013, 10 (28 per cent) of all critical recommendations that were past due involved the Department of Management, the peacekeeping missions’ share was 5 (14 per cent) and UNHCR had 4 (11 per cent). In March 2015, the share of the Department of Management had declined to two recommendations (6 per cent). On the other hand, the number of critical recommendations relating to peacekeeping missions that were past due rose to 13 (39 per cent), and those addressed to UNHCR increased to 9 (27 per cent) during the same period. Critical recommendations that were past due related to such vital issues as the need to examine possible overpayment of contracts, information security controls, and customer service.
28. The Committee sought an explanation for those trends and was informed that the developments were due mainly to the increase in the number of unsatisfactory reports in the peacekeeping missions and UNHCR. According to OIOS, a rating of unsatisfactory meant that one or more critical deficiencies or pervasive important deficiencies existed in the governance, risk management or control process, such that reasonable assurance could not be provided with regard to the achievement of control and/or business objectives under review.
Trends in the audit report ratings
29. The Committee received a trend analysis of all reports issued by OIOS from when it introduced the rating system in the third quarter of 2011 to the first quarter of 2015. The Department of Management informed the Committee that the cumulative figures of OIOS audit reports showed that 70 reports were rated satisfactory, 383 were partially satisfactory, 89 were unsatisfactory and 13 were unrated. The Committee was also informed that the distribution of the cumulative overall ratings continued to be negatively skewed towards an unsatisfactory rating.
30. As figure III shows, nearly three quarters (74 per cent) of all unsatisfactory reports were in field assignments. The Department of Management noted that there seemed to be a relationship between the number of unsatisfactory reports and the hardship conditions in the field. Management also indicated that it was studying the issue to establish the underlining causes and would report to the Committee at subsequent sessions.
31. The Committee also sought the views of OIOS with respect to the negatively skewed distribution of unsatisfactory ratings of field reports. OIOS informed the Committee that it shared management’s view that conditions in the field could be quite challenging in terms of operating environment, high staff turnover and higher vacancy rates, lower levels of experience, and security and accessibility of operations. Headquarters-based operations, on the other hand, usually involved safe and stable environments, lower turnover and vacancy rates, higher levels of experience and greater access to timely guidance and supervision.
Figure III
Cumulative distribution of unsatisfactory reports since 2011
32. Figure IV shows a trend analysis of the unsatisfactory ratings of field and non‑field reports. As shown, most of the unsatisfactory ratings were associated with field operation reports, as opposed to headquarters ones.
Figure IV
Trend analysis of unsatisfactory reports issued for the period 2011-2014
33. The Committee is cognizant of the conditions in the field and the challenges faced by field operations, as stated in paragraph 30 and 31 above. Given the fact that field operations account for the largest amount of the Organization’s transactions, the rise in the number of unsatisfactory reports is an issue of concern that calls for a concerted effort to address the weaknesses identified.
Joint Inspection Unit
34. In its annual report for 2014 and programme of work for 2015 (A/69/34), the Joint Inspection Unit noted an improvement in the rates of acceptance and implementation of its system-wide recommendations by the 12 largest participating organizations for the eight years from 2006 to 2013, which reflected an average acceptance rate of 78 per cent and an average implementation rate of 80 per cent.
35. For the United Nations Secretariat, the average acceptance and implementation rates for the period 2006-2013 increased to about 70 per cent each, compared with 62.4 per cent and 60.2 per cent, respectively, for the period 2004-2012 (see figure V). The Administration noted that both the acceptance and implementation rates for the Secretariat were relatively lower than the average for the 12 largest participating organizations because they included recommendations that were addressed to both the governing bodies and the United Nations System Chief Executives Board for Coordination. In its resolution 69/252, the General Assembly endorsed the recommendations of the Committee, including that the Joint Inspection Unit, in its future reports, separately account for the recommendations addressed to the Assembly and the Chief Executives Board. The Committee will review the impact of the implementation of the resolution in its future reports.
