Innovations in the fight against corruption

Dr Harib Saeed Al Amimi, our kind host, sjoekran for your generous hospitality, and sabah eigir, good morning, dear Colleagues.

Let me start by telling you how much I today miss my Arabic counterpart, Mrs. Faïza Kéfi.  The Netherlands as a country honoured her and her untiring work for INTOSAI last year in South Africa, during the INCOSAI congress, and I was of course sure that I would see her again here in Abu Dhabi, she being the Secretary-General of ARABOSAI and the promoter and first organizer of these bi-regional conferences.  I would ask the Tunisian delegation to please give her our warm greetings.

In my home town Rotterdam, dear Colleagues, there is an old banking building, which is now the seat of the Rotterdam School of the Arts. A bank becoming an arts school, how appropriate. To celebrate this rehabilitation of the building, there is a big neon display on the building with the following text:
You have to change to stay the same.

How well chosen are these poetical words for our institutions: you have to change to stay the same. My institution goes back almost 600 years, and there is no way that it would have survived through the ages without changing with the times. And now, yet again, a time to change has knocked on our doors: be it the environment and the call of nature, be it the information revolution, be it the banking crisis, be it the voice of our youth in the streets, be it a combination of all of these – the message is loud and clear: it’s time to change.

One of the changes we have implemented at the Netherlands Court of Audit is to change from fighting corruption to promoting integrity. 

The story of this innovation really starts by replacing the word
“ corruption”  with the word “ integrity”.  I will tell this story in more general terms and the real ‘hands on’ story will be told by my Hungarian colleagues and presented by Dr. Andrea Korbuly.

My story has four chapters.

• The first chapter is about integrity. What is it and what opportunities does it bring?
• The second chapter is about how we apply this principle in our work.
• The third chapter is about examples of audits, in which we have applied this principle and which led to innovation in our work
• The last chapter is about opportunities for more innovation and then I will hand over the story to our Hungarian colleagues.

Integrity is not a simple concept to define. Many overlapping and distinct definitions are used. The term integrity is derived from the Latin in-tangere, meaning untouched. It refers to virtue, incorruptibility and the state of being unimpaired. Integrity is closely related to the absence of fraud and corruption, but it also entails common decency. As such it is a positive and broad concept, which is related to ethics and culture.
Using this word as a focus, instead of corruption or fraud, allows us to take a preventive approach. Integrity is a positive word. It is something you can strive for, but also something on which you can monitor progress. It helps you to point out what has been attained, instead of what is lacking.

Also, using the word integrity helps, because it allows us to use a wide and unspecific definition, beyond legalistic categories like fraud and corruption. It allows us to look at policies and measures that are aimed at preventing all sorts of unwanted behaviour in organisations and which stimulate an ethical culture.

So instead of a specific audit programme for fighting corruption, the Netherlands Court of Audit focuses on stimulating integrity.

To further explain the relative benefits of focussing on enhancing integrity, instead of fighting corruption, I will illustrate our position using two dimensions.
The first is the dimension is rule-based versus principle-based or value-based. 
The rule-based approach is repressive, legalistic and static. It focuses on uncovering bad behaviour by detection and punishment. It needs clear rules and is therefore rather static, as rules freeze reality in words. It needs independent execution in order to maintain the rule of law and fairness. Therefore it needs narrow definitions of fraud and corruption. Ownership for the success of this approach is firmly in the hands of the legislator and law enforcement agencies.
Quite the opposite is the principle or value-based approach. This managerial approach focuses on facilitating good behaviour and is rooted in stimulating an ethical culture. It needs a wide definition of integrity.  Ownership for the success of this approach is widely shared amongst all actors in society: citizens, civil society, employees and, especially, the management of public organisations.

