DRAFT ISSAI 55XX

Audit of disaster preparedness: Guidance for Supreme Audit Institutions

May2012

Arife COSKUN – 16042012 version the draft guide for audit of disaster preparedness (0II.04)

Turkish Court of Accounts (TCA) Inonu Bulvarı, No: 45, Balgat/ Ankara - Turkeye-mail: acoskun@sayistay.gov.tr Tel: +90 312 295 37 01

i

Preamble

I. The INTOSAI Working Group on Accountability for and the Audit of Disaster-related Aid

(AADA) was established by the XIXth INCOSAI in Mexico in 2007 as a successor to the INTOSAI Tsunami Task Force. Building on the knowledge and experience of this Task Force, the

Working Group has developed audit guidance for SAIs as well as a tool for harmonized reporting of disaster-related aid.

II. Disasters of the magnitude of the 2004 Indian Ocean Tsunami, which triggered the establishment of the INTOSAI Task Force, fortunately do not happen often. However, many

disasters occur every year, and the toll in terms of loss of human life, human suffering and physical, social and economic damage is rising. This is partly caused by greater exposure and

vulnerability due to population growth and the increase in the occurrence of certain types of disasters as a result of climate change. A welcome consequence of the recognition of these

developments is the focus by governments on reducing the risk of disasters and on reducing their potential impact. The Working Group aims to contribute to this by providing guidance

for SAIs not only on the audit of disaster-related aid, but also on auditing disaster-preparedness. In carrying out well-defined audits of the disaster-preparedness of

government, SAIs can stimulate effective policies aimed at reducing risks of disasters and mitigating their impact.

III. The Working Group observed the pressing need to improve the traceability of aid following the occurrence of a disaster. Notable features of post-disaster activity include large amounts

of resources flooding into disaster-affected areas, which may be in poor countries with weak or newly damaged institutions and infra-structure and frequently pre-existing power

imbalances. Aid may be disbursed by a number of different actors with varying levels of experience and in situations where the pressure to deliver aid rapidly to individuals in great

need may lead to the circumvention of normal procedures. Lack of coordination and inattention to accountability and reporting of disaster-related aid can render the

establishment of the audit trail by auditors difficult. The Working Group has sought to help SAIs improve their audits of disaster-related aid, which can give rise to recommendations on

how to improve in the eventuality of future disasters.

IV. In preparing guidance on the audit of disaster-related aid, the Working Group considered the

interests of the victims of disasters to be of primary importance. SAIs can play an important a role here in verifying that victims receive aid, in reassuring donors and potential donors

that aid is used efficiently and effectively, and that waste and improper use of aid is prevented as much as possible.

ii

V. Disaster management is the term often used to describe the systematic process of using

administrative decisions, organizational assets and operational skills and capacities of the society and communities to implement policies and strategies to lessen the impact of natural

hazards and related environmental or technological disasters. Thus, disaster management encompasses disaster preparedness through preventive and mitigating measures, emergency

response, including relief and early rehabilitation measures, and post-disaster rehabilitation and reconstruction. SAIs audit the whole of the disaster management cycle and report on

the quality of the management of each phase, making recommendations with a view to reducing the risk and impact of potential future disasters.

VI. The four sets of guidance in this series of ISSAIs are closely related and appropriately cross referenced. The focus of the guidance is on disaster-related aid. For guidance on general

audit methodology and procedures, SAIs should refer to first, second and third level ISSAIs, especially those on financial audit, performance audit and compliance audit.

VII. The Turkish SAI led the preparation of guidelines for auditing disaster-preparedness. In addition to direct assistance from the SAIs of Austria and Kenya, the SAI of Turkey also

received data from a number of INTOSAI members for a survey it carried out. The SAI of Turkey also organized a parallel audit in order to collect relevant input for the guidelines. The

SAIs of Azerbaijan, Chile, India, Indonesia, the Netherlands, Pakistan, the Philippines, Romania, Ukraine and Turkey participated in this parallel audit.

VIII. The Indonesian SAI developed the guidelines for the audit of disaster-related aid, with direct assistance on one of the subtopics from the SAI of Peru. The SAI of Indonesia carried out two

surveys and a parallel audit to gather data to feed into this guidance. Like the ISSAI on auditing disaster-preparedness, this ISSAI takes the disaster management cycle as a point of

departure, but focuses on the different phases and activities carried out in response to disasters, from emergency relief through to rehabilitation and reconstruction. Although the

title refers to disaster-related aid, the guidelines are considered useful for auditing any type of humanitarian aid.

IX. The Working Group considered disaster-related aid to be at especially high risk of fraudulent and corrupt activity, given the nature of the expenditure and the circumstances surrounding

disasters. The European Court of Auditors has prepared guidance for auditors to take account of the increased risk of fraud and corruption in the emergency phase of disaster-related aid.

This guidance expands on ISSAI 1240 in broadening the scope to consider the risk of corruption as well as of fraud. It focuses on that phase, following disasters, when procedures

and controls might not function as they may normally be expected to do. To assist auditors, the guidance outlines risks and red flags of which auditors should be aware and provides

advice on how to adapt audit procedures accordingly.

X. Recent developments in disaster management have led to the use of new tools, such as

Global Information Systems. The SAI of the Netherlands has developed guidance on the use

iii

of GIS when auditing disaster-related aid with the support of external experts in this field. In

addition to providing guidance on how to use geospatial information for auditing disaster-related aid, this ISSAI provides a comprehensive introduction of geospatial information and

may therefore also be useful for SAIs conducting audits in other areas not related to disasters or disaster-related aid.

XI. In presenting this series of ISSAIs the Working Group aims to inform and enrich the audit by SAIs of disaster-related aid. Whilst it reflects current best practice, INTOSAI members should

use the guidance as is appropriate and adapt it as required by specific conditions and mandates. The guidance should be considered as a first step towards documenting best

practice and advice and requires early updating in the light of further experience.

XII. SAIs involved in auditing disaster-related aid have suffered consistently from the near

impossibility of establishing a reliable and complete audit trail due to the lack of accountability and transparency which often result from the urgency and complexity which

often reign in post-disaster situations and because of the failure to properly prepare for disasters. The Working Group therefore went further than establishing guidance for the audit

of disaster-related aid. It also developed a tool to allow disaster-related aid to be reported on in a standardised and harmonised format by all actors. In addition, it has canvassed support

for the implementation of this reporting format on a global scale. More information about this tool, the “Integrated Financial Accountability Framework (IFAF)” is available in the Final

report of the Working Group to the XXIst INCOSAI in 2013.

XIII. The INTOSAI Working Group on Accountability for and the Audit of Disaster-related Aid

wishes to express its appreciation for the contributions made by INTOSAI members, especially those which replied to the surveys, those which contributed to the Guidelines, and

those which participated in the parallel audits. The Working Group is also grateful for the valuable contributions made by others, such as the Special Representative of the UN

Secretary-General for Disaster Risk Reduction (UN ISDR), the Under Secretary-General of the UN Office for Internal Oversight Services, the Director General of the European Commission,

the xxxxxx (Transparency International?; both for developing and improving the guidelines and for their input during meetings of the Working Group.

iv

Audit of disaster preparedness

Table of contents

Part 1: Disaster and disaster management

1. Background

2. Purpose and structure of the Guidelines

3. A Conceptual Framework for Disaster Preparedness

Definitions of DisasterTypes of HazardScope of Disaster PreparednessDisaster Management Cycle

4. Parliament and Government

5. Disaster Management Laws, Plans and Information

Disaster Management LawNational Disaster Plans Sub- Plans Geographical Information Systems (GIS) Risk Assessment-Prediction with GISPlanning with GIS

Part 2: Audit of disaster preparedness

6. Introduction

The experience of SAIs in auditing disaster preparedness

7. Audit Mandate of SAIs

8. What are the challenges that SAIs face?

9. Cooperation among SAIs

10. Types of Audit

v

11. Principles for auditing disaster preparedness

12. Assessment of the Audit Environment

13. Planning and carrying out an audit study

Audit Approach/ ScopeAudit Objectives Audit MethodologyAudit CriteriaAudit Findings and Recommendations

Part 3: Audit program for disaster preparedness

14. Audit Program

Identification of the disaster characteristicsSpecifying and understanding the national strategy and action plansIdentification of the framework and organization of the authorities involvedAssessment of the adequacy of coordinationAssessment of disaster management tools and early warning systemsAssessment of emergency exercises and training/public awarenessAssessment of disaster funds and grants administrationAssessment of the adequacy of making urban areas resilient and reducing urban riskUrban planning/Building development plans and their implementationReinforcement and reconstruction activities/urban transformation

ANNEXES

ANNEX 1: SAIs which participated in the WG AADA survey and the parallel audit

ANNEX 2: An example for governance structure - Canada

ANNEX 3: Geographical Information Systems (GIS)

ANNEX 4: A case for understanding the organization and framework of authorities preparing for

disaster

ANNEX 5: Audit Objectives - examples concerning disaster preparedness

ANNEX 6: Audit Criteria - examples concerning disaster preparedness

ANNEX 7 Audit Recommendations - examples concerning disaster preparedness

Glossary

Bibliography

vi

vii

Part 1: Disaster preparedness

1. Background

1.1 The occurrence and impact of disasters has dramatically increased over the last few

decades, owing to social, demographic, political, environmental and climatic factors. The degree of vulnerability and exposure, leading to larger losses, has also increased

considerably caused by the growth of urban development and population density in exposed areas. The increasing uncertainty of weather patterns due to climate change

are additional reasons for the occurrence of major disasters.

1.2 These developments have led to changes in international policies concerning disasters

over the past decade. Previous policies resulted in the concentration of resources on post-disaster relief and reconstruction activities. In recent years the international

community has moved towards new policy objectives which reflect the desire to reduce risks prior to the occurrence of a disaster. The Yokohama (1994) and Kobe

(2005) Conferences and the Hyogo Framework for Action (HFA) have set new objectives and criteria to reduce disaster risk. These are monitored by the UNISDR1

(2010), which has established the Global Platform for disaster risk reduction and proposed the formation of National Platforms, comprising not only the relevant

official bodies but also NGOs and Universities. The goal of these actions is to make the world less vulnerable to disasters.

1.3 Some disaster risk factors increase the impact of disasters and challenge the capacity

of federal and provincial/territorial governments, and sometimes the international

community, to manage emergencies. These risk factors include increased urbanization, critical infrastructure dependencies and interdependencies, terrorism,

climate variability and change, animal and human health diseases, and the increased mobility of people and goods around the world. Risk reduction or mitigation policies

call for new approaches, new methods and expertise: identifying various types of risk at different levels, making projections of likely consequences, and also a capacity for

devising methods to avoid, reduce and share risks. Disaster preparedness thus requires developments in management approach and, accordingly, the approach to

audit by SAIs.

2. Purpose and structure of the Guidelines

2.1 The purpose of this guidance is to assist SAIs in the audit of the disaster preparedness

of governments. Where governments have not yet accepted the importance of

1 The UN International Strategy for Disaster Reduction, “Hyogo Framework for Action 2005-2015: Building the Resilience of Nations and Communities to Disasters”, http://www.unisdr.org/eng/hfa/hfa.htm, March 2010.

1

disaster preparedness policies and plans, the guidance can assist SAIs in making

recommendations on this fact. Where governments have policies related to disaster preparedness/risk reduction and the principle has been accepted, the following

document provides practical guidance based on exchanges of experience between SAIs. SAIs are well placed to identify the key activities necessary to implement the

new policies required under the Hyogo Framework for Action. This means that in addition to providing assistance to SAIs, this guidance supports governments and

communities in improving mechanisms, procedures, and institutions so as to reduce the risk of exposure of communities and assets to disasters.

2.2 Another objective of the guidance is to encourage SAIs and their auditees to take a

more active role in preventing the potentially disastrous impact of natural events.

Issues faced are as follows:

The need to convince government that investing in disaster preparedness may be

a more efficient and effective use of resources than paying the bill for disaster response. This lack of awareness arises because the added value of investing in

disaster preparedness can only be assessed if and when a disaster actually happens (and when it is in fact too late). Preparedness costs, but its benefits may

never occur (or will only do in many years’ time) or may not be clearly visible.

The need for awareness on the part of SAIs of the role they have to play in

prevailing upon governments to invest in disaster preparedness. Failure of SAIs to recognize this is exacerbated by the tendency to look at ex-post events (after

disasters occur) and to use public expenditure as the basis for selecting audit topics: if governments do not invest in disaster preparedness, SAIs will not audit

it.

The complexity of assessing the quality of disaster risk assessment, disaster

mitigation and disaster prevention: this requires using other types of information (for instance geographical information, information about the probability of

events, etc.) and information from sources other than those normally used in audits (such as information from more specialist agencies, universities,

international bodies). Examples from SAIs that have experience in tackling this complexity can be very helpful for other SAIs.

2.3 The guidance is structured as follows:

Part 1 defines disaster preparedness, situates it in the disaster management cycle and sets out the political and operation for SAIs auditing disaster preparedness.

Part 2 covers what SAIs should take into account when planning or conducting an audit of disaster preparedness. It reports on the experiences of SAIs in auditing

2

disaster-related aid gathered by means of a survey conducted amongst INTOSAI

members. 35 SAIs replied to the questionnaire (see table in Annex I.)Part 3 proposes an audit programme to assist SAIs in auditing disaster preparedness.

This was prepared using the results of the survey and tested and strengthened by carrying out a parallel/coordinated audit between 10 SAIs (see table in Annex 1).

The guidance provides assistance to SAIs by covering the following:

• Obtaining and documenting an understanding of disaster preparedness activities

and the organization of the authorities concerned and the legislative framework governing them;

• Establishing a preliminary view of the strengths and weaknesses of the overall

audit environment;

• Providing information for the assessment of risk and the design of the audit

studies;

• Establishing an effective and sound audit process;

• Forming a common basis for partnership audits among the SAIs.

3. A Conceptual Framework for Disaster Preparedness

Definitions of Disaster

3.1 There are many of definitions of disaster. Variations between definitions are often

due to differences in countries’ experiences and environment. The WG AADA has adopted the definition provided by the UN International Strategy for Disaster

Reduction (ISDR): “A serious disruption of the functioning of a community or a society involving widespread human, material, economic or environmental losses and impacts, which exceeds the ability of the affected community or society to cope using its own resources.”2

3.2 The multitude of definitions makes devising and implementing a common approach

towards auditing disaster-preparedness a challenging task. SAIs are assisted in this by

a “terminology” booklet prepared by UNISDR in cooperation with many stakeholders. This booklet fosters common understanding, and through this, common policy

making, strategy definition and planning.

Types of Hazard

2 The UN International Strategy for Disaster Reduction,“UNISDR terminology on disaster risk reduction (2009)”, http://www.unisdr.org/eng/terminology/terminology-2009-eng.html, March 2010.