Figure V
Status of acceptance/implementation of recommendations of the
Joint Inspection Unit by the Secretariat
36. Overall, there continues to be a steady improvement in both the rates of implementation and acceptance of the Joint Inspection Unit’s recommendations. The Committee continues to commend management for improving the rates of implementation and acceptance of those recommendations.
B. Risk management and internal control framework
37. Paragraphs 2 (f) and (g) of the terms of reference of the Committee (see General Assembly resolution 61/275, annex) mandate the Committee to advise the Assembly on the quality and overall effectiveness of risk management procedures and on deficiencies in the internal control framework of the United Nations.
Enterprise risk management
Key risk identification and the status of enterprise risk management
38. In paragraph 29 of its report for the period from 1 August 2012 to 31 July 2013 (A/68/273), the Committee recommended that, consistent with paragraph 24 of General Assembly resolution 66/257 and paragraph 32 of the report of the Advisory Committee on Administrative and Budgetary Questions (A/67/766), the Organization systematically identify the key risks that needed to be brought to the attention of the Assembly as a matter of priority. Furthermore, in paragraph 34 of document A/69/304, the Committee commended management for its efforts to break down silos and make enterprise risk management an integral and important management tool of the Organization.
39. During discussions with the Management Committee and the Department of Management, the Committee was updated on the progress made in that regard. Moreover, in paragraphs 40 to 45 of his third progress report on the accountability system in the United Nations Secretariat (A/68/697), the Secretary-General reported on the actions taken in this respect, including the establishment of a Secretariat-wide risk assessment process.
40. In part II of his fourth progress report on the subject (A/69/676), the Secretary-General identified six critical risks, relevant risk response strategies, corporate risk owners and a governance structure for enterprise risk management. The six key risks identified related to: organizational structure and synchronization; organizational transformation; strategic planning and budget allocation; safety and security; extrabudgetary funding and management; and human resources strategy, management and accountability.
41. The Committee was informed that a principal-level meeting of the corporate risk owners had been held under the chairmanship of the Deputy Secretary-General on 24 October 2014 to formally start the implementation process and ensure the continued coordination of the work of the groups. At its meeting on 25 June 2015, the Management Committee formally approved the consolidated risk treatment and response plans, as presented by the corporate risk owners, and decided to continue to periodically monitor their implementation.
42. Given the progress that the Organization has made in defining enterprise risks, and consistent with its mandate to advise the General Assembly on the quality and overall effectiveness of risk management procedures, the Committee plans to delve more deeply over the next year into specific projects and plans that the Organization is putting in place to manage enterprise risk. Specifically, the Committee will select one or more of the six identified enterprise risks for detailed assessments of what is being done and what can be done to manage the risk. The Committee should thus be better able to provide the Assembly with perspective on selected major proposals earlier in the implementation process.
Risk mitigation and the silo effect
43. Given the interdependent nature of the various departments and offices in achieving the organizational goals and objectives, the Committee, in paragraph 45 of document A/68/273, recommended that the Management Committee and the Under-Secretary-General for Management, who was the official responsible for enterprise risk management in the Organization, undertake every effort to ensure a genuinely integrative approach to risk management that looked across the Organization’s units and ensured a coordinated and comprehensive approach to identifying and managing risk. The Committee noted that success would be achieved only through a concerted push to break down or avoid silos, in other words, by managing the holistic portfolio of risk facing the Organization.
44. During the briefings, the Committee was informed that the primary critical risks that had been identified were cross-cutting and closely interrelated, hence requiring close coordination of efforts across the Organization. Management believes that this is critical in order to avoid potential overlap and ensure the recognition of possible synergies in terms of risk-mitigating actions. Consequently, under the guidance of the corporate risk owners, management noted that all of the risk treatment working groups refined the identification of relevant risk drivers, existing controls and response strategies and, most importantly, defined detailed risk treatment plans.
45. The Committee continues to commend the enterprise risk management committee and management for their commitment in making enterprise risk management an integral and important management tool of the Organization. The Committee believes that top management will need to continue to actively lead enterprise risk management efforts to ensure that systematically identifying and managing risks becomes a standard way of doing business across the Organization. Moreover, the Committee fully agrees with the Board’s observations contained in the summary of its most recent report (A/70/5 (Vol. I), chap. II) that further work is required to embed enterprise risk management in departments’ day-to-day work.
