Presentation by Kjell Larsson from Sweden during the workshop on The role of the Court of Accounts in preventing and fighting fraud and corruption. This workshop was jointly organised by SIGMA and the Algerian Court of Accounts in Algiers 8-9 April 2015. Further information, please contact bianca.breteche@oecd.org.

1. © OECD
AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
The role of the Court of Accounts in
preventing and fighting fraud and
corruption
Good practices of SAIs to control and audit
fraud
Kjell Larsson, Sweden
Algiers, 8-9 April 2015

2. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Why didn’t we notice? A failure of auditors
that become a turning point (INTOSAI Journal July 2010)
• The case
 ≥5000 research projects and ≥1billion € / year
 Thousands of audits, hundreds of auditors (Internal
auditors, external SAI auditors, private and public)
 Auditors “EVERYTHING OK” every year
 Then OLAF, the Anti Fraud Office, got information
from a whistle-blower. A check raised many ???
 Auditors and OLAF realised. We have to work close
together!
1

3. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Why didn’t we notice? Work together!
• Work together? How? Synergies!
 Every day co-operation! New rules and practices
 Auditors to fully meet ISA 240 /ISSAI 1240, tailored
to the situation
 Amount of data (terabytes) data mining tools
 Auditors and OLAF, can use each other’s strengths!
After some months: Several major scams for years. 5
million € lost in a few years.
2

4. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Why didn’t we notice? Conclusions
• Auditors had for long audited a few trees. But they
had never ever tried to see the forest!
• The new audit standards must be used fully
• Close cooperation auditors – fraud investigators a
must. New cooperation mechanisms needed.
Respecting our diverse roles and mandates
• Audit tools and competence must be upgraded /
renewed.
3

5. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Why didn´t we notice? Modus operandi
• Fake documents identical to correct ones
• Shell companies in remote places. Fake annual reports, full
history and not only positive news, audit opinions,
professional websites etc.
• Fictitious staff with fabricated CVs. Elaborated exchanges
of emails between “staff” including private stories about
children and illnesses.
• Names of real companies and real people used
• Contracts, invoices, accounting transactions (including
corrections) massively falsified
• Cross payments and back-payments to circumvent control
ISN’T ALL THIS EASY TO DETECT WHEN AUDITING?
4

6. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
1. Where to start?
• Important points that often come up
 A “strategy” before? Or, learning by doing?
 Why and how, how ambitious ?
• Covering prevention, detection, sanctions? Culture?
• SAI to do the work?
• Or getting others to do their part?
 Cooperation with others? No! Yes!
 Public support? Whistle-blower systems?
 Perhaps a risk map of the SAI? Is the SAI managing
the risks of “not being relevant” ?
5

7. Interesting SAI practices - 2. Cleaning our own house first
Impact Probability Grade Design Implemen-
tation
Timeline
Operational:
1 Performingpoor
qualityaudits (
financial&VFM
audits)
Developandkeep
corporateandaudit
quality -Performing
qualitativeauditsand
deliveringqualitative
auditreports
Incorrectopinionfor
RegularityAuditand
conclusionnotevidenced
forPerformanceaudits
FailuretoapplyOAG
methodology PoorQuality
ManagementReview PoorSkill
Mix
ReputationalRisk-reduced
ImpactofSAIactivity-
ObjectivesnotMet
Major Moderate Extreme Manualsand
Guidelines,inbuilt
controlinthe
processes,QMF,Peer
Reviews
Yes-partial Improvedmanagementprocesses
Robustarrangementsforupdating
manualsandguidelinesasworking
practicechange.Strongerquality
controlwithinprocess.Develop
relationshipswithSAIcommunity.
Developskillsforauditof
computerizedsystems
tobedecided tbd tbd
2 InadequateQualityof
auditreports
Developandkeep
corporateandaudit
quality-Performing
qualitativeauditsand
deliveringqualitative
auditreports
Auditreportsarenotclear,
relevant and
understandablefor
stakeholdersanddonot
haverequiredfocusin
promotingchangeor
offering constructive
recommendationsto
achievethis
PoorReportWritingSkills Poor
SkillMixPoorQuality
ManagementReviewFailureto
fullyunderstandclientand
maintainongoingcontacts
throughouttheyear
ReputationalRisk-reduced
ImpactofSAIactivity
objectivesnotmet.
Negativemediaregrading
SAI.LackoftrustinSAI asa
reliablesourceof
information
Major Moderate Extreme Template(s)and
Guidelines,inbuilt
controlinthe
processes,QMF,Peer
Reviews.Expert
Group,Widerliaision
withexternal
stakeholders
Yespartial - EffectiveexpertgroupsAdditional
trainingsonreportwriting/using
template.Gettingfeedbackfrom
auditeesandstakeholdersmaybe
usedasaninputforimprovingquality
ofauditreportsandfortraining
topics.
tobedecided
3 Timelinessofaudit
reports
Developandkeep
corporateandaudit
quality
Internaldeadlinesnot
achievedtoallowsufficient
qualityreviewof reports.
Notreportingontimeas
specifiedInlegal
frameworkforspecific
reports.
WeakProjectManagementand
staffutilisationOutsourced
companiesmaynotcomplywith
contract deadlines
ReputationalRisk-reduced
impactofSAIactivity.Not
beingabletomeetthe
deadlinesforlegalreporting
mayimpactthereputation.
Budgetalllocationprocess
maybeimpactedifreports
arelate.
Mod-major Rare(unlikely?) Medium Auditplanning, time
recordingsoftware
Yes-partial Functionalisetheuseoftime
recordingsystemforbetter
audit/resource planningandtracking
ofauditwork
tobedecided
4 Bilateralagreements
notmet
Developandkeep
corporateandaudit
quality
Benefitsofbi-lateral
projectsandarrangements
lost-sustainabilitynot
achieved
Ineffectivemechanismsfor
sharingoutputsofproject
initiativesacrossthe
organisation.Redundancyof
recommendationstracker.
Inabilitytointernallydevelop
auditfocus-eggood
governance.
Effectiveauditand
corporate practicesnot
applied.Quality
managementprocesswill
highlightincreasednon
applicationofaudit
methodology.Reporting
qualitywillreduce
Moderate-
Major
Rare(unlikely?) Medium Effective
managementof
recommendations
tracker.Implement
mechanismsto
ensurelessons
learnedfromexternal
inputsareeffectively
shared.More
effectivestrategic
plans
Yes-partial Clearaccountabilityrramgementsto
beimplementedacrossorganisation
TypeofriskNo ResponsibilityObjective Riskdescription PossibleCauses Desciptionoflikelyimpact RiskAssessment Controlsrequired Controlsinplace Additionalcontrolneeds

