Chapter 19 Mitigating the Risk of Corruption

• Policy makers
• Lead disaster agency
• Governance specialists
• Local government officials
• Project managers
  

Guiding Principles for Mitigating the Risk of Corruption

• Good governance is more than preventing corruption; accountability for the effectiveness of the reconstruction effort should be the overriding goal.
• A clear reconstruction policy and strategy with which all agencies involved are familiar, accompanied by agreements to combat corruption and to implement transparent reporting systems, and rigorous monitoring are tools for ensuring accountability in reconstruction.
• The larger the cost and the faster the pace of reconstruction, the more vigilant all agencies need to be against corruption.
• Tracking financial inflows and outflows, while important, is not sufficient for providing transparency and accountability throughout the reconstruction process.
• Disaster-affected communities, corruption’s ultimate victims, can play a key role in combating corruption if systems for social audit or other kinds of participatory performance monitoring are established.
• Measures to reduce corruption in post-disaster reconstruction can be successfully introduced even if the country’s overall integrity system is weak.
  

During disaster recovery, citizens often perceive that public resources are not being managed well and that corruption is rampant. Corruption is the misuse of an entrusted position for private gain, by employing bribery, extortion, fraud, deception, collusion, or money laundering. Transparency International states that private gain should be interpreted broadly to include gains accruing to a person’s family members, political party, or institutions in which the person has an interest.^[1] The World Bank defines corruption in terms of corrupt, fraudulent, collusive, coercive, and obstructive practices^.[2] These activities are criminal offenses in most countries, although the institutional capacity to prevent and sanction corruption may be insufficient, or may be overwhelmed by the disaster.

This chapter examines where corruption is found in recovery and housing and community reconstruction, particularly in public procurement, and discusses approaches to mitigate it.

1. Government must decide on an approach to managing the risk of corruption in reconstruction, which may entail the designation of an agency to oversee the governance of the reconstruction program. The lead anticorruption agency may be an independent entity other than the lead disaster agency; however, the capacity to manage corruption should be a factor in the choice of institutional option to manage reconstruction. (See Chapter 13, Institutional Options for Reconstruction Management, for a review of these options.)
2. Government (with the lead anticorruption agency or whichever institution or institutions will be providing leadership to manage corruption risk) should confirm that existing government anticorruption systems are adequate to be applied to the reconstruction program or establish the systems and sanctions that will be applied. The system should incorporate corruption risk analysis, promote preventive measures, include detection controls, and be adaptable to various kinds of organizations.
3. The lead anticorruption agency should collaborate with donors and international financial institutions (IFIs), as well as local governments and agencies involved in reconstruction, to decide on the legal framework and operational rules for procurement and for combating corruption throughout the reconstruction program and to identify any requirements for institutional strengthening.
4. The lead anticorruption agency should decide how to equip government agencies involved in reconstruction with systems to fight corruption in reconstruction and work to ensure they are implemented.
5. The lead anticorruption agency should work to ensure that all nongovernmental agencies involved in reconstruction are equipped with and are using systems to fight corruption in their activities.
6. Agencies involved in reconstruction should establish and publicize whistleblower or other mechanisms to ensure perceptions or instances of corruption in their projects are readily reported.
7. The lead communications agency should decide with government how to communicate to the public the measures in place to fight corruption in reconstruction and should encourage the public to report perceptions or instances of corruption.
   

The legal and policy framework at the national level for public financial management (PFM) is an important instrument for mitigating corruption and providing transparency and accountability in reconstruction. Although core fiduciary principles apply to reconstruction financial management, planning, budgeting, and project implementation often use special arrangements in the early years of reconstruction. Even under special modalities, however, PFM that conforms as closely as possible to the legal framework is critical. The Public Expenditure and Financial Accountability (PEFA) process is an international framework that is used to assess whether PFM arrangements are adequate. A PEFA analysis conducted in advance of a disaster can be used to identify weaknesses in PFM and areas for improvement and to monitor the effectiveness of reforms.^[4] In a post-disaster situation, measures to assess corruption risk and to prevent and detect corruption are likely to be less systematic and more situational. Assessments and measures that can be implemented immediately are discussed in this chapter.