46. The Committee reiterates its previous recommendation that the Secretary-General must ensure that his Office and the departments have the capacities they need to effectively implement and sustain enterprise risk management, or it risks becoming a paper exercise. The Committee will continue to follow up on those and other enterprise risk management issues as a major priority. Specifically, the Committee will pay attention to reviewing and documenting concrete examples of how enterprise risk management is being used in specific ways to manage organizational risks and better achieve results.
C. Effectiveness, efficiency and impact of the audit activities and other functions of the Office of Internal Oversight Services
47. Under its terms of reference, the Committee has the responsibility to advise the General Assembly on aspects of internal oversight (resolution 61/275, annex, paras. 2 (c)-(e)). In undertaking to fulfil its mandate, the Committee has maintained its standard practice of meeting with the Under-Secretary-General for Internal Oversight Services and other senior OIOS officials during its sessions. The discussions have been focused on OIOS workplan and budget execution, with significant findings reported by OIOS, operational constraints (if any), post incumbency, the status of implementation by management of OIOS recommendations, including critical recommendations, strengthening investigations and funding arrangements.
48. In its resolution 68/21, the General Assembly, recalling paragraph 13 of its resolution 64/263, invited the Committee, in the context of its terms of reference, to continue to provide advice to the Assembly on relevant issues relating to the effectiveness, efficiency and impact of the audit activities and other oversight functions of OIOS, as it deemed necessary.
49. In the context of the Committee’s terms of reference, the paragraphs below provide the comments, views and opinions of the Committee. The Committee focused its assessment on the operational independence, effectiveness, internal management and efficiency of OIOS.
Operational independence and effectiveness
50. In establishing OIOS, the General Assembly decided that the Office should exercise operational independence under the authority of the Secretary-General in the conduct of its duties (resolution 48/218 B, para. 5 (a)). The Assembly subsequently clarified that decision by emphasizing that the operational independence of OIOS was related to the performance of its internal oversight functions (resolution 54/244, para. 18).
51. In paragraph 67 of its resolution 69/307, the General Assembly invited the Committee to examine the operational independence of OIOS, in particular in the area of investigation. The request was made subsequent to the recent development involving the OIOS response to the sexual exploitation and abuse allegations in the Central African Republic. In responding, the Committee also looked at other matters in which the question of operational independence was raised. In assessing the operational independence of OIOS, the Committee took into account the Assembly’s expectations of OIOS, best practices, the pronouncements of the relevant professional associations and the Committee members’ own experience dealing directly with the issue as leaders in national audit offices.
52. In section III.A of the annex to its report for the period from 1 August 2008 to 31 July 2009 (A/64/288), the Committee provided an exhaustive explanation of what constituted operational independence, noting: “With regard to operational independence, OIOS should have an appropriate degree of real and perceived independence from the management of the United Nations and funds and programmes for which it provides oversight services. Operational independence includes, inter alia, the ability of OIOS to: determine its final workplans and the content of its final reports; make requests for adequate resources to undertake its work; conduct its work with the cooperation of management and all applicable parties, free from intervention; select staff for the Office; and communicate directly to the General Assembly and the Secretary-General in connection with matters of critical importance to the United Nations and/or the Office.”
53. In that report, the Committee noted that the definition of the term “independence” in the context of internal oversight at the United Nations should be central to clarifying the role and responsibilities of OIOS. The Committee also reiterated a prior observation that independence and objectivity were vital to ensuring that stakeholders viewed the work performed, and its results, as credible, factual and unbiased.
54. The Committee also noted that OIOS, like most internal oversight bodies, had a unique position in the Organization in that internal oversight staff were employed by the Organization but were expected to report on the conduct of its management. The Committee contended that such a relationship created an inherent tension, since the independence of the internal oversight functions from those of management was necessary for the objective evaluation of management’s actions. As an example of the way in which that tension is manifested, under internationally accepted internal audit standards, advisory services are a widely accepted and proper part of the mandate of internal audit. However, such services must be carefully managed so as not to undermine the reality or the perception of the independence of the audit office.
