Seventy-eighth session
Item 135 of the provisional agenda*
Review of the efficiency of the administrative and financial functioning of the United Nations
Activities of the Independent Audit Advisory Committee for the period from 1 August 2022 to 31 July 2023
Report of the Independent Audit Advisory Committee
|
Summary |
|
The present report covers the period from 1 August 2022 to 31 July 2023. During the period, the Independent Audit Advisory Committee held four sessions, which were chaired by Janet St. Laurent (United States of America), with Agus Joko Pramono (Indonesia) as Vice-Chair, until 31 December 2022, and by Imran Vanker (South Africa), with Janet St. Laurent (United States of America) as Vice-Chair, during 2023. All members attended all of the sessions. |
|
Section II of the report contains an overview of the activities of the Committee, the status of its recommendations and its plans for 2024. Section III sets out the detailed comments of the Committee. |
|
|
Contents
|
|
|
|
Page |
|
3 |
||
|
3 |
||
|
3 |
||
|
3 |
||
|
4 |
||
|
4 |
||
|
7 |
||
|
11 |
||
|
11 |
||
|
15 |
||
|
16 |
||
|
18 |
||
|
19 |
||
|
19 |
||
|
Annexes |
|
||
|
20 |
||
|
21 |
||
I. Introduction
1. The General Assembly, by its resolution , established the Independent Audit Advisory Committee as a subsidiary body to serve in an expert advisory capacity and to assist it in fulfilling its oversight responsibilities. By its resolution , the Assembly approved the terms of reference for the Committee.
2. In accordance with its terms of reference, the Committee submits an annual report containing a summary of its activities and related advice to the General Assembly. Annex I to the present report contains the observations, conclusions and recommendations of the Committee issued in its previous report (). The present sixteenth annual report covers the period from 1 August 2022 to 31 July 2023.
3. The Committee is required to advise the General Assembly on the compliance of management with audit and other oversight bodies’ recommendations; the overall effectiveness of the risk management procedures and deficiencies in the internal control systems; the operational implications of the issues and trends set out in the financial statements and the reports of the Board of Auditors; and the appropriateness of the accounting and disclosure practices in the Organization. The Committee also advises the Assembly on the steps necessary to facilitate cooperation among the oversight bodies.
II. Activities of the Independent Audit Advisory Committee
A. Overview of the sessions of the Committee
4. During the reporting period, the Committee held four sessions. One of its sessions (the sixty-second session) was held outside of New York. For the first time, a session of the Committee convened outside of New York was held at a regional commission (the Economic and Social Commission for Western Asia (ESCWA) and a peacekeeping mission (United Nations Interim Force in Lebanon (UNIFIL)), in Naqoura, Lebanon.
5. During the sixtieth session, in December 2022, the members unanimously elected Imran Vanker (South Africa) as Chair and Janet St. Laurent (United States of America) as Vice-Chair for 2023. Furthermore, the Committee hosted the seventh meeting of the representatives (Chairs or members) of the United Nations system oversight committees to discuss best practices, lessons learned and other issues of importance to the United Nations oversight community. Additional information about the Committee can be found on its website () in all of the official languages of the United Nations.
6. During the reporting period, the Committee published three reports: the Committee’s annual report to the General Assembly for the period from 1 August 2021 to 31 July 2022 (); and two reports to the Assembly, through the Advisory Committee on Administrative and Budgetary Questions, on the proposed budget of the Office of Internal Oversight Services (OIOS) under the support account for peacekeeping operations for the period from 1 July 2023 to 30 June 2024 () and the proposed programme budget of the Office for 2024 ().
B. Overview of the plans of the Committee for 2024
7. The Committee undertook its responsibilities, as set out in its terms of reference, in accordance with the scheduling of the sessions of the Advisory Committee on Administrative and Budgetary Questions and the General Assembly. The Committee will continue to schedule its sessions and activities to ensure coordinated interaction with intergovernmental bodies and the timely availability of its reports. In a preliminary review of its workplan, the Committee identified the areas that will be the main focus for each of its four sessions for fiscal year 2023 (see annex II).
III. Observations and recommendations of the Committee
8. Section III of this report covers five major areas consistent with the Committee’s terms of reference, namely, recommendations of United Nations oversight bodies; the effectiveness of the internal oversight function; management controls and risk management; financial reporting; and cooperation and coordination among oversight bodies, as well as other, related topics.
A. Status of the recommendations of United Nations oversight bodies
9. The Committee is mandated to advise the General Assembly on measures to ensure the compliance of management with audit and other oversight recommendations. The Committee maintains that if the observations made by the oversight bodies are fully addressed in a timely manner, the likelihood of the Organization’s achieving its objectives is greatly enhanced.
10. During the reporting period, the Committee reviewed the status of implementation by management of the recommendations of United Nations oversight bodies, as a standard practice. The Committee notes that, overall, implementation by management of the recommendations of United Nations oversight bodies appears to be improving and the Committee continues to encourage further progress.
Board of Auditors
11. The Committee received the advance copies of the Board of Auditors reports for the period ending 31 December 2022. According to the concise summary of the principal findings and conclusions contained in the reports of the Board of Auditors for the annual financial period 2022 (), the overall average implementation rate of outstanding prior period recommendations for the entities under the Board’s purview remained constant at about 53 per cent in 2022.
12. Figure I shows a four-year trend in the implementation of recommendations of the Board of Auditors for Secretariat and non-Secretariat entities. This comparison is useful in assessing relative implementation rates among organizations that share some similarities. As shown in figure I, although the implementation rate of entities under the purview of the Secretariat[1] declined slightly in 2022, the overall trend in implementation rates was better than the low point of 24 per cent reported in 2019.
