Yves Genest
Vice-President, Products and Services
Canadian Audit and Accountability Foundation. www.caaf-fcar.ca

The COVID-19 crisis is triggering unprecedented and trying times for our society. From substantial risks of overloading the health care system to catastrophic economic hardships, the reverberations of this crisis will be felt for years to come in all spheres of activity. Auditors are also affected and must take stock of how they will manage through this challenging time. We consulted material from various professional audit associations and talked with a number of senior audit professionals across Canada to find out how auditors can deal with COVID-19.

COVID-19 presents auditors with some challenges but also some opportunities. This list is in no way intended to be an exhaustive list of all the issues auditors are confronted with in this time of crisis.

Keep the health of auditors top of mind.

Human resources are audit offices’ best asset. Like for other organizations, the safety of their staff is paramount, and audit offices have acted accordingly. They have rapidly implemented work-at-home solutions with an emphasis on protecting and preserving their employees’ health. As the crisis is persisting, and employees are working remotely and implementing social distancing measures, audit organizations will also have to continue to be aware not only of their employees’ physical well-being, but also of their mental health. Employee assistance programs and proactive efforts to connect with team members to boost their morale are also essential to maintain the workforce and ensure continuity of operations.

Be flexible with auditees.

Transparent and effective communication with auditees is always a priority for auditors. In the time of COVID-19, this is truer than ever. If auditors are wrapping up their audit and validating audit findings, this can probably be done remotely. But if they are starting an audit, it may be more problematic. They may have to moderate their requests for documents and data or allow more time for auditees to respond, especially if auditees are at the frontline of fighting COVID-19. Also, conducting interviews remotely is always a possibility but will be understandably more difficult. In some instances, asking the auditees to complete a questionnaire instead of being interviewed may be less intrusive and more palatable for them. In any event, expect that audit activities will take a backseat and even, in some instances, that auditees will request that auditors stay away for a while. In a time of crisis, flexibility is the order of the day.

Know that technology is the auditors’ ally, with some caveats.

For many workers, technology has been providential in helping to deal with the COVID-19 crisis. Emails, shared drives, team management applications, cloud technologies, and video conferences are allowing auditors to continue to work with auditees and co-workers. However, as the online presence of auditors intensifies, they have to remain vigilant. This increased use of technology will be accompanied by increased technological risks. From the overload of the telecommunication systems to cybersecurity concerns, auditors’ technological capacities will be more vulnerable. Ensuring that communications with auditees and between team members meet confidentiality and security requirements, for instance, could be a challenge. Also, there is an emerging risk of increased social engineering incidents. Phishing attacks masquerading as guidance about the virus are multiplying and can impact both auditors and auditees. It’s essential that you be aware of these risks and have effective communications with your IT services.

Expect delays.

Because many entities’ activities and events are cancelled or delayed, it is only natural that the completion of audits will also be compromised. Many audit organizations have already factored this in and are recalibrating their audit plans. Depending on the flexibility of the audit mandate, the legal requirements, the constraints on resources, and access to auditees, auditors will have to be flexible and adjust. As stated above, wrapping up audits may be easier than starting new ones until things settle down. Also, as the crisis lingers, keeping audit teams busy may prove problematic. Some offices may consider assigning staff to begin performing groundwork for upcoming audits, conduct or undertake training (online of course), or form new methodology working groups.

Mitigate the risk to audit quality.

Auditors, being always mindful of audit standards, must crank up their apprehensions about their capacity to collect sufficient and appropriate evidence. This is where the above concerns about technology, auditee relations, and delays come together. Auditors must take a good hard look at what they are capable of doing in these circumstances. One opportunity that delays open up is the possibility of enhancing the quality of the audit by doing more in-depth analysis of the evidence already collected. This could be done by leveraging quantitative data analytics techniques or conducting qualitative analyses that would be too time-consuming in normal times. It is also possible that you will need to re-scope your audit to cover a more restricted span of activities. Professional judgment, as always, will have to be used.

Seize the opportunity to improve your understanding of the audited entities.

Good auditors must constantly aim to increase their knowledge of the organizations they are auditing. Times of crisis have a way of revealing hidden weaknesses and organizational fault lines. This is not to say that auditors must take advantage of audited organizations’ temporary vulnerability by playing a game of “bayonetting the wounded on the battlefield.” But you should remain alert about areas of improvement that may become more apparent when auditees are under stress. In particular, you can learn a lot by observing how risk management, the implementation of business continuity plans and disaster recovery activities, and IT operations and cybersecurity measures play out during this crisis. This may provide ideas for future audit topics.