55. As a result, in examining the operational independence of OIOS, the Committee’s attention was focused on how OIOS handled real and perceived independence, especially in the light of recent developments and related concerns.
56. The Committee found that OIOS lacked agreed upon and clearly defined guidance and protocols on the “how and why” of striking the appropriate balance between advising management or commenting on issues that may be subject to audit or investigation, and the need to maintain both the reality and the perception of operational independence. The absence of agreed upon and clear guidance and protocols can result in OIOS inadvertently compromising its independence and/or understandable concerns about OIOS actions or statements on the part of key stakeholders, including Member States.
57. The Committee believes that OIOS should work with management to develop and, subject to approval by the General Assembly, subsequently disseminate guidelines and protocols that it will use when advising management and making statements about situations that may be subject to audit or investigation. Such guidelines and protocols should, at a minimum, include a discussion of OIOS justification under internal audit standards for providing such services, the types of services that it will offer and how they will be provided, and steps that OIOS will take to safeguard its independence when offering such advice or statements.
58. Relatedly, the Committee looked at the OIOS investigation process. Specifically, the Committee examined whether OIOS had established and issued guidelines that governed the investigation process. The Committee was informed that the Investigations Division did not have an official investigation manual and that the manual currently on the OIOS website was provisional, pending the promulgation of the revised administrative instruction ST/AI/371. The Committee understands that the provisional manual provides guidance until OIOS promulgates a final manual.
59. Notwithstanding the fact that the provisional manual currently provides guidance, the Committee is concerned that the lack of a finalized investigation manual could create confusion about OIOS procedures and methods of operation. The Committee therefore recommends that OIOS finalize the investigation manual without delay.
Investigation intake process
60. According to the provisional OIOS investigation manual, intake “is the first step in a comprehensive process that will be affected by how the initial information about possible misconduct, referred to as source information, is received and handled. The proper receipt and handling of source information at intake is, therefore, essential and includes:
• Clear and distinct means of receiving source information
• Systematic recording of source information
• Consistent review of source information for action
• Transparent and verifiable management of source information”
Predication
61. According to the provisional manual, predication is an important element of the intake process, and it provides that “reports of possible misconduct will be predicated. The predication process includes formal registration, evaluation and decision on appropriate disposition of the matter.” The provisional manual requires that a case be properly registered and evaluated and a decision made on the appropriate steps. However, it does not clearly describe the internal process in OIOS for predicating reports of possible misconduct, including who has the authority and at what point in the intake process to predicate a matter for investigation.
62. The operational independence of OIOS is vital in ensuring that stakeholders view the work and result of OIOS as credible, factual and unbiased. It is therefore important that all involved, namely OIOS, management, the General Assembly and other interested parties, have a common and clear understanding of how OIOS operates across the full range of services that it offers and the important contributions that it makes. As discussed above, the Committee believes that progress needs to be made in two areas: advice and public comments, and investigations procedures.
A way forward
63. The Committee notes that all three divisions of OIOS have gone through several peer reviews in recent years. However, the Committee is not aware of any formal reviews, other than the Committee’s own work, that have systematically examined the OIOS as a whole and the working relationship across the divisions. The Committee also notes that, since 2004, the Investigations Division has been the subject of four reviews initiated by the respective heads of OIOS. Those reviews have resulted in many recommendations aimed at improving the work of the Division. The most recent one was conducted in 2012 and resulted in recommendations on, inter alia, fraud prevention, the intake process, handling of sexual exploitation and abuse allegations, and staff vacancies.
64. The Committee has focused on the status of the central intake process and enquired with OIOS as to whether its proposed intake system would be able to handle all Secretariat intake requirements. OIOS informed the Committee that, although the acquired system could handle such functionality from a technical standpoint, it was not scoped into the existing arrangement. As noted in its prior recommendations and discussed further in paragraph 89, the Committee believes that a central intake system is essential to ensuring the completeness of reporting of the universe of all potential and actual investigations. This will also contribute to a more accurate reporting of fraud and presumptive fraud, an issue that the Board of Auditors, the Joint Inspection Unit and OIOS have raised as a serious problem.