Figure I
Trends in the implementation of recommendations of the Board of Auditors, 2019–2022
13. The Committee noted that, although the implementation of recommendations by entities under the purview of the Secretariat was slightly lower for the year 2022, the overall trend was better, compared with the low in 2019; the Committee recommends, however, that management take further action to significantly improve the implementation of recommendations of the Board of Auditors.
14. With regard to volume I recommendations, the Committee was informed that for the year ended 31 December 2022, out of the 262 prior period recommendations, 111 (42 per cent) were assessed as fully implemented and a further 11 (4 per cent) were assessed as overtaken by events ().
15. The Committee was informed that of the 140 prior period recommendations that remain under implementation, 16 are from the pre-management reform period (extending from 2015 to 2018) and relate to the following areas: assets management, human resources management, fraud risk management, treasury management, occupational safety and health, data quality and project management. The Committee examined the implementation rates of the other entities under the purview of the Secretariat and noted that the United Nations Office on Drugs and Crime (UNODC) showed the highest implementation rate, at 67 per cent, and the International Residual Mechanism for Criminal Tribunals showed the lowest implementation rate, at 24 per cent.
16. With respect to volume II recommendations, the Committee was informed that for the year ending 30 June 2022, out of the 41 prior period recommendations, 19 (46 per cent) had been assessed as fully implemented.
17. The Committee welcomes management’s effort to implement the recommendations of the Board of Auditors. Nevertheless, the Committee is concerned that there are several recommendations that are over eight years old. The Committee calls on management to either expeditiously implement those recommendations or have them closed by the Board.
Office of Internal Oversight Services
18. In its report on its activities , the Office of Internal Oversight Services noted that “[l]ong-term trends show that more than 90 per cent of OIOS recommendations are eventually implemented”. According to the OIOS status report for 2022, long-term trends show that less than 0.5 per cent of OIOS recommendations are not accepted, and only about 1 per cent of its recommendations are closed as unimplemented, with management accepting responsibility for not addressing the underlying risk. Management indicated that for recommendations issued prior to 2020, 96 per cent have been implemented or alternate acceptable remedial actions were taken. For those issued in 2020 and 2021, 76 per cent have been implemented; and for those recommendations issued in 2022, 28 per cent have already been implemented.
19. Although OIOS and management contend that the implementation rate of OIOS recommendations is high, the Committee recalls that in paragraph 22 of its 2022 report (), it called upon management and OIOS to close the 60 outstanding recommendations from 2017 by no later than 30 June 2023 and take steps to minimize or avoid outstanding recommendations that are more than four years old. The Committee brought this matter to the attention of the Management Committee and followed up with management on the status of the implementation of this recommendation.
20. Management provided additional information to the Committee showing a reduction in the number of the recommendations outstanding between 2013 and 2017, from 60 to 51, as of May 2023. At the same time, an additional 50 recommendations were outstanding for 2018, bringing the number of recommendations outstanding for more than four years to 101.
21. That progress notwithstanding, the latest statement of internal control report received by the Committee showed that implementation of OIOS recommendations had been added to the statement of internal control as a new area in which there was opportunity for improvement, especially as it relates to timely implementation of recommendations.
22. While the Committee continues to acknowledge the important role the Management Committee plays in ensuring that management is implementing the recommendations of oversight bodies, it is of the view that more needs to be done to address long-outstanding recommendations.
23. In view of the risk associated with the delayed implementation of the recommendations, the Committee continues to call upon the Management Committee and management to close the 101 outstanding recommendations expeditiously and take steps to minimize or avoid outstanding recommendations that are more than four years old.
24. The Committee recommends that OIOS continue to evaluate its policy on long-outstanding recommendations with a view to analysing the root cause as to why some recommendations stay unimplemented for such a long time.
Joint Inspection Unit
25. In its annual report for 2022 and programme of work for 2023 (), the Joint Inspection Unit noted that the average rate of acceptance of recommendations made between 2014 and 2021 for system-wide reports and notes covering several organizations had increased (73 per cent in the period 2014–2021 compared with 72 per cent in the period 2013–2020). The Unit also noted that, during the same period, the implementation rate of recommendations for system-wide reports and notes stood at 77.57 per cent, a slight improvement over the rate of 76 per cent reported in the period 2013–2020.
26. For the United Nations Secretariat, the average acceptance rate remained unchanged from the 73 per cent reported for the period 2013–2020. The average implementation rate also stayed high, at 82 per cent, which is higher than the system-wide average.
27. The Committee continues to welcome the effort of management in expeditious implementation of the Unit’s recommendations.
28. The Committee reviewed the trend analysis of the average acceptance of the recommendations of the Unit for entities under the purview of the Secretariat. In its 2021 annual report (), while commending management for its efforts that had led to acceptance and implementation of the Unit’s recommendations at a rate higher than the average, the Committee expressed its concern regarding the low acceptance rate by entities within the purview of the Secretariat, such as the United Nations Environment Programme (UNEP) and the United Nations Human Settlements Programme (UN-Habitat). The Committee subsequently recommended that the Joint Inspection Unit, the Secretariat and the concerned entities review the root cause of the low rates of acceptance and implementation of recommendations by those entities.
29. In paragraphs 29 and 30 of its 2022 report (), the Committee noted the initiatives that had been put in place by the stakeholders to address the Committee’s recommendations. While welcoming those initiatives, the Committee, in paragraph 32 of that report, continued to underscore the importance and value of the recommendations of the Unit to the Organization and looked forward to improvement in the acceptance and implementation rates of the Unit’s recommendations.