3

MAN-MADE

HAZARDS

3.3 Most disasters are the consequence of natural hazards (earthquakes, tsunamis,

volcanic eruptions, etc.) that affect human life and others are caused by human decisions and activities, such as building in a flood plain or the lack of building

standards in earthquake-prone areas. Disasters also arise from man-made hazards such as negligence or failures in the system. However, the distinction between natural

and man-made hazards is not a clear-cut one since many natural events turn into a disaster due largely either to a failure to take precautions in time or to

mismanagement. All types of hazard are man-made to a certain degree and vulnerability to natural and man-made hazards is very often similar.

Identifying human induced root causes, and advocating structural and political changes to combat them, is long overdue. For example, the destruction of the natural

environment because of logging or inappropriate land uses for short-term economic gain is one of the major factors causing floods or mudslides. Similarly, the migration

of populations to urban and coastal areas increases human vulnerability to disasters. Accordingly, population densities increase, infrastructure becomes overloaded, living

areas move closer to potentially dangerous industries, and more settlements are built

4

CLIMATOGICAL(Desertification, freezes, etc.)

TECHNOLOGICAL(Nuclear weapons, nuclear plant

melt down, etc.)

GEOPHYSICAL(Earthquakes, tsunamis, land slides, etc.)

HYDROLOGICAL/METEOROLOGICAL(Windstorms, floods, tornados, droughts etc.)

NATURAL HAZARDS

SOCIOLOGICAL(Terrorism, Famine, etc)

BIOLOGICAL(Plagues, Epidemics, etc)

HAZARD TYPES

Figure 1: Hazard Types

in fragile areas such as floodplains or areas prone to landslides. By the same token,

poor economic planning and mismanagement of natural resources – for example using farm land for urban development – can lead to widespread famine. As a result,

natural hazards affect more people and economic losses increase in both lower income and high income countries.

3.4 The large majority of disasters are events of hydro-meteorological origin such as

floods, droughts and windstorms. Events of geological origin such as earthquakes are

secondary to these. Disaster risks arise when hazards interact with physical, social, economic and environmental vulnerabilities. For example, despite the fact that

seismic activity has remained constant over recent years, the effects of earthquakes on the urban population appear to be increasing.

3.5 The precautions taken by government institutions depend on the type of hazard,

because different hazard types attract different management risks. Depending on this,

management risks arise in different areas. For example, for some disasters, such as famine or terrorist attacks, control risks may be come to the fore. For others, like

earthquakes and tsunamis, the risk of poor coordination by management might rank more highly. A sound knowledge of hazard types is therefore vital for auditors of

disaster preparedness.

Scope of Disaster Preparedness Measures

3.6 UNISDR defines disaster preparedness3 as follows:

"The knowledge and capacities developed by governments, professional response and recovery organizations, communities and individuals to effectively anticipate, respond

to, and recover from, the impacts of likely, imminent or current hazard events or conditions." Disaster preparedness includes activities that prepare communities for a

possible disaster and improve the reaction of the various parties involved to such an event. These measures aim to reduce the impact of the disaster by ensuring that the

various stakeholders are not caught unprepared by the disaster and that assistance is provided in a coordinated manner4. Disaster preparedness measures include risk

assessment, prevention and mitigation. These are defined by UNISDR as follows:

3 UNISDR uses the term 'Disaster risk reduction' to denote the concept and practice of reducing disaster risks through systematic efforts to analyse and reduce the causal factors of disasters. Reducing exposure to hazards, lessening vulnerability of people and property, wise management of land and the environment, and improving preparedness for adverse events are all examples of disaster risk reduction. Both Disaster Risk Reduction and Disaster Preparedness are umbrella concepts which cover the activities of risk assessment, prevention and mitigation.

4 The European Commission on EU Strategy for Disaster Risk Reduction, 15/4-2008 and Austrian Development Cooperation, “International humanitarian aid policy document”, Vienna, March 2009, p.9.

5

Risk assessment: "A methodology to determine the nature and extent of risk by

analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and

the environment on which they depend."

Prevention: "The outright avoidance of adverse impacts of hazards and related disasters." This includes measures intended to ensure a permanent protection against

a given disaster. They include engineering, physical protection measures, legislative measures for the control of land use and codes of construction. These activities

reduce physical vulnerability and/or risk exposure by providing new infrastructures, improving existing infrastructures and through sustainable development practices.

Mitigation: "The lessening or limitation of the adverse impacts of hazards and related

disasters." This consists of activities taking place before the occurrence of unavoidable disasters to minimize damage caused by impending risks and to reduce

or eliminate their impact on society and the environment. Disaster mitigation measures also reduce risks by lessening the physical vulnerability of existing

infrastructures and vulnerable sites, which might directly endanger the population (e.g. retrofitting of buildings, reinforcing “lifeline” infrastructure) and natural or

economic resources.

The scope of disaster preparedness measures shapes government’s role and responsibilities with regard to management and those of the SAIs with regard to their

audit.

3.7 In broad terms, disaster preparedness encompasses operational and strategic

considerations: “Strategic” preparedness consists, inter alia, of:

preparing for disasters through development plans and interventions that reduce and mitigate disaster risk, reduce poverty, and contemplate a sustainable use of

natural resources; the development of a system capable of understanding hazard risk, climate

variability and vulnerabilities so as to raise awareness of the need for reducing disaster risk and provide the knowledge and guidance needed to achieve this; and

adapting the institutional, legal and policy framework to enable decision makers and practitioners to effectively take appropriate action to enable the population

at large to reduce its exposure and vulnerability to disasters as well as effectively respond to disasters as they occur.

“Operational” preparedness focuses, inter alia, on: appropriate early warning mechanisms being in place;

6

the public being properly informed about risks and the actions to take;

funding being immediately available to support relief operations; contingency plans being regularly updated at local and central levels to adjust to

changing environmental and societal situations; coordination mechanisms including all the relevant stakeholders;

information being able to flow in a timely fashion; local communities being well committed and informed, with training and drills

taking place.

3.8 The SAIs’ auditing of disaster preparedness can therefore cover all activities that

prepare communities, the economy and the environment for possible disasters and also those that mitigate not just their impact but also the risk of their happening, i.e.

reducing vulnerability and/ or exposure to natural hazards.

Disaster Management Cycle

3.9 The increase in the frequency of disasters and the effects in terms of casualties and

damage means disaster preparedness (especially disaster mitigation and prevention)

has gained importance in recent years. The core idea is to minimize the risks and potential impact of disaster.

Disaster management consists of pre-disaster risk management and post-disaster crisis management. Figure 2 shows that pre-disaster risk management begins with risk

assessment and extends over prediction and early warnings. Risk management includes many actions, such as identifying, assessing and monitoring disaster risks and

enhancing early warning systems, reducing the underlying risk factors, using knowledge, innovation and education to build safety and resilience at all levels, and

7

Risk Reduction

Recovery

Mitigation&Prevention

Preparedness

Prediction and Early Warnings

Emergency responseReconstruction

Rehabilitation Recovery

Disaster

Pre-disasterRISK MANAGEMENT

CRISIS MANAGEMENTPost-disaster

Risk Assessment

Figure 2: Disaster Management Cycle

strengthening disaster preparedness for effective response. Expenditure on these

actions is the focus of the present guidance. The remainder of the management cycle is concerned with post-disaster crisis management. Large amounts of government

resources are spent on post-disaster relief and reconstruction activities. Refer to ISSAI 55XX for more on this.

4. Parliament and Government

4.1 The success of disaster preparedness depends primarily on the support of parliaments and strong government programs. Governments play a major role in establishing

policy and setting out the institutional framework and programs for disaster preparedness in the context of disaster management. Governments are generally

responsible for numerous disaster preparedness activities including disaster alarms, evacuation, supply and the assessment of the situation. In this context, governments

should identify risks, assess and monitor them properly and develop a governance model for all the parties concerned - government institutions, regional and local

organizations and civil society, including volunteers, the private sector and the scientific community.

4.2 In cases where government does not give appropriate priority to disaster preparedness SAIs may need to report to parliament on this. Parliament’s oversight of

the budgetary process provides an excellent opportunity to reflect on and monitor adequately government’s commitment to disaster preparedness. Parliament can also

help to raise public awareness of the risks and potential impact of disasters and bring disaster preparedness issues and disaster sensitive programs onto the public agenda

using the appropriate channels and platforms. SAIs may consider including in their reports to parliament information which supports the oversight function and raises

the awareness of parliamentarians to the requirements of adequate disaster-preparedness.

5. Disaster Management Laws, Plans and Information

5.1 Disaster preparedness involves many activities of government; it is multi-sector and inter-disciplinary in nature and requires the involvement of many institutions and

local, national and international bodies. Governments require appropriate disaster management tools to facilitate the management and coordination of the

organizations and activities involved. SAIs need to obtain, understand and assess the legal framework insofar as it affects disaster-preparedness, overall strategic national

disaster plans, operational local or activity-specific plans and the disaster information systems, in particular the geographical information system (GIS) available to

government.

8

Disaster Management Law

5.2 A disaster management framework is usually laid down in a disaster management

law, which should act as a basis for national disaster plans. These plans are essential tools for guiding the institutions involved in the disaster management process to

ensure that timely, proactive and forward-looking precautions are taken. They should enable the authorities to provide the most appropriate response at every stage of

disaster management and constitute the single most important tool in the field of disaster preparedness.

5.3 Most countries enact a basic national law covering the general framework of disaster management. The disaster management law generally includes the following

provisions;

Developing a national disaster

management policy;

Preparing national plans and

programs under this policy;

Setting up a general framework for

the responsibilities and roles of the institutions involved in disaster

management and the arrangements for coordination between these

institutions, etc.

5.4 National disaster law provides a basis for good governance and accountability.

Auditors should scrutinize the adequacy of legal the framework in terms of planning and implementing disaster preparedness and put forward recommendations for

improving new legal arrangements.

National Disaster Plans

5.5 Disaster management legislation usually includes provisions for the preparation of a national plan. These are often called “National Disaster Management Plans”, although

their exact names differ from country to country5. They set out national strategies and provide a basis for setting priorities for all functions of disaster management by

considering all potential national and international risks. National Disaster Plans cover all the players and activities in the field and provide coordination between the

relevant institutions. By virtue of these features, national disaster plans are the main documents for audits of disaster preparedness.

5 Hereinafter “National Disaster Plan”.

9

Canada: The Emergency Management Act of August 2007 governs the national leadership responsibility of the Ministry of Public safety for emergency management and for conserving critical infrastructure. It also defines cooperation between the federal ministries.

Sri Lanka: The Disaster Management Act of May 2005 governs the establishment, responsibilities and duties of The National Council for Disaster Management and the Disaster Management Center and the preparation of disaster management plans.

5.6 In countries which have more experience of disaster management, the national

disaster plan is prepared with the aim of drawing up a general framework for disaster management. In addition to this plan, there are implementation plans, known as

specific plans, operation plans or emergency plans. Countries which are new to setting up disaster management structures have national disaster plans which are

more like operational plans.

5.7 Disaster management activities, including those which involve disaster preparedness,

are carried out at many different levels, and by many different organizations and individuals. Responsibility for coordination should be specified in the national plan.

This and the other main components of a national plan include:

• The national strategy: When determining the national strategy, it is critically

important to assess the risks in terms of potential threats and weaknesses with

which the country may be faced. Hazard mapping, disaster databases, cost-benefit and impact analysis, including an assessment of the annual average and

probable maximum losses are available tools for risk assessments.

• Priorities: In the context of disaster

management planning, priorities

are also set by using the results of risk assessments. When designing

national disaster plans, it is of prime importance that priorities

should be determined rationally, taking account of limited resources.

•Coordination: Comprehensive coordination at all stages of disaster management

(pre, during and post disaster) is essential for carrying out activities and fulfilling

responsibilities that are shared among many institutions. National plans provide for coordination tools, such as meetings and committees.

• Governance structure: Governance is a key element in implementing disaster

preparedness properly and involves a set of relationships between different levels of government. Governance also provides the structure through which the

objectives are set and the means for attaining those objectives and monitoring performance. For this reason, it is essential to create a governance structure in

which corporate responsibility areas are defined exactly. National plans define the primary functions of disaster management and the organizations that are

responsible for performing these functions. Indeed, there is no single, specific model of good governance for disaster preparedness. Therefore, examining the

legal, institutional and regulatory framework in the light of the different models that exist helps the auditor identify some of the common elements underlying

good governance. (See Annex 2 for an example.)

10

In Canada, strategies are determined and action plans are designed for 10 sectors which are prioritized as “critical infrastructure”. The sectors include Health, Information and Communication, Technology, Energy and Utilities.

• Guidance: National disaster plans guide the responsible institutions in their disaster

management work. In this connection, the corporate aims and goals, risk

assessments etc. laid down in the corporate disaster plans should be aligned with the national plan’s strategy. Therefore, the planning, monitoring and reporting

capability of the main institution responsible for national disaster planning should be optimal, with additional resources provided if necessary.

Sub-Plans

5.8 In addition to National Disaster Plans, the individual institutions that are responsible

for disaster management functions draw up plans and programs related to their own fields of responsibility. These plans

can vary depending on the institutions concerned and on disaster

types. Some examples are as follows:

• Departmental/operational/emergency management plans, made by institutions/local authorities;

• Specific plans/strategies, designed for specific disasters to which countries attach

importance;

• Business continuity plans which are related to disaster preparation; and

• Action plans which will be applied during a disaster.

5.9 The importance of disaster preparedness activities means that they occupy an

important place in disaster sub-plans. Such plans often cover the following points:

• Coordination: Coordination with the national plans and sub-plans is of primary

importance. In order for there to be effective disaster management, including

preparedness, activities such as policy, planning, risk

assessment, training, public awareness-outreach and

protection of critical infrastructure need to be

carried out in a coordinated manner by the stakeholders in the field. For example, the “Istanbul Provincial

Disaster and Emergency Directorate” was established with the main purpose of ensuring coordination and cooperation between the relevant institutions in the

region. To do this, the Directorate uses telecommunication tools and information systems.

•Risk assessment: The sub-plans specify probable risks (generally the risk assessment

tool for natural disasters is hazard

11

In Canada, a “National Disaster Mitigation Strategy” is prepared and the mitigation activities are carried out in accordance with this plan. Similarly, one of India’s disaster preparedness plans is “Preventive/Protection and Mitigation from Risk of Tsunami”

Tsunami Risk in India and the Tools of its Assessment

Tsunami Hazard Map Tsunami Vulnerability Assessment Tsunami Risk Assessment Practical Applications

In Canada, a “Federal Emergency Response Management System” has been established and the coordination tools and processes are defined within this structure. On the one hand, “the management team”, which is composed of delegates of the institutions involved in disaster management, collects the needs of the performers. On the other hand, it issues guidance to them regarding cooperation and coordination.

mapping, and for man-made disasters the appropriate tools are monitoring and

reporting). In addition, vulnerability assessments are also drawn up; for the purposes of these assessments, preparedness is tested through practical

applications.

•Training: Training is another important issue covered by sub-plans. Many countries

have a training unit which organizes the training activities related to each stage of

disaster management. For example, the Emergency Management Institute in Australia has such a training unit. Additionally, sub-plans emphasize the need to

prepare training programs concerning specific subjects. For example, in Canada the “Emergency Management Training Program” and the “Chemical, Biological,

Radiological, and Nuclear (CBRN) First Responder Training Program” are prepared to be used for training qualified personnel who will be employed in disaster

preparedness activities.