8. 5 Externalexpectations
ofSAInotmet
Developandkeep
corporateandaudit
quality
ExpectationsofParliamemt
notclearandconsequently
notaddressed.Poor
relationshipwith
stakeholders.
LackofskillsinSAImiddle
mangerstofacilitatepositive
relationshipswhichclearlyset
outexpectationsand
responsibilitiesonbothsides.
Poorcommunicationwithnew
membersofParliament
IneffectivereviewofSAI
outputs.Lackofchange
resultingfromSAIwork
Moderate-
Major
Rare(unlikely?) Medium Trainingwith
membersof
Parliamentand
internally.Specific
developmentof
writtenbriefingsand
pressreleases.
Communication
Strategy.
Yes-partly Widerinvolvementofmiddle
management
6 IneffectiveChange
Management
Developandkeep
corporateandaudit
quality
Delaysinadoptionofnew
law/appointmentofnew
AGhaveanegativeimpact
ofoperationsofSAI.
Inabilitytorecruitandkeep
specialiststaff.
Inabilitytomakerequired
operationalchangesto
effectivelyaddressexpanding
portfolio.Lackofstrategic
directionduetocapacity
shortfallsatseniormangement
level.
TheSAIstagnates.No
effectivehandovertonew
topmanagement.No
opportunitytoincentivise
staff
Moderate-
Major
Rare(unlikely?) Medium workwithministries
andgovernemnton
thelaw.Develop
inductionpackagefor
newincoming
managers.Restate
accountabilitiesof
seniormanagement
team.
Yes-partial Moreformalisedmanagement
reportingprocesses
7 Weakcorporate
serviceprograms
Secureownership
andinstitutional
sustainability
Noteffectivemangement
ofcorporateoperations.
Performancereviewsnot
appliedconsistently.
Essentaildatatosupport
effectivemanagementis
lacking.
Lackofcapacitytoimplement
effectivestrategicplansandrisk
amangement.Lackofbudgetto
implementcorporate
developments.
Onlybyimplementingnew
auditapproachesand
methodologiescantheSAI
offerthequalityaudits
expectedbyParliamentand
INTOSAI
Moderate-
Major
Rare(unlikely?) Medium FinalisationofCDS
andassoci-ated
businessplansfor
Divisions.Replanning
offinancialplans
relatedtorequired
developmentseg
auditpackage
Yes-partial
8 IneffectiveHR
support
Secureownership
andinstitutional
sustainability
Poorstaffdevelopment
relatedtoorganisational
needsparticularly
leadershipskills.
InefficientHRsystems.
HRcapacityshortfalls.Training
requirementsnotcaptured
adequatelyduetoineffective
appraisalprocess
SkillsmixofSAIdoesnot
developatrequiredpace.
HRteamfocusedon
operationalnotstrategic
issues
Moderate-
Major
Rare(unlikely?) Medium HRstrategyand
operationalplan.
Effectiveappraisal
process.
Partly

9. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
2. cleaning our own house first. Continued
• Training auditors to know what to look for. And
how to find answers.
• Building up specialist teams.
• Create data mining capacities (and access to
data)
• Result?
8

10. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
3. Do it differently! Procurement.
• Instead of auditing some procurement projects
in one / a few entities every year
The SAI will now
• audit big (similar) procurement projects in
several entities covering 5-6 years.
 Follow up on indications of prize-fixing, use of identical /fake sub-
contractors, ownership relations, fake persons, “payment
carousels”, eventual corruption.
 SAI use external experts + new technologies to control quality and
delivered amounts of procured materials.
Result? 9

11. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
3. Do it differently! . Use Representation Letters
SAI changed from
• Rarely / never using Representation Letter (RL)
• To always using RL
Result?
As RL “make top management take fraud and
corruption much more seriously and now
facilitate every aspect of audit work”.
10

12. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
3. Do it differently! SAI fieldwork
• Preparation
 More accurate risk assessment. Including overall financial
situation and “market” situation
 Limit the likelihood audit evidence is altered
• During
 Get access to essential information
 Drill deeper / re-check important evidence
• After
 Triple check if complete picture
 Document and have other auditors to re-check
Result?
11

13. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Interesting SAI practices.
3. Do it differently! SAI and good practices
• SAI has a unique overview
• Decided to sum up and disseminate national
good practices found in audits on fraud
prevention, detection and sanctions
• Stimulated (and assisted) entities to spread the
practices internally
• Results?
12

14. AjointinitiativeoftheOECDandtheEuropeanUnion,
principallyfinancedbytheEU
Concluding remarks
• No one “right solution” for all SAIs (or other public
entities!) exists.
• However, the stakes and risks for society are high
 Money / resources
 Confidence
SAIs well placed and must contribute!
13