30. The Committee has observed that entities such as the Secretariat have performed well consistently with regard to both the acceptance and implementation rates, while the United Nations Conference on Trade and Development (UNCTAD), the International Trade Centre (ITC) and UNODC have exhibited significant improvement. The Committee notes that UNEP and UN-Habitat still need to achieve further improvement and calls on the Management Committee to continue the effort to ensure that those entities are expeditiously implementing the Unit’s recommendations.
B. Effectiveness, efficiency and impact of the audit, investigation, inspection and evaluation activities of the Office of Internal Oversight Services
31. Under its terms of reference, the Committee has the responsibility to advise the General Assembly on aspects of internal oversight (resolution , annex, paras. 2 (c)–(e)). In fulfilling this mandate, the Committee has maintained its standard practice of meeting with the Under-Secretary-General for Internal Oversight Services and other senior OIOS officials during its sessions. The discussions have focused on the OIOS workplan and budget execution, significant findings reported by OIOS, operational constraints (if any), post-incumbency, the status of implementation by management of OIOS recommendations, including critical recommendations, and the strengthening of the investigations function.
32. During the current period, the Committee continued to focus its assessment on (a) strategic and operational risk-based planning, OIOS effectiveness and performance measurement; (b) the quality and impact of OIOS recommendations; (c) matters associated with the Investigations Division; and (d) the role of OIOS in the context of the 2030 Agenda for Sustainable Development. This assessment continued to be conducted against the backdrop of the OIOS priorities referred to in paragraph 6 of the report of the Committee entitled “Internal oversight: proposed programme budget for 2022” ().
Effectiveness of the Office of Internal Oversight Services and performance measurement
External quality assessment
33. In paragraph 63 of its 2015 report (), the Committee observed that while all three divisions of OIOS had gone through peer reviews in recent years, the Committee was not aware of any formal reviews in which OIOS as a whole and the working relationship across the OIOS divisions were systematically examined. Consequently, in paragraph 65 of the same report, the Committee recommended a holistic review of OIOS, with a strong implementation mandate to strengthen and streamline the operations and structure of the three divisions of OIOS.
34. The Committee was informed that the external assessment of the OIOS Investigations Division had been completed and that the report included 22 recommendations. According to OIOS, 12 recommendations fall under the direct responsibility of OIOS and cover matters such as the distribution of staff, staffing needs (including digital forensics capabilities) and quality assurance. The remaining 10 recommendations require collaboration with other organizations.
35. For 2023, OIOS indicated that the focus as far as addressing the Investigations Division external quality assessment outcomes was on (a) resourcing requirements; (b) improving the quality assurance process; (c) repurposing the Digital Forensics Unit; and (d) addressing the protection against retaliation (whistle-blower) investigations.
36. With regard to the above-mentioned 10 recommendations, OIOS indicated that it has been engaging with the respective Secretariat entities (such as the Department of Management Strategy, Policy and Compliance; the Office of Legal Affairs: the Executive Office of the Secretary-General; and the Ethics Office) to address those recommendations, which require changes to organizational policy, evidential burdens and the risk environment (including referrals of cases involving certain types of Secretariat officials proactive investigations and protection against retaliation).
37. The Committee emphasizes the importance of prompt implementation of external quality assessment recommendations. The Committee calls on OIOS to expedite the implementation of the accepted recommendations that emanated from the external quality assessment of the Investigations Division.
38. The Committee was informed that the assessment of the Internal Audit Division was in progress and that the assessment of the Inspection and Evaluation Division was slated to start in 2024. The Under-Secretary-General for Internal Oversight Services stated that when the three assessments were finally completed, she would request funding for the holistic review of OIOS.
39. The Committee welcomes the efforts of OIOS to undertake a holistic review of the Office and encourages OIOS to ensure that the issues listed in paragraph 65 of the Committee’s 2015 report () are taken into account during the review.
OIOS performance metrics
40. During the current reporting period, the Committee followed up with OIOS on the status of its performance metrics. OIOS reiterated that it monitored four dimensions, namely, impact; relations with key stakeholders; internal processes (economy, efficiency and effectiveness); and internal capacity. OIOS noted that it continued to monitor its performance through a combination of external and internal reporting mechanisms and that the key performance indicators are reported to key stakeholders by (a) the programme plan (regular budget); (b) support account budget performance; (c) OIOS annual reports (parts I and II); and (d) the annual status report, focused on the impact of recommendations (trends and focus areas) and including a new recommendation status dashboard. OIOS maintains that the internal monitoring was facilitated by elements such as the balanced scorecard, division-specific indicators, continuous monitoring activities through the enhanced data analytics and dashboards, and other key performance indicators, such as individual staff performance agreements and workplans.
41. The Committee reiterates its previous observation that the various metrics used by OIOS to gauge its internal and external performance do not constitute a streamlined set of metrics which can be used from year to year to compare its performance and facilitate trend analysis. The Committee, therefore reiterates its previous recommendation that OIOS review its numerous performance metrics and identify those critical and enduring metrics that will be most useful to stakeholders in assessing the effectiveness of OIOS. The Committee plans to engage further with OIOS on this matter.