• Public awareness: In the context of disaster preparedness, public awareness

concerning disasters should be raised with a view to reducing the adverse affects

of disasters. Raising public awareness requires cooperation and coordination between all of the authorized

institutions in this field, and the private sector and NGOs. For this

purpose, disaster guidelines giving information and advice about the

actions to be taken pre, during disaster and post disaster are prepared – Educational public awareness-raising programs are also organised.

• Critical Infrastructure: This is a service, facility, or a group of services or facilities,

the loss of which will have severe adverse effects on the physical, social, economic or environmental well-being or safety of the community6. The risks to

critical infrastructures have to be identified and managed in an appropriate way. To reinforce the critical infrastructures by minimizing the risks affecting them, it is

vital that governments, local governments and especially the critical infrastructure owners and private business managers should work in cooperation.

• Measures: Operational plans should itemize measures to be taken during the

disaster management process, such as structural measures including the

6 Critical Infrastructure Emergency Risk Management and Assurance Handbook, Australia 2004.

12

In Australia “Emergency Action Guides” are developed and each action guide offers clear and concise information on how to be prepared, what to do during a major hazard, and what steps to take afterwards.

India’s Specific Measures for Safety from Tsunamis

Tsunami Effects and Design Solutions Specific Design Principles for Tsunamis Know the Tsunami Risk at the site Avoid new developments in Tsunami Run-up Areas Site Planning Strategies to reduce Tsunami Risk Tsunami Resistant Buildings – New Developments Protection of existing buildings and infrastructure–Assessment, Retrofit, Protection

measures Special Precautions in locating and designing infrastructure and critical facilities Planning for Evacuation

reinforcement of existing buildings, the construction of disaster-resistant

buildings and the evacuation of residential areas before and/or during disasters.

5.10 Given the importance of disaster preparedness management planning, auditors

should pay special attention to them during audit work on disaster preparedness. Examining similar plans at international level and making comparisons with them will

provide good benchmarks and will facilitate the work of SAIs.

Geographical Information System (GIS)7

GIS8 is an integrated collection of computer software and data used to view and manage information connected with specific locations, analyze spatial relationships, and model spatial processes. GIS technology integrates common database operations, such as query and statistical analysis, with the unique visualization and geographic analysis benefits offered by maps.

5.11 In general terms, Geographic Information System (GIS) is applications which integrate,

store, analyze, manage and present data that are linked to locations. They are used in various areas, such as cartography, remote sensing, land surveying, utility

management, navigation, geography, urban planning and emergency management. Like many disciplines, auditing can also benefit from GIS technology. This is because

GIS technology enables users to create their own searches and analyze spatial information, edit data and maps, and present the results of all these operations. For

example, GIS might enable emergency planners to calculate emergency response times easily in the event of a natural disaster.

5.12 The ability of leaders and administrators to make sound disaster management decisions, to analyze risks and decide upon appropriate counter-measures can be

greatly enhanced by the cross-sector integration of information9. GIS technology is used to combine information on natural hazards, natural resources, population, and

infrastructure etc. easily, precisely and in a timely manner. This combination of information can help to identify areas where further hazard evaluations are required,

areas where mitigation strategies should be prioritized and less hazard-prone areas which are most suited to development activities10. Basically, GIS can;

7 See annex 2 for examples8 ESRI, Geographic Information Systems and Pandemic Influenza and Response, s.6.9 Rego, Aloysius J, “National Disaster Management Information Systems & Networks: An Asian Overview”, p.1.10 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

13

• improve the quality and analytical power of natural hazard assessments and risk assessments;

• guide development activities, assist planners in the selection of mitigation

measures and in the implementation of preparedness and response actions11;5.13 All these characteristics make GIS one of the most important tools for effective

disaster management, development planning and decision making. It is also an important tool for SAIs in carrying out performance audit studies on disaster

preparedness.

Risk Assessment-Prediction with GIS

5.14 GIS technology can also be used for natural hazard assessments to show where hazardous natural phenomena are likely to occur. This combined with information on

natural resources, population, and infrastructure, can make it possible to assess the risk posed by natural hazards and to identify critical elements in high-risk areas. This

information can then be used to design less vulnerable development activities and/or mitigation strategies to lessen vulnerability to acceptable levels.12 Also, the auditors

can benefit from this information when assessing risk mitigation strategies and activities.

5.15 In the audit work on disaster preparedness, it should be evaluated whether the GIS will make the evaluation of risk assessments, risk analysis and vulnerability

assessments easier, and also on whether existing GIS elements are suitable for use in the process of disaster preparedness or not. This is very important in terms of

efficiency and effectiveness.

Planning with a GIS

5.16 With a GIS, it is possible to analyze an almost unlimited number of factors associated with historical events and present conditions, including present land use, presence of

infrastructure, etc. So planners can use the GIS to draw up specific mitigation strategies for disaster prevention activities. At the national level, the GIS can be used

to provide general familiarization with the possible disaster area, providing a reference for the overall hazard situation and helping to identify areas that need

further studies to assess the effect of natural hazards on natural resource management and development potential13. For example, in Indonesia, GIS activities

aim to develop risk maps at national, provincial and district level. The national and

11 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

12 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

14

provincial-level maps are used to determine priority provinces and areas for disaster

management activities, planning and the installation of early warning systems, whereas the district-level maps are used for district contingency planning. Under this

system, a number of modules on Forest Fires, Earthquakes/Tsunami, Volcanic Eruption and Social Unrest have been developed for building a database system in an

internet mode 14.

5.17 When known hazards and potential sources of disasters are mapped, better decisions

and plans can be made. Exposure and vulnerability assessments need to complement the hazard maps to create full risk analysis for informed decision-making. The role of

mapping has many aspects and influences the performance of systems in many ways15:

• It improves the ability of decision makers, planners, academics, researchers and

care professionals to organize and link thematic and spatial datasets;

• It makes it possible to create relations between datasets that may seem unrelated without using the geographical dimension. These links help in discovering and

creating new knowledge which can be translated into action or policies;

• Mapping enables professionals to understand complex spatial relationships visually, and as planning has an element of informed prediction, mapping can be a

powerful tool for forecasting and trend analysis.

5.18 Planning underlies the activities of disaster preparedness. Hence, the auditors should

examine all kinds of plans and the process of planning. For evaluating the plans, the GIS will help both the auditors and the planners. For more information on GIS see

ISSAI 55XX.

13 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010). 14 Rego Aloysius J, “National Disaster Management Information Systems & Networks: An Asian Overview”, s.3.15 Al-Shorbaji, Najeeb: “Use and potential of geographic information systems for health mapping in the Eastern Mediterranean Region”, s.3.

15

Part 2: Audit of disaster preparedness

6. Introduction

6.1 Many actors are involved in defining and implementing policies for disaster-preparedness, not only the different parts and levels of governments, but also international

organizations, NGO’s, private sector bodies and academic experts. Disaster risk transcends national boundaries, and so should policy-making in respect of disaster preparedness. This

calls for audits that take account of the complex environment surrounding disaster preparedness, including the international dimension. This part of the guidance covers

issues SAIs should take into consideration when planning or conducting an audit of disaster preparedness.

The experience of SAIs in the audit of disaster preparedness

6.2 The role of government varies according to the way in which countries are affected by

disasters. Different roles within countries determine government’s scope of action, the tasks it has to fulfill and, as a consequence, the challenges faced by SAIs with regard to

their audit. The results of the survey conducted among INTOSAI members show that about 57% of SAIs have experience of auditing disaster-related aid. In most cases this

experience arises from audits of post disaster activities. However, approximately 43% of SAIs’ experience was in the disaster preparedness field covering both mitigation and

preparedness.

6.3 Many countries have moved towards implementing policies in support of disaster preparedness and disaster risk reduction. As with any new policy SAIs are then confronted

with the question of how to do the audit. They need to acquire knowledge on the

16

implementation of the policies and where appropriate can play a significant role in

bringing new policies concerning disaster preparedness onto the agenda of countries and in drawing their parliaments’ attention to the absence of policies. SAIs can provide

considerable assistance to their governments by auditing the implementation of disaster preparedness policies and assessing whether the funds allocated for disaster

preparedness were used efficiently and effectively for the purposes intended. To help them carry out these innovative tasks, SAIs require practical guidance illustrated with

examples drawn from exchanges of experience in audits of disaster preparedness.

7. Audit Mandate of SAIs

According to the results of the survey carried out by the AADA WG, most SAIs have a

mandate to audit government institutions. However, some SAIs do not have a mandate to audit some government institutions. 40 % of SAIs replied that they can audit the funds

provided by foreign governments, by international financial institutions and by other institutions/donors and a few that they have a mandate to audit NGOs and private

entities, especially foreign ones. However, the mandates of many SAIs do not extend to all areas related to disaster preparedness.

7.1 The information available on expenditure on disaster preparedness is often not complete. This is despite the fact that such information is required by stakeholders (government,

parliament and others financing disaster preparedness. In addition, stakeholders and civil society need to know how prepared countries actually are for potential future disasters.

The lack of information stems in part from the existence of different bodies concerned with implementation which have different audit arrangements. As a consequence no

single audit body has access to comprehensive and reliable information. One solution to this may be for SAIs to conduct joint audits of disaster preparedness.

7.2 SAIs are well-placed to gain an overview of the structures involved in disaster preparedness. The survey carried out by the AADA WG revealed, however, that

approximately 41 % of the SAIs did not have access to (all) relevant audit reports such as those prepared by the governmental internal auditors, public accounting firms, the

provincial auditor general, the external audit function, the office of inspector general and special governmental commission, etc. The survey also revealed that while some 59% of

the SAIs responding had right of access to audit reports prepared by other institutions, many SAI mandates did not include access to all of the activities and organizations

involved in disaster preparedness.

17

ISSAI 1/10 states that SAIs should have access to information concerning the audit,

including internal and external audit reports, and that this should be enshrined in the legal mandate of the SAI.

8. What challenges do SAIs face?

8.1 Many SAIs face serious constraints in meeting the requirements of their mandate regarding disaster preparedness. These challenges relate to institutional, technical,

political, and communication issues:

Institutional challenges: when auditing new policies and activities related to disaster

preparedness SAIs need to consider acquiring different types of professional expertise including predictive and forward planning skills.

Technical challenges: in the field of disaster preparedness, the increasing use of new technologies (IT, GIS, GPS, remote sensing, etc.) and new approaches have generated

additional technical challenges for SAIs. The skills of auditors need to be strengthened accordingly to allow them to use these systems and data sources to

evaluate disaster prediction, risk assessments, urban planning etc. and monitor the progress of the implementation of national disaster plans.

Political challenges: SAIs may face political challenges when the interest shown by governments and parliaments in the risks related to disaster is insufficient and low

priority is accorded to disaster preparedness. In such cases, SAIs should work to raise the awareness of parliament regarding the importance of a disaster preparedness

policy. This may cause the SAI to broaden the scope of the audit to include the examination of risk prediction and assessment.

18

• Parallel Audit: A decision is taken to carry out similar audits. Methodology and audit approach would be shared. The audit is conducted more or less simultaneously by two or more autonomous auditing bodies, but with a separate audit team from each body, usually reporting only to its own governing body and only on matters within its own mandate.

• Coordinated Audit: A coordinated audit is either a joint audit with separate audit reports to the SAIs own governing bodies or a parallel audit with a single audit report in addition to the separate national reports.

• Joint Audit: Key decisions are shared. The audit is conducted by one audit team composed of auditors from two or more autonomous auditing bodies who usually prepare a single joint audit report for presentation to each respective governing body.

Source: INTOSAI - Capacity Building Committee - Sub Committee 2 Guide For Cooperative Audit Programs

Communication challenges: a further risk related to the political challenge is that of

poor communication between SAIs and their parliaments, governments, the media and the public at large. The success of disaster preparedness depends on the

participation of society as a whole, including an understanding of the importance of the resilience of nations and communities. The clarity of SAI reports is vital in this

respect, to ensure maximum impact.

Some of these obstacles can be overcome by forming and strengthening alliances

between SAIs, other audit institutions, parliaments and civil society.

9. Cooperation between SAIs

9.1 The impact of many disasters is not limited to one country. The fact that disasters can

strike several countries at the same time highlights the importance of international cooperation in disaster-preparedness. SAIs should also take the international dimension

into account, and should be prepared to cooperate with other SAIs in this area. Such cooperation is needed in order to cover all aspects of disaster-preparedness.

9.2 By cooperating in the field of disaster preparedness, SAIs can perform comprehensive and meaningful audits and

enhance confidence in their work, contribute

towards creating public awareness and the

improvement of activities & programs, strengthen

political interest in accountability, uphold

common criteria, and share knowledge both

domestically and worldwide. The “Guide for

cooperative audit programs between SAIs”16

can be taken as a framework and ISSAI 5140 “How SAIs may cooperate on the audit of international environmental accords”17 can be used as a model. Against this background,

cooperation between two or more SAIs can be carried out in three forms: parallel, coordinated and joint audits.

16 INTOSAI - Capacity Building Committee - Sub Committee 2 Guide For Cooperative Audit Programs. See also See INTOSAI, How SAIs May Co-operate on the Audit of International Environmental Accords, 1998; INTOSAI, Cooperation Between Supreme Audit Institutions - Tips and Examples for Cooperative Audits, 2007, Introduction.

17 ISSAI 5140: How SAIs may cooperate on the audit of international environmental accords.

19

10. Types of Audit

10.1 When auditing disaster preparedness, the SAIs can perform all types of audit. Many

SAIs perform both financial and performance audits in the field of disaster preparedness. In addition, a few SAIs perform mixed audits. The survey carried out by the AADA WG

showed 61% of disaster preparedness audits carried out by participating SAIs to have been performance audits. In all cases, the basic principles of auditing and generally

accepted standards (general standards, field standards and reporting standards).apply.

10.2 Financial audit coverage of disaster preparedness expenditure tends to take place as

part of annual financial audits of government departments/institutions. However, some SAIs carry out separate financial audits of national disaster preparedness funds or as

donors of foreign aided projects. Many SAIs reach the conclusion, however, that to address specific aspects of the activities of disaster preparedness management in a way

that best meets the needs of stakeholders, performance audits should be carried out. In general, carrying out performance audits allows SAIs to get a better overview of the

disaster preparedness field, including the activities and organizations that may normally lie outside the SAIs’ mandate.

10.3 The activities and expenditure related to disaster preparedness often extend over

several years and are carried out by different bodies. Financial audit is usually annual and may cover the transactions of only one entity. As many activities in this field do not

require capital resources, and since many organizations are outside the SAIs’ jurisdiction, the contribution of financial audit may add only limited value to the management of

disaster preparedness. Activities and funds extending over several years and the different institutions that have responsibility in the disaster preparedness field, however, may well

20

be the subject of performance audit and financial audit undertaken concurrently. SAIs

should focus on the risks involved in disaster preparedness in order to decide which type of audit to carry out.