* Articulo publicado originalmente en: https://www.caaf-fcar.ca/en/performance-audit/research-and-methodology/audit-tips/en/performance-audit/audit-tips/3594-audit-tips-10

About the author:

Yves Genest was appointed as Vice-President, Products and services, effective May 15, 2017, Mr. Genest is responsible for leading the organization’s performance audit and parliamentary oversight products and services, including training, professional development, community outreach, research, and methodology development.

Mr. Genest is an experienced audit professional, having worked in a variety of organizations and offices over the past thirty years. Prior to joining the Canadian Audit and Accountability Foundation, he served as Chief Audit and Evaluation Executive at Shared Services Canada, where he led the establishment of the audit and evaluation function in the newly created department. There, he implemented cutting-edge methodology for systems under development audits, provided leadership on horizontal initiatives involving IT security and disaster recovery with chief audit executives in numerous partner departments, and led on innovation within his unit in the field of audit automation.

Prior to joining Shared Services Canada, Mr. Genest served as Director General, Audit Directorate, at the Public Service Commission of Canada, where he led the establishment of a new audit function, quality management framework, and risk-based audit strategic planning process for the PSC.

Mr. Genest also has extensive experience in the legislative audit community, having worked at the Office of the Auditor General of Canada for over fifteen years, first as a Senior Auditor, then Director of Results Measurement, and finally as Principal, Practice Development. In this latter position, he was tasked to ensure that OAG professional standards, policies and guidance for performance audits met the needs of the Office.

Mr. Genest holds Masters degrees in Public Administration and Political Science.

Sebastián Gil
Capacity Building Manager for OLACEFS
INTOSAI Development Initiative (IDI)

I suggest to discuss the challenges for accountability posed by the current situation of COVID 19.

The starting point is the recently published document “Accountability in a time of crisis: How Supreme Audit Institutions and development partners can learn from previous crises and ensure effective responses to Covid-19 in developing countries”. This document was developed in collaboration between the INTOSAI Development Initiative (IDI), the Sierra Leone Audit Service (ASSL), the Liberian General Audit Commission (GAC) and the African Organization of Supreme Audit Institutions French-speaking (CREFIAF)

This document compiles findings and examples of audits related to epidemics and disasters, including the Ebola crisis in Sierra Leone and Liberia.

Possible actions that SAIs and their development partners can take to mitigate the risks posed by Covid-19 are also identified. The focus is on developing countries, with some specific references to the contexts that present the greatest challenges.

Background of the blog suggestion:

The Covid-19 crisis is global and has massive impact on all countries in areas such as public health, employment, economic growth and social protection. The crisis requires urgent actions by governments, and it can sometimes be difficult to balance this carefully with accountability, transparency and integrity.

We know from previous pandemics and disasters that emergency situations can lead to basic control systems being suspended or bypassed, combined with weakening of accountability systems and oversight. This can cause increased levels of waste, mismanagement and corruption at a time when government resources are under pressure.

As a respected oversight institution, Supreme Audit Institutions can play a key role in the different stages of a crisis like Covid-19. In this regard, audits of past crises – such as those covered in the document in question – provide key lessons to audit in the context of the coronavirus crisis.

In general, and always within their mandate and practices, it is understood that the actions of SAIs can be grouped into the following roles:

1. Implement audits adapted to the current context;
2. Provide advice on critical rules and regulations;
3. Conduct real-time procurement audits to verify whether funds are being used in the right way and for the right purposes;
4. Make explicit the persistence of the SAI oversight responsibility over national public accounts – despite the crisis – and its consequent role of general supervision of the administration of the crisis by the Government. This can also generate a deterrent effect on those who see the crisis as an opportunity to violate regulations and controls, contributing indirectly to safeguarding government and donor funds;
5. In terms of audit topics, they can audit the implementation of new regulations and programs, such as infection control or economic stimulation, and thereby contribute to effective government actions. This can help identify potential cases of fraud, waste and abuse of public funds, counter misinformation, and build greater trust between citizens and government during a national emergency; and,
6. Finally, already with the proper focus of performance auditing, the SAI can evaluate the economy, efficiency, efficacy and effectiveness of the use of funds and the national response to this situation. It goes without saying, that these reports can contribute to vertical and horizontal accountability, as well as for identifying lessons for the future.