The second dimension I would like to illustrate is between system opportunities and people.
Crimes, such as fraud and corruption, are committed by people. They have their own personal incentives and a psychological make-up that may make them more or less vulnerable.
But they must also be in a position to actually commit those crimes. The organisations they work for may increase the temptation for its employees by providing pressure or rationalisation. This dimension firmly puts the focus on the importance of circumstances and organisational responsibility.
Such circumstances and vulnerabilities can be assessed in a systematic way, thus enabling us to focus on risk assessment and risk management within public sector organizations.
By combining these two dimensions, we can identify four types of approaches. In the end they are complementary and can, maybe I should say must, exist together. 

First of all we focus very much on the preventive approach, we focus on the organizational opportunities and we base our approach on what auditors call Internal controls: organisational processes and their management.
Secondly we stretch the preventive approach to the people in the organizations - aiming to stimulate value-based cultural processes, trying to establish shared values, facilitating an open discussion on dilemmas. Integrity is far from being a static concept. On the contrary,  it is a very dynamic concept which changes over time and from country to country. Debating it on a regular basis allows us to follow its development instead of being locked in the rules.
Still, and thirdly, sometimes it is good the have the rules still available to have the opportunity to repress really unwanted behaviour. Provided they are up-to-date, legislation, rules and codes set the boundaries and make clear what behaviour is required and what punishment can be expected if these boundaries are transgressed.
And lastly if all prevention fails, they permit us to follow the repressive approach, focused on people, aimed at detection, prosecution and punishment of crimes.

So, introducing the word ‘Integrity’ allows us to bring prevention into the equation and extend the ownership of solutions for corruption beyond the legislator and the law enforcers to a wider range of stakeholders, including civil society and public sector management.

Which brings me to chapter two: auditing integrity.
Our choice for this systemic approach is rooted in our organisational strategy.
Our strategy is based on the United Nations definition of good governance. The Netherlands Court of Audit wants to contribute to good governance in the Netherlands. And good governance both requires and enhances the integrity of the public sector.

From the eight aspects of good governance that the UN defines, we as SAIs are concerned with four in relation to government performance and operations: “Demand-driven” and “effective and efficient” in serving the public relates to our performance audits;
“Transparent” and “accountable” in its operations as a public entity relates to our regularity audits. 
Operational management bridges performance and regularity audits.
The audit of integrity systems can be positioned exactly on this bridge, as a special kind of operational management audit.

A vital feature of our approach is that we insist on the fact that the integrity of an organisation is the responsibility of its management. Not of the legislator or enforcement agencies. This puts the ownership of solutions where it belongs: on the shoulders of the management of the public organisation from whom the public expects the delivery of  good public services in an honest way. They are responsible and they are accountable for the results.

In our country all organisations in the public sector are required to have an integrity policy. We take this as the basis for our audit criteria, but we go one step further: this integrity policy should be risk-based. This is necessary to prevent having policies which are merely paper tigers, copies of ‘examples’ from similar organisations. Another big advantage: these risk analyses can be used for monitoring and risk-mapping purposes.

Finally, we require that the measures and controls that an organisation has in place to mitigate its integrity risks be a mixture of stimulating (carrot) and repressive (stick) measures.  For example, we require that each organisation has an independent integrity counsellor with whom employees can discuss their doubts and suspicions in the strictest confidence. But we also require that the organisation has good procedures for detecting, investigating and sanctioning incidents in the event something goes terribly wrong.

In our work to contribute to the integrity of our public sector we adopt a three-tier approach.
We first embed integrity in all our audit designs:  in our financial, regularity and performance audits.
Next to that we have a  programme in place to monitor the ‘integrity care systems’ of the public sector and from time to time we publish the results.
Finally we put a lot of effort into different ways of improving the effectiveness of our work by sharing our knowledge and seeking strategic alliances. This also involves looking for innovative ways to do our work.