Social accountability or participatory performance monitoring mechanisms such as social audits and complaint mechanisms are also useful for strengthening post-disaster governance and transparency. Countries with established integrity systems may have arrangements in place; others can establish them as part of the reconstruction strategy. See Chapter 18, Monitoring and Evaluation, for guidance on the use of participatory performance monitoring.

• Government requires that any agency involved in reconstruction submit an anticorruption plan and report regularly on its implementation.
• All agencies involved in reconstruction require their private contractors to sign codes of conduct and their staffs to sign integrity pacts, with both subject to spot checks by government or outside auditors.
• An online system is established to share corruption schemes that are discovered or warning signs among agencies on a real-time basis.
• A common database of affected households is created among agencies, with unique identifiers to monitor the distribution of aid, including housing assistance.
• Common monitoring indicators are developed and reported for all projects, and data analysis is used to identify divergence from averages for costs of materials, administrative expenses, etc.
• Registration of aid workers and contractors is required, and information is shared among agencies to avoid rehiring staff or private firms involved in questionable practices.
• A common anticorruption monitoring board composed of agency and community representatives is established and/or a common pool of outside specialists is hired to standardize disbursement procedures and analyze samples of transactions.
  

Post-disaster construction projects are especially prone to corruption because of their scale and complexity. There are also difficulties in specifying the work ex-ante and nontransparent practices in the construction industry, and there may be limited government capacity to oversee numerous large-scale projects. Not all corruption, however, is related to procurement. For instance, deceptively attempting to qualify for post-disaster compensation is fraud. At the same time, not all appearances of corruption are, in fact, corruption.

Some examples of questionable activities that may—or may not—entail corruption are listed in the following table. The ways in which people will try to use the reconstruction process for their own benefit will be specific to the situation and even the culture. Government and agencies involved in reconstruction can keep this list of activities in mind in developing the reconstruction program so that reconstruction policy and assistance mechanisms are designed to discourage and detect them.

• A code of conduct is in force that commits the contracting authority and its employees to a strict anticorruption policy.^[6]
• Only companies that enforce a strict anticorruption policy are allowed to tender proposals.
• A blacklist that bars companies from tendering proposals for a specified period of time is maintained by government.
• Public contracts above a low threshold are open to competitive bidding, with limited, clearly justified exceptions.
• All procurement information, including direct contracting or limited bidding processes, is made public; only legally protected information is kept confidential.
• No bidder is given access to privileged information related to the contracting or selection process.
• Bidders are allowed sufficient time to prepare their bids and to prequalify.
• Sufficient time is allowed to give an aggrieved competitor the opportunity to challenge the award.
• Contract change orders beyond a cumulative threshold (for example, 15 percent of contract value) are monitored at a high level, preferably by the body that awarded the contract.
• Control and auditing bodies are independent and functioning effectively; their reports are publicly accessible.
• Key functions of a project—demand assessment, preparation, selection, contracting, supervision, and control—are managed separately within government.
• Safeguards, such as the use of committees and staff rotation, are applied, and staff members responsible for procurement are adequately trained and remunerated.
• Civil society is allowed to participate as independent monitors of both the tender and execution of projects.
  

Public expenditure and financial accountability framework. The PEFA framework identifies weaknesses in PFM, including procurement, and uses performance indicators to identify areas for reform and to monitor improvements.^[7] (See Chapter 15, Mobilizing Financial Resources and Other Reconstruction Assistance.) The World Bank or other members of the PEFA partnership may have conducted a PEFA or similar analysis. If not, a rapid assessment of a country’s systems may be necessary, with special emphasis on procurement capacity. When weaknesses are detected, international agencies can play an important role by providing funds for technical assistance, along with their reconstruction funds, for improving PFM during the reconstruction period.^[8]

Even developed countries can have trouble controlling corruption in a post-disaster environment. The case study on Hurricanes Katrina and Rita, below, presents an example of where the systems used for post-disaster disbursements to households failed to prevent fraud.