65. In the light of the recognized importance of having a strong OIOS, the Committee recommends that the General Assembly mandate a holistic review of the Office. The review should have a strong implementation mandate to strengthen and streamline the operations and structure of all three divisions of OIOS. It would assess long-standing issues; opportunities to improve collaboration across the investigation, audit, and inspection and evaluation functions; the high vacancy rate; and inter- and intra-office dynamics, particularly in the Investigations Division, including employee morale, engagement, and working relationships.
66. Particular attention should be placed on the Investigations Division. The terms of reference for the comprehensive review should be written in such a way as to obviate the need for the long-awaited terms of reference for strengthening investigation referred to in paragraph 10 (e) of the present report.
D. Financial reporting
67. Under paragraphs 2 (h) and (i) of its terms of reference, the Committee has the responsibility to advise the General Assembly on the operational implications of the issues and trends apparent in the financial statements of the Organization and the reports of the Board of Auditors, and on the appropriateness of accounting policies and disclosure practices and to assess changes and risks in those policies.
68. During the reporting period, the Committee engaged in discussions with the Board of Auditors, the Under-Secretary-General for Management, the Controller and the Project Director of Umoja on a number of issues relating to financial reporting. The issues discussed included:
(a) Status of implementation of IPSAS in the United Nations, including recent progress, challenges faced and the synchronization of the IPSAS timeline and strategy with that of Umoja;
(b) Benefit realization plans for both IPSAS and Umoja;
(c) Implementation of Umoja, the interdependence of Umoja and full IPSAS implementation, the progress made following the launch of Umoja cluster 3 (United Nations Environmental Programme, United Nations Human Settlements Programme, United Nations Office at Nairobi, Economic and Social Commission for Asia and the Pacific, United Nations Assistance to the Khmer Rouge Trials and Office for the Coordination of Humanitarian Affairs of the Secretariat) and the challenges ahead, including the launch of Umoja cluster 4;
(d) Internal control system and the United Nations fraud policy.
Implementation of the International Public Sector Accounting Standards and benefits realization
69. With respect to the implementation of IPSAS, the Committee was routinely apprised of the progress made. An overview was provided of the milestones achieved to date, including the finalization of the policy framework and benefits realization, Board of Auditors reviews and receipt of an unqualified audit opinion with respect to the peacekeeping financial statements. The Controller continued to note challenges that the project faced, including the skills needed to ensure IPSAS sustainability, operational processing in Umoja, which was not yet stable, and change “fatigue”.
70. Regarding the implementation of IPSAS in non-peacekeeping financial statements, the Controller informed the Committee that volume I ran into several challenges, including an incomplete dry run, externally administered activities that needed to be re-evaluated, and the need to reconcile the IPSAS opening balance with the closing balance under the United Nations system accounting standards. The Controller indicated that, owing to the non-homogeneous nature of the non‑peacekeeping operations, in which many of the entities had different governance environments, producing non-peacekeeping statements would be a major challenge.
71. Nevertheless, the Committee was informed that the Board of Auditors had issued an unqualified audit opinion with respect to the non-peacekeeping financial statements.
72. In paragraph 94 of document A/69/304, the Committee indicated that it would review the IPSAS benefit realization plan and make further comments in subsequent reports. The Committee has since received updates, including on the approval by the Management Committee of the benefits realization for IPSAS at the end of 2014. The Committee was also informed that the translation of the plan into detailed tracking/reporting requirements was under way and would be completed in July 2015. In addition, the Controller informed the Committee that other initiatives, such as a training and communication strategy for the benefit realization, would be finalized in the third quarter of 2015.
73. The Committee was informed that five qualitative benefits had been identified: improved stewardship of assets and liabilities; improved consistency and comparability; availability of more comprehensive information on costs; increased transparency and accountability; and alignment with best practices.
