Bank Guidance

Use of Different Types of Audits in Investment Project Financing

Bank Access to Information Policy Designation Public

Catalogue Number

OPCS 5.06-GUID.01

Issued and effective April 23, 2014

Content This Guidance looks at the use of different types of audits as effective risk management tools for investment project financing

Applicable to World Bank

Issuer Director, Operations Risk Management (OPSOR), OPCS

Sponsor Chief Financial Management Officer, Operations Risk Management (OPSOR), OPCS; and Head, Governance and Anti-Corruption in Operations, Operations Risk Management (OPSOR), OPCS

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 1 of 20

SECTION I – PURPOSE AND APPLICATION

1. The purpose of this Guidance is to provide – in particular for non-financial specialists – an overview of the different types of audits, with examples of their use, and suggestions on how to integrate them into risk management processes for investment project financing.

2. This Guidance applies to the World Bank.

SECTION II – DEFINITIONS

As used in this Guidance, the capitalized and abbreviated terms have the meaning set out below: 1. BP: a Bank Procedure statement, as defined in the Bank’s Operational Manual. 2. ISA: International Standard on Auditing set by the International Auditing and Assurance

Standards Board. 3. ISSAI: International Standards of Supreme Audit Institutions of the International

Organisation of Supreme Audit Institutions. 4. IVA: an independent verification agent. 5. OP: an Operational Policy statement, as defined in the Bank’s Operational Manual. 6. OPCS: Operations Policy and Country Services. 7. OPSOR: Operations Risk Management. 8. World Bank or Bank: International Bank for Reconstruction and Development and

International Development Association.

SECTION III – SCOPE

This Guidance looks at different types of audits as effective risk management tools for operations.1 Audits play a key role in ensuring that (a) funds are used for the intended purposes; and (b) results are achieved on the ground. The Bank’s financial audit provides reasonable assurance regarding the former, but may be less effective in assuring the latter. The continuing evolution of the Bank’s portfolio and the global trend towards more results based projects, with a sharper focus on the delivery of basic services (social and infrastructure services), has been accompanied by development and use of different types of audit (see box 1). Complementing financial audits, these other audit types play an increasingly important role in risk management.

1. The Bank’s Financial Audit Model

The Bank’s financial audit model is based on the use of audited financial statements of Bank-financed investment projects as a means “to ensure that the proceeds of any loan are used only for the purposes for which the loan was granted, with due attention to considerations of

1 Although this Guidance looks at how different types of audits have been employed in investment project financing

and provides relevant examples, several of these types of audits can be equally useful in the context of program-for-results financing.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 2 of 20

economy and efficiency”2. OP 10.00, Investment Project Financing, provides that “borrower maintains, or causes to be maintained, for Project implementation, financial management arrangements that are acceptable to the Bank and that, as part of the overall arrangements in place for implementing the Project, provide reasonable assurance that the proceeds of the Investment Project Financing are used for the purposes for which they are granted” (para. 6) and further that “[the borrower’s] obligations include the requirement to carry out the Project with due diligence, maintain appropriate implementation monitoring and evaluation arrangements, and comply with procurement, financial management, disbursement, social and environmental obligations. The borrower measures and reports against the achievement of the Project development objectives and results and provides agreed financial and audit reports. The borrower is expected to deal in a timely and effective manner with actual or alleged problems or violations (individual or systemic) in these areas” (para. 18).

More specifically, with respect to financial audits and their timing, BP 10.00, Investment Project Financing, provides that “unless otherwise agreed by the Bank, the borrower furnishes annual audited Project financial statements six months after the close of the borrower’s financial year and unaudited interim financial reports periodically. Audits are carried out by auditors with independence and capacity acceptable to the Bank, under terms of reference acceptable to the Bank” (para. 35). Normally, the Bank relies on supreme audit institutions or private audit firms to carry out such financial audits. The Bank, as per para. 36 of BP 10.00, “monitors the timeliness of the receipt of the annual audited financial statements and audit reports and reviews their content and quality”. For this purpose, the project risk management (PRIMA) audit module is used. The borrower “is expected to deal in a timely and effective manner with actual or alleged problems or violations (individual or systemic) in these areas” (para. 18, OP 10.00).3

While OP/BP 10.00 lay out default audit requirements, they also provide for the flexibility for the Bank to agree otherwise. The Bank’s Instructions: Preparation of Investment Project Financing (Track 1/Track 2) set out the process and the authority for approving exceptions to these default audit requirements, either by eliminating periodic audits or by revising the frequency of audit reports (i.e. annual audited financial statements are furnished (a) later than six months after the end of the financial year or (b) less frequently than annually). For example, less frequent audits may suffice for low risk projects, while some high risk projects may require more frequent, such as six-monthly or quarterly, or even continuous audits. Furthermore, an audit may impose an undue burden on a small grant and in this case an exception may be requested in circumstances where robust alternative mechanisms exist, such as the different types of audits which are the subject of this Guidance. The decision to eliminate audits is made by the Regional Manager for Financial Management if the loan amount is $5 million or less and by the Financial Management Operations Review Committee if the loan amount is more than $5 million, in accordance with the process set in Instructions: Preparation of Investment Project Financing (Track 1/Track 2).