Vacancy situation in the Office of Internal Oversight Services
42. The Committee continues to consider that the vacancy situation in OIOS poses a significant risk. The Committee is aware that several factors affected the timely filling of positions in 2022–2023 across the Secretariat. Following the resolutions of those factors, the Committee was informed that recruitment was proceeding in earnest and that, as at 31 May 2023, the overall vacancy rate for OIOS stood at 18.6 per cent, close to the same level as in the previous year. The Committee was also informed that the Internal Audit Division registered a relatively lower vacancy rate, at 13.9 per cent, while the Investigations Division continues to have the highest vacancy rate, at 26.9 per cent.
43. The vacancy rate in general, and in the Investigations Division in particular, is too high, and exposes the Organization to several risks. The Committee reiterates its prior recommendations that OIOS address the issue of vacancy levels as a matter of priority.
44. The Committee noted that OIOS planned to recruit within the provision for the budgeted vacancy rate, while the Controller confirmed that the budgeted vacancy rate should not be an impediment to recruitment by individual managers except when special measures are implemented. The Committee recommends that OIOS seeks guidance from the Controller on whether OIOS can fill all posts or has to make provision for the budgeted vacancy rate.
Effectiveness of the investigations function
45. The Committee continued to examine some of the indicators that OIOS is using, including timeliness of completion of investigations and referrals to gauge the effectiveness of the investigations function. The timeliness with which oversight work (in this case, investigations) is completed is an essential element of an effective accountability system. During the reporting period, the Committee met with senior officials both at New York Headquarters and in a peacekeeping mission. Throughout the discussions, the length of time of the investigations and the number of cases referred back to management were two main concerns.
46. The Committee continued to follow up with OIOS on some of its performance indicators and was informed that the average completion time continued to improve slightly, from 12.77 months in 2021 to 11.97 months as at 30 June 2022 (the longest completion time in the last eight years was 13.8 months, in 2015). On the other hand, the average age of the cases had increased slightly, from 8.1 months in 2021 to 8.8 months as at 30 June 2022, with the longest average (10 months) in 2015. According to OIOS, the caseload had risen dramatically from 133 cases in 2015 to 279 cases in 2021 and 371 cases as at 30 June 2022. As of the first quarter of 2023, this number now stands at 482 (see figure II).
Figure II
Trends in caseloads and Investigations Divisions-approved staffing, 2015–2023 (as at 31 March 2023)
47. The Committee recalls its recommendation contained in paragraph 69 of its 2022 report (), where it noted that the caseload had almost trebled from 133 cases in 2015 to 371 cases as at June 2022, yet the number of staff during the eight-year period increased by only 10 posts, from 98 to 108. The Committee notes that in 2023, this number has continued to grow. The Committee reiterates its concern about the pressure on investigators to manage an ever-growing caseload and the impact on timeliness for completing the investigation. The Committee also reiterates its recommendation that OIOS review the resource needs of the Investigations Division vis-à-vis the needs of its stakeholders, with a view to developing a plan to further reduce the time for completing investigations.
48. The Committee was informed that, on average, a little over one third of complaints received by OIOS are referred back to management. According to OIOS, in 2022, OIOS had received a total of 1,368 reports of misconduct, of which 367 reported matters (27 per cent) were investigated by OIOS and 555 (41 per cent) were referred by OIOS to other entities. OIOS noted that the increased reporting to OIOS has also resulted in a commensurate and proportionate referral of cases to responsible officials.
49. Responding to a concern expressed by some managers that they do not always have the capacity or expertise to handle cases referred back to them, OIOS indicated that it continues, in collaboration with the Office of Human Resources, to hold prohibited conduct training to equip staff members to serve on fact-finding panels convened by responsible officials. Participants from such training are included on the Office of Human Resources roster of individuals to whom responsible officials can turn to investigate matters referred back by OIOS.
50. The Committee notes the progress OIOS is making to ensure that managers to whom cases are referred have the ability to handle such cases. To address the concerns of some of the responsible officials to whom cases are referred and noting that referrals are part of the Organization’s overall policy and approach to investigating and handling misconduct, the Committee recommends that OIOS conduct more training as well as more outreach if it is to allay such sentiments.
Role of the Office of Internal Oversight Services in the context of the 2030 Agenda for Sustainable Development
51. During the reporting period, the Committee continued to follow up with OIOS on the progress that OIOS was making in mainstreaming the 2030 Agenda throughout its operations. The Committee was informed that the annual risk-based workplanning methodology of OIOS required teams to identify opportunities within all assignments to mainstream assessment of questions related to the Sustainable Development Goals. OIOS noted that while the Secretariat’s support to the Sustainable Development Goals has been provided in regions of greatest need and areas of comparative advantage, the Secretariat is not optimally placed to provide the further support needed to accelerate progress towards achieving the Goals by 2030. OIOS indicated, however, that when provided, Sustainable Development Goals-related support to Member States has been of generally good quality and well aligned with national development priorities.
52. The Committee welcomes the effort that the Organization in general, including OIOS in particular, is putting into addressing the matters associated with mainstreaming the Sustainable Development Goals. The Committee will continue to follow up on this matter.
C. Ethics Office
53. In paragraph 65 of its resolution , the General Assembly approved a new mandate for the Committee aimed at “strengthening the independence of the Ethics Office on direct presentation of the annual report by the Office to the General Assembly and enhanced role of the Independent Audit Advisory Committee to strengthen the accountability framework”. The Committee welcomes this decision.
54. The Committee is consulting with stakeholders and will propose any potential changes to the Committee’s terms of reference that may be needed to comply with the resolution of the General Assembly.
D. Risk management and internal control framework
55. The terms of reference of the Committee (see General Assembly resolution , annex, para. 2 (f) and (g)) mandate the Committee to advise the Assembly on the quality and overall effectiveness of risk management procedures and on deficiencies in the internal control framework of the United Nations.