Corruption risk assessments. Corruption risk assessment tools tend to be oriented toward evaluating systematic risks within the public sector. To date, there is no definitive post-disaster governance or corruption risk assessment methodology for individual development projects or development institutions. Some useful resources are listed below.

• The World Bank’s Governance and Anticorruption (GAC) Strategy and Implementation Plan. See  Annex 1, How to Do It: Developing a Project Governance and Accountability Action Plan.
• The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework. See Annex 2, How to Do It: Conducting a Corruption Risk Assessment.
• The United Nations UN Anti-Corruption Toolkit, especially “Tool #2: Assessment of Institutional Capabilities and Responses to Corruption”^[9]
• The Corruption Risk Assessment Questions table developed by Management Accounting for NGOs (MANGO) for Transparency International and the U4 Anti-Corruption Resource Centre^[10]
• A list of risk assessment tools compiled by the U4 Anti-Corruption Resource Centre on its Web site^[11]

Codes of conduct. Codes of conduct for public officials^[12] can be used to establish general standards of behavior consistent with principles of integrity, transparency, accountability, and responsible use of organizational resources. They may also address standards applicable to specific groups of employees, such as those involved in the reconstruction program. The code should define procedures and sanctions to be applied in cases of noncompliance. Administration of the code should be done by an independent individual or body and should be readily accessible so that a public employee can enquire whether an activity would be in breach of the rules before engaging in it. Standards may include positive obligations, such as the requirement to disclose conflicts of interest, and prohibitions, such as those against disclosure of certain information or acceptance of gifts. Public sector codes of conduct usually apply not only to conduct inconsistent with the office but also to conduct that might give the perception of impropriety or damage the credibility of that office.

Declaration of assets and income. The declaration of assets and income by public officials is a tool to deter illicit enrichment from bribery, kickbacks, etc.^[13] It helps ensure that unlawful behavior is monitored, quickly identified, and dealt with. The disclosure of financial information by public servants raises privacy concerns, so it may not entail full public disclosure, except in cases where improper conduct is discovered or proven, but rather disclosure to specially established bodies that are trusted and empowered to take action if wrongdoing is suspected, such as inspectors or auditors general. It is generally not necessary or practicable to subject every public employee to a disclosure process, but instead to apply the policy to officials at or above a certain seniority or those in positions with a high risk of corruption, such as reconstruction procurement officials. While it is common for public officials subject to declarations of assets to report annually, the accelerated nature of reconstruction procurement may require more frequent reporting.

IPs cover all phases of a project, from planning to operation, and can be used for any kind of reconstruction contract. IPs enable companies to abstain from bribing by assuring them that their competitors will do the same, and that government and its officials will take the necessary precautions to prevent corruption. IPs reduce the costs of corruption in public procurement, strengthen trust in the public sector and its procurement activities, and improve the overall investment climate.

In addition, IPs are flexible and adaptable to many legal settings, with conflict resolution and sanction imposition generally handled through arbitration mechanisms rather than the judicial system. Independent monitoring of the pacts is required and can be carried out by a civil society organization (CSO) or other independent and accountable entity. Although IPs should be mandatory in reconstruction, not all governments require them.

Some auditors can act on their own findings, but they are usually restricted to investigation, reporting, making recommendations, and referring findings to another body for action. Auditors generally report to a body inside the organization, but outside of management, such as a board of directors or the legislature. Auditing should generally be carried out by an entity independent from the organization under audit, based on standards that are defined before the audit begins.^[17] A large measure of an auditor’s power resides in the fact that audit reports are generally made public, especially in the public sector. Even entities in possession of confidential information, such as national security matters or sensitive commercial information, should not be exempt from being audited.

The generic categories for audits are “financial audits” and “performance audits.” Audits may have a combination of financial and performance audit objectives or may have objectives limited to only some specific aspect of one audit type.

