Written evidence submitted by Hilary Wild (MUO0034)

 

 

External Audit in the UN System

 

Introduction

 

1)     This paper sets out some potential solutions to the challenges posed by the following questions:

 

i)       Where is it working well and where not? 

ii)     Does it need strengthening?

iii)   Is it an area of influence or prestige or soft/hard power over multilaterals?

iv)   Are there risks arising from access to information?

v)     How could it be improved?

 

Context

 

2)     In considering the role of External Audit in the UN system it is useful to start with a statement of purpose which is derived from the Financial Rules and Regulations of each entity and which are approved by governing bodies ie Member States. These Regulations and Rules have many common elements across the UN System, such as a requirement that the External Auditor be the Auditor General or equivalent head of the Supreme Audit Institution (SAI) of a Member State as well as more operational matters such as the application of IPSAS as a common accounting standard.  It is also important to note that the UN System has adopted the “single audit principle” which essentially intends to ensure that there is only one external auditor that may audit UN organizations, and that is the External Auditor appointed by and reporting to the Member States.  

 

3)     The prime role of External Audit is to certify the financial statements of the organization, and as such this is in line with the private sector on which the standards for external audit work in the UN system are based.  There is also typically a provision to carry out reviews of management that is usually interpreted as a right to carry out performance audits.  An unsuccessful effort to clarify what “reviews of management” means was made a few years ago, led by the NAO as Chair of the UN Board of Auditors.  The lack of clarity can lead to challenges that could be addressed through implementing a combined assurance model, see below.

 

4)     The applicable standards are the International Audit Standards (IAS) to which all SAIs adhere.  It should be noted that these standards presume there is a fully empowered Audit Committee, composed of qualified individuals, who exercise technical oversight of the external audit process. In the UN System the equivalent oversight/audit committees have some responsibility in relation to External Audit but it is not fully consistent with neither the IAS nor the Institute of Internal Auditors[1] standards. This leads to some confusion as to whom the External Auditor should report as “those charged with governance”.  Given the range of scope of these oversight committees in the overall governance structure of UN organizations there may be some benefit to be gained from some further analysis and consideration of their roles and reponsibilities.

 

 

 

 

Member State Expectations

 

5)     Many Member States appear to have an expectation that external audit could fill gaps in oversight and assurance that are not normally an external audit responsibility. This may be due to 3 factors:

 

i)       Firstly, the Member States appoint the external auditor who is very conscious of their independence in reporting directly to the Member States.  This can give a sense of comfort to Member States since it is a direct line of communication.  This is particularly pronounced if there are concerns about the leadership and/or management of the organization.

 

ii)     Secondly, because the UN system does not operate a combined assurance model there is no visibility on how all the different elements of assurance come together and thus Member States may think, or believe, there are gaps but have no means to consistently identify if there are in fact gaps, or overlaps.  Again this is a function that is usually met by an audit committee.

 

iii)   Thirdly, Member States do not always have confidence in the quality of all other assurance providers partly as they are concerned about independence but also the quality of the work; they have no metrics against which to judge the quality, and even if there were, they may be concerned that reporting against any metrics might be skewed by bias.  This situation has led to an increased risk of 3rd party audits of voluntary funded programmes since donors are keen to establish that the programme has delivered in line with a specific funding agreement.  This tendency to request 3rd party audits is contrary to the single audit principle.

 

6)     This third point often results in Member States requesting performance audits or extra assignments from the external auditor, who are also not immune from promoting this service as it is a typical role of SAIs since many have expertise in this areas and believe they can add value. They can also earn revenue or prestige from these assignments.  Prestige can be considered as a necessary pre-requisite to re-election, or gaining further appointments within the UN system.  

 

Options to improve the value gained by Member States from External Audit.

 

7)     In order to improve the value that Members States can gain from an effective and efficient external audit service, the proposals below may be possible ways possible ways to address the expectations of Member States

 

8)     First, move the UN system to a combined assurance model that would allow Member States to see the mandates and plans of all assurance activities mapped against the strategic risks of each organization.  This would enable Member States to determine the adequacy of the overall assurance from all assurance providers, ie external audit, internal audit, evaluation, the JIU and MOPAN as well as grant audits carried out for Member States such as the EU verification processes.  A combined assurance model would help to indicate if the UN System is over, or under, assured.  My personal view is that there is an over assurance in terms of range of those who provide assurance, but that the quality is variable, there is lack of effective co-ordination and risk of overlap; in short it is an inefficient approach.

 

9)     Assurance activities are external audit, internal audit and evaluation.  Audit can be considered to include financial and compliance audits, which primarily address matters of internal control and thus integrity of an organization’s financial statements and management information, and performance audits that are designed to assess whether resources have been used with economy, efficiency and value for money.  In both cases audits should deliver a set of findings and/or recommendations for implementation that should be designed to add value to the organization. 