For all three of these activities I will now give you an example.
‘SAINT’ is short for self-assessment integrity and we presented its more mature version ‘IntoSAINT’ to INCOSAI in South Africa last year.  But we started back in 2005. We developed the first version of SAINT together with the Ministry of the Interior and the Bureau of Integrity of the City of Amsterdam.
SAINT is a structured risk analysis workshop, which involves the organisation’s own employees. At the same time it is both a diagnostic tool and a cultural intervention.
The big advantage of self-assessment is that it stimulates ownership of the risk-analysis and of its solutions within the organisation.
In 2007 we were involved in a twinning project with our Hungarian colleagues. In this project we used the SAINT approach as a basis for the design of a risk-mapping methodology.
Together with our Hungarian colleagues, we elaborated upon the original SAINT instrument. This resulted in some important improvements.

Building on this experience we embarked on a project to make the SAINT instrument available for other SAIs in the Intosai community.

This project is called IntoSAINT. We tested the IntoSAINT version in 5 different countries: South Africa, Finland, Yemen, Ghana and Indonesia. And were happy to be able to say that it works in different cultural and institutional environments.
We are now working on a project to make IntoSAINT available to the entire INTOSAI Community. This year we will start by training moderators from SAIs, which have volunteered to participate in the roll-out of the project, at a workshop in The Hague in September.
Some of you may have already expressed interest to participate. If you have missed this opportunity, but are interested to participate, please come and speak to me or my staff during the break.

My next example comes from our monitoring of integrity management in the public sector. In 2004 we established a baseline of the implementation of so-called hard controls, such as the implementation of rules and regulations. In our 2009 audit we also wanted to say something about the cultural aspects of the organisations, the soft controls, and the effectiveness of the integrity management. For that purpose we used an employee perception survey.

This survey enabled us to look beyond the documental evidence and include the perception of employees on the integrity of their own organisation. This gave us insight into the effects and maturity of the instruments used. Moreover, it also enabled us to get an impression of what employees thought of the functioning of their management.
We used an existing and well-validated instrument, the ‘Internetmirror ’.  With this instrument we conducted an internet survey amongst a group of 17.000 civil servants, of whom 38% responded. If you are familiar with surveys, you will know that this is an excellent response rate.

This instrument allowed us to benchmark the results of the different organisations on aspects of culture, management and adhering to rules and regulations. Here you can see the benchmarking results of one question. The instrument also gives you an integrity-index, which can be benchmarked. In this way organisations can be stimulated to learn from good examples which may be found elsewhere and come to a more effective integrity policy.

My last example is concerned with the use of geo-spatial information systems (G.I.S). It shows how you can combine data using geo-spatial maps in order to gain insight into integrity risks.

The power of a G.I.S. is that it enables users to produce high quality maps on any scale, to store and maintain a large quantity of geographically-related information, to visualize and simplify complex data, and to create new data from existing data.

The most powerful aspect of a G.I.S is that it allows users to perform complex analyses by linking data layers and overlaying different data sets to get a spatial perspective.

In the example on the slide you can see various layers that can be used by a private company to determine how its customers can best be reached.
 

The American website recovery.gov gives us an example of the possibilities of G.I.S in improving transparency and integrity. On this website geo-spatial information is provided on the spending of the recovery funds in the United States.

The website provides numerous maps containing geo-spatial information on the distribution of funds per objective. The website also provides information on important policy indicators, like unemployment.
This way citizens are enabled to track the spending of funds and to assess whether this information is correct with regard to where they are living down to the level of their own postal code.

And if citizens experience incidents of money being wasted or even fraud and corruption, they can report this. These reports also provide valuable information for auditors: where are the risks of waste, fraud, corruption, etc?
This type of work can produce a powerful tool in mapping integrity risks, as my Hungarian colleagues will show you, after my last slide, which is about leadership. It is my firm belief that Supreme Audit Institutions can provide and should provide integrity leadership.
And therefore it is my pleasure to hand over the floor to the Hungarian SAI which has been showing leadership with its risk-mapping project and I won’t keep you any longer from hearing their story: Integrity goes Hungarian…

Thank you for your attention.