In public sector organisations, having an internal control system and risk management framework is essential for upholding public integrity. Effective internal control and risk management policies and processes reduce the vulnerability of public sector organisations to fraud and corruption by providing reasonable assurance to management that the organisation is achieving its objectives and managing its risks effectively. These policies and processes also help to ensure value for money and facilitate decision making by ensuring that governments are operating optimally to deliver programmes that benefit citizens and avoid wasteful spending. They help governments balance an enforcement-focused model with more preventive, risk-based approaches.
Internal control and risk management cover a range of measures to prevent, detect and respond to fraud and corruption. These include policies, practices and procedures that guide management and staff to fulfil their roles in safeguarding integrity by adequately assessing risks and developing risk-based controls. Mechanisms for responding to cases of corruption and breaches of integrity standards are equally critical. A strong internal control system should also include internal auditing to better evaluate the strength of the internal control system and a robust risk management framework to help organisations identify and respond to the corruption risks they face (OECD, 2020[12]). In light of this, the OECD Recommendation on Public Integrity calls on adherents to “apply an internal control and risk management framework to safeguard integrity in public sector organisations” (OECD, 2020[12]; OECD, 2017[17]).
The needed improvements of internal control, risk management and internal audit systems must embrace new technologies and embed them into existing frameworks. As explored in later chapters, AI can add value to public governance and specifically corruption prevention if better embedded in risk management, internal control and internal audit systems. When deployed responsibly, AI tools can help management identify fraud risks and internal auditors to detect fraud. It is therefore important that public sector organisations take steps to increase AI literacy, particularly among internal auditors who will also soon be called on to conduct audits of AI systems within the organisation. This upskilling includes the greater use of technical tools to identify risks and detect malfeasance.
This chapter shows that:
Countries’ regulations on risk management and internal control are strong, but those on internal audit could improve.
Implementation of risk management practices has not yet matured.
Internal audit remains an underutilised governance tool against corruption.