Special audit entities. The volume and speed of disaster procurement or questions about the auditing capacity of government may make a special audit entity necessary. This may be an operational unit auditing concurrently or a higher-level body that oversees the budgeting, procurement, and auditing processes. If government procedures already contemplate such a mechanism, it should be mobilized. If not, procedures should be established so it can be created and staffed with either private auditors or trained auditors from within the public sector. The UN suggests that such an entity be composed of a combination of national and international experts.^[18] The design and staffing process must ensure the entity’s independence, the avoidance of conflicts of interest by those working in the entity, and the transparency of the entity’s operations. A national public accountants association may be able to advise on design and start-up. The case study on Malaysia, below, shows how government deployed the national Practices, Systems and Procedure Examination Unit after the 2004 Indian Ocean tsunami to analyze PFM procedures in the agencies that would be handling reconstruction funds to determine whether the measures already in place were adequate.

World Bank audits. The World Bank regularly conducts audits to review the procurement, contracting, and implementation processes in Bank-financed projects. These audits verify whether procurement and contracting were carried out according to the loan agreement and whether the expected economy and efficiency were achieved, evaluate the Bank’s oversight of the project, and identify ways to improve procurement and contracting.^[19]

Whistleblower laws. In establishing laws or other legal instruments to protect whistleblowers, a balance should be sought between protection of the whistleblower and accountability of the whistleblower, to minimize fraudulent complaints.

Telephone hotlines. A hotline should be introduced as part of the larger anticorruption strategy and be well publicized. This publicity can be incorporated into the communication strategy of the reconstruction program. See Chapter 3, Communication in Post-Disaster Reconstruction. A hotline must be staffed by trained operators and have a secure phone line. The information gathered in these conversations must be collected systematically and treated with confidentiality.

Civil society monitoring. CSOs can provide advice and counsel to whistleblowers or can conduct social audits. The same rules of confidentially and accountability apply. See Chapter 14, International, National, and Local Partnerships in Reconstruction, for information on how government can work effectively with these institutions.

Ombudsmen. Ombudsmen receive and consider a wide range of complaints that fall outside the jurisdiction of courts or administrative bodies. Their specific roles depend on whether other similar official bodies exist and how effective they are. Ombudsmen require a clear and relatively broad mandate, independence, public accessibility, transparency, integrity, and sufficient resources to carry out their duties. They can provide the following services:

• Investigate relatively minor complaints while avoiding expensive legal proceedings
• Provide remedies in certain cases
• Serve as a clearinghouse, referring complaints to a more appropriate forum for further action
• Educate government staff about standards of conduct, raise questions about the appropriateness of established codes or service standards, and recommend adjustments
• Raise awareness about the public’s rights to information and the level of efficient and honest public services they should expect
• Conduct proactive research regarding complaints and complaint patterns

Redundancy of complaint mechanisms. Whistleblowers should always have at least two complaint mechanisms available to them: the first, an entity within the “offending” organization, such as a supervisor or internal oversight body, and the second, to provide backup if the first body fails to investigate, complete the investigation, take appropriate action, or report back in a timely fashion. Within the public sector, the first may be the general auditor, for example. The second mechanism also provides the whistleblower protection against retribution or a cover-up.

• Bypassing sound procurement practices to speed up reconstruction.
• Slowing procurement processes to eliminate all possibility of corruption.
• Executing agencies with no knowledge of prices and other local market characteristics.
• Making integrity pacts optional for private firms bidding for and participating in post-disaster reconstruction.
• Not following through on the threat to sanction violators of anticorruption measures.
• Hiring staff members whom other organizations fired for corrupt practices.
• Failing to implement control measures and train government and other executing agency employees in preventing and reporting corrupt practices.
• Not protecting the confidentiality of whistleblowers reporting corruption.