10.4 Audits of international agreements on disaster preparedness can also be either

financial or performance audits. Such audits are of great importance and can bring to light

inadequate implementation or the failure to apply agreements.

11. Principles for Auditing Disaster Preparedness

Audits of disaster-preparedness should aim to convince government and parliament to adopt adequate disaster-preparedness measures.

11.1 In cases where disaster preparedness policies are a new concept for government in the

field of disaster management, or where there is lack of awareness of the need for disaster preparedness measures, SAIs may seek to influence policy-making and help to promote

public awareness. The audit should be oriented towards the SAIs’ goal of raising the interest and understanding by parliament of the issues. Where better disaster-

preparedness requires international cooperation, SAIs should recommend that parliament enacts appropriate laws or concludes international agreements to facilitate this.

Cooperation between SAIs should be developed in conformity with the INTOSAI Guidelines and Standards.

11.2 Disaster preparedness activities in one country may be funded by another country. In such cases the need for the SAIs of donor and recipient countries

to collaborate to allow their audits to cover all aspects of disaster preparedness takes on added importance. Collaboration between SAIs of different countries is equally important

when auditing bilateral or multinational treaties on reducing disaster risks and/or promoting cooperation on hazards which transcend national borders such as the

establishment of early warning systems. Both domestic and international cooperation and coordination are vital if SAIs are to contribute to improving activities or strengthening

accountability in the disaster preparedness area. Such cooperation may range from a simple exchange of information, which is already intrinsically beneficial, to much closer

cooperation in the form of coordinated or joint audits, allowing the exchange and sharing of audit experience and results between SAIs. The latter scenario requires a common

understanding of the audit methodology to be applied and of the relevant audit criteria to be followed. To this end, an agreement (for example, a memorandum of understanding or

protocol) may be established to define the scope, extent and form of the intended cooperation between the relevant SAIs.

Joint audits among the SAIs of countries which are party to international agreements in areas exposed to the risk of disasters may contribute towards good governance and accountability in the field of disaster preparedness.

21

11.3 Disaster preparedness activities are usually financed from the national budget and are

therefore subject to audit by the SAI of the country concerned. Where additional funding is provided by donors, the auditors of these donors will also become involved.

Where cooperation is necessary to tackle disaster risk factors SAIs may need to pay attention to bilateral or multilateral agreements, or the absence thereof.

11.4 Despite possibly different objectives, SAIs should consider relying on the work of other auditors. Alternatively SAIs may consider carrying out joint or parallel audits which allow

them to pool resources, share tools, learn from each other and possibly overcome issues regarding the adequacy of individual SAIs’ audit mandates.

SAIs should foster relationships with other relevant audit bodies.

11.5 Many bodies may be responsible for auditing different aspects or phases of disaster

management. Examples of other audit bodies include public or private sector internal or external auditors of central, state, regional or local government or auditors of specific

agencies. SAIs should be clear on who audits what and on what is the relationship between themselves and these auditors. Constructive cooperation at all levels should

be fostered between SIAs and other auditors.

12. Assessment of Audit Environment

12.1 The audit of disaster preparedness should start with an assessment of the audit

environment on which the decision as to what type of audit should be performed and what is to be its scope is based. Auditors should first evaluate the appropriateness and

quality of the risk assessment carried out by the government agency responsible for developing disaster plans. The starting point should be a sound event analysis. Next, the

preparedness activities, including prevention and mitigation should be examined, and the adequacy of early warning systems and disaster prediction assessed. Figure 1 shows

the different activities of disaster preparedness. These do not follow chronological steps or fall into mutually exclusive phases.

22

Early warning &Prediction

Early warning systemsInformation about

hazards&risks

Prevention/ Mitigation

Land use planningTechnical measuresBiological measures

Making cities resilient etc.

PreparednessOrganisation

Finance planningDeployment planning

Risk Assessment

Hazard Vulnerability

Exposure

Figure 1: Disaster Preparedness

12.2 The type and source of data/information required should be detailed in the audit

program.

For assessing the risks relating to disasters the following information should be sought:

where will natural events take place?

how vulnerable are people who live there/how vulnerable is the critical infrastructure in that area?

what is the chance of an earthquake with epicentre X and strength Y / that a volcano will erupt with certain strength / that a cyclone with force Z will hit a certain location, etc?

To assess the risks associated with the operational management/ implementation of disaster management, the following information should be sought:

who should be responsible for what?

who should cooperate with whom?

what information is needed to plan and coordinate? etc.

23

The complexity of assessing the quality of risk assessment makes the evaluation difficult:

When is it good or good enough? What is sufficient? Sharing of experience between SAIs can help to find answers to some of these questions by referring to examples from

previous SAI audits.

12.3 In assessing the audit environment, auditors should try to obtain knowledge regarding the following issues:

• The organizational structure and main activities which ensure that the systems,

procedures and resources fulfill the disaster preparedness requirements. This covers the preparedness of communities to help themselves in the event of a disaster

including training, awareness raising, establishment of disaster plans, evacuation plans, pre-positioning of stocks, early warning mechanisms and strengthening local

knowledge. Auditors also need to establish the arrangements for financial preparedness to minimize the macro-economic or budgetary impact of a disaster

(budgetary provisions, contingency financing, stand-by agreements, risk insurance).

• The preventive measures to be taken before a disaster occurrence with a view to

reducing or eliminating the impact on society and the environment if and when it

does occur. This includes reducing the physical vulnerability of existing infrastructures or vulnerable sites which may directly endanger the population, e.g.

retrofitting of buildings and reinforcing lifeline infrastructure.

• The identification of prevention activities conceived to ensure permanent protection

against a disaster, including engineering, physical protection measures, legislative

measures for the control of land use and codes of construction. These activities reduce the physical vulnerability and/or exposure to risks through infrastructure.

13. Planning and carrying out an audit

13.1In line with the INTOSAI Auditing Standards (AS 3.1.1), the auditor should plan the audit in

a manner which ensures that a high quality audit is carried out in an economic, efficient

and effective way and in a timely manner. Careful advance planning will reduce the risk of problems arising at a later stage of the audit. Before starting the audit, it is important to

define the audit objectives, the scope, and the methodology to achieve the objectives.18

13.2After obtaining enough background information and knowledge about the audit

environment, the auditor should specify the risks with regard to economy, efficiency, and effectiveness (the 3Es) in broad terms. Depending on disaster types and their probability

and the risk impact, the management risks in terms of the 3Es will arise in different areas. Inadequate organization, planning, monitoring, control, coordination, lack of a sound

18 INTOSAI Implementing Guidelines for Performance Auditing, Part 3 p. 3.3 July 2004. “What does planning of individual performance audits involve?”

24

Figure 2: Correlation between risks/criteria/recommendations

disaster management information system, etc. are the main risks to the 3Es in this field.

Their relative importance depends on the type of disaster. Examining the risks allows the auditors to identify control weaknesses and high risk areas regarding disaster

preparedness within disaster management.

13.3As Figure 2 shows, there is a strong correlation between the risks to the 3Es and audit

criteria and recommendations. For this reason, identifying the risks to the 3Es at the outset is very important for designing a successful performance audit of disaster

preparedness. Audit criteria show “what should be”. The area for which the criteria should be set can be determined once the risks to the 3Es have been identified and

recommendations can then be produced to address areas in need of improvement. (See paragraphs 3.17 and 3.18 for further discussion of audit criteria.)

Audit Approach/Scope

13.4According to the INTOSAI Auditing Standard, performance auditors must be free to

examine all government activities from different perspectives (AS 4.0.4, 4.0.21-23 and 2.2.16). The INTOSAI Implementation Guidelines for Performance Auditing (ISSAI 3000/ 1.8) point out that performance auditing is normally based on an overall owner

perspective, that is, a top-down perspective. It concentrates mainly on the requirements, intentions, objectives and expectations of the legislature and central government.

However, the possibility of adding a ‘client-oriented perspective’ is also emphasised. The

25

audit mission may thus be interpreted as a way for SAIs to focus on problems of real

significance to the people and the community.

13.5The 21st UN/INTOSAI Symposium (2011) focused on the theme of “Effective practices of

cooperation between SAIs and citizens to enhance public accountability”. The symposium concluded that SAIs should be responsive to the needs and concerns of citizens and help

to build public confidence. Both the INTOSAI Standard and Guidelines and the recommendations and conclusions of 21st UN/INTOSAI Symposium support the notion

that SAIs should interpret and reconsider the audit mission in the field of disaster preparedness from the perspective of enhancing public accountability. From this point of

view, SAIs, in auditing disaster preparedness, should focus on the interests of the public and approach the issues from a bottom-up perspective. The use of a performance audit

approach to the audit of disaster preparedness facilitates this.

13.6Practice shows that different SAIs employ different approaches to auditing disaster-

preparedness. For example, Turkey used a risk-based audit approach in a performance audit of disaster preparedness entitled “How well is Istanbul getting prepared for the

earthquake?” During their enquiries, the auditors tried in particular to detect problems and drawbacks in implementation. This audit approach helped the auditors determine the

most risky activities and areas. In a different example, from Kenya, financial audits used a systems based approach to establish the effectiveness of internal controls in an audit of

the financial statements drawn up for the funds allocated for disaster management. The reports on the financial statements gave opinions as to the fairness and truth of the

financial statements.

13.7As seen in these examples, the auditor should first identify the risks and then determine

an appropriate type of audit and audit approach according to these risks.

Audit Objectives

13.8The most important step in designing the audit is to establish the specific issues to be

studied and the audit objectives to be pursued. The way in which the audit objectives are

determined varies depending on the type of audit to be carried out. In financial audits, the audit objectives are generally defined by legislation and SAIs audit the government

institutions/departments annually. These audits cover a review of the accounts and the underlying transactions, including disaster-related expenditure. Financial audits are

conducted to ascertain whether funds have been disbursed properly and to assess the legality and regularity of expenditure. An example of a financial audit objective might be

to examine the management of the funds earmarked from the State Budget for protection against floods.

13.9In performance auditing, however, the audit objectives set depend on the disaster

preparedness issues that are being focused on. In determining their objectives, the

26

auditors must take into account the roles and responsibilities of the SAIs within the

management of disaster preparedness and the expected impact of the audit in this field. There are a great number of interrelated activities in the area of disaster preparedness

with a large number of actors performing work in separate fields. Audits should be designed to take account of the complex and possibly unstable environment of disaster

preparedness and an appropriate audit scope set accordingly.

13.10Within the audit scope, the auditors should set the audit objectives. Disaster

preparedness contains a range of precautions taken against future disaster. These precautions are based on different possible scenarios which form part of the National

Disaster Plans and/or the sub-plans and should form the basis for setting the audit objectives.

13.11Some examples of audit objectives for performance auditing are given below19:

• To evaluate the distribution and use of resources from the disaster fund; decision-

making approaches, division of functions and coordination between federal, regional and local authorities. (Preparedness-Mitigation/Austria)

• To determine whether Public Safety Canada can demonstrate that it has exercised

leadership by coordinating emergency management activities, including critical infrastructure protection in Canada and to determine whether Public Safety

Canada, along with federal departments and agencies, can demonstrate progress in enhancing the response to and recovery from emergencies in a coordinated

manner. (Preparedness-response/ Canada)

• To assess the effectiveness and operating efficiencies of recently established

“National Disaster Management Support System” (NDMSS) to provide an

independent verification of the reliability of the information contained in the NDMSS and to examine the stock management of relief goods and materials.

(Preparedness/Korea)

• To determine factors affecting the efficient distribution of food relief aid.

(Mitigation/Lesotho)

• To audit whether the Minister of Home Affairs has fulfilled his responsibility for

the organization of disaster management in the Netherlands. (Preparedness/Netherlands)

• To specify the risks faced during the short and medium-term preparatory work to

minimize the damage caused by a possible Istanbul earthquake and to identify the measures to be taken. (Preparedness/Turkey)

19 Compiled from SAIs which participated in the survey and parallel/coordinated audit

27

• To determine whether the resources donated reached the intended beneficiaries

and to determine their impact in mitigating the effects of the famine. (Kenya)

Audit Methodology

13.12Audit methodology is the set of techniques developed for data collection and analyses.

According to the INTOSAI Auditing Standards to support the auditor’s judgment and conclusion regarding the activities under audit, competent, relevant and reasonable

evidence should be obtained.20

13.13 In financial audits, evidence is based on the transactions, financial statements, project

implementation reports, physical verification, independent technical assessment, compliance with tender/procurement procedures, etc. The auditor focuses on the

following:

Reviews of internal controls and procedures,

Reviews of documents (disbursement and receipt of donations) and records in the accounts,

Tests of accounting records,

The validation of beneficiaries on a sampling basis.

13.14Evidence in performance auditing may include the above or may be different. It should

above all be persuasive and should be obtained by the collection and analysis of data,

information and knowledge from appropriate sources.

13.15Some of the methods used for collecting and analyzing data in performance auditing are:

• File examination. Auditors should gather and analyze relevant guidance,

protocols, legislation, disaster planning documents and post-event reports at all

levels of government, especially those of the bodies responsible for disaster management. For example, for Turkey’s audit study concerning earthquake

preparedness, building development planning, application works, ground condition reports and the documents related to the reinforcement activities of

Istanbul Metropolitan Municipality and district municipalities were scrutinized on site.

• Site Visit. Auditors may make site visits to observe and evaluate the work of

relevant institutions included in the audit scope and interview key local individuals. This is the most effective method for auditors to observe what

happens during inspections of storage and transportation facilities.

• Interview. Auditors may envisage direct interviews with individuals designated to

play a key role in minimizing risks in the event of a disaster. These include the

authorized personnel of disaster management institutions, heads and staff of

20 See INTOSAI Auditing Standards p. 3.5.1

28

service groups and relevant professionals taking part in disaster plans. Examples

of service groups include transportation, communication, rescue and debris removal, first aid and health service groups. Interviewing is an important tool for

assessing coordination and collaboration between levels of government, and the contribution of the different parties concerned. Interviews with scientists and

NGOs and other bodies, such us the Red cross/Red crescent, the Chamber of City and Regional Planners, local or municipal governments, etc., known to have

contributed in minimizing disaster risks, can also help auditors formulate audit criteria and obtain audit findings.

• Surveys/Questionnaire. Auditors may employ the use of surveys for evaluating the

activities of community preparedness and training and to collect similar data from a large number of different institutions, such as ministries, municipalities, fire

brigades and provinces. Surveys can also help the auditor evaluate public awareness to disaster preparedness.

• Literature Review. Reviewing articles, studies, other audits reports and

evaluations concerning disaster preparedness will help in:

understanding the overall control environment for disaster preparedness,

specifying different needs for and approaches to disaster preparedness,

formulating audit criteria,

developing recommendations.

• Assessment of the adequacy of management tools. Carrying out activities related

to disaster preparedness depends on the adequacy of management tools such as

disaster plans, Geographic Information Systems (GIS), Remote Sensing (RS), the Global Position System (GPS), disaster information systems and other relevant

software. The disaster plans should therefore be analyzed and the adequacy of these systems should be assessed.