74. The Committee welcomes the progress that the Secretariat has made in implementing IPSAS, including the finalization of the benefits realization plan and the articulation of the major benefits. The Committee looks forward to receiving details of those and other quantitative benefits from IPSAS, which, as noted in paragraph 93 of document A/69/304, were to be realized in conjunction with the full implementation of Umoja.
Implementation of Umoja
75. With respect to Umoja, the Committee held several sessions with the Project Director on the progress made thus far. The Project Director informed the Committee that there had been good progress and that the project was on schedule, albeit with some challenges. The progress was exemplified by the launch of Umoja to cluster 3 on 1 June 2015 and the production of actual financial statements for peacekeeping operations for 2013/14. Preparations to roll out the Umoja solution to the rest of the Secretariat (cluster 4) on 1 November 2015 were on track, although that was a very challenging milestone.
76. The Committee was informed that Umoja was now the daily solution being used by approximately 11,800 users in six departments and offices and in
33 peacekeeping operations and special political missions. Of those, approximately 7,500 were users of the employee and manager self-service portal. The Committee was also informed that, after decades of working out of silos, the realization was growing across the Organization that all the various entities had to work more closely together, given that Umoja was a fully integrated, enterprise-wide solution that required entities to work as one, moving away from functional and organizational silos.
77. The Committee was informed that the adoption of the new operating model was going well; however, the project had to contend with some issues as a result. For example, while the need for proper training of staff at all levels was underscored, the Umoja team did not have the capability to handle both implementation and post-implementation support, hence resources were stretched. The need for training and capacity-building, including on change management, across the Organization would likely be an ongoing issue for the next few years.
78. Accordingly, the Committee was informed that, in spite of the progress made to date, the project remained a high-risk undertaking and the ability to achieve organizational readiness by adopting all the changes that would be needed as a result of Umoja implementation continued to be a challenge. The Committee welcomes the progress achieved in implementing Umoja and reiterates its recommendation that management continue to rigorously monitor key milestones and the overall timeline for implementation by identifying and managing current and any emerging key risks to the achievement of the objectives of the Umoja project.
Internal control system and anti-fraud policy
79. In paragraph 105 of its most recent report (A/70/5 (Vol. I)), the Board of Auditors underscored the fact that the complex and risk-prone environment in which the United Nations operated demanded that a strong internal control framework and risk management system be in place. The Controller informed the Committee that the Secretariat was working with the United Nations system to share best practices on internal controls and that the Secretariat’s internal controls were being evaluated and re-engineered in the context of Umoja.
80. The Committee was informed that the Secretariat expected to have a plan in place by mid-2015 to document the internal control framework and develop management assurance systems to test understanding and compliance. The Committee was also informed that the Controller planned to append a statement of internal control to the financial statement by 2018.
81. The Committee commends the progress made to improve the internal control system and stresses the significance of educating managers and all affected staff on the importance of strong internal controls. The Committee also urges management to draft a manual on internal control that will provide guidance to United Nations managers and staff on implementing and maintaining the forthcoming framework. The Committee will follow up on the issue at subsequent sessions.
82. With respect to fraud, the Committee has long opined on the importance of dealing with and preventing fraud. In paragraphs 57 and 58 of its report for the period from 1 August 2011 to 31 July 2012 (A/67/259), the Committee noted that the low level of investigated cases dealing with procurement could suggest a failure to detect fraud. In document A/69/304, the Committee recommended that OIOS establish a fully integrated long-term strategic plan that addressed, inter alia, the challenges and tendencies of procurement fraud apparent in the financial statements of oversight bodies.
83. The issue of fraud came to the forefront when OIOS, working in collaboration under a memorandum of understanding with the Risk Management Unit of the United Nations country team for Somalia, received reports of suspicious activities involving funding for humanitarian aid in Somalia. OIOS also conducted an audit of the process of reporting cases of fraud or presumptive fraud in financial statements from October 2013 to January 2014. In the report, it was noted that existing policies and procedures were fragmented and did not provide adequate guidance for identifying and reporting fraud. According to OIOS, one collective weakness of the Organization’s policies was the lack of a definition of fraud or presumptive fraud. OIOS recommended that management, in consultation with other departments and offices, finalize the policy on fraud to provide comprehensive and easily accessible guidance to all parties on all aspects of fraud.