1. Take a proactive approach to minimize corruption in the reconstruction program by assessing corruption risks early in reconstruction planning.
2. Recognize that corruption can be perpetrated by any stakeholder in the reconstruction program if given the opportunity. Be creative and proactive in identifying opportunities for corruption.
3. Use the communications strategy for the reconstruction program to alert the public regarding their role in mitigating corruption and mechanisms available to report wrongdoing.
4. Some anticorruption mechanisms can be implemented on an ad hoc basis, even if a comprehensive integrity system is not in place. However, advocate for a systematic approach to establish credibility with affected communities and the public.
5. Don’t assume public officials know what corruption is, or that they shouldn’t do it. Consider implementing—at a minimum—codes of conduct and asset disclosure procedures for staff involved in reconstruction procurement.
6. Use auditing as an anticorruption mechanism that can be tailored to the requirements of specific situations.
7. Look for substantive ways to involve social actors in the anticorruption effort.
8. Establish systems that ensure confidentiality for whistleblowers.
9. Funding sources should work to establish common transparency standards. They should require, whether individually or collectively, that the use of their funds be widely disclosed to the public.

After Hurricanes Katrina and Rita devastated the U.S. Gulf Coast in 2005, the Federal Emergency Management Agency (FEMA) began a process for registering the people affected by the storms and providing them with “expedited assistance” (EA) payments. Using both Internet and telephone registration systems, FEMA registered 2.5 million households in the three months following the disaster. By December 2005, FEMA had disbursed US$2.3 billion (officially, US$2,000 per household). Those registered for EA were also potentially eligible for further assistance of up to US$26,200.

In December 2005, the General Accountability Office (GAO), the investigative arm of the United States Congress, began an audit of the process. GAO identified significant flaws in procedures for preventing, detecting, and deterring fraud, including limited controls to verify the identity and residence of those registering. Registrants using bogus social security numbers and property addresses were able to register, some multiple times, and were not screened out of the registration lists. FEMA’s lack of controls also meant that many legitimately registered recipients erroneously received multiple payments. FEMA later estimated that as many as 900,000 of the 2.5 million people registered were duplicates. Using data-mining techniques, GAO estimated in 2006 that as much as US$1.5 billion of FEMA’s EA payments were fraudulent.

Source: U.S. GAO, 2006, “Hurricanes Katrina and Rita Disaster Relief: Improper and Potentially Fraudulent Individual Assistance Payments Estimated to be between $600 Million and $1.4 Billion” (Washington, DC: GAO), http://www.gao.gov/new.items/d06844t.pdf.

On December 26, 2004, when the Indian Ocean tsunami struck the states of Penang, Perlis, Kedah, and Perak in Malaysia, a solid framework for preventing corruption was already in place. In 1961, the Malaysian government had established an independent Anti-Corruption Agency (ACA) to enforce the Prevention of Corruption Act. The ACA now has branches in each of Malaysia’s 14 states and sub-branches throughout the country. In 1998, Integrity Management Committees (IMCs) were established in all federal and state agencies.

When the National Disaster Aid Fund was set up in the aftermath of the tsunami to manage the RM 90 million (US$24 million) for disaster relief, ACA Penang took action to head off the corruption threat. The national Practices, Systems and Procedure Examination Unit, deployed to analyze procedures in the disbursing and executing agencies, determined that the measures already in place were adequate. The assistance process for the population affected by the tsunami began with a police report detailing each affected person’s loss and property damage. Three separate state committees, each with elected and local community representatives, then reviewed these reports, as did other government entities, before they were sent to the National Disaster Aid Fund Management Committee for approval. Other anticorruption measures included announcing assistance amounts for affected populations in the media, publicly displaying information on the assistance at the time of disbursement, and requiring that the government official and the recipient sign a form that warned of consequences of false claims and false information. Fewer than 15 complaints were received from the four affected states.

Source: Abu Kassim Bin Mohamad, 2005, “Effective Anti-Corruption Enforcement and Complaint-Handling Mechanisms: The Malaysian Experience,” in “Curbing Corruption in Tsunami Relief Operations” (proceedings of the Jakarta Expert Meeting, Jakarta, April 7–8), http://www.u4.no/document/literature/adb-ti-2005-curbing-corruption-tsunami-relief-operations.pdf.