2 International Bank for Reconstruction and Development Articles of Agreement, Art. III, Section 5(b) (as amended

effective June 27, 2012); International Development Association Articles of Agreement, Art. V, Section 1(g).

3 The provisions of OP/BP 10.00 apply to “any loan, credit, or grant made by the Bank from its resources or from trust

funds funded by other donors and administered by the Bank, or a combination of these” (see footnote 1 to OP 10.00). In the case of program for results financing, “the borrower is required to submit annual audited Program financial statements after the close of the borrower’s financial year” (para. 39, BP 9.00, Program for Results Financing and

these audits are normally carried out by the supreme audit institutions.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 3 of 20

Box 1. Developments Leading to Increased use of Other (Non-Financial) Audit Types

While the audit of the project financial statements (the financial audit) is still the default fiduciary assurance function, several factors have led to greater complementary use of other audit types:

More Decentralized Operations. The Bank’s resource transfer profile has evolved, including more decentralized operations characterized by high volumes of low value transactions (e.g. conditional cash transfers and community driven development projects), for which the use of complementary audit types such as social audits and social accountability measures may reduce risks.

Developments in ICT. The spread of mobile phones and GPS tracking devices facilitates feedback from decentralized agencies and participating beneficiaries, even in insecure situations (e.g. remote supervision via satellite images).

Increased Public Access to Information. The World Bank Policy on Access to Information provides that “the Bank makes publicly available the borrowers’ audited annual financial statements (or, in exceptional cases, an abridged version thereof) for investment project financings, for which the invitation to negotiate is issued on or after July 1, 2010” (footnote 16). This publication requirement enables the public at large to assess the content and quality of audit reports. At the same time, technological advancements are significantly impacting the level of information sharing and public awareness, creating forums for information campaigns to engage citizens to demand more accountability in the use of public resources through social audits and related social accountability tools such as grievance redress mechanisms. The trend to more “Open Government” helps develop the enabling environment for their application.

Fragile and Conflict-Affected Situations. The Bank is more engaged in fragile and conflict-affected situations, with capacity and security implications for the verification process, which may be mitigated by the use of complementary audit types, including technical and social audits.

Non-financial Audit Issues. Financial audit limitations regarding verification of the quality of outputs have led to customized audit scopes and greater use of independent verification agents for physical verification of project assets.

Greater use of Country Systems, especially in middle income countries, places greater reliance on public financial management systems and the institutions involved, including supreme audit institutions and internal audit institutions. Supreme audit institutions in client countries are increasingly involved with citizen engagement to enhance public accountability. See: http://workspace.unpan.org/sites/Internet/Documents/UNPAN92198.pdf

In the Future, ever more diversity in investment project financing is likely to be necessary as the Bank seeks to meet targets to eliminate poverty, calling for improved risk management and greater use of different types of audit.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 4 of 20

2. Different Types of Audits

When are they used? More commonly, different types of audits complement financial audits in a range of projects, especially in high risk (e.g. high volume/low value transactions) and/or low audit capacity situations (e.g. fragile and conflict-affected situations), strengthening risk management by enabling expenditures/outputs to be verified more easily. In this way, they can help to provide fiduciary assurances for components of projects that might otherwise be considered too risky to be undertaken.

Who executes them? Such audits are generally undertaken by external, IVAs, although internal audits, as their name implies, may be undertaken by an internal auditor. Social audits involving participatory monitoring by the community are generally facilitated by a government agency, non-governmental organization, or civil society organization. Audit capacity is critical – because traditional financial audit firms, comprising mostly certified public accountants or chartered accountants, may not have the technical capacity to undertake some different types of audits, they may team-up with technical IVAs, or the IVAs may undertake audits independently (see ISA no. 620 which describes the engagement of experts other than auditors or accountants). The involvement of supreme audit institutions constitutes a means of strengthening country institutions, and thus is encouraged.

How much do they cost? This is a very project specific consideration and will vary according to the project risk profile, the country risk situation and extent of the audit. Sometimes the audit may be an unavoidable cost of doing business, for example in the case of independent verification of the quality of civil works. In some low risk situations, a simple grievance redress mechanism may suffice to alert stakeholders to design inadequacies or implementation irregularities without the need for a full-blown social audit. Integrating the audit process into project design may lower costs, for example, by using beneficiaries to carry out audit functions (see box 9). In general, the cost of the audit is expected to be much less than the potential cost of the risks mitigated.

What are they? While there are many variations in terminology (see box 2) and terms of reference, with considerable overlapping, most different audit types relevant to Bank financed investment projects (including specialist audits such as environmental or forensic audits and quasi-audits, such as public expenditure tracking surveys) fall into the broad types summarized in Table 1 below and subsequently described in more detail. The choice of audit type will depend on the risk to be mitigated and the capacity of the various actors (the enabling environment). Duplication of audits can be avoided by small changes to terms of reference; for example a small change to a financial audit terms of reference can expand it to include performance and/or compliance audits (see box 2).