• Risk assessments, including hazard maps, disaster loss databases, vulnerability

assessments and exposure calculations. Disaster preparedness measures are implemented on the basis of risk assessments and scenarios. For that reason, risk

analyses should be evaluated in performance audit studies.

• Observation and case studies. Observation and case studies are suitable tools for

evaluating the drills and the training and education of professionals who are

involved in disaster preparedness activities.

• Sampling. Since it is rarely feasible to test the whole of the disaster preparedness

audit area, sampling methods should be used. GIS and/or other similar tools help

the auditor to select samples.

29

13.16 The data obtained needs to be reliable, accurate and up-to-date. Data and

information must be obtained from many different organizations, and auditors should therefore carefully collect, cross-check and analyze the evidence, as well as

establishing their own database containing reliable and accurate data and updating it during the study. Geographical Information Systems (GIS) could be used to

complement such a database.

Audit Criteria

13.17 Audit criteria give direction to the assessment and help auditors to determine

whether the activities/programs meet expectations or not. In financial audits, criteria

are laid down in the laws on financial management and the legislation establishing the audit body. In performance audits, audit criteria are generally formulated by the

auditor. Thus, in performance auditing, the general concepts of economy, efficiency, and effectiveness need to be interpreted according to the subject. For this reason,

criteria will vary from one audit to another.21

13.18 In performance audits of disaster preparedness, auditors should specify audit criteria

in accordance with the issues selected for audit. The general concepts of performance, economy, efficiency and effectiveness should be turned into specific

criteria relating to disaster preparedness activities. Otherwise, the criteria will not provide direction to the audit study and might be vague. (See Annex 6 of the guideline

for examples of audit criteria).

Audit Findings and Recommendations

13.19 Audit findings should be supported by evidence gathered by the auditor and should

satisfy the audit objectives, provide answers to audit questions and meet the audit

criteria. They show the current situation, i.e. “what is”. The audit program in Part III is designed to help auditors to establish audit findings.

13.20 The auditor should develop audit conclusions and recommendations by carefully

analyzing the causes and effects of the findings. As mentioned in paragraph13.3,

there is a strong correlation between the risks in terms of the 3Es and audit criteria and recommendations. When producing recommendations, auditors should bear this

in mind and propose reasonable solutions to areas in which weaknesses and risks to the 3Es are identified. (See Annex 7 of the guideline for examples of audit

recommendations).

21 INTOSAI Implementation Guidelines for Performance Auditing, July 2004,p.52

30

31

Part 3: Audit of disaster preparedness

14. Audit Program

14.1 The audit of disaster preparedness should be based on a sound audit program

focused on understanding the operational environment of disaster preparedness. This

includes the organizational structure and resources of all the relevant authorities, as well as the overall audit environment. The aim is to design a sound audit study and

prepare a reliable audit report with a high impact. The audit program which follows is based on an assessment of SAIs’ audit reports, the disaster management plans of

various countries and the results of the survey which was prepared by the AADA WG. defines terms, presents different approaches illustrated by examples from SAIs

around the globe and contains best practice criteria on individual topics (still under preparation) derived from the experience of SAIs and the parallel audit on disaster

preparedness conducted by the AADA WG.

14.2 The audit program covers many issues and should be adapted and expanded upon

according to which areas require particular attention and taking into account the conditions in the country being audited the specific tasks established by their SAI and

the particularities of the disaster. SAIs should use the questions and criteria which are relevant and appropriate to their audits on disaster preparedness.

14.3 There are two parts to this audit program which address the activities of disaster

preparedness: preparedness actions including prevention and mitigation and activities

aimed at making urban areas resilient and reducing urban risk. Preparedness activities are best considered at national and international level whereas activities involved in

making cities resilient are better handled at local/city level. The audit program consists of eight parts:

• Identification of the characteristics of the disaster;

• Specifying and understanding the national strategy and action plans;

• Identification of the framework and organization of the authorities involved;

• Assessment of the adequacy of coordination;

• Assessment of disaster management tools and early warning systems;

• Assessment of emergency exercises and training and communication/creating

public awareness;

• Assessment of disaster funds and grants administration/resources;

• Assessment of the adequacy of the activities for making urban areas resilient ;

32

Identification of the characteristics of the disaster

14.4 Specifying disaster types and the probability with which they are expected to occur

should be the first step in auditing disaster preparedness. Government approaches and policy preparedness activities depend on this calculation. The government approach to the potential disaster will determine the scope of the audit. These are factors which should be taken into account when designing and undertaking an audit of preparedness activities.

14.5 The auditor should first have knowledge of the following issues:

What types of disaster may occur in the country?

What is the probability of each type of disaster? Does the government (specific agency) prepare risk assessments, taking into

account, among others, the following aspects: natural, human, indirect hazards;

specific vulnerabilities; specific geographic locations;

disaster management capacities. Are there (up-to-date) hazard maps and/or hazard analyses?

What is the extent to which communities, structures, services and geographic areas are likely to be damaged or disrupted by the impact of a particular hazard,

on account of their nature, construction and proximity to hazardous terrain or a disaster prone area (physical & socio economic vulnerabilities)?

What are the possible combinations of types of disasters? What could be the average annual and probable maximum extent of loss or

damage? What is the government’s approach to prepare for such disasters?

What is the recent experience of major disasters? What were the government’s responses? What lessons have been learned?

What was the worst disaster experienced by the country and how much was the damage?

………………………………………………………………………………………………………………………….. (Please add your own questions)

Specifying and understanding the national strategy and action plans

14.6 For the auditor, the national disaster plan (or a substitute tool) is one of the most

important tools in the evaluation of disaster preparedness. The national disaster plan/substitute tool, which is prepared by the authority responsible for disaster

33

management, along with event-specific and departmental plans, will guide the central government response to disasters. It should outline the processes and mechanisms to facilitate an integrated government response to a disaster. It should address specific threats, the response to international emergencies, and the National Emergency Response System which outlines a harmonized federal and provincial/territorial response to disaster. With a good national disaster plan, the auditor can specify and examine all activities related to disaster preparedness as a whole.

14.7 Comparison between the national disaster plan and those of other countries exposed

to similar disasters will help the auditor to evaluate the adequacy of disaster preparedness. Moreover, national disaster plans will be a good source for determining audit criteria because they identify what to do and to expect. In order to understand the government’s approach to disaster preparedness, the auditor should also examine whether any consistency and can be identified between the disaster plans in various regions and the national disaster plan.

14.8 To understand the government’s approach to disaster preparedness, the auditor should carefully examine the national disaster plan and/or substitute tools and assess its aims and targets:

Is there a legal framework for disaster management, including disaster preparedness/risk reduction?

Has the State signed any bilateral or multilateral treaties or agreements on reducing disaster risks and/or promoting cooperation against the threat of

hazardous events? Has a national disaster plan been prepared or are there any substitutes for a

national disaster plan? Do the disaster plans/substitute tools cover the international treaty/agreement

obligations? Are the disaster plans/substitute tools updated regularly?

Are there procedures for systematically reviewing plans/substitute tools for timeliness, completeness, consistency with existing guidelines and overall

usefulness? What are the reviewing entities? Are they independent third parties with

objective views? Which events/situations are accepted as disasters in the national disaster plan, or

the substitute tools? Have the national disaster plans/substitute tools been designed on the basis of

analyses like disaster risk maps, risk assessments, etc.? To what extent do the disaster plans have priority over other legislation? (e.g.

limitations of ownership or property rights in case of emergency.)

34

Do these plans/substitute tools provide a good basis for timely, clear and

organized action – including when and who will perform such action during an emergency or disaster?

Within the disaster plans/substitute tools, how are the roles and responsibilities defined and allocated to each unit responsible?

Are NGOs/POs (Red Cross, international organizations) involved in the design of the National Disaster Plan?

Is there a contingency plan for external collaboration mechanisms in an emergency situation?

Formal structures? Collaboration at international, national, regional and local level?

Which body is responsible for coordinating disaster planning? What are the main activities for disaster preparedness within the plans/substitute

tools? Do they cover all necessary activities? Are disaster preparedness planning efforts consistent and adequate? (General

preparedness plans as well as hazard-specific plans.) Are there realistic options to counter threats, decrease vulnerabilities or mitigate

consequences? Do the disaster plans promote regular disaster preparedness exercises, including

evacuation drills, with a view to ensuring rapid and effective disaster response and access to essential food and non-food relief supplies, as appropriate to local

needs? Do they provide for a review and amendment of the existing zoning regulations,

building codes and bylaws (including a review of enforcement mechanisms for the bylaws etc) and the creation of an awareness among building experts that this

might be necessary? Do they adopt preventive maintenance policies and action towards earthquake

safety in hospitals and key public institutions? Is the critical infrastructure determined on a national scale within the scope of

disaster plans/substitute tools? Are specific measures designed, or taken, to protect critical infrastructure?

Have the goals, objectives and strategies set out in the disaster plan been integrated into the annual budget process (emergency operations and grant

application processes)? Is the National Disaster Plan allocated with a sufficient government budget to

carry out the plan? Is the National Disaster Plan properly disseminated to all units of government?

Is the public allowed access to the plans? If so, what methods are used to disseminate them?

35

Is the public informed about what actions it can take to prepare for a possible

disaster, and what actions to take in case of a disaster? What kinds of action plans and alternative plans are prepared?

Are the sub-plans (action plans etc.) prepared in accordance with the national plan/ substitute tools?

Are all units of government such as regional, provincial, city and municipal levels required to prepare their own Disaster Plan based on the National Disaster Plan?

Is consistency and harmonization ensured between the disaster plans in various regions and the national disaster plan?

Are disaster preparedness plans and policies at all levels prepared or reviewed and periodically updated with a particular focus on the most vulnerable areas and

groups? …………………………………………………………………………………………………………(Please add

your own questions)

Identification of the framework and organization of the authorities involved

14.9 As stated before, there are many institutions and agencies in this field. Coordination

among them can assist the completion of the interrelated activities without duplication and in a timely manner. For this reason, the auditor should have a comprehensive knowledge of the legal framework and organizational structure, which includes entities that are both within and outside the SAIs’ jurisdiction. Establishing their roles, responsibilities and how to ensure cooperation among them will help the auditor assess where and how to collect data, who is responsible for what actions, etc. Additionally, it is beneficial to answer questions like “is there a sufficient legal framework? are the activities well-coordinated? what is the governance structure like”. (See Annex 3 for an example.) The disaster preparedness auditor should also focus on how coordination and concerted action can be achieved by the various bodies involved in disaster preparedness.

14.10 In order to design a sound audit of disaster preparedness and understand the organization, the auditor should look at the following points:

What are the applicable laws/directives/national/local initiatives in this respect?

Which body has the main responsibility for disaster preparedness? Which bodies are related to disaster preparedness at each level? (evaluate the

organization structure as a whole) Are the organizational structures and systems well defined and designed to

facilitate successful disaster preparedness activities? Are the relevant functions of these bodies formulated clearly and sufficiently?

Are authority and responsibility clearly assigned?

36

Is there a reliable and effective internal control for the activities of disaster

preparedness? Is there an existing communication system that will effectively provide timely

information to each level of government with regard to disaster preparedness? Does the main body responsible have capable and sufficient human resources?

What are the staffing profiles? Is the staffing appropriate in order to coordinate and carry out disaster preparedness activities?

Are there any specific plans to ensure that the government can continue operating even in case of a disaster?

Does the main body responsible have a complete and detailed overview of the resources allocated to disaster preparedness activities?

Is there a Quick Response Team to respond to disasters as they occur? In which areas within the disaster preparedness process do non-government and

other organizations act? Could the main body responsible provide the facilities and support necessary for

the activities of the non-government bodies? Has a monitoring mechanism been established with a view to monitoring extra-

budgetary funds and the activities of non-government bodies? What lessons have been learned from previous experiences of disasters in view of

the position and authority of the relevant organizations? Have these lessons been properly reflected in such areas as the reorganization and strengthening of

authorities? …………………………………………………………………………………………………………………...

(Please add your own questions)

Assessment of the adequacy of coordination

14.11 Recent events, such as Katrina, the tsunami and earthquakes in Pakistan and Haiti,

have shown that the management of large-scale disasters is a matter that concerns not only the government, but also other stakeholders including businesses and individuals exposed to disaster risks. Therefore, the evaluation of coordination between all stakeholders is increasingly important. In fact, coordination should encompass intergovernmental bodies and regional organizations as well as national bodies and institutions, and non-governmental organizations at the national and international level.

14.12 The national disaster legislation and the national disaster plan are the main tools for

evaluating coordination, along with event-specific and departmental plans. Additionally, the auditor should pay special attention to the activities of the main authority responsible for coordination and examine its management system and governance structure.

37

14.13 To assess the adequacy of coordination with bodies at regional, national and international level, the auditor should examine the following issues:

Has a coordination mechanism been established that should function in case of a

disaster? Are all relevant participants identified and included in this coordination

mechanism (national/regional/local level and the main contact point for external bodies)?

Has the expected level of coordination between and among the agencies concerned been achieved during the occurrence of recent disasters (if any)?

Is there a monitoring mechanism to provide information to help ensure cooperation, as appropriate, with different bodies at the regional, national and

international levels? Does the existing coordination foster collaboration in order to avoid the

duplication and overlap of activities in the field, to make the most efficient use of resources and to raise awareness of the risk of disaster?

Are different forms of cooperation for disaster preparedness activities, such as technical assistance, consultancy, equipment and supplies, etc. specified in

accordance with the nature, role and work of different participants in this field? What alternative means of communication are ready, such as telephones, radios

and the internet? Are there multiple options in case of a disaster? …………………………………………………………………………………………………………………………..

(Please add your own questions)

Assessment of disaster management tools and early warning systems

14.14 Geo-science technologies are in widespread use for disaster preparedness. Geographic

Information System GIS is a tool that can be used in all types of disaster to collect various types of data. GIS is structured in different ways from country to country according to the disaster risks faced. For example, to understand the full short and long-term implications of floods and plan accordingly, an analysis needs to be made of combined data on “meteorology, topography, soil characteristics, vegetation, hydrology, settlements, infrastructure, transportation, population, socioeconomics and material resources”22. These aspects, which vary in the field of disaster management, are easily processed with the help of a GIS and can be used for risk analysis and the planning.

14.15 GIS, and other instruments such as Remote Sensing (RS) and the Global Positioning

System (GPS), are mostly used by planners. Before deciding to acquire or use a system,

22 Rego, Aloysius J: “National Disaster Management Information Systems & Networks: An Asian Overview”, s.1.

38

planners need to make a meticulous evaluation of their needs. This must include a definition of how their planning activities and decisions will be assisted by using a GIS. Specific objectives and applications of the GIS should be established and planners need to assess carefully if the quantities of spatial calculations and analyses to be performed justify automating the process. Therefore, the auditor must scrutinize the GIS and planning process well in order to audit disaster preparedness.