 

10) Performance audits differ from evaluations in that an evaluation is usually designed to answer a specific question – such as “did we effectively vaccinate all children in Mali?”  In comparison a performance audit will look to see if the vaccination programme was effective, efficient and achieved economy in the use of resources.  There is value in performance audits, as there is in evaluations.  However, better co-ordination would be useful to bring about greater efficiency as well as more transparency through a combined assurance model.

 

11) Second, strengthen the role of oversight/audit committees so that they are more closely aligned with the standards set out by the IIA. Specific changes that would enhance the role of oversight/audit committees could include assigning a specific, formal, technical role in the process of appointing an External Auditor as well as reporting on their performance. 

 

12) The process under which external auditors are appointed for UN system entities, whether as the Board of Auditors which serves the UN, Funds and Programmes, or as direct appointments by the Specialized Agencies, is based upon a requirement that the External Auditor should be the supreme audit institution of a Member State, such as the NAO in the UK.  This typically includes that institution is also a member of INTOSAI, and that the auditor follows INTOSAI standards.  Implicit in this is a belief that this will result in uniform quality as all INTOSAI members conform to the same IAS.  However, this is not necessarily so as the mandate, governance and depth of expertise of members of INTOSAI can vary which can lead to different quality in practice.  External Auditors are elected by the relevant governing body which can lead to an outcome in which the best technically qualified candidate might not be appointed.  This can happen for political reasons, such as XYZ has too many/not enough appointments in the UN System – a very subjective criterion which may be based on a desire for influence and/or access to informationFurthermore, the views of Member States may not be based on a technically qualified view from within their own administration – it is rare to have members of governing bodies technically qualified in audit.  For example, if the NAO is not a bidder the FCDO could ask the NAO to advise on the relative strengths and weaknesses of bidders.  However, if the NAO is a bidder, this would not be ethical.  

 

 

13) Election without objective technical input creates some challenges.  It does not follow a typical procurement process such as is done in INGOs or the private sector where audit committees play a strong role and make a recommendation to the board that is usually approved.  In order to preserve the independence of the external auditor, UN System Secretariats typically play a very limited role, acting mainly as a post box to issue requests, validate high level bid compliance and present responses to the governing body.  The requests issued do not all include the same technical criteria by which the quality of the audit approach and work could be judged. 

 

14) In order to preserve the independence of both appointment and subsequent work, a solution that would enhance the process and add transparency and quality is to involve the audit/oversight committees in the selection process to provide technical advice. Audit/oversight committees, whose members should be both independent of the Secretariat and include people with the appropriate technical qualifications can add value by carrying out the technical aspects of the process on behalf of the Member States. This could involve determining the technical criteria, the weighting, any specific requirements set out in the Financial Rules and Regulations as well as assessing the bids against objective, pre-determined criteria and making a technical recommendation to the governing body. [2]

 

15) This proposal might require changes to Financial Regulations and Rules, governing body rules of procedure or equivalent and the status and terms of reference of oversight/audit committees.

 

Exercise of power by External Auditors

 

16) The issue of whether external auditors use their position to exercise power, either soft or hard is complex. Provided the mandate is limited to the norm of an audit to enable the auditor to give an opinion on the financial statements, the risk is less than if the role extends to performance auditing. This is because there are external standards by which an external audit can be judged. It is also because the External Auditors themselves are also bound by the professional standards of INTOSAI as well as IAS.  Breaching these standards is likely to affect their domestic role negatively.

 

17) It must also be borne in mind that depending on the way the relationship between the Member States, External Auditor and Secretariat develops there can be a power dynamic that is based upon a need to comply rather than explain why a particular course of action is not appropriate or feasible.  Much attention is rightly paid by Member States to the implementation of auditors recommendations.  However, it should be born in mind that recommendations are just that – they are not made as management decisions and thus there maybe situations where not implementing a recommendation, but accepting the risk of non-implementation is a valid course of action.  However, both Member States and executive management should agree to accept the risks arising from non-implementation.  Again, this is where an effective audit/oversight committee can play a useful role to advise on the risk involved and if necessary help resolve differences of opinion from an independent and objective point of view.

 

Hilary Wild FCA

 

7th January 2021

 

 

After a career in financial services and with the UN (UNICEF Chief of Finance and WHO Comptroller) Hilary Wild has a portfolio of not-for-profit board roles that has included many UN System organization oversight committees (WMO, UNDP, ILO, UNESCO & FAO).  She is presently a member of the CGIAR System Board, as well as several audit committees within the CGIAR, a trustee of WaterAid UK where she chairs the Audit & Risk Committee and a member of the Church Commissioners Audit & Risk Committee.

 

 

 

January 2021

 

 


[1] The Chartered Institute of Internal Auditors https://www.iia.org.uk  the industry standard to which all UN System organizations should adhere.

[2] This practice has been followed at the ILO.