84. The Board of Auditors agreed with OIOS, noting in its report on the financial statements of the United Nations for the biennium ended 31 December 2013 (A/69/5 (Vol. I)) that the Organization did not have a single anti-fraud and corruption policy. Current policies did not define fraud or provide a single set of procedures to follow if wrongdoing was suspected, the Board reported. It recommended that the Administration review and rationalize the current suite of policy and guidance material on fraud and other misconduct to provide staff and others with clarity concerning the correct procedures to follow when fraud is discovered.
85. Furthermore, in its previous reports, the Joint Inspection Unit had looked at fraud from different perspectives, such as oversight and accountability functions, related investigative functions, and issues on corporate ethics. The Committee was informed that the Unit was reviewing fraud prevention and detection in the United Nations system. The Committee looks forward to that report.
86. The Committee recalls paragraph 15 of resolution 69/249 A, in which the General Assembly noted with concern general deficiencies identified by the Board in control and fraud prevention, which were particularly necessary given the high-risk environments in which the United Nations operated, and requested the Secretary-General to take measures to address those deficiencies, such as through the issuance of standard operating procedures for addressing fraud prevention.
87. The Controller provided the Committee with her perspective on the Board’s concern about underreporting of fraud. According to current policies, if an office or department suspected fraud, it informed the Controller. OIOS and the Office of Human Resources Management also provided fraud information to the Controller, who in turn submitted a consolidated list to the Board. The Controller informed the Committee of the difficulty in reconciling the records of both offices with those provided by other departments owing to such factors as different phases of the cases; different recording systems and methodologies; redaction of confidential information; and different interpretations of fraud and presumptive fraud. The Controller also informed the Committee that there was currently no mechanism to ensure compliance, let alone completeness of reporting of fraud.
88. Management informed the Committee that it was working on a fraud policy that would be finalized by the end of 2015. The policy would establish the means to improve the completeness and accuracy of information reported and strengthen mechanisms to collect and reconcile cases of fraud and presumptive fraud. Management also believed that Umoja would provide a better means of control through reporting using business intelligence.
89. In the light of the above, the Committee recommends that the Administration finalize the scoping of the central intake system as recommended by the Board in paragraph 148 of document A/69/5 (Vol. I). This, as mentioned in paragraph 64 above, should help with the completeness and accuracy of reporting of fraud and presumptive fraud. The Committee also notes the progress that management has made and urges that the matter be handled most expeditiously, including clearly defining fraud. The Committee also recommends that the finalization of the anti-fraud policy should not be an end in itself but only the first step in ensuring that the anti-fraud policy and internal control framework are effectively implemented.
E. Coordination among United Nations oversight bodies
90. During the reporting period, in addition to its regularly scheduled meetings with OIOS, the Committee met with other oversight bodies, such as the Joint Inspection Unit and the Board of Auditors, including the Audit Operations Committee. The dialogue allowed for the sharing of perspectives on matters of mutual concern and provided a useful opportunity for cooperation among United Nations oversight bodies.
91. The Committee also sought input from management with respect to the coordination of programmes of work of the oversight bodies. The Committee was informed that, in management’s view, more needed to be done.
92. Within its mandate, the Committee sought comments from the three oversight bodies, all of which underscored the existing coordination mechanisms among themselves, including the sharing of their programmes of work. In separate meetings with the Board of Auditors, the Joint Inspection Unit and OIOS, the Committee noted the positive relationship fostered through the tripartite coordination meetings of the oversight bodies and the sharing of workplans in an effort to avoid duplication. The Committee believes that such coordination provides a valuable platform for additional opportunities.