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 5 of 20

Box 2. Terminology: Definitions, Good Governance and Accountability

The term audit is widely used, often colloquially, as a synonym for evaluation, appraisal, assessment, examination, study or review. In the context of this Guidance, it is used to describe activities which promote good governance by holding institutions accountable for their actions through the independent verification of expenditures, processes and outputs, in accordance with principles of transparency, accountability and participation. Some audits, such as financial audits, performance audits, compliance audits and internal audits, have specific definitions attributed by international bodies (the International Organization of Supreme Audit Institutions; the International Federation of Accountants; and the Institute of Internal Auditors). These audits follow prescribed procedures based on global standards, undertaking a cycle of activities to report to stakeholders and recommend follow-up actions. Other audits, such as technical audits and social audits, follow less standardized procedures which vary according to circumstances, while a whole range of specialist audits,

such as environmental audits and forensic audits, serve specific purposes.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 6 of 20

Table 1 – Different Types of Audits

Audit Type Frequency; Who Executes; Distinguishing Features.

Uses, project types

Advantages Challenges, lessons learned

Financial Audit

Periodic audit by supreme audit institutions or independent auditors certifying that project financial statements provide a true and fair view of the activities undertaken.

All projects. Provides reasonable assurance that funds are used for purposes intended. Published.

Weak verification of quality of deliverables; no community participation.

Performance Audit (Value for Money Audit; Operational Audit)

Periodic or as needed, independent review of economy, efficiency and effectiveness of operations. May be undertaken separately, or as part of a financial audit.

To improve economy, efficiency and effectiveness in all projects.

Focus on results; responds to the Bank’s mandate to pay attention to economy and efficiency.

Requires independent technical expertise. Could become part of the standard financial audit package.

Compliance Audit

Periodic independent verification that expenditures are for the purposes intended (eligible expenditures) and follow applicable Bank rules and procedures (e.g. procurement guidelines). May be separate or part of a financial audit.

All projects. Ensures funds are used for purposes intended and that the Bank’s, the borrower’s or other entities’ agreed procedures are followed.

Could become part of the standard financial audit package.

Internal Audit Continuous independent internal review of an organization’s operations and procedures to assess efficiency, effectiveness, compliance and the existence of adequate internal controls to mitigate risks to the achievement of the organization’s objectives.

Strengthens management in all projects.

Ensures adequate internal controls to mitigate risks.

Can require out-sourcing. Often misused as a mere authorization check. Not always independent.

Technical Audit

Periodic verification by independent agents of physical quantities and quality of works and services delivered.

Mainly civil works in infrastructure, also service delivery.

Helps ensure physical outputs are delivered to standard (fit-for- purpose).

Finding a verification agent with sufficient guarantees of independence .

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 7 of 20

Social Audit Periodic monitoring by the community of quality of service delivery, normally facilitated by an independent agent such as a non-governmental or civil society organization.

Service delivery, infrastructure, public works.

Gives feedback on service standards and possible corruption.

Requires a collaborative environment.

Specialist Audit: Environmental Audit

As needed, reviews project environmental aspects.

Infrastructure projects.

Informs environmental assessment.

Can be controversial.

Specialist Audit: Forensic Audit

As needed, checks for fraud.

Suspected fraud.

Detects fraud. Issues can be sensitive.

Quasi-Audit: Public Expenditure Tracking Survey

As needed, tracks expenditures to sub-national levels and points of service delivery.

Tracks fund flows in decentralized projects.

Reveals leakage of funds and impediments to flows.

Complex and time consuming; requires enabling environment.

Performance Audit

ISSAI definition: An audit of the economy, efficiency and effectiveness with which the audited entity uses its resources in carrying out its responsibilities.

Frequency; Who Executes; Distinguishing Features: Performance audits (also known as value-for-money audits and/or operational audits) seek to determine whether the projects or programs selected as the approach to addressing an issue represent the most economical option, whether they are being managed with due regard for economy and efficiency, and whether there are measures in place to determine their effectiveness. They examine management practices, controls, and reporting systems with a focus on results. They may be undertaken on a regular, periodic basis, or as needed, either as part of a financial audit or separately.

Uses, project types: All types of projects.

Advantages: Performance audits respond directly to the Bank’s mandate to pay attention to economy, efficiency and effectiveness. Because of this, they could become part of the standard financial audit package.

Challenges: They require technical expertise, which may not be available in audit firms or supreme audit institutions.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 8 of 20

Compliance Audit

ISSAI definition: Compliance audit deals with the degree to which the audited entity follows rules, laws and regulation, policies, established codes, or agreed upon terms and conditions, etc.

Frequency; Who Executes; Distinguishing Features: As the name implies, compliance audits are undertaken by independent verification agents/auditors to verify that expenditures and activities are used for the purposes intended, as set out in the rules and regulations of the institution concerned. For Bank-financed investment projects, this means the provisions set forth in the relevant legal agreements and any other related implementation instruments (e.g. operations manual), and may also include contracts between the implementing agency and suppliers or contractors. Compliance audits may be undertaken on a regular, periodic basis, or as needed, either as part of a financial audit or separately.

Uses, Project Types: Compliance auditing may cover a wide range of subject matters.