14.16 Effective use of GIS and other instruments in disaster preparedness will depend on the

reliability, accuracy and adequacy of data and the elements of these systems. At the same time, the benefit to be had from the data gathered by using a GIS effectively is closely related to the extent to which these data have contributed to the planning process. The hazard maps, zone maps and risk assessments which are obtained by using a GIS should be submitted to decision-makers at the appropriate level and on time and these data should also be used in the planning process. In this context, the auditors should determine whether there is a mechanism that transfers the technical data produced at this stage to the planning process.

14.17 Additionally, the GIS will increase communication and improve cooperation among the

users of the information. GIS is an important tool for the auditor to evaluate the adequacy of communication among the relevant bodies. In performance audits of disaster preparedness, the adequacy of the disaster management information system and especially the GIS have to be evaluated carefully.

14.18 Special attention should be paid to tools such as GIS from a different point of view.

Duplication and lack of coordination among relevant entities in introducing new IT equipment are common problems. This is the same in the area of disaster preparedness. GIS could easily be another area of duplicate investment if they are developed separately by different stakeholders. According to the survey, the utilization level of the NDMSS “National Disaster Management Support System” was much lower than expected, but it was very difficult to conclude that it was an overinvestment.

14.19 In order to evaluate the adequacy of management tools used to accomplish the goals for disaster preparedness, the auditor should assess the following:

Does the country have early warning mechanisms to predict calamities that may hit the country come during a certain period?

Are assessments of hazard risk, vulnerability and disaster risk, at national and sub-national levels, undertaken on a regular basis?

Is the conduct of risk and vulnerability assessment activities properly documented for reference and audit purposes?

Are cost-benefit analyses of a range of disaster risk reduction measures performed on a regular basis and are they a requirement for public investment

planning?

39

Is a monitoring system in place to determine the extent of loss or damage

following a disaster? Is there an up-to-date disaster management information system?

Is the existing disaster management information system suitable for analyzing risks and planning efforts to reduce the risk and/or mitigate the impact of

disasters? Does the management information system contain enough information on

hazards and risks to determine, at the local level, who is exposed and who is vulnerable?

Has the main authority developed effective and appropriate instruments to guide the local authorities in making the risk assessment in their own areas in

accordance with the national strategy and policies? Is an appropriate geographical information system used? For what purpose?

Does the main agency responsible regularly review its disaster management tools and measures on their efficiency and effectiveness? When is this assessment

done? Are the results of this assessment used for decision-making and the improvement

of future disaster management initiatives? The questions below will help the auditor (as well as the planners) assess the

needs for and use of a GIS in disaster preparedness:23 What planning decisions need to be made?

Which decisions involve the use of mapped information and information appropriate for map display?

What information cannot be managed efficiently with manual techniques? What information management activities can be supported by the proposed

GIS? What types of decisions can be supported with a GIS?

Is the GIS principally appropriate for analysis? Is quality cartographic output needed?

To what extent will a GIS help achieve the desired objectives? To assess the suitability of the GIS, the following questions can help the auditor:

Are its capabilities compatible with the needs of the new users? Is the in-house technical expertise capable of serving the new users?

What are the institutional arrangements that would enable the appropriate use of this GIS?

In order to evaluate the sustainability of the GIS, the following questions can help the auditor:

23 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

40

Who will be the users of the information generated with the GIS?

In terms of information, time, and training needs, what is required to obtain the desired results? Can these requirements be fulfilled?

Is there sufficient budget and staff support? What agencies are participating in similar projects?

To what extent would a GIS help to attract the interest of other agencies and facilitate cooperation?

Are hazard maps prepared taking into consideration the existing environmental plans, land use planning and building development schemes, etc.?

Are there any special tools intended to mitigate disaster risks and impacts? Are there any standby arrangements for purchasing, receiving, storing,

distributing disaster relief supplies? ………………………………………………………………………………………………………………………

(Please add your own questions)

Assessment of emergency exercises and training/public awareness

14.20 Large-scale disasters which have occurred in recent years have fostered better

understanding and improved relationships between national and international actors in the field of disaster preparedness. They have also encouraged a degree of participation and awareness-raising, both of which are important for bringing about changes in policy.

14.21 However, there is no clear evidence that enhanced public awareness translates into

public action and greater accountability. It seems that public awareness creation is not generally part of strategic national efforts; it is rather the result of single projects. Large shares of national and international funds, especially for exercises, training and community preparedness, are used by bodies like NGOs. Therefore, the possibility of duplication in these activities is particularly high. To give all stakeholders assurance, the auditor should carefully examine all training activities and public awareness campaigns. Also, it should be assessed whether or not the organizations and individuals have, through training, gained the necessary knowledge and skills to effectively respond to and quickly recover from various types of disaster. In these areas, the SAIs should pay special attention to promoting public accountability.

14.22 To assess the planning and implementation of emergency exercises, training and community preparedness, the auditor should try to answer the following:

Is the government promoting public awareness and education and strengthening

community participation in the area of disaster preparedness?

41

Are there plans for disaster preparedness training for the public and/or public

education campaigns in order to raise public awareness? Are these executed according to plan?

Are education programs and training on disaster preparedness planned and realized in schools and local communities?

Have training requirements and effective training plans been established and are they being updated as appropriate?

Do programs provide organizations and individuals with the necessary knowledge and skills to respond effectively and quickly recover from various types of

disaster? At the local level, have more practical matters such as evacuation areas/ routes

and possible shelters been considered, disseminated and reflected in the disaster drills?

Is there an overall government agency in charge of developing and conducting emergency exercises and training?

Are local drills and simulation exercises conducted at all levels of government? Are training/emergency exercises at the national and local levels, including at the

town level, implemented and/or supervised by an authorized body/agency? Is it ensured that training functions and activities are not unnecessarily duplicated

or overlapping? Is there any specific program for training/emergency exercises for particularly

vulnerable people (Patients in hospitals, students in schools, employees in government/private sectors housed in tall buildings/dilapidated buildings, people

living in low-lying areas or near river banks)? Are various local departments (fire dept., police hospitals), community-based

organizations, the Red Cross/Red Crescent, the media and local businesses involved in the training/emergency exercises?

Has the government been involved in capacity building by sending officials to other more developed countries for purposes of learning the most effective

emergency exercises during disasters? ………………………………………………………………………………………………………………………….

(Please add your own questions)

Assessment of disaster funds and grants administration

14.23 The social and economic costs of disasters vary widely and are difficult to estimate on

a global basis. The most expensive disasters in purely financial and economic terms are floods, earthquakes and windstorms. Precautions taken before the disasters will decrease the devastation and economic impact. Less developed countries with limited economic diversity and poor infrastructure mostly need external funds when preparing

42

for a disaster. Conversely, in developed economies, governments, communities and individuals have greater capacities to cope. However, disasters will adversely affect all economies and societies whether in developed or developing countries. Therefore, the national and external funds allocated to disaster preparedness should be used in an economic, efficient and effective manner.

14.24 For this reason international policies concerning disaster management have moved

towards more emphasis on disaster preparedness. Financial procedures established in accordance with previous policies that allocated large resources to post-disaster relief and reconstruction activities need to be redefined in accordance with these changing policies. The auditor should pay special attention to whether the financial process has been redefined in parallel with the new policy.

14.25 In order to contribute towards improved economy, efficiency and effectiveness in this

area, the auditor should carefully examine the costs of all projects/investments. In this connection he/she should look into whether:

a national disaster plan and sub-plans taking into account realistic cost estimates need to be prepared.

the projects to be implemented within the scope of the plans need to be determined by means such as cost-benefit analyses.

14.26 Disaster preparedness activities can continue over several years. The sustainability of

the projects/investments in the field of disaster preparedness needs to be assessed as follows:

Resource planning must be performed and future financing models must be developed.

In view of the high cost of investments such as GISs and their maintenance, additional sources of finance must be sought.

14.27 In order to prevent unnecessary investment in this field and to use resources

efficiently, a mechanism should be established to monitor the physical and financial implementation of actions, projects and investments. This should help decision-makers take timely corrective decisions.

14.28 To evaluate the adequacy and management of the funds for disaster preparedness activities, the auditor should answer the following:

Does central government and/or the authority responsible for disaster preparedness have a complete overview of the funds received and/or allocated

for disaster preparedness activities by all relevant bodies? From which sources are the funds provided for disaster preparedness?

(Government institutions, people/community, organizations/private bodies,

43

foreign governments, foreign or local non-government organizations NGOs,

international institutions/donors, international financial institutions etc.) By whom are the funds from these sources used?

Are there specific laws or procedures in the country that govern the allocation and utilization of funds for the National Disaster Plan and are they complied with?

How do the disaster preparedness policies of the central and local governments affect the allocation of funds and the selection of projects receiving funds?

Are dedicated budget allocations made by central government to local governments/authorities and ‘first-line’ implementing agencies?

Has the management process of receiving, managing, spending and recording of disaster-related funds been clearly established for each of the various channels of

funds, such as governmental funds and domestic and foreign donations? Is there any periodic reporting on disaster fund allocation and utilization by

recipient agencies? Is there an agency in-charge of preparing a consolidated annual report to reflect

total funds allocated to and utilized by all recipient agencies? Are donations from private sources intended for disaster preparedness duly

booked and recorded and used for the purpose for which they were granted? Have effective administrative processes been conceived for the application and

processing of grants? (Although in principle the administrative procedures for the allocation and use of public funds should ensure timeliness, in case of urgent

disaster preparedness activities, they may not be sufficient. Therefore specific administrative arrangements should be in place to allow for maximum flexibility.)

Are remaining balances of grants returned to the donor, used for other purposes or remitted to the national treasury?

Are donors’ reporting requirements complied with and are reports submitted on time?

Are disaster preparedness projects/programs completed on time and within the budget?

How much flexibility is allowed for the use of otherwise earmarked funds in local and national budgets in emergencies/preparedness for imminent disaster events?

Does the government make use of cost-benefit and similar analyses to identify realistic alternatives?

What disaster mitigation investment decisions should be taken? Is there a strategic reserve of disaster relief goods?

……………………………………………………………………………………………………………………(Please add your own questions)

Assessment of the adequacy of measures to make urban areas more resilient and reduce urban risk

44

14.29 The world’s population mostly lives in cities or urban centres. Some rapidly growing

cities were not originally well constructed and environmental urban degradation, growing informal settlements and failed infrastructure and services pose significant disaster risks. More and more people are settling in disaster prone areas. Therefore, constructions able to withstand the force of seismic shocks or volcanic ash and sound urban planning for well-built cities are primary measures and concerns for disaster prone areas.

14.30 In urban settlements, the auditor should have knowledge about key risk considerations

so as to be able to evaluate local disaster preparedness activities and perform sampling in a sound manner. The most significant risk drivers are as follows:

Rising urban populations and increased population density: High population density is a significant risk driver where the quality of housing, infrastructure and services is poor.

Weak urban governance: In cases of poor urban governance, local authorities are unable to provide infrastructure, services or safe land housing. A weak local government with poor resources, which lacks investment capacity and competence and is not engaged in participatory and strategic urban and spatial planning on behalf of low-income citizens in informal settlements, will not embrace the challenge of resilience, and will increase the vulnerability of much of the urban population.

Unplanned urban development: In many rapidly growing cities, much of the urban expansion takes place outside the official legal building codes, land use regulations and land transactions. Existing planning instruments are often unrealistic. In this situation, the auditor should focus on the requirements of sustainable urbanization. Sustainable urbanization requires comprehensive steps for the management of risk and emergency plans. It also requires the enforcement of urban planning regulations and building codes on the basis of realistic standards, without excluding the poor.

Lack of available land for low-income citizens. Most of the urban poor are more exposed to hazards due to poor living conditions in high density neighborhoods, poor capacity of the buildings to withstand seismic forces, narrow roadways that limit access in emergencies, limited water provision and complicated electrical installations where fires can easily take hold. This knowledge regarding the capacities and profile of low-income citizens is crucial for an evaluation of the economic-social impacts of urban transformation and the design of alternative financial models.

Inappropriate construction: Building codes and regulations set minimum standards for safety, and resistance to natural hazards in many countries. Building practices and the enforcement of these regulations are essential because cost cutting, a lack

45

or distortion of incentives and corruption are the main reasons why even well-designed buildings collapse. Informal settlements and illegal or non-engineered constructions shelter most city dwellers in developing countries. Even if they have money, people with no property rights or insecure tenure will not invest in safe structures or improvements.

Upgrading critical infrastructure and public buildings is a minimum requirement for sustainable urbanizations and resilience. Safe schools and hospitals would provide necessary shelter and services. Storm drainage would reduce floods and landslides - and at low cost.

Concentration of economic assets. Economic assets tend to be clustered in large cities. Disasters in these cities can have devastating effects on local and national economies24.

14.31 In order to assess the adequacy of the steps taken to make urban areas/cities more resilient, the auditor should examine the following questions:

What are the main disaster risks in the urban areas covered by the audit?

What activities are planned and realized by local authorities to make cities safer against these disaster risks?

Is there a competent and accountable local authority that caters for sustainable urbanization with participation from all interested parties?

Urban planning/Building development plans and their implementation

Have urban plans/building development plans been drawn up with a disaster

sensitive approach?

Have building development plans been drawn up on the basis of geological survey

reports?

Have building development plans been reviewed after the preparation of

geological survey reports?

Have urban plans been prepared on the basis of the participation of citizen groups

and civil society?

Reinforcement and reconstruction activities/urban transformation

Has the disaster resistance of existing buildings and common infrastructures been examined throughout urban disaster prone areas, in line with the aim of disaster

preparedness?

Are criteria for reinforcement and reconstruction decisions specified?

24 UNISDR My city is getting ready&Local governments and disaster risk reduction

46

Are measures taken against licensed and unlicensed buildings constructed

previously in areas declared unfit for housing?

Are priorities and long and short term strategies/program/plans specified for

making urban areas disaster-resistant?

Have there been any improvements in programs/projects for making existing

buildings disaster resistant, reinforcing them if necessary or realizing urban transformation?

Is the safety of public buildings such as schools and health facilities assessed and are they upgraded as necessary?

Is the legal framework adequate for the measures relating to reinforcement and reconstruction and urban transformation projects?

Are there any studies and investments concerning critical infrastructure that reduces risk, such as flood drainage?

Have the necessary resources been committed? Has a financial plan been prepared according to the strategy/program/action plans?

What is the nature of these financial resources (national/local government, other)? Does the SAI have an audit mandate for all resources?

Do the national government and/or local authorities assign a budget for disaster preparedness to provide incentives for homeowners, low-income families,

communities, businesses and the public sector to invest in reducing the risks they face?

Have any finance models for urban transformation been designed taking low-income citizens into consideration? Have any alternatives been assessed?