Enterprise risk management
56. The Committee has long noted that enterprise risk management is an integral and important management tool of the Organization. The Committee has emphasized that top management attention is needed to continue to actively lead enterprise risk management efforts to ensure that identifying and managing risks become standard ways of doing business across the Organization. During the current reporting period, the Committee continued to follow up with management on the progress made in making enterprise risk management a management tool that is fully embedded in the Organization.
57. The Committee visited a regional commission and a peacekeeping mission to obtain first-hand impressions of the application of enterprise risk management in offices outside of Headquarters. The Committee noted progress in implementing enterprise risk management. In both the regional commission and the field mission visited, there was an appreciation for the enterprise risk management process and the Umoja enterprise risk management tool (Fortuna) that has been deployed. It was noted that the tool was useful, as it projects risk into the future, describes the controls in place and contains mitigation options to address the residual risks. At the Committee’s request, management provided the Committee with a demonstration of Fortuna.
58. The Committee continues to encourage the Organization to emphasize that enterprise risk management is a tool for enhancing results and continues to also encourage the Organization to try to document the benefits that enterprise risk management brings to the Organization. The Committee commends management for the effort that it put into developing Fortuna (which should assist in documenting those benefits) and calls on management to expedite the roll-out of the system (Fortuna) to all of the 57 entities involved in the enterprise risk management process.
59. The Committee recalls paragraph 32 of its 2020 report (), in which management informed the Committee that it would continue to treat the risk register as a living document and that regular updates would be made as a result of changes to the risk profile of the Organization. In paragraph 38 of its 2022 report (), management informed the Committee that it was in the process of revising the Secretariat-wide risk register through a risk assessment to be carried out during the second half of 2022. The Committee has since been informed that the revised risk register was nearing finalization and would be promulgated soon.
60. The Committee recognizes management’s prior position that the risk register is a living document. On that note, the Committee welcomes the finalization of the revised risk register and encourages ongoing reviews so as to take into account emerging risks.
61. The Committee followed up with management regarding the risk treatment and mitigation plans for the risks identified in the 2020 risk register, including those pertaining to implementing partners. Following approval of the Secretariat-wide risk register in July 2020, corporate risk owners, supported by risk treatment working groups, developed detailed risk treatment and response plans with specific remedial measures, which were approved by the Management Committee in April 2021.
62. Regarding embedding enterprise risk management at the entity level, the Committee noted that 57 entities had been selected, based on size of risk exposure, mandate and operations, to have risk registers and treatment plans finalized by the end of 2023. According to management, 45 entities (79 per cent) have since completed their risk registers and are in the process of developing and implementing their risk treatment plans. It is anticipated that most of the remaining 12 entities will complete their risk registers by October 2023.
63. The Committee notes the efforts of management to mitigate the risks of the Organization. The Committee recognizes that not all risk treatment and response plans at the entity level have been developed. The Committee also believes that risk identification without prompt or adequate treatment and response plans has the potential to make the enterprise risk management process ineffective. In the context of embedding enterprise risk management at the entity level, the Committee calls on management to ensure prompt development and implementation of the mitigation plans.
64. In paragraph 48 its 2022 report (), the Committee welcomed the efforts of management to develop Fortuna and encouraged the utilization of the tool at the entity and corporate levels. The Committee followed up with management on the status of the implementation of that recommendation and was informed that management was working closely with enterprise risk management focal points in entities in migrating their paper-based risk registers into the enterprise risk management module. According to management, 7 entities so far have migrated to the system and effort was under way to enable the remaining 38 entities with developed risk registers to do the same.
65. During its sixty-second and sixty-third sessions, the Committee received briefings from management regarding the progress reports on the accountability system of the Organization. In the second progress report of the Secretary-General on the accountability system in the United Nations Secretariat (), management had indicated the progress made in implementing the accountability system, with particular emphasis on the implementation of enterprise risk management and a conceptual framework for results-based management. In the context of defining results-based management, it was noted in paragraph 68 of the same report that “results-based management is viewed as an integrated approach meant to ensure that the processes, the outputs and the services of the Organization are aimed at achieving results” and that “[u]nder this strategy, the delivery of results (expected achievements and outputs) guide the Secretariat planning, budgeting, monitoring and reporting”.
66. During the sixty-third session, the Committee followed up with management on the progress in implementing the accountability system, especially with respect to enterprise risk management and results-based management initiatives. In that regard, the Committee was informed of management’s progress in addressing these issues, including the “progressive integration of enterprise risk management with the budgeting and strategic planning process”.
67. The Committee notes these initiatives for incorporating elements of enterprise risk management in the performance management system and believes that this will lead to a more effective process for achieving results. The Committee will continue to monitor management’s efforts to integrate this progress and strengthen results.
Statement of internal control
68. With respect to the statement of internal control, the Committee continued to receive regular updates from management. It is noted that management considers the strengthening of the Secretariat-wide internal control framework to be a key enabler for the implementation of the management reform initiative of the Secretary-General, especially in the light of the significant change in the business model of the Secretariat as derived from the enhanced Delegation of Authority Framework. As noted in the Committee’s previous reports, the statement of internal control is an accountability document that describes the effectiveness of internal controls in an organization. In that regard, the Committee was informed that the Secretary-General had recently signed the third statement of internal control to provide reasonable assurance to Member States of the effectiveness and efficient implementation of mandated activities, the reliability of financial reporting and compliance with the regulatory framework.