Advantages: Verifies that the project is being executed in accordance with agreed terms and conditions.

Challenges: Particular issues are:

Eligibility of Expenditures – currently this aspect is implicitly included in the Bank’s existing financial audit model, which verifies that expenditures are undertaken for the purposes intended.

Box 3. Performance Audit Case Study

Moldova, Strengthening the Effectiveness of the Social Safety Net Results-Based Financing Specific Investment Loan (P120913)

The project aims to improve the efficiency and equity of Moldova's social safety net through fiscally sustainable expansion and strengthening of the Ajutor Social Program, a poverty-targeted cash transfer program.

Three performance audits, structured around project results, will be undertaken by the Moldovan Supreme Audit Institution over the five years of project implementation. Amongst the different aspects covered are: audit of the application of eligibility criteria; audit of program administration, oversight and control; and IT audit of the automated social assistance information system (see the relevant project appraisal document for details). The performance audits are expected to result in, inter alia, reductions of processing times and irregularities in benefits administration. Other governance and anti-corruption features in the project include disbursements linked to the achievement of specific results and a grievance redress mechanism. A link to the first performance audit terms of reference is at:

http://intranet.worldbank.org/WBSITE/INTRANET/INTCOUNTRIES/INTECA/INTECACOSUHOME/INTECACOSUFM/0,,contentMDK:22945634~pagePK:64190289~piPK:64190270~theSitePK:776195,00.html

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 9 of 20

Independent Procurement Review, also known as Procurement Audit4 – is undertaken by an IVA to review both the client’s and the Bank’s performance in carrying out prior reviews and post reviews. Since compliance with the Bank’s procurement procedures is generally not part of the standard terms of reference for financial audit, the independent procurement review is undertaken as a separate exercise. However, as the linkages between the Bank’s financial management and procurement functions are strengthened, it may become appropriate in certain high risk situations to incorporate audit of compliance with procurement processes and/or contract implementation as part of standard financial audit engagements, as is common practice in some other multilateral development banks.

Internal Audit

Institute of Internal Auditors definition: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Frequency; Who Executes; Distinguishing Features: Internal audits are independent reviews, normally on a continuous basis, of an organization’s records, operations and procedures to assess efficiency, effectiveness, compliance and the existence of adequate internal controls to mitigate risks to the achievement of the organization’s objectives. It is the principal tool by which management obtains assurance that its internal control framework is adequately designed and operating satisfactorily. Because this framework includes critical controls designed to prevent fraud and misuse of resources, an increasing number of high-

4 BP 11.00, Procurement, indicates that “[t]he Bank team may arrange procurement audits as needed” (para. 20).

See also

http://siteresources.worldbank.org/INTPROCUREMENT/Resources/PPR_IPR_GN_RevisedMay8-2013.pdf.

Box 4. Performance, Compliance and Technical Audit Case Study

Kazakhstan, South West Roads Project (P099270)

The project aims to improve transport efficiency and traffic safety along major sections of roadway across the country, linking Europe to Western China.

From the outset, the project faced high levels of risk due to the high volume of transactions involved in such a large civil works project: at the country level, from weak institutions and endemic corruption, and at the sector level from the nature of the project and weak financial management and procurement practices. To help mitigate these risks, the financial audits were complemented by a series of different audits: (i) independent technical audits, used to verify the quality of road construction; (ii) independent compliance audits, used to verify compliance with procurement procedures; (iii) information campaigns and user satisfaction surveys coupled with (iv) a complaint handling system to provide enhanced oversight by civil society; and (v) provision for forensic audits if allegations of fraud and corruption made them necessary.

During implementation the team developed a very effective performance assessment tool using spider charts to measure performance and communicate with stakeholders. The performance assessment tool can be found at: https://spark.worldbank.org/groups/pat-cop

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 10 of 20

risk operations include, among other anticorruption provisions, measures to strengthen the client’s internal audit activities. The Bank may, if appropriate, use the borrower’s internal audit system as part of project monitoring and supervision arrangements.

Uses, Project Types: All types of projects.

Advantages: A well-functioning internal audit can provide assurance that the implementing agency’s internal control framework is adequately designed and operating satisfactorily.

Challenges: The following issues are important in determining the effectiveness of internal audit:

Institutional set-up. The internal audit function requires a suitable enabling environment to be sufficiently independent, mandated and empowered with appropriate institutional arrangements.

Scope of work. The scope of internal audit (normally defined by an internal audit charter) includes examining and evaluating the policies, reliability, and integrity of information; compliance with policies, plans, procedures, laws, and regulations; the safeguarding of assets; the economical and efficient use of resources; and accomplishment of established objectives and goals for operations or programs. In many developing countries, the scope of internal audit is limited to verification that expenditures have appropriate authorization.

