I recently spent two days in Paris participating and speaking at the Organisation for Economic Co-operation and Development's (OECD's) annual Global Anti-Corruption and Integrity Forum. Surrounded by world leaders, anti-corruption experts, and transparency activists, one couldn't help but become invigorated by the participants' passion and drive for battling corruption. I was especially proud of the recognition and respect shown for internal audit's role in this worthy battle.
There is little argument that dedicating resources to fighting corruption is necessary to sound risk management, but it's still shocking to consider how much is lost to it annually. The World Economic Forum estimates corruption adds 10 percent to the cost of doing business. The World Bank estimates that 20 percent to 40 percent of official development assistance is stolen through high-level corruption.
The cost of corruption isn't just about money. Corruption correlates to higher child and infant mortality rates, the latter being doubled in nations that rate highest on corruption indices, according to the study, Corruption and the Provision of Health Care and Education Services.
Battling dishonesty in business and government is a constant struggle, but in today's hyper-competitive atmosphere, having anti-corruption and anti-bribery programs in place is no longer optional. When well-designed and well-run, such programs benefit organizations no matter the organization's size, sector, industry, or location. Internal audit can play a vital role in providing assurance, not just on the effectiveness of such programs, but also in helping organizations understand the potential for serious financial and reputational harm from failing to address corruption.
However, fighting corruption effectively is more than simply creating programs and hoping for the best. Indeed, success is rooted in organizational behaviors and practices that support sound governance. This is where internal audit can play a vital role. First, internal audit should assess the effectiveness of anti-bribery and anti-corruption programs to help, 1) anticipate the risk, and 2) identify the existence of potential and actual incidents. The IIA recommends that internal auditors take two different but complementary approaches:
- Incorporate an assessment of anti-bribery and anti-corruption measures in all audits, as appropriate.
- Audit each component of the anti-bribery and anti-corruption program.
In undertaking the second approach, it is vital for internal auditors to recognize the foundational elements of effective anti-bribery and anti-corruption programs. Hallmark components of such programs begin with tone at the top, thriving when organizations set high ethical standards and are consistent in their application. Other components internal auditors should assess include:
- Governance structure.
- Risk assessment
- Policies and procedures.
- Training and communications.
- Enforcement and sanctions.
- Reviews and updates.
The IIA recognizes the extraordinary challenges public sector auditors and internal auditors in companies around the world face when rooting out bribery and corruption. It continuously seeks ways to provide encouragement and tools for those facing this daunting task. The IIA's Practice Guide, Auditing Anti-Bribery and Anti-Corruption Programs, provides a thorough analysis on the subject and includes sample audit procedures.
I'll close by mentioning that the recent OECD event included the launch of a new group, the Auditors Alliance. This is a forum for public-sector internal and external auditors whose aim is to facilitate the sharing of insights and expertise in audit practices. I was honored to be included among a number of accomplished professionals invited to speak at the launch.
Collaboration and cooperation fostered by the OECD Integrity Forum and the new Auditors Alliance will go a long way in waging war on corruption.
As always, I look forward to your comments.