69. In its previous reports, the Committee was concerned with the reliability of the assessment questionnaire which forms the basis for preparing the statement of internal control report. During its field visit, the Committee was informed that the subject of the length of the statement of internal control questionnaire, as a risk factor which could make the whole process ineffective, continued to be raised. The Committee followed up with management on these matters at its sixty-third session. Management indicated that the statement of internal control questionnaire had since been further shortened in response to the Committee’s prior recommendation.
70. The Committee welcomes these improvements in the development of the statement of internal control. The Committee encourages management to continue seeking for any additional opportunities to refine the questionnaire in order to address the above challenges.
Alignment of the statement of internal control and the enterprise risk management process
71. The Committee was informed that as part of the initiative to review and simplify management mechanisms related to the accountability framework, management continues to assess the alignment of risk management with internal controls. It was noted that one of the main areas of focus was the identification of key internal controls which mitigate the very high risks detailed in the Secretariat-wide risk register, with the goal of ensuring better integration of those key internal controls in the statement of internal control exercises.
72. Moreover, with the roll-out of Fortuna and the improved integration between risk management and internal controls, the Committee was assured that the enterprise risk management team was working closely with the internal control team on the integration and normalization of those same key internal controls recorded in the entity risk registers.
73. The Committee welcomes these initiatives which will continue to improve and strengthen the accountability system of the Organization.
Information and communications technology risk
74. As previously observed, information and communications technology (ICT) risks are among the critical risks of the Organization. In paragraph 49 of its 2022 report (), the Committee noted that the Board of Auditors had raised issues concerning, for example, the fragmented approach to addressing cybersecurity challenges, low completion rates of mandatory training and absence of a disaster recovery plan for key ICT resources. Furthermore, senior management acknowledged that “the Organization currently lacks an agreed upon investment plan that reflects the results of rigorous analysis of the Organization’s future needs for hardware and software, alternative ways of meeting these needs and resources required to implement validated needs and approaches” (ibid., para. 50).
75. Consequently, the Committee, in paragraph 51 of its 2022 report (), made the following observation: Although the Organization has adopted some risk mitigation plans to address information technology and cybersecurity needs, the Committee believes that these are urgent issues that warrant additional management attention and review in order to update the risk mitigation plans for these areas. Such a review should include an examination of how the Organization can more efficiently use existing resources allocated to information technology and cybersecurity, as well as a review of resource needs to put the Office on a sound footing for the future.
76. Upon follow-up, the Committee was informed of the initiatives that management has put in place to address some of the issues noted above. Management noted that cybersecurity awareness campaigns and training are being undertaken to promote security-conscious behaviour and that following the completion of the United Nations Information Security Awareness Course (Foundational), all personnel will be required to pass an assessment on an annual basis.
77. Management noted that a disaster recovery exercise aimed at identifying potential areas of weakness, which could prevent the continued operation of business functions, information and data systems in the event of a disaster in one of the main data centres, was successfully completed in February 2023.
78. With respect to information technology and strategy, the Committee was informed that membership of ICT governance bodies has been extended to include representatives from substantive offices and that the ICT Steering Committee, co?chaired by the Under-Secretaries-General for Management Strategy, Policy and Compliance and Operational Support, meets periodically to discuss significant ICT investments and their alignment with the overall objectives of the Organization. The Committee was also informed that the current report on the ICT strategy was developed through a consultative and inclusive process and that working group meetings were convened and bilateral consultations were held to discuss capabilities, lessons learned, challenges and risks.
79. The Committee notes the progress in managing ICT-related risk. The Committee calls upon management to address the outstanding ICT risk mitigation issues, including developing a capital investment plan as a matter of priority.
E. Human resources
80. In the context of enterprise risk management, Human Resources Operations is considered one of the critical risk areas of the Organization. Since the failure to source, hire and retain employees is considered one of the drivers of this critical risk, the Committee heard from management on how that risk was being addressed.
81. With regard to sourcing, hiring and retention of staff, the Committee was informed that several initiatives have been put in place to address this risk. These include (a) working with Member States of underrepresented or unrepresented countries; (b) increasing the number of outreach initiatives (including virtual ones); (c) launching career worksites; and (d) promoting the young professionals programme.
82. On the length of time that it takes to recruit and the chronically high vacancy rates in offices such as OIOS, the Committee was informed that management was in the process of launching a new selection process which will concentrate on assessments and recruitment bottlenecks. It was observed that there could be a link between the high vacancy rates and mental health challenges faced by staff members.
83. To further underscore the critical nature of the Human Resources Operations risk, at the seventh meeting of the audit and oversight committees, representatives discussed the challenges of the workforce of the future. Within this context, the meeting considered the progress in implementing the United Nations System Mental Health and Well-being Strategy and the impact of mental health on insurance costs and other associated costs.
84. With respect to the workforce of the future, the Committee was informed that a multidisciplinary, multi-agency implementation board, chaired by the Assistant Secretary-General for Human Resources in the United Nations Secretariat, leads the implementation of the Strategy. At the same time, a global lead oversees and coordinates the implementation of the Strategy. This work is fully integrated within the mandate of the Occupational Health and Safety Forum under High-level Committee on Management, which aims to articulate a coherent and holistic United Nations system-wide approach in all aspects of safety and security, psychosocial support, health, human resources and administrative support.
85. With regard to the United Nations System Mental Health and Well-being Strategy and the impact of mental health on insurance costs, the Committee was informed that the Joint Inspection Unit was conducting a review of this matter. Management noted that it plans to wait for the finalization of the review of the Joint Inspection Unit before embarking on the next course of action.