Capacity constraints. Outsourcing the internal audit function to independent public accounting firms or other professionals is common where internal capacity and resources may be limited or where the intention is to enhance the independence of the function. However, it is important for project management to remain fully responsible for maintaining an effective system of internal control and for overseeing the internal audit function.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 11 of 20

Technical Audit

Frequency; Who Executes; Distinguishing Features: A technical audit is a regular, periodic physical verification undertaken by an IVA to determine that the assets and services provided with authorized funds are appropriate to their intended purpose and were delivered in the quantity, quality, and location or disposition specified. Technical audits inspect the implementation of projects; they are essentially auditing the quality of operation, supervision, and project management of an implementing agency. A technical audit’s primary purpose is to verify that the goods, services or assets purchased under an expenditure program were delivered as specified to the place and persons legitimately intended. It can extend to evaluating the appropriateness of the specifications and standards applied in the projects or transactions. To be credible, the audit must be conducted by a technical professional verification agency, who is qualified and experienced in the subject and independent of the implementing agency.

Uses, Project Types: Technical audits apply mainly to civil works across the whole range of infrastructure projects, including transport, education, health, urban, water and sanitation sectors, but can also apply to service delivery in these and other sectors. For example, they may be used to verify the quality of roads and bridges constructed, of schools and dispensaries built, and of water supply and sewerage plants installed. Where services are concerned, if the service is of a standard type and has a standard cost, an IVA may verify that the service has been delivered and the desired outputs (but not necessarily outcomes) have been achieved (e.g. health sector service delivery).

Box 5. Internal Audit Case Study

Ethiopia: Financial Sector Capacity Building Project (P094704).

The overall project development objective was to build the foundation for a more transparent, well-governed, well-regulated, and competitive financial sector that would allocate resources to the private sector more effectively and efficiently, and help ensure better access to finance for all. The objective of one of four components was to build the capacity of the National Bank of Ethiopia, including strengthening its internal audit department in line with international standards and best practices.

To attain the objectives the consultant executed the following major activities:

Updated the Internal Audit Charter;

Developed an Internal Audit Manual;

Introduced risk based audit planning processes;

Developed a new risk based audit procedures manual;

Piloted the risk based auditing methodology; and

Provided training on international audit standards; risk based auditing methodology; and risk management, internal control and governance guidelines and best practices to the internal audit department staff and management.

The resulting added value to the project included:

The risk based auditing methodology was adequately applied, using the templates, since the accomplishment of the project;

The risk based procedures manual is fully operational; and

The training materials and other deliverables are still functional and valuable.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 12 of 20

Advantages: Helps to ensure that physical outputs are delivered according to standards specified (fit-for-purpose).

Challenges: Because this audit examines the core business role of an agency and requires extensive cooperation and access to data, the auditor can be placed under considerable pressure to understate or overlook certain aspects or even be misled through nondisclosure. Thus the selection and administration of a technical auditor sometimes can present difficulties, especially if there is a corrupt network in place that extends to the leadership of the audited entity. In some cases, it may be necessary to employ the auditor or administer the audit through a separate public agency such as an ombudsman, inspectorate, or other impartial oversight body.

Please refer to Box 4. Performance, Compliance and Technical Audit Case Study for an example of a technical audit.

Social Audits

Frequency; Who Executes; Distinguishing Features: Broadly speaking, social audits are regular, periodic community monitoring processes, commonly facilitated by an independent agent such as a non-governmental or civil society organization, through which information regarding a specific program or project is collected from the records of the government or the designated implementing agency and is subsequently shared and verified with the beneficiaries. Social audits mostly deal with monitoring of public expenditures, although the process can be applied to monitoring other areas. The key components of a social audit include: access to information from the implementing agency, capacity to cross-verify this information with beneficiaries, and community gatherings/meetings attended by service providers, elected officials and beneficiaries to share the information collected and the resulting discrepancies found. Social audits are part of a broader range of social accountability measures and may include community scorecards or citizens report cards, with follow-up through grievance redress mechanisms. This process, if well implemented, can act as a very strong and effective community monitoring mechanism that may not only provide access to information for citizens but also reduce corruption in the management of resources, thereby leading to improvements in accountability.

Uses, Project Types: Social audits can be used to improve performance across the whole range of Bank financed investment projects related to service delivery. For example, in a conditional cash transfer project, a social audit can assist in ascertaining whether the targeting of the program is being implemented correctly, whether the cash is reaching its intended beneficiaries without any leakage of funds or whether there is corruption involved in implementation. In project involving a local development fund, the social audit may attempt to monitor sub-project selection mechanisms, quality of materials purchased for sub-projects and citizen participation in sub-project approval.

Advantages: Social audits directly address poverty issues by engaging citizens in determining the services that they need to receive and giving voice to the aspirations of those in most acute poverty. They contribute to empowerment of communities and often are sustainable because they are demand driven.

Challenges: A favorable enabling environment of cooperative service delivery agencies and elected officials is essential and the lack of such an environment can be a serious limiting factor to the use of social audits. They can also be complicated to execute and costly. This last point may lead to the use of less expensive social accountability mechanisms such as grievance redress systems.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 13 of 20

Box 6. Social Audit Case Studies

Nepal - Social Audits in Community Schools were introduced in the Bank supported Community School Support Project (P082646) in 2003 and, since 2009, are compulsory in all publicly supported community schools. The Department of Education Guidelines on Social Audits stipulate that a social audit must be conducted every year by a six-member, community-based, social audit committee. Indicators assess physical and instructional facilities, student enrolment, stakeholder consultations, and financial management. A social audit report is often a prerequisite for schools to receive their annual government budget allocation.