……………………………………………………………………………………………………………………(Please add your own questions)

47

ANNEXES

Annex 1: SAIs which participated in the survey and parallel/coordinated audit

The SAIs which replied to the survey

1. Australia10. European Court of Auditors 19. Lesotho 28. Philippines

2. Austria 11. Denmark 20. Macedonia 29. Poland

3. Bangladesh 12. Germany 21. Madagascar 30. Saint Lucia

4. Cameroon 13. Guatemala 22. Morocco 31. Singapore

5. Canada 14. Hungary 23. Netherlands 32. Turkey

6. Cape Verde 15. Japan 24. New Zealand 33. Ukraine

7. Czech Republic 16. Korea 25. Norway 34. USA

8. Egypt 17. Kyrgyz Republic 26. Papua New Guinea 35. Yemen

9. Estonia 18. Latvia 27. Peru

The SAIs participating in the parallel/coordinated audit

1. Azerbaijan 3.India 5. Netherlands 7. Philippines 9. Ukraine

2.Chili 4. Indonesia 6. Pakistan 8.Romania 10. Turkey (lead)

48

ANNEX 2: An example of governance structure - Canada

Governance25

Put simply, governance means “rules, processes and behavior that affect the way in which powers are exercised at any level, particularly as regards openness, participation, accountability, effectiveness and coherence26.” An analysis of governance focuses on the formal and informal

participants in decision-making and implementing the decisions made and the formal and informal structures that have been put into place to arrive at and implement the decision.

Government is one of the participants in governance. Other participants vary, depending on the level of

government that is under examination. For example, others may include NGOs, research institutes,

international donors, finance institutions, political parties, etc. All these may play a role in decision-making

or in influencing the decision-making process.

Generally, good governance has mainly 5 major

characteristics: participation, accountability, effectiveness, coherence and openness. It is clear that

good governance is an ideal which is difficult to achieve. However, to ensure sustainable development, action must be taken to work towards this ideal

with the aim of making it a reality.

An example: The Federal Emergency Response Management System Governance Structure-Canada27

Canada’s Federal Emergency Response Plan (FERP) includes the Federal Emergency Response

Management System (FERMS), which is a comprehensive management system for an integrated response to emergencies. This system provides the governance structure and the operational

facility (the Government Operations Centre) to respond to emergencies. The following figure describes the governance structure:

25 Prepared by examining http://www.unescap.org/pdd/prs/ProjectActivities/Ongoing/gg/governance.asp, 27.08.2010; European governance a white paper, Commission of the European Communities, Brussels, 25.7.2001 COM(2001) 428 final.; OECD Principles of Corporate Governance 2004, www.oecd.org/dataoecd/32/18/31557724.pdf26 European governance white paper, Commission of the European Communities, Brussels, 25.7.2001 COM(2001) 428 final.27 Federal Emergency Response Plan, CANADA, Federal Emergency Response Plan, CANADA, http://www.publicsafety.gc.ca/prg/em/ferp, (March 2010).

49

The Federal Emergency Response Management System Governance Structure

GovernanceGovernance here refers to the management structures and processes that are in place during non-emergency and emergency circumstances. The Committee of Cabinet, the Deputy

Ministers’ Committee, the Federal Coordinating Officer and the Assistant Deputy Ministers’ Emergency Management Committee are identified as the highest level decision-makers.

These committees are at the ministerial level to coordinate the Government of Canada’s response. For the disaster preparedness phase, the Committee of Cabinet coordinates the

government’s agenda, including legislation, planning and management issues. It also provides

50

a forum to address public safety, national security and intelligence issues and discuss

emergency management and readiness.

Management At the second level, there is a management team that is responsible for the actions and

functions of FERMS. The management team conducts the completion of the objectives set for each operational period. The management team consists of the Director General of the

Operations Directorate, who leads the management team, and four representatives.

The Operations Directorate is part of the coordinating department of Minister of Public Safety. It is responsible for management functions and works together with the

Government Operation Centre. Another representative from the Department of Justice or other related institutions

provides support and advice on legal issues. As a member of the management team, the Associate Director General provides support

for communication issues. The primary departments, designated in accordance with the nature of the emergency,

are federal departments relating to a key element of an emergency. The primary departmental representatives inform the management team of the support needs based

on the nature of the emergency, the Director General of the Operations Directorate, in consultation with the Federal Coordinating Officer, determines which departments are to

provide a primary departmental representative to support response within the GOC. Within the management team, four directors from the Operations Directorate are

responsible for the primary functions. The directors guide departmental representatives through the process.

Government Operation CentrePublic Safety Canada, which is responsible for disaster management, has an operations centre (the Government Operation Centre or GOC) to coordinate the national response. The

Government Operation Centre is the hub of a network of operations centers run by a variety of federal departments and agencies including the Royal Canadian Mounted Police (RCMP),

Health Canada, Foreign Affairs and International Trade Canada, The Canadian Security Intelligence Service (CSIS) and National Defense. The GOC also maintains contact with the

provinces and territories as well as international partners such as the United States and NATO. The GOC's primary functions are providing coordination between federal emergency

response partners and guiding them.

The GOC communicates the FERP engagement and the response level to the government’s emergency response partners. Three response levels are intended to provide a logical

progression of activity from enhanced monitoring and reporting to an integrated federal

51

response. At level 1, there is an incident or event which has the potential to require an

integrated federal response. At this level, the GOC collects a wide range of information about the incident and it then evaluates and shares this information with the federal emergency

response partners. Finally, it is expected that the GOC’s information and enhanced reporting efforts should support the federal partners’ planning and response activities. At level 2,

response requires a full understanding of an incident and, as it unfolds and the requirement for a federal response appears more likely, a risk assessment is performed. This assessment,

identifies vulnerabilities, aggravating external factors and potential impacts, and may be formalized in an Incident Risk Analysis Report. At level 3, there should be an integrated

response activity and this level includes the previous two levels’ activities. The GOC maintains coordination and constant communication with the federal centers. It also provides regular

situation reports for ministers and senior officials.

Primary Functions Public Safety Canada carries out six primary functions to integrate federal response:

Operations, Situational awareness,

Risk assessment, Planning,

Logistics, Finance and administration.

The scope of the emergency will determine the scale and level of engagement of each of these functions. Within the GOC, subject matter experts and Liaison Officers from government

departments, NGOs, and the private sector organize and perform the primary functions. For disaster preparedness activities, operations, situational awareness, risk assessment and

planning functions are of vital importance.

Federal-Regional ComponentFederal organization has regional components to communicate with provincial/ territorial

authorities. These regional components provide direction on emergency management planning and preparedness activities. They also manage the flow of information and requests

for federal assistance within the region. Thus, disaster preparedness activities are provided in a more effectively and timely manner.

52

ANNEX 3: Geographical Information Systems (GIS)

Before making the decision to acquire a GIS, planners need to determine what planning activities

could be supported with the system and carefully assess if the quantity of spatial calculations and analysis to be performed justifies automating the process. Before deciding to acquire or use a

system, planners need to make a meticulous evaluation of their GIS needs. This must include a definition of how their planning activities and decisions will be assisted by using a GIS. Specific

objectives and applications of the GIS should be defined. Answers to the questions outlined in the box below can help.28

Since GIS is a tool that can be used for all disaster types, the collection of different types of data

and the features of different technical structures are discussed according to the characteristics of the disaster. Because of that fact, the structuring of GIS differs from country to country according

to the disaster risks which the countries face.

To understand the full short and long-term implications of “floods” and to plan accordingly, combined data on “meteorology, topography, soil characteristics, vegetation, hydrology,

settlements, infrastructure, transportation, population, socioeconomics and material resources” need to be analyzed. As seen in the example, the resources necessary for analyzing floods vary

from case to case, but differ from those required for other types of disaster. These resources vary, and in the field of disaster management they are easily processed with the help of GIS and are

used in the areas such as making “risk and threat analysis” and carrying out the “planning” efforts.

An example: Turkey, Marmara Region Earthquake Preparedness ActivitiesAn earthquake disaster which caused big losses over a wide area occurred in the Marmara Region

of Turkey in 1999. For this reason, the earthquake movements in this region have been monitored regularly by the “Head of Disaster and Emergency Management of the Prime

Minister’s Office”, which is the body responsible for disaster management across the country. In May 2010, an “earthquake danger and risk analysis” was made over a 100 km radius. It estimated

that, over a 10-year period, the probability of an earthquake with a magnitude of 6 occurring was 83.8 %.

These data, which were produced with the help of the GIS, are used for regional planning. The protection band, which is seventy five metres from each side of the fault zone, has decreased by

twenty five metres on each side, so a total 50 metre protection band is specified. The actual benefit to be had from the data which are gathered by using the GIS effectively is

closely related to the extent to which these data contribute to the planning process. The hazard maps, zone maps and risk assessments which are obtained by using GIS should be submitted to

the decision-makers at the appropriate level and on time, and these data should also be used in

28 Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”, http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

53

the planning process. In this connection, disaster preparedness auditors should determine

whether a mechanism which transfers the technical data produced at this stage to the planning process has been established or not.

Other Examples: India and ChinaIndia and China are among the countries that suffer from the most severe natural hazards in the world. In order to keep the information flowing smoothly into the networks for earthquake

preparedness and rescue, their governments have started a series of programs to set up digital networks. These digital networks, which are based on GIS, GPS and RS, incorporate a lot of new

achievements in earthquake engineering and information science. The examples of India and China are given below.

Examples of using GIS

Vulnerability Atlas of India China GIS Activities

In 1997, a “Vulnerability Atlas” was prepared, taking into account the three natural hazards which are the most damaging to India: earthquakes, cyclones and floods. The zoning maps at macro level for the three hazards are available in small scale for the whole country. These maps were prepared in a larger scale, showing each administrative unit and the district boundaries, for easy identification of the areas covered by the various intensity zones. The Vulnerability Atlas is an important input into State-level Disaster Management Planning and it contains the following information for each State and Union Territory of India29:

• seismic hazard map• cyclone and wind hazard map• flood prone area map• housing stock vulnerability table for each

district, indicating for each house type, the level of risk to which it could be subjected sometime in the future.

In recent years, as a part of “Digital Earth” and China's National Information Infrastructure (CNII) project, the earthquake disaster mitigation system has taken in a great deal of information on the whole country. This includes the geological structure, past earthquakes, buildings and population distribution. Most cities with a population of over 500,000 have built themselves an information system for reducing earthquake disasters and hazards. These contain almost all the infrastructure information in urban areas, such as the water-supply networks, power systems, telecommunication networks, traffic systems, etc.30 The latest achievements in earthquake engineering continually add to this system, such as earthquake risk analysis methods, new anti-seismic criteria or codes, new knowledge and experience in pre- and post-earthquake emergencies.31

29 Rego Aloysius J., “National Disaster Management Information Systems & Networks: An Asian Overview”, s.4.30 http://www.gisdevelopment.net/application/natural_hazards/earthquakes/ma03135b.htm31 http://www.gisdevelopment.net/application/natural_hazards/earthquakes/ma03135b.htm

54

ANNEX 4: Understanding the organization and structure of authorities preparing for disaster

TURKEY - audit report: “How well is Istanbul getting prepared for the earthquake?”

According to Turkey’s current legal arrangements, the main authority responsible for disaster

preparedness is the Turkey Emergency Management Directorate General (TEMAD) attached to the Prime Minister’s Office. This body has been charged with preparing and executing disaster

plans and taking the necessary measures to provide effective emergency management nationwide and coordinating all the bodies involved. The other organizations responsible for disaster activities

are:

• the Ministry of the Interior, which has set up regional centers for relief and emergency

operations.

• the Independent National Earthquake Council.

• local authorities, whose responsibilities for disaster mitigation were extended after the TCA

report recommendations.The activities of Turkish NGOs are all coordinated by TEMAD. These include the Turkish Red

Crescent, the Association of Social and Economic Solidarity with Pacific Countries, the Turkish Blue Crescent Association, the Foundation for Human Rights, Humanitarian Relief and other

government institutions.Against this background, the TCA audited earthquake preparedness via the following questions:

Does the organizational structure charged with earthquake preparedness for Istanbul measure up to the needs?

How does the organizational structure prepare Istanbul for earthquake? How are resources allocated for earthquake preparedness?

Is effective coordination and cooperation established? Are activities properly planned and executed?

Is there sufficient work related to post-earthquake fires that increase initial damage? How well do service groups prepare their emergency plans?

55

ANNEX 5: Audit Objectives - examples concerning disaster preparedness

Country Background/Title Audit Type/ Disaster Phase

Audit Objective

Austria Prevention of Natural Hazards: Use of resources from the disaster fund

Preparedness-Mitigation/Performance

Evaluation of distribution and use of resources from the disaster fund; decision-making approaches, division of functions and coordination between federal, regional and local authorities.

Canada Fall 2009 Emergency Management – Public Safety Canada

Preparedness-response/ Performance

The objectives of this audit were to determine whether Public Safety Canada can demonstrate that it has exercised leadership by coordinating emergency management activities, including critical infrastructure protection in Canada; and determine whether Public Safety Canada, along with federal departments and agencies, can demonstrate progress in enhancing the response to and recovery from emergencies in a coordinated manner.

Czech Republic Funds spent on anti-flood measures and prevention in areas endangered by adverse climate changes. The audit is focused on finance for flood prevention and flood protection (meteorology and hydrology systems, proneness to landslides and rock collapses, mapping of flood areas, mapping of proneness to landslides and rock collapses, evaluation of floods).

Preparedness/ compliance-performance

Economy, effectiveness, efficiency of finance for flood protection.

Lesotho The Distribution of Food Relief Aid

Mitigation/ Performance To determine factors affecting the efficient distribution of food relief aid

Netherlands Preparation for disaster management.

Preparedness/ Performance

Audit as to whether the minister of Home Affairs has fulfilled his responsibility for the organization of disaster management in the Netherlands.

56

Turkey How Well Is Istanbul Getting Prepared for the Earthquake?

Preparedness/Performance To specify the risks faced during the short and medium-term preparatory works aimed at minimizing possible Istanbul earthquake damage and identifying the measures to be taken.

57

ANNEX 6: Audit Criteria - examples of performance audits concerning disaster preparedness

Austria- Prevention of Natural Hazards: Use of resources from the disaster fund Governance and management structures for overseeing the development and delivery of the

Australia-Indonesia Partnership for Reconstruction and Development (AIPRD); arrangements to plan assistance, and manage risks, including those relating to fraud and

corruption; the clarity and transparency of financial management arrangements;

arrangements for monitoring, evaluating and reporting on the AIPRD program.

Canada-Fall 2009 Emergency Management – Public Safety Canada We expected that Public Safety Canada would exercise leadership by coordinating federal

emergency management activities, as described in legislation and policies. We expected that Public Safety Canada would coordinate federal emergency management

activities with those of the provinces and territories to provide timely and coordinated support to communities in an emergency.

We expected that Public Safety Canada would regularly test and exercise federal emergency management plans.

We expected that Public Safety Canada would have a risk-based plan to lead and coordinate critical infrastructure protection efforts, and to reduce vulnerability to cyber attacks and

accidents, by: adopting an all-hazards approach

agreeing upon roles and responsibilities for the federal government and others determining what critical infrastructure should be protected

assessing the threats and risks to these assets prioritizing risks and resources to protect critical infrastructure

implementing protective programs developing measures to monitor and assess effectiveness

We expected that Public Safety Canada and selected federal entities would use a risk-based approach to identify the resources needed and to coordinate the response to and recovery

from emergencies. We expected that Public Safety Canada would promote a common approach to emergency

management, including the adoption of standards and best practices. We expected that Public Safety Canada, together with its federal partners, would provide

emergency management training, based on a needs assessment and risk-based plan. The Netherlands- Lessons on accountability, transparency and the audit of Tsunami-related aid, 2008 Central government policy should be implemented by municipalities.