Centre for Good Governance. 2005. Social Audit: A Toolkit. A Guide for Performance

Improvement and Outcome Measurement. Hyderabad: Centre for Good Governance. http://unpan1.un.org/intradoc/groups/public/documents/cgg/unpan023752.pdf.

Kaufmann, Daniel, Aart Kraay, and Massimo Mastruzzi. 2009. “Governance Matters VIII: Aggregate and Individual Governance Indicators, 1996–2008.” Washington, DC: World Bank.

Kostyo, Kenneth, ed. 2006. Handbook for Curbing Corruption in Public Procurement. Berlin: Transparency International. http://www.transparency.org/publications/publications/other/procurement_handbook.

Stansbury, Catherine, and Neill Stansbury. 2008. Anti-Corruption Training Manual (Infrastructure, Construction and Engineering Sectors), international version. Transparency International. http://www.transparency.org/global_priorities/public_contracting/projects_public_contracting/preventing_corruption_in_construction.

Transparency International. 2009. “Contracting: Preventing Corruption on Construction Projects.” Tools. http://www.transparency.org/tools/contracting/construction_projects.

Transparency International. 2009. “Public Contracting: The Integrity Pacts.” Global Priorities. http://www.transparency.org/global_priorities/public_contracting/integrity_pacts.

UNODC. 2004. The Global Programme Against Corruption: UN Anti-Corruption Toolkit, 3rd ed. (Vienna: UNODC). http://www.unodc.org/documents/corruption/publications_toolkit_sep04.pdf.

World Bank. Governance and Anticorruption Web site and related resources. http://www.worldbank.org/wbi/governance.

World Bank. 2004. Guidelines: Procurement under IBRD Loans and IDA Credits, rev. 2006. Washington, DC: World Bank. http://go.worldbank.org/RPHUY0RFI0.

World Bank. 2009. “Governance Matters, 2009: Worldwide Governance Indicators, 1996–2008.” http://info.worldbank.org/governance/wgi/index.asp.  

The behavior of government and other key stakeholders, such as the private and financial sectors, shapes the quality of governance and affects development outcomes. Therefore, the WBG’s GAC work aims to help government develop the capability to devise and implement sound policies, provide public services, set the rules governing markets, and combat corruption, thereby helping reduce poverty.

At the project and sector levels, the Bank can help government:

• strengthen country systems, such as financial management;
• incorporate good governance and anticorruption objectives into sectoral programs;
• identify high-risk operations and prepare a Project Governance and Accountability Action Plan (GAAP);
• improve the quality of project design, supervision, and evaluation, and enhance third-party monitoring of projects;
• use fiduciary quality reviews of the Bank’s financing portfolio;
• target resources to improve the supervision of high-risk projects; and
• establish teams to review project designs, risk ratings, and anticorruption action plans.

• Summary prioritizing high-risk areas requiring careful review of incentives, disincentives, and remedies
• Action plan elements to mitigate the chances of corruption identified above
• Corruption mapping matrix, including analysis of incentives and disincentives

• List of project design features and mechanisms that will empower recipients and communities
• Mechanisms for recipient involvement in the procurement process
• Plan for citizen involvement
• Plan for construction of simple works by communities

• Agreement on the watchdog role and the mechanism of oversight by civil society
• Agreement on the disclosure provisions to be included in the legal documents of the project
• Media strategy, including independent monitoring by the media
• Credible system to handle complaints under the project
• Plan for corruption surveys to get independent feedback
• Plan for periodic feedback from the private sector, including firms that are participating and those that are not

• Formal incorporation of policies against collusion in the project by their inclusion in legal documents, operational manuals, minutes of negotiations, materials of project launch, and plans of dissemination to all stakeholders