Indonesia – A Series of Community Driven Development Projects has successfully used community participation and oversight to manage risks in decentralized service delivery programs. One of the project’s governance action plans seeks to minimize risks of corruption through a combination of enhanced transparency, civil society oversight, mitigation of fraud and collusion and complaints handling, with sanctions and remedies.

Environmental Audit

Frequency; Who Executes; Distinguishing Features: OP 4.01 indicates that “depending on the project, a range of instruments can be used to satisfy the Bank's EA [environmental assessment] requirement”, including an environmental audit (para. 7). Annex A to OP 4.01 defines an environmental audit as “An instrument to determine the nature and extent of all environmental areas of concern at an existing facility. The audit identifies and justifies appropriate measures to mitigate the areas of concern, estimates the cost of the measures, and recommends a schedule for implementing them. For certain projects, the EA report may consist of an environmental audit alone; in other cases, the audit is part of the EA documentation”. Environmental audits are executed by specialists with relevant expertise. Example: Madhya Pradesh District Poverty Initiatives 2 (P102331) included independent environmental audits every 6 months and at project completion.

Forensic Audits

Frequency; Who Executes; Distinguishing Features: A forensic audit is generally only used in cases of suspected fraud, to substantiate whether or not the suspected fraud actually occurred and, if so, to gather evidence that could be presented in a court of law. It may be undertaken by a specialized forensic auditor. ISA no. 240 describes the auditor’s responsibilities in relation to fraud in an audit of financial statements (see website in Section IX- Related Documents). In this case, it is encouraged to involve the Bank’s Integrity Vice-Presidency, Forensic Services Unit.

Public Expenditure Tracking Surveys

Frequency; Who Executes; Distinguishing Features: A public expenditure tracking survey is a kind of audit that is used to identify the location and extent of impediments in financial flows to

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 14 of 20

sub‐national levels of administration or to service delivery units.5 Government resources allocated for particular uses flow within legally defined institutional frameworks, often passing through several layers of government bureaucracy before they reach the frontline service delivery agency which is responsible for incurring the actual expenditure. Policy makers in developing countries seldom have the information on actual public spending at the primary level. A public expenditure tracking survey tracks the flow of resources through these layers and channels, on a sample survey basis, in order to determine how much of the originally allocated resources reach each level. It thus serves as an important method for locating and quantifying political and bureaucratic capture, leakage of funds, problems in the deployments of

human and in‐kind resources, such as staff or textbooks, and the pattern of allocation of funding.

Uses, Project Types: A public expenditure tracking survey collects data at several levels: from frontline providers, local governments, and the central government. By comparing these sources, the survey ‘tracks’ the flow of funds and other resources through the hierarchy, from the central, provincial or state government to the school, health center, police station, or agricultural extension office to see where the funds are being absorbed and where they are leaking.

Advantages: Public expenditure tracking surveys allow for the observation of outputs and actions of service providers, thereby providing new information to policy makers and beneficiaries on the complex transformation of public budgets into services. Such tools can help identify the incentives operating within the system as well as shed light on the political economy of service delivery--the influence that interest groups exercise on determining spending outcomes.

Challenges: Require a favorable enabling environment; tend to be complex and time consuming.

5 See Guidebook on PETS at http://siteresources.worldbank.org/EXTHDOFFICE/Resources/5485726-

1239047988859/5995659-1282763460298/PETS_FINAL_TEXT.pdf

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 15 of 20

3. Integrating Different Types of Audits into Risk Management Processes

Given the increasing emphasis on results, the main risk in Bank financed investment projects is the risk of not achieving development objectives.6 This consideration, however, still has to be balanced against the fiduciary risk of funds not being used for intended purposes, thus placing ever greater importance on the processes used to manage risks: (a) during project preparation to (i) identify and rate risks; and (ii) establish measures to mitigate and manage risks; and (b) during project implementation to (i) monitor the implementation of risk management measures and the results obtained therefrom; (ii) update risk ratings and adapt risk management measures as necessary; and (iii) adjust project design as necessary.

Integrating different types of audit into risk management processes as mitigating measures can strengthen risk management. Their effectiveness will depend to a large extent upon country circumstances (country risk) and the nature of the projects concerned, especially the degree of decentralization (sector and project risk). Different audits may report to different stakeholders, in which case it is important to have a means of reconciling and integrating their findings.

Country risks. Projects in countries where the risks of fraud and corruption are high may consider using a range of different audit types in risk mitigation measures, including, in addition

6 OP 10.00 recognizes that "the Bank assesses the risks to the achievement of the Project development objectives

with due consideration for the risks of inaction, taking in to account the assessments noted above [technical analysis, economic analysis, financial management, procurement, environmental and social] and other relevant information” (para. 9).