58

The Minister of Home Affairs should be active in stimulating municipalities and other entities

to be prepared for disasters and to cooperate in a coordinated manner. Agencies should be involved in disaster management cooperation.

Risk assessment and analysis should be conducted in a structured and systematic manner. Disaster management plans should be developed on the basis of risk assessments.

Disaster management plans should be kept up to date. Relevant professionals should be trained properly.

Disaster management plans should be tested in practice (via drills, etc.). The Minister of Home Affairs should have enough management information to be able to

monitor the disaster preparedness of municipalities and other entities.

The Netherlands-Counter-Terrorism Alert System (ATb) A good procedure should be in place to transform a threat into an alert.

That procedure should be implemented (does it work in practice?). The system related to other projects and procedures should be well-designed without overlap

or blind spots.

Turkey- How Well Is Istanbul Getting Prepared for the Earthquake? There should be one institution initially responsible for the planning, coordination and

execution of the activities regarding earthquake preparations, which has the authority to use the budget, staff and instruments and that is authorized to provide cooperation among

institutions. Activities should be managed according to the data obtained from the Disaster Management

Information System. The data have to be up to date, clear, accurate, precise, integrated and easily accessible. The results obtained should be reported after being analyzed periodically. In

disaster preparation plans, the issue of who will do what, where, when and how should be clearly defined, and adequate staff training should be provided.

Precautions that will diminish fire danger should be given priority; in this context, early warning and emergency intervention systems should be established as soon as possible.

In Building Development Plans and their modifications, the selection of settlement areas should be based on a land survey.

Istanbul’s buildings should be inventoried, earthquake risk analysis should be performed in conjunction with land survey and buildings inventories; based on this analysis, the reaction of

buildings in the face of a possible earthquake should be determined.

Audit Criteria - examples for financial audits concerning disaster preparedness

Czech Republic - Funds for programs relating to flood protection against Legality

59

The Netherlands - The C2000 communications network and integrated emergency switchboard Budget estimates, reasoning behind cost surpluses,

budget and cost monitoring, project management,

accountability towards parliament.

The Philippines - the Annual Audit Report on the Office of Civil Defense Manual on the National Government Accounting System.

Commission on Audit Circulars, Memoranda. Agency guidelines and manual of operations on implementation.

Government rules and regulations on disbursement/expenditure. the government procurement reform act.

The Philippines - Hazard mapping and assessment for effective community-based disaster risk management (READY)The audit was conducted in accordance with;

the provision of the Specimen Terms of Reference, International Audit Standards and principles and procedures prescribed for the United

Nations with respect to the audit of project expenditure, which includes all disbursements listed in the quarterly financial reports submitted by the NDCC-OCD and the direct payments

processed by the United Nations Development Program (UNDP).

ANNEX 7: Audit Recommendations - examples of disaster preparedness

60

Austria - Prevention of Natural Hazards: Use of resources from the disaster fund Split competences make it difficult to handle emergencies consistently and adopt the

appropriate procedures. It is not possible to prepare for disaster risks against the will of local communities or without

their consent to contribute financially.

Canada-Fall 2009 Emergency Management – Public Safety Canada

The Privy Council Office and Public Safety Canada need to ensure that all components of the Federal Emergency Response Plan are complete and must obtain government approval for

the plan. A consistent risk management approach is lacking. Recommendation: as stipulated in the

Emergency Management Act, Public Safety Canada must establish policies and programs and provide advice for departments to follow when identifying risks and developing their

emergency management plans. There has been progress in developing a government operations centre.

Lessons learned have not been used to improve emergency response. Coordination is unclear for responses to chemical, biological, radiological, nuclear, or

explosives emergencies. Recommendation: As stipulated in the Emergency Management Act, Public Safety Canada should ensure that its coordination role for the federal response to an

emergency is well-defined and that the operational policies and plans that departments will follow are updated and consistent.

Standards to promote interoperability are still under development. A strategy for protecting critical infrastructure has been slow to develop.

Canada’s critical infrastructure remains undetermined. The energy and utilities sector is making progress on protecting critical infrastructure.

Cyber security has recently received more attention, but significant challenges remain. Recommendation: Based on the responsibilities outlined in the Emergency Management Act,

Public Safety Canada should provide policies and guidance for departmental sector heads to determine their infrastructure and assess its criticality, based on risk and its significance for

the safety and security of Canadians; it should establish policies and programs to prepare plans to protect the infrastructure.

Netherlands- Lessons on accountability, transparency and audit of Tsunami-related aid, 2008 Management Information System The Minister should improve the quality of the disaster management policy by making it more

specific and by monitoring and supervising implementation. The Minister needs to enhance his management information system so as to be able to monitor and supervise the

61

implementation of disaster management and intervene where necessary. This management

information system should also serve for accountability.

Coordination The minister should enhance structural cooperation between relevant agencies with specific

measures.

The Netherlands-Counter-Terrorism Alert System (ATb)

Organisation meets the requirements but is not yet optimal: In broad lines, the organisation of the ATb meets the applicable requirements. Some 13 sectors of industry are now

participating in the system and locations have been identified in these sectors that are a potential target for terrorist attack. The parties involved have also made agreements on the

measures to be taken for each threat level (low, moderate or high). The practicality of the measures (for example hiring security firms or using specific equipment such as scanners),

however, has not yet been studied. Capacity problems will probably arise if the threat level is high or prolonged. We therefore recommend that the practicality of the proposed measures

be assessed. Confusing and unwieldy preventive systems: In addition to the ATb, other initiatives have

been taken to increase the security of critical sectors, for example the Critical Infrastructure Protection measures (BVI). The BVI is coordinated by the Minister of the Interior and Kingdom

Relations (BZK) and the ATb by the Minister of Justice. This does not facilitate an integrated approach. Local parties and sectors find the co-existence of different preventive systems for

different types of threat confusing and unwieldy. We recommend that central government take action to arrive at the simplest modus operandi for all involved.

NCTb fulfils its management function inadequately: The NCTb inadequately fulfils its function as manager of the ATb chain. Such a function is essential. Whether the ATb will actually speed

up decision-making to prevent attacks will depend in part on good cooperation between public and private parties. Local authorities, however, do not always know what is expected of

them. Coordination of industry, authorities and the police has had mixed results. We recommend that the Ministers of Justice and BZK clarify the management function so that

there is greater oversight of the ATb's operation.

Turkey- How Well Is Istanbul Getting Prepared for the Earthquake?A New Management Approach To organize Istanbul’s preparedness for a possible earthquake in the best possible way and to

minimize the likely damage, there is a need for a new management approach. To this end, the desired outputs that are be achieved in the short, medium and long term should be clearly set

62

and, at the same time, institutions that have a role and function in obtaining these outcomes

should work in cooperation.

Coordination Achieving targeted results depends on the development of cooperation among public

institutions based on accountability relations. In cooperation established on the grounds of accountability, who will be responsible for what and how long, resource needs and

allocations, commitments and expectations should be clearly determined.

Planning Public institutions should start working in cooperation within the framework of accountability,

relevant public institutions should set their objectives and develop strategies and action plans in order to reach set objectives. Additionally, Istanbul should be integrated into the strategic

plan.

Necessary measures should be taken to carry out damage assessment and designation of beneficiaries properly and within the shortest possible time.

Technical Personnel

A sufficient number of technical staff who are to carry out damage assessment activities and designate beneficiaries should be trained beforehand.

Ukraine - International Coordinated Audit of Chernobyl Shelter Funds, 2007-08 Establish specific performance benchmarks for the project that need to be met before

additional pledges of funds are made in the future;

Facilitate accountability and transparency as the Project is financed by the EBRD;

Audit contract awards, planning, implementation, acceptance and invoicing under the criteria

of regularity and performance in order to evaluate the effectiveness of the CSF’s mission performance.

Canada - Fall 2009 Emergency Management – Public Safety Canada

The Privy Council Office and Public Safety Canada should ensure that all components of the

Federal Emergency Response Plan are completed and should obtain government approval for the plan.

As stipulated in the Emergency Management Act, Public Safety Canada should establish policies and programs and provide advice for departments to follow when identifying risks

and developing their emergency management plans.

63

As stipulated in the Emergency Management Act, Public Safety Canada should ensure that its

coordination role for the federal response to an emergency is well-defined and that the operational policies and plans that departments will follow are updated and consistent.

Based on the responsibilities outlined in the Emergency Management Act, Public Safety Canada should provide policies and guidance for departmental sector heads to determine

their infrastructure and assess its criticality, based on risk and its significance for the safety and security of Canadians; it should establish policies and programs to prepare plans to

protect the infrastructure.

64

GLOSSARY32

Building code: A set of ordinances or regulations and associated standards intended to control aspects of the design, construction, materials, alteration and occupancy of

structures that are necessary to ensure human safety and welfare, including resistance to collapse and damage.

Contingency planning: A management process that analyses specific potential events or emerging situations that might threaten society or the environment and establishes

arrangements in advance to enable timely, effective and appropriate responses to such events and situations.

Disaster: A serious disruption of the functioning of a community or a society involving widespread human, material, economic or environmental losses and impacts, which

exceeds the ability of the affected community or society to cope using its own resources.

Disaster risk: The potential disaster losses, in lives, health status, livelihoods, assets and

services, which could occur to a particular community or a society over some specified future time period.

Disaster risk management: The systematic process of using administrative directives, organizations, and operational skills and capacities to implement strategies, policies and

improved coping capacities in order to lessen the adverse impacts of hazards and the possibility of disaster.

Disaster risk reduction: The concept and practice of reducing disaster risks through systematic efforts to analyse and manage the causal factors of disasters, including

through reduced exposure to hazards, lessened vulnerability of people and property, wise management of land and the environment, and improved preparedness for adverse

events.

Early warning system: The set of capacities needed to generate and disseminate timely

and meaningful warning information to enable individuals, communities and organizations threatened by a hazard to prepare and to act appropriately and in sufficient

time to reduce the possibility of harm or loss.

Exposure: People, property, systems, or other elements present in hazard zones that are

thereby subject to potential losses.

Hazard: A dangerous phenomenon, substance, human activity or condition that may

cause loss of life, injury or other health impacts, property damage, loss of livelihoods and services, social and economic disruption, or environmental damage.

32 The United Nations International Strategy for Disaster Reduction (UNISDR), Terminology on Disaster Risk Reduction, May 2009. NISDR

65

Land-use planning: The process undertaken by public authorities to identify, evaluate and

decide on different options for the use of land, including consideration of long term economic, social and environmental objectives and the implications for different

communities and interest groups, and the subsequent formulation and promulgation of plans that describe the permitted or acceptable uses.

Mitigation: The lessening or limitation of the adverse impacts of hazards and related disasters.

Natural hazard: Natural process or phenomenon that may cause loss of life, injury or other health impacts, property damage, loss of livelihoods and services, social and

economic disruption, or environmental damage.

Preparedness: The knowledge and capacities developed by governments, professional

response and recovery organizations, communities and individuals to effectively anticipate, respond to, and recover from, the impacts of likely, imminent or current

hazard events or conditions.

Prevention: The outright avoidance of adverse impacts of hazards and related disasters.

Public awareness: The extent of common knowledge about disaster risks, the factors that lead to disasters and the actions that can be taken individually and collectively to reduce

exposure and vulnerability to hazards.

Recovery: The restoration, and improvement where appropriate, of facilities, livelihoods

and living conditions of disaster-affected communities, including efforts to reduce disaster risk factors.

Resilience: The ability of a system, community or society exposed to hazards to resist, absorb, accommodate to and recover from the effects of a hazard in a timely and efficient

manner, including through the preservation and restoration of its essential basic structures and functions.

Response: The provision of emergency services and public assistance during or immediately after a disaster in order to save lives, reduce health impacts, ensure public

safety and meet the basic subsistence needs of the people affected.

Risk assessment: A methodology to determine the nature and extent of risk by analysing

potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on

which they depend.

Risk management: The systematic approach and practice of managing uncertainty to

minimize potential harm and loss.

Technological hazard: A hazard originating from technological or industrial conditions,

including accidents, dangerous procedures, infrastructure failures or specific human

66

activities, that may cause loss of life, injury, illness or other health impacts, property

damage, loss of livelihoods and services, social and economic disruption, or environmental damage.

Vulnerability: The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard.

67

BIBLIOGRAPHY

The European Commission on EU Strategy for Disaster Risk Reduction, 15/4-2008 and

Austrian Development Cooperation, “International humanitarian aid policy document”, Vienna, March 2009.

Critical Infrastructure Emergency Risk Management and Assurance Handbook, Australia 2004. ESRI, Geographic Information Systems and Pandemic Influenza and Response.

Rego, Aloysius J, “National Disaster Management Information Systems & Networks: An Asian Overview”.

Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic Information Systems in Natural Hazard Management”,

http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

INTOSAI - Capacity Building Committee - Sub Committee 2 Guide For Cooperative Audit

Programs.

INTOSAI, Cooperation Between Supreme Audit Institutions - Tips and Examples for

Cooperative Audits, 2007.

INTOSAI Implementing Guidelines for Performance Auditing, July 2004.

ISSAI 5140: How SAIs may cooperate on the audit of international environmental accords.

UNISDR My city is getting ready& Local governments and disaster risk reduction.

UN International Strategy for Disaster Reduction, “Hyogo Framework for Action 2005-2015: Building the Resilience of Nations and Communities to Disasters”,

http://www.unisdr.org/eng/hfa/hfa.htm, March 2010.

UN International Strategy for Disaster Reduction, “UNISDR terminology on disaster risk reduction (2009)”, http://www.unisdr.org/eng/terminology/terminology-2009-eng.html, March 2010.

http://www.unescap.org/pdd/prs/ProjectActivities/Ongoing/gg/governance.asp, 27.08.2010.

European governance a white paper, Commission of the European Communities, Brussels, 25.7.2001 COM(2001) 428 final.

OECD Principles of Corporate Governance 2004, www.oecd.org/dataoecd/32/18/31557724.pdf

Federal Emergency Response Plan, CANADA, Federal Emergency Response Plan, CANADA, http://www.publicsafety.gc.ca/prg/em/ferp, (March 2010).

68

http://www.gisdevelopment.net/application/natural_hazards/earthquakes/

ma03135b.htm

www.oag- bvg.gc.ca/internet/English/parl_oag_198911_27_e_4276.html

www.oag.bc.ca/files/publications/2005/report1/report/earthquake-preparedness- performance-audit.pdf

New Zealand: www.eqc.govt.nz/abouteqc/publications/annualreport/2005-2006/report-ag-06.aspx

Japan bolsters earthquake preparedness in South Asia, 21.03.2007.

Australia Indonesia Partnership For reconstruction And Development (AIPRD)

Government Partnership Fund (GPF), Guidelines, Aug 2005.

69