The objective of the blog is to open a space for interaction in which, based on the visibility, mandate and context of the SAIs of OLACEFS, we can reflect and exchange ideas on the possible roles of the SAIs and their challenges.

About the author:

Mg. Sebastián Gil holds Bachelor and Master’s degrees in international Relations, Master degree in Finance and Master degree in Public Policy Evaluation.

University professor and consultant specialized in Performance Auditing and Public Policies. Graduate of the International Programme of the Canadian and Accountability Audit Foundation (batch 2004/5).

He has worked at the Nation General Audit Office of Argentina between 1994 and 2017, contributing to the development and practice in Performance Auditing.

Since 2018 he is working at the INTOSAI Development Initiative (IDI) – based in the National Audit Office of Norway – as Manager of Capacity Development for OLACEFS, position from which he systematically works with SAIs from OLACEFS and its different bodies. In terms of specific initiatives, he coordinates the IDI – OLACEFS initiative “SAI in the Fight against Corruption”, participates in the “Strategy, Performance, Measurement and Report” initiative (SPMR) and co-coordinates the initiative “Cooperative Audit of Public Procurement Sustainable using data analysis ”(CASP), first pilot of the IDI SDG Audit Model (ISAM), having also been a member of the team that developed this model.

Michael Hix
Director of International Relations, U.S. Government Accountability Office (GAO)
Vice President, International Journal of Government Auditing

“May your choices reflect your hopes, not your fears” — Nelson Mandela

““We all have an unsuspected reserve of strength inside that emerges when life puts us to the test“– Isabel Allende

I greatly appreciate this opportunity to engage with OLACEFS and announce the launch of the INTOSAI Policy, Finance, and Administration Committee’s (PFAC’s) COVID-19 Initiative website. The Comptroller General of the United States leads this initiative as PFAC Vice Chair in cooperation with the Chair and all committee members.

Before elaborating on this initiative and the website, I would like to provide some historical perspective that, like the origins of the quotations above, begins in South Africa and brings us to Chile.

Just one year ago, I represented GAO at the INTOSAI Regions Coordination Platform Meeting in Cape Town. At that time, many SAIs had already alerted their governments to the potential consequences of a global health pandemic. Still, none of us could have imagined that we would be in this situation one year later.

In Cape Town, the generosity and graciousness of our host, Auditor-General Makwetu, his staff, and the people of South Africa made a lasting impression, as did the spirit of collaboration and mutual support among INTOSAI’s global and regional bodies, and the INTOSAI Development Initiative.

During a discussion on communication within INTOSAI, my colleague Osvaldo Rudloff Pulgar of la Contraloría General de la República de Chile spoke about the need to enhance communication across INTOSAI and its regional bodies. I told Osvaldo that we would maximize GAO’s role as Vice Chair of INTOSAI’s Policy, Finance, and Administration Committee and Chair of the International Journal of Government Auditing to enhance communication across all of INTOSAI.

The PFAC has acted on that commitment by publishing the Midterm INTOSAI Performance and Accountability Report in all INTOSAI languages. The report documents progress toward INTOSAI’s Strategic Plan and includes contributions from all INTOSAI global and regional bodies. The report specifically identified recognition of the accomplishments, importance, and needs of INTOSAI Regional Organizations—especially regarding communication, resources, and technology—as a matter for consideration by the INTOSAI Governing Board.

As Chair of the International Journal of Government Auditing, GAO has also acted on that commitment by attending and covering meetings across nearly all of INTOSAI’s global and regional bodies, including those of OLACEFS, with an emphasis on using social media to share information and best practices across all of INTOSAI.

Most recently, GAO collaborated with la Contraloría General de la República de Chile and OLACEFS by sharing information on health precautions and SAI operating procedures during the pandemic, and participating in an OLACEFS webinar to discuss the PFAC COVID-19 Initiative.

And this brings us to Chile and the kind invitation to announce the launch of the PFAC COVID-19 Initiative via this blog. Like many SAIs, GAO has transitioned seamlessly to nearly 100 percent telework. We are actively conducting our work for the United States Congress and our citizens and have initiated over 30 audits on our government’s preparedness and response to the pandemic. We also understand that the pandemic poses challenges for conducting INTOSAI’s work, and that many SAIs have faced challenges operating during the pandemic.