Box 7. Public Expenditure Tracking Survey

Uganda - Public Expenditure Tracking Survey (Education)

In the mid-1990s, the first public expenditure tracking survey was implemented in Uganda to collect information from frontline education providers (primary schools) to gauge the extent to which grants actually reached their intended destination. The survey revealed that during 1991-95 on average only 13 percent of the grants made it to the schools. Disbursements were rarely audited or monitored, and most schools and parents had little or no information about their entitlements to the grants. Most of the funds were used for purposes unrelated to education (to fund the local political and bureaucratic machinery) or for private gain, as indicated by numerous newspaper articles about indictments of district education officers after the survey findings went public. Poor students suffered disproportionately because schools catering to them received even less than others. As evidence of the degree of leakage became public knowledge in Uganda, the central government enacted a number of changes: it began publishing the monthly transfers of public funds to the districts in newspapers, broadcasting information on the transfers on radio, and requiring primary schools to post information on inflows of funds. The objective of this “information campaign” was to promote transparency and increase public sector accountability by giving citizens access to information needed to understand and examine the workings of the capitation grant program for primary schools.

A preliminary assessment of these reforms shows that the flow of funds improved dramatically, from 13 percent on average reaching schools in 1991-95 to around 80 percent in early 2001.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 16 of 20

to financial audits, technical audits by IVAs to check the quality of deliverables; strengthened internal audit arrangements in implementing agencies to ensure satisfactory internal controls; compliance audits, especially independent procurement reviews; performance audits to optimize efficiency; and social audits and other social accountability measures for citizen engagement and feedback to improve service delivery.

Projects in fragile and conflict-affected situations, where risks may be heightened by weak institutions, insecurity and limited audit capacity, risk management can be strengthened by community monitoring and citizen engagement through social audits and related social accountability mechanisms. In these cases, technical audits, performance audits and compliance audits may also reinforce financial audits.

Sector and Project risks. Centrally managed infrastructure projects can generally benefit from technical audits to verify the quality of deliverables and their suitability for the purpose intended. Increasingly, these types of projects are also benefitting from user feedback, which addresses the risk of providers taking advantage of beneficiaries’ lack of awareness about the project. In decentralized operations with high volumes of low value transactions to multiple beneficiaries, social accountability measures, including social audits, can be an important part of the risk management framework.

Box 8. Integrating Different Types of Audits into Risk Management Processes: India, PMGSY Rural Roads Project (P124639)

A governance and accountability action plan aims to improve overall risk management, enhance efficiency and development impact and ensure allocated resources are spent for the intended purpose and directed to the beneficiaries. To this end, the statutory external financial audit is complemented by different types of audits (see links to audit terms of references in Section IX):

Performance, Compliance and Technical audits - Independent consultants have been appointed to undertake detailed audits in each participating state on a semi-annual basis to monitor the overall implementation of the project framework and compliance with agreed procedures under the project. The audits include technical, procurement, financial management, management of social and environmental aspects, contract management, governance and accountability action plan, quality of project preparation and engineering supervision.

Internal audit: Each State engages chartered accountant firms to conduct periodic internal audits on the basis of terms of reference and processes for selection agreed with the Bank.

Social Audit: The project supports a pilot sample social audit by the local communities which is supported by the institutional strengthening component of the project.

Citizen monitoring and grievance redress -The project supports citizen monitoring of roads construction and post-construction audits, by a combination of trained cadres supervised by an independent non-governmental organization (Public Affairs Center) and local committees using pro-forma checklists, complemented by a grievance redress mechanism.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 17 of 20

4. Conclusions

Use of different types of audits to complement financial audits can provide a means of improving project design by enabling expenditures and outputs to be verified by simpler and more cost effective means, thus strengthening risk management. This applies particularly in high risk (e.g. high volume/low value transactions) and/or low audit capacity situations (e.g. fragile and conflict-affected situations), where expenditures or outputs that would be difficult and costly to verify by financial audits can be verified more economically and efficiently using different types of audits. As the focus of service delivery moves closer to the ultimate beneficiaries, citizen engagement can play an important role in verification of delivery of services, providing evidence that enables improvements to be made in the science of delivery. In this way, different types of audits can strengthen fiduciary assurances for components of projects that might otherwise be considered too risky to be undertaken.

Box 9. Using Different Types of Audits to Extend Service Delivery to the Poor

India: Tamil Nadu Women's Empowerment and Poverty Reduction Project (P107668 and P079708)

The project supports the State Government of Tamil Nadu’s strategy for reducing poverty among the rural poor and other vulnerable groups, currently outside the reach of most development interventions, through assistance for productive livelihood activities using the community driven development approach. The objective is to empower the poor and improve their livelihood through: (a) developing and strengthening pro-poor local institutions/groups at the village level; (b) enhancing skills and capacities of the poor (especially women and the vulnerable); and (c) financing productive demand-driven subproject investments related to livelihoods for the target poor. Following satisfactory performance, additional financing was approved to increase geographic coverage.

To complement statutory annual external financial audits by independent chartered accountants, trusted members of the community, at least half of whom must be women, are appointed by villagers to social audit committees to undertake institutional and financial audits of project activities and report their findings and recommendations directly to village assemblies. The social audit committees themselves are audited semi-annually by independent chartered accountants and have been found to have a very good understanding of their roles and responsibilities. With training provided under the project, the social audit committees have proven their ability to undertake oversight functions and add a useful level of fiduciary assurance. The project also has robust grievance redress mechanisms and IT based accounting systems maintained by 20,000 trained community members.