86. The Committee welcomes the effort that management is undertaking to address this critical risk. With regard to the high vacancy rates in some offices, the Committee recommends that management explore the possibility of a link between high vacancy rates and staff mental health and take appropriate action to address this matter. The Committee plans to review this issue at future sessions.
F. Financial reporting
87. During the reporting period, the Committee engaged in discussions with the Board of Auditors, the Under-Secretary-General for Management Strategy, Policy and Compliance and the Controller on issues relating to financial reporting. The issues discussed included (a) the statement of internal control; (b) fraud and presumptive fraud; (c) status of the risk mitigation plan for extrabudgetary management and implementing partners; (d) after-service health insurance liability; (e) issues and trends apparent in the financial statements of the Organization and the reports of the Board of Auditors. As the statement of internal control is covered under section III.D above, the present discussion will concentrate on the remaining four areas.
Fraud and presumptive fraud
88. With respect to fraud and presumptive fraud, management provided a summary of the number of cases of fraud and presumptive fraud and the estimated amounts (as reported by the entities) since 2018, pertaining to volume I (regular budget). The Committee examined the trends in the reports of the Board of Auditors on this matter. The trends showed a higher number of cases in field missions (volume II (peacekeeping operations)) compared with volume I. The Board in its current report () noted that “the "process of reporting fraud and presumptive fraud had improved and most of the cases were reported in a timely manner except eight cases”.
89. The trend of reported presumptive fraud has stayed high since 2018. In paragraph 79 of its 2021 report (), the increased level of reported fraud and presumptive fraud was attributed to factors such as the issuance of anti-fraud guidelines, regular reporting from concerned offices and close coordination among those offices. The level of confirmed fraud, on the other hand, peaked in 2020 but has since declined. The estimated value of the presumptive fraud and confirmed fraud continue to trend lower (see figure III).
Figure III
Trends in fraud and presumptive fraud, 2018–2022
Note: For the purposes of the period covered, the volume I and volume II cycles have been combined to reflect the general trends.
90. The Committee notes the improvement in the reporting of cases of fraud and presumptive fraud. The Committee also notes that the decline in confirmed fraud in recent years coincides with the issuance of the anti-fraud and anti?corruption handbook. The Committee supports the further operationalization of the anti-fraud and anti-corruption handbook. The Committee will continue to monitor this trend.
91. In its report , the Board of Auditors reported that 99 cases of presumptive fraud were pending or under investigation as at 31 December 2022. The Committee believes that delays in investigating cases of presumptive fraud pose a risk that needs to be adequately mitigated. The Committee therefore recommends that management, in conjunction with OIOS, endeavour to investigate such cases promptly to increase accountability in the Organization.
End-of-service liabilities
92. With respect to the end-of-service liabilities, the Committee recalls its prior comments and recommendations (see and ), in which the Committee had called upon the General Assembly to decide whether, how and to what extent the liabilities would be funded. Furthermore, during the Committee’s discussions with various offices, management continued to consider the issue of employee benefits liabilities, specifically after-service health insurance as a major concern.
93. According to the Board of Auditors report (), after-service health insurance liabilities for the United Nations (volumes I and II) peaked in 2020 and have been declining since. In 2022, the liabilities declined by 23.3 per cent, from $7.24 billion reported in 2021 to $5.55 billion (see figure IV). According to management, the changes in these liabilities were due to an increase in the discount rate, which was partially offset by an increase in the initial health-care cost trends.
Figure IV
Trends in total after-service health insurance liabilities, 2018–2022
94. The Committee notes the recent declining trend of the after-service health insurance liability. The Committee continues to recognize that this trend should not mask the fact that after-service health insurance liabilities remain a significant liability and risk and the Committee is of the view that the General Assembly may wish to revisit this matter.
G. Coordination among United Nations oversight bodies
95. During the reporting period, in addition to its regularly scheduled meetings with OIOS, the Committee met with other oversight bodies, such as the Joint Inspection Unit and the Board of Auditors, through its Audit Operations Committee. The Committee was informed that the dialogue allowed for the sharing of perspectives on matters of mutual concern and provided a valuable opportunity for cooperation among United Nations oversight bodies.
96. The Committee continued to seek comments from the three oversight bodies, each of which emphasized, in its comments, the existing coordination mechanisms, including the sharing of their programmes of work. In separate meetings with the Board of Auditors, the Joint Inspection Unit and OIOS, the Committee noted the positive relationship fostered through the tripartite coordination meetings of the oversight bodies and the sharing of workplans in an effort to avoid duplication.
97. The Committee continues to believe that such coordination provides a valuable platform for additional opportunities for cooperation. The Committee nevertheless believes that oversight bodies should cooperate and coordinate among themselves not only to avoid duplication but, more urgently, to avoid any oversights gaps or significant risks.
98. In December 2022, the Committee hosted the seventh meeting of the representatives of the United Nations system oversight committees. A total of 32 representatives from 23 oversight committees, from organizations within the Secretariat, the funds and programmes and the specialized agencies, attended the meeting.
99. During the meeting, discussions resumed regarding common challenges and potential identification of good practices in the work and conduct of the United Nations system oversight committees. Participants focused on (a) the mental health strategies of United Nations system entities in the context of the human capital in the United Nations system and the future workforce; (b) the recent events at the United Nations Office for Project Services (UNOPS); (c) the consistency and practices of the executive secretariats supporting oversight committees; (d) how the United Nations system entities are managing third-party risks; and (e) continued discussion on the role of oversight bodies in respect of the environmental, social and governance initiative as an element of the 2030 Agenda.