That is why this initiative seeks to maintain continuity of operations within INTOSAI, assist SAI’s with their continuity of operations by sharing and mobilizing resources, and focus on lessons learned to prevent similar situations in the future. The initiative is predicated on our belief that (1) our governments and citizens need strong, competent, and effective SAIs in our current environment and (2) that this need will only increase in the future.

The initiative’s website has links and resources contributed from a wide range of INTOSAI members and external stakeholders and is organized around the themes of INTOSAI continuity of operations, resources for SAIs, and lessons learned. We welcome additional contributions from all interested parties and will continuously update the website as information becomes available. We are very excited about this unique opportunity to collaborate across INTOSAI and its regional bodies during these challenging circumstances and welcome your contributions.

The PFAC initiative will transition to a longer-term COVID-19 effort led by the Chairman of INTOSAI and the Accounts Chamber of the Russian Federation under the auspices of INTOSAI’s Supervisory Committee on Emerging Issues (SCEI). GAO has coordinated with SAI Russia on this transition and our role as Vice Chair of the SCEI will help ensure a smooth transition and our continued involvement.

In closing, I would like to extend my deepest gratitude to my colleague Osvaldo, as well as to Sr Jorge Bermúdez Soto, Contralor General de la República de Chile, and Sr Nelson Shack Yalta, Contralor General de la República de Peru for their leadership of SAI Chile and OLACEFS, respectively. I wish all of you, your loved ones, and your colleagues the very best.

Enter the website COVID-19 iniciative

About the author

Michael Hix is Director of International Relations in GAO’s Office of Strategic Planning and External Liaison. He supports the Comptroller General of the United States in international engagement, manages multilateral and bilateral relations, directs GAO’s International Auditor Fellowship Program, and serves as the Vice President of the International Journal of Government Auditing. His primary areas of focus within INTOSAI include GAO’s work as Vice Chair of the INTOSAI Policy, Finance, and Administration Committee, the INTOSAI Donor Cooperation, and as a member of the INTOSAI Governing Board. He holds a M.S. in Natural Resource and Environmental Policy from the University of Michigan and a B.A. in Geology from George Mason University.

Dr. Francisco Javier Fernández
Auditor General of the Argentine Nation y President of the Commission on
Information and Communication Technologies (CTIC)

As Chairman of the OLACEFS Committee on Information and Communications Technologies (CTIC), I hope you and your loved ones are well.

We are experiencing a difficult time when the priority is to maintain health and care for each other. In this context, it is undeniable how important it is for all people to be able to work, as well as maintain networks, to pursue dreams, projects and meet the challenges that arise in a professional, responsible, reliable and technically solvent manner.

Depending on the situation, we are faced with social distancing, confinement, quarantine or other measures related to caring for our health. Whatever the case, this new reality poses new challenges to continue our daily work.

Today, technology is an indispensable and strategic tool to accompany us in this process. It will allow the Supreme Audit Institutions to face the challenges that the health crisis implies, responding to the challenges in a responsible and committed manner with the role of accountability.

The current crisis implies an abrupt change and professional challenge that technology allows us to face. That is why, at the CTIC, we set out to support this process and contribute to the development of OLACEFS’ SAI activities by making available the CTIC Toolbox of applications that facilitate teamwork.

This tool is a compilation of applications that could be useful in the workplace for meeting management, communication and teamwork, planning, task development, and for sharing knowledge or disseminating a project. This toolbox is the product of a broad analysis of different platforms, guided by a selection of those that are most useful based on accessibility, security or operability criteria.

We hope that the toolbox will facilitate the use of technologies in our organizational management. Our interest is that they be useful to you in order to maintain the quality and prestige of our reports, investigations and analysis in the face of this new challenge posed by a global pandemic.

At the CTIC, we hope that this proposal will also be an invitation to walk this path together and to maintain the bonds of brotherhood that characterize our organization.

See the CTIC Toolbox of Applications that facilitate teamwork.

Mariela Azofeifa Olivares,
Office of the Comptroller General of the Republic of Costa Rica

The Supreme Audit Institutions (SAIs) are, in times of crisis such as that caused by the COVID-19 pandemic, among the entities with the greatest credibility and expectation on the part of the citizens. Many actors in society turn their eyes to the extraordinary work that falls on the external control bodies of the Public Administration, almost without distinction of country and control model. The safeguarding of the Public Treasury is an enormous challenge for efficiency and agility in public procurement, for the correct and timely execution of the budget, for auditing as a relevant function against public spending, and for the generation of regulations that allow the correct investment of public funds in the state activities that have the greatest demand for action to address the health emergency.