• Assurance that the task team has adequate capacity to deal with fiduciary issues by including procurement and financial management specialists in the task team
• Assurance that the borrower has made acceptable arrangements to put in place adequate capacity for project management, including capacity and systems for procurement, financial management, maintenance of records, and contract management
• Supervision plan to ensure compliance with agreed procurement and financial management procedures, progress on the ground, and handling of complaints
• Plan for assessing “value for money” by examination of the results of the procurement process through asset verification and comparison of prices obtained

• Definition of the use of remedies for suspension and cancellation, including actions required to avoid application of these remedies
• Definition of actions required from government, including credible sanctions against firms and individuals against whom evidence of fraud or corruption has been found, including government officials
• Inclusion of provisions for national competitive bidding in the loan agreement to facilitate declaration of misprocurement in project
• Definition of remedies to ensure implementation of agreed-to disclosure provisions
• Definition of remedies to reduce procurement delays
• Definition of remedies for deviations found in the fiduciary audit

• Draft and final GAAP

At a more micro level, a number of very targeted anticorruption tools have been developed for use in organizations (e.g., integrity pacts and policies to require disclosure of assets and liabilities by public officials), as discussed in this chapter. Indicators called “corruption warning signs” are also very useful for making an initial assessment of organizational corruption risk.^[26] However, a corruption risk assessment should analyze and attempt to predict whether an individual organization will be prone to corruption and fraud in a systematic manner and to identify the specific weak points in its management that should be strengthened. Some possible options for carrying out a corruption risk assessment of an individual organization are shown in the following table.

The internal control process should provide reasonable assurance to stakeholders that the organization is meeting or is capable of meeting the three objectives shown below (reinterpreted for the public sector environment). The corruption risk assessment should evaluate whether the organization under consideration has measures in place to ensure accomplishment of these objectives.

Evaluating the internal control framework. A comprehensive control framework requires five components according to COSO. Assessment of these characteristics of an organization will allow a judgment to be made about the presence of corruption risks and the identification of specific weaknesses:

1. Establishment and maintenance of a sound control environment (corporate culture)
2. Regular, ongoing assessment of risk
3. Design, implementation, and maintenance of control-related policies and procedures to compensate for identified risks
4. Adequate communication
5. Regular, ongoing monitoring of control-related policies and procedures to ensure that they continue to function as designed and to ensure that identified problems are handled appropriately 

Identifying evidence of deficiencies in internal control and of fraud.^[32] The scope of work for the corruption risk assessment should require that the following control deficiencies and indicators of fraud risk be looked for and analyzed. The depth of this analysis will vary depending on the size and complexity of the organization being assessed. Unless the assessment is intended to produce only a “go/no-go” decision on the use of a particular organization, the consultant’s scope of work should require that the consultant describe the specific measures that need to be taken to correct the deficiencies identified.

The type of consultancy described in this annex is referred to in the accounting profession as an “attestation engagement” rather than an audit. According to the United States General Accounting Office, an attestation engagement can cover a broad range of financial or nonfinancial objectives and may provide different levels of assurance about the subject matter or assertion depending on the users’ needs. The three types of attestation engagements are (1) examinations, (2) reviews, and (3) agreed-upon procedures.^[34] Attestation engagements result in a report on a subject matter or on an assertion about a subject matter that is the responsibility of another party. Well-defined standards for attestation engagements are generally established in both national and international accounting rules.^[35]

A less formal assessment may be conducted by a consultant with sufficient knowledge in internal control procedures. The experience and qualifications of the consultant should be carefully evaluated. Accountants are governed by professional principles and standards^[36] that will apply to the handling of the assignment and the way findings are reported (e.g., objectivity, independence, professional judgment, quality control). The terms of reference of a non-accountant should require his or her compliance with substantially similar standards.

Outputs of the Corruption Risk Assessment

1. The consultant should provide at least the following outputs:
2. Plan for the assessment
3. Draft presentation of findings (the organization being analyzed should have the opportunity to comment on these)
4. Draft presentation of recommended measures to address findings (the organization being analyzed should have the opportunity to comment on these)
5. Final presentation of findings and recommendations