100. Following the conclusion of the meeting, the participants agreed to convey their observations outlined above to the Secretary-General, in his capacity as Chair of the United Nations System Chief Executives Board for Coordination. In his letter of reply, the Secretary-General highlighted the Organization’s progress in this respect.
H. Cooperation and access
101. The Committee reports that it received good cooperation from OIOS and management in the Secretariat, including the Department of Management Strategy, Policy and Compliance, in discharging its responsibilities. The Committee was given appropriate access to the staff, documents and information needed to conduct its work. The Committee is pleased to report that it continued to work closely with the Joint Inspection Unit and the Audit Operations Committee of the Board of Auditors. The Committee looks forward to continued cooperation with the entities with which it interacts in order to discharge its responsibilities, as set out in its terms of reference, in a timely manner.
IV. Conclusion
102. In the context of its terms of reference, the Independent Audit Advisory Committee presents the preceding observations, comments and recommendations, as contained in paragraphs 10, 13, 17, 22, 23, 24, 27, 30, 37, 39, 41, 43, 44, 47, 50, 52, 54, 58, 60, 63, 67, 70, 73, 79, 86, 90, 91, 94 and 97 for the consideration of the General Assembly.
Annex I
Status of the recommendations of the Committee
During the reporting period, the Committee addressed numerous issues, in particular in relation to implementation of oversight body recommendations, enterprise risk management, cybersecurity, the statement of internal control, the operations of the Office of Internal Oversight Services (OIOS) and financial reporting. The Committee follows up on the implementation of its recommendations under a standard agenda item at each session. Some of the significant recommendations made by the Committee during the last reporting period (August 2021–July 2022) related to:
(a) The need for management to double its efforts to further improve the implementation rate of the recommendations of the Board of Auditors;
(b) The need for the Management Committee in consultation with OIOS to implement the 60 outstanding recommendations from 2017 by no later than 30 June 2023 and to take steps to minimize or avoid outstanding recommendations that are more than four years old;
(c) The need for dialogue between the Joint Inspection Unit, the Management Committee and some entities of the Secretariat to identify ways to improve on the low rate of acceptance by the entities concerned of the recommendations of the Joint Inspection Unit;
(d) The need for management to actively manage the risk relating to managing implementing partners by updating the current risk mitigation plans, consistent with the recommendation of the Board of Auditors and OIOS made in their respective reports;
(e) The need for management to continue its effort to make enterprise risk management a useful assessment and decision-making tool which will help the Organization to effectively identify and respond to risk associated with a rapidly changing environment;
(f) The need for OIOS to review its numerous performance metrics and identify the critical metrics that will be most useful to stakeholders in assessing the effectiveness of OIOS;
(g) The need for OIOS to address the issue of vacancy levels as a matter of priority;
(h) The need for management to ensure that recommendations of oversight bodies are implemented in a timely manner to mitigate the Organization’s critical risk;
(i) The need for management to finalize the memorandum of understanding with the United Nations Office for Project Services;
(j) The need for OIOS to review the resource need of the Investigations Division via-à-vis the needs of its stakeholders, with a view to developing a plan to further reduce the average time of completing investigations and managing the referral;
(k) The need for the General Assembly to consider alternative after-service health insurance liability funding strategies to mitigate this ever-growing risk.
Annex II
Workplan of the Committee from 1 August 2023 to 31 July 2024
|
Session |
Key focus area |
Intergovernmental consideration of the report of the Committee |
|
|
|
|
|
Sixty-fourth |
Review of the 2024 workplan of the Office of Internal Oversight Services (OIOS) in the light of the workplans of other oversight bodies |
Advisory Committee on Administrative and Budgetary Questions, first quarter of 2024 |
|
|
Proposed budget of OIOS under the support account for peacekeeping operations for the period from 1 July 2024 to 30 June 2025 |
General Assembly, second part of the resumed seventy-eighth session |
|
|
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors |
|
|
|
Coordination and cooperation among oversight bodies, including hosting a coordination meeting of oversight committees |
|
|
|
Election of the Chair and Vice-Chair for 2024 |
|
|
Sixty-fifth |
Status of implementation of oversight bodies’ recommendations |
General Assembly, second part of the resumed seventy-eighth session |
|
|
Report of the Committee on the OIOS support account budget |
|
|
|
Review of the enterprise risk management and internal control framework in the Organization |
|
|
Sixty-sixth |
Operational implications of issues and trends in the financial statements and reports of the Board of Auditors |
Advisory Committee on Administrative and Budgetary Questions, second quarter of 2024 General Assembly, main part of the seventy-ninth session |
|
|
Proposed programme budget for OIOS for the year ended 31 December 2025 Consideration of relevant aspects of the Ethics Office programme of work |
|
|
|
Coordination and cooperation among oversight bodies |
|
|
|
Transformational projects and other emerging issues |
|
|
Sixty-seventh |
Preparation of the annual report of the Committee |
General Assembly, main part of the seventy-ninth session |
|
Review of the enterprise risk management and internal control framework in the Organization |
||
|
|
Status of implementation of oversight bodies’ recommendations |
|
|
|
Coordination and cooperation among oversight bodies |
[1] Entities under the purview of the Secretariat include the United Nations Secretariat, the United Nations Conference on Trade and Development (UNCTAD), the International Trade Centre (ITC), the United Nations Environment Programme (UNEP), the United Nations Human Settlements Programme (UN-Habitat) and the United Nations Office on Drugs and Crime (UNODC).