Perhaps the list of lessons that the institutional attention to the pandemic is giving the SAIs seems enormous at this time, where the effects have not completely come to light and the citizens are in the midst of a battle where they await state aid under the vigilance of the SAIs given the critical fiscal situation of the countries of the Latin American region. Taking care of scarce public funds and speeding up spending on what is required is a double challenge for the entire state apparatus.

The demands of public control are intensified, in some cases by seeking the omnipresence of SAIs in every procurement of goods and services, in every disbursement of public resources, in every legislative decision on bills to address the emergency. It is therefore particularly important to manage adequate information flows and effective communication channels in order to make it clear, on all sides, that SAIs cannot be involved in each and every public action to mitigate the effects of the pandemic, but with an adequate substantive control strategy, we can design actions in line with the highly volatile and demanding environment.

It is against these circumstances that we must be more strategic about when to carry out more timely and relevant actions of control: in ex ante controls, we must seek to speed up the institutional activity of urgent public procurement; in concomitant controls, we must address the control priorities on the infinite agenda of issues to be audited; in ex post controls, we must plan, from now on, the areas that will require accountability and rely on other control instances such as internal audits; in sanctioning controls, we must bear in mind that, in many countries, the regulatory framework is made more flexible in the face of declared national emergencies, and this also opens doors for those who act in disregard of the legal framework and commit fraud and corruption. It is worth reminding all external stakeholders about the channels of complaint in case they are faced with the commission of any irregularities that may be occurring in some state entity in the midst of the pandemic.

Valuing the environment as changing, as a rule of principle, is fundamental. SAIs must continue their regular audit activity and must not neglect the extraordinary actions that the pandemic implies, with the same personnel, job skills, technological, financial and informational resources. This then implies an optimization of all resources, with special emphasis on the intensive use of information and communication technologies, starting with the teleworking already applied in many SAIs, going through the use of effective online communication channels, without leaving aside the very important institutional culture that permeates all the actions of the SAI. Here, the challenge is to tune civil service, competencies, priorities and resources into the same melody and achieve harmony with the environment, making what we do available to all the other control actors: political, media and social.

One lesson that can also be drawn upon at this juncture is the ancillary role that the SAI can play before the Parliament of each country in the region, given that there is no body more prepared to shed light on relevant rules and procedures in the generation of laws and regulations in public institutions than the nation’s supreme audit institution. The strategic role of the SAIs in the legislative environment has a special moment in a national emergency, when haste rules and control cannot be disregarded, seeking an ideal balance between respect for the principle of legality and the achievement of national objectives, in the shortest time and at the lowest cost possible.

Monitoring the environment and identifying the stakeholders of each SAI will also allow for the assessment of prudent and relevant control actions, expected and demanded by those who always expect the SAI to play its role to the fullest. The confidence enjoyed by the audit institutions in the region is inversely proportional to that enjoyed by some governments in the region, and this reality cannot be ignored when it comes to generating a control agenda in the midst of a global health emergency.

This monitoring of the environment, in turn, serves as a basis for, together with internal self-diagnosis, an exhaustive analysis of institutional risks under national conditions regarding the procedures for providing health solutions for the population at risk and for those affected by the disease. Enabling an efficient, effective and affordable health care system is not easy in regular times, much less so in critical times when a fellow citizen’s life may depend on access to a laboratory test, diagnosis, medicine or hospital bed. .

The unique and specific powers of SAIs make it necessary to bear in mind that expectations are high and it is time to turn our eyes to the SAIs that have developed good practices and can help those in need. The review, consultation, exchange and open space to discuss what other control bodies are doing is valid and relevant at this historic moment, knowing that everything we do must be adjusted to our own institutional and legal environments.

To conclude this limited list of unlimited lessons, I propose a virtuous triangle be practiced that citizens value which emanates from the SAIs: access to public information, accountability and transparency. When, from our institutional trenches, we can promote and develop mechanisms conducive to these three democratic principles, we will have taken on the greatest challenge in the midst of the crisis, which consists of doing our work and disseminating it to all citizens, who always expect seriousness, professionalism, engagement and solidarity in difficult times for our fellow citizens.

I leave you the task of adding entries to this blog, which undoubtedly contributes to the challenges mentioned in this brief contribution.