Links to terms of reference and descriptions of activities:

Governance and Accountability attachment from mid-term review report: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b0802dc104

Governance Accountability Action Plan and Step by Step Guidelines: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b08226729f

Terms of reference for Village Auditors: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b0803846b8

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 18 of 20

SECTION VI – EFFECTIVE DATE

This Guidance is effective April 23, 2014.

SECTION VII – ISSUER

The Issuer of this Guidance is the Director, Operations Risk Management (OPSOR), OPCS.

SECTION VIII – SPONSOR

The Sponsor of this Guidance is the Chief Financial Management Officer, Operations Risk Management (OPSOR), OPCS; and the Head, Governance and Anti-Corruption in Operations, Operations Risk Management (OPSOR), OPCS.

SECTION IX – RELATED DOCUMENTS7

4. Internal World Bank sources:

1. OP/BP 4.01, Environmental Assessment.

2. OP/BP 9.00, Program-for-Results Financing.

3. OP/BP 10.00, Investment Project Financing.

4. OP/BP 11.00, Procurement.

OPSOR – Operations Risk Management Department

Financial Management Anchor, website: http://go.worldbank.org/PP9V9XH3U0. See Reference Materials No. 3 – Financial Reporting and Auditing.

o Publications: GAC – Audit and Assurance Toolkit: A toolkit to mitigate corruption risk in projects, including use of different audit types, with terms of reference at: http://go.worldbank.org/XSWQ8NTLZ0

GAC in Operations, website: https://www.governanceknowledge.org/pro/default.aspx o Publications: How-to notes, Building the “Solutions Bank”. o Database: https://www.governanceknowledge.org/pro/Pages/Project-

database.aspx

Procurement, website: http://go.worldbank.org/T8FQECPAF0 o Publications: Guidelines, especially on independent procurement reviews.

Dispute Resolution and Prevention, website: http://go.worldbank.org/BQCJ9RPBR0 o Publications: Grievance Redress Mechanisms (GRM); Citizen Engagement;

Safeguards, website: http://go.worldbank.org/Z3I5EG3E30

7 Several documents listed in this Section IX or referred to in Section III of this Guidance may be

restricted by various exceptions under the World Bank Policy on Access to Information.

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 19 of 20

SDN – Social Development Network

Social Development team, website: http://connect.worldbank.org/explore/SDV/default.aspx

o Publications: How-to notes; Village Social Auditor’s Handbook; Social Audits in Nepal’s Community Schools.

Social accountability E-Guide: https://saeguide.worldbank.org/ HDN – Human Development Network

Chief Economist Office, website: http://go.worldbank.org/8RRWQ0UH10 Publications include: Guidance Note on Conducting Social Audits to Monitor Social Service Delivery. See also, Citizens and Service Delivery: Assessing the Use of Social Accountability Approaches in the Human Development Sectors.

Health, website: http://www.worldbank.org/en/topic/health

Results Based Financing in Health: Results based financing involves payment for pre-defined results, attained and verified, generally by an IVA; Link to website: http://www.rbfhealth.org/progressreport2013

Education, website: http://go.worldbank.org/GMDMICVFF0

Social Protection, website: http://go.worldbank.org/FJ6LLR2LU0 INT – Integrity Vice-Presidency

Forensic Services Unit, website: http://go.worldbank.org/YL5RCBT870 See: Report on curbing fraud, corruption and collusion in the roads sector.

GPOBA – Global Partnership for Output Based Aid

Output Based Aid; OBA Approaches (www.gpoba.org); Independent Verification in Results-Based Financing, May 2012, note no. 43; Performance based contracting in health, April 2008, note no. 19.

WBI – World Bank Institute

Open Government, website: http://wbi.worldbank.org/wbi/content/supporting-open-governance

Performance and Technical Audit TOR

Call for Applications for Performance Audit: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b08171189e

Citizen Monitoring TOR

Concept note on Citizen’s Monitoring of Rural Road Construction under the India, Rural Roads Project in three states – Meghalaya, Jharkhand, Rajasthan: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b0817f64b0

Memorandum of Understanding between National Rural Roads Development Agency and the Public Affairs Center: http://wbdocs.worldbank.org/wbdocs/drl/objectId/090224b081cec03b

External Sources:

International Organization of Supreme Audit Institutions, website: http://www.intosai.org Guidelines from the International Organization of Supreme Audit Institutions are described on the website of International Standards of Supreme Audit Institutions at: http://www.issai.org

Bank Guidance, “Use of Different Types of Audits in Investment Project Financing” | Catalogue Number OPCS 5.06-

GUID.01

Page 20 of 20

International Federation of Accountants, website: http://www.ifac.org/ International Audit and Assurance Standards Board, website: http://www.ifac.org/auditing-assurance The Institute of Internal Auditors, website: https://na.theiia.org/Pages/IIAHome.aspx US Government Accountability Office, website: http://www.gao.gov/ UK National Audit Office, website: http://www.nao.org.uk/

Questions regarding this Guidance should be addressed to the Sponsor.