93. The Committee reviewed with great interest the OIOS report entitled “Thematic evaluation of monitoring and evaluation of the Millennium Development Goals: lessons learned for the post-2015 era” (E/AC.51/2015/3). In that report, it was found that “in looking forward towards a prospective monitoring and evaluation framework for the sustainable development goals, a multi-tiered system linking country, regional and global levels will be needed”.
94. OIOS recommended that the Secretary-General formulate an overarching strategy and action plan to support coherent, coordinated and timely monitoring and evaluation, together with relevant capacity development needed to support decision-making, along the path to the achievement of the sustainable development goals.
95. The Committee is encouraged that such monitoring and evaluation efforts appear to be well under way. As part of that, and without prejudice to the Secretary-General’s consideration of the OIOS recommendations, the Committee urges OIOS, as part of the central role that it plays in the Meeting of Representatives of Internal Audit Services of the United Nations Organizations and Multilateral Financial Institutions and the United Nations Evaluation Group, to work with its counterparts in other United Nations audit and evaluation organizations to develop a coordinated strategy for the monitoring and assessment of United Nations performance in delivering on its commitments as part of the implementation of the forthcoming sustainable development goals.
96. A coordinated strategy may identify opportunities to make progress on a recommendation in the Committee’s previous annual report (A/69/304) that oversight bodies consider developing short topical or organizationally focused fact sheets that succinctly bring together in one place short synopses by each of the oversight bodies that are relevant to the topic or organization, particularly where the oversight bodies have examined similar topics. The intent is to bring together the collective good work of the oversight bodies in one place so that decision makers and stakeholders can more easily see the key matters that need to be addressed. That synergy will go a long way towards strengthening the oversight regime of the Organization and thereby contribute to improvements in effectiveness, transparency and accountability.
97. In addition, the Meeting of Representatives of Internal Audit Services and the United Nations Evaluation Group could reach out to and explore, consistent with respective mandates, cooperation with the International Organization of Supreme Audit Institutions, which serves as an umbrella organization for the external national government audit community and enjoys special consultative status with the Economic and Social Council. Pursuant to General Assembly resolution 69/228 on promoting and fostering the efficiency, accountability, effectiveness and transparency of public administration by strengthening supreme audit institutions, the umbrella organization and its member institutions, in accordance with their individual national mandates, are preparing to fulfil the sustainable development goal audit and oversight roles envisioned for them under that resolution.
98. The Committee believes that opportunities may exist for United Nations internal audit and evaluation organizations to coordinate with the International Organization of Supreme Audit Institutions and interested member institutions so that the individual reviews that they each may undertake will, over time, provide the United Nations and national decision makers with a more complete picture of progress towards the sustainable development goals and what can still be done.
F. Cooperation and access
99. The Committee reports that it received cooperation from OIOS and senior management in the Secretariat, including the Department of Management, in discharging its responsibilities. The Committee was given appropriate access to staff, documents and information that it needed in order to undertake its work. The Committee is pleased to report that it continued to work closely with the Joint Inspection Unit and the Board of Auditors. The Committee looks forward to continued cooperation with the entities with which it interacts in order to discharge its responsibilities, as set out in its terms of reference, in a timely manner.
IV. Conclusion
100. In the context of its terms of reference, the Independent Audit Advisory Committee presents the preceding observations, comments and recommendations, as contained in paragraphs 17, 24, 33, 36, 42, 45, 46, 53, 57, 59, 62 to 66, 74, 78, 81, 89 and 95 to 98, for the consideration of the General Assembly.
In paragraph 14 of document A/69/304, the Committee reported that, according to the report of the Board of Auditors on the financial statements of United Nations peacekeeping operations for the 12-month period from 1 July 2012 to 30 June 2013 (A/68/5 (Vol. II)), the rate of implementation of recommendations in respect of peacekeeping operations was 55 per cent for the period ended 30 June 2012. However, in paragraph 10 of its report for the 12-month period from 1 July 2013 to 30 June 2014 (A/69/5 (Vol. II)); the Board adjusted that rate to 43 per cent to account for single recommendations.
Audit of the process of reporting cases of fraud or presumptive fraud in financial systems (report 2014/051).