How auditors can help solve challenges in monitoring public integrity programs

Cooperation between auditors and integrity program managers has the potential to strengthen management and governance in public organizations, as well as the overall public integrity system.


  • Although auditors should not manage integrity programs, they are well placed to support integrity management units with their knowledge and expertise
  • Public integrity systems could be strengthened if the same indicators used to monitor integrity programs were the basis for auditing them
  • Monitoring of cultural and behavioral aspects, the functioning of integrity units and integrity risks are areas in which internal auditors can contribute to the monitoring of public integrity programs

Ethics and integrity are increasingly important topics for auditors as they contribute to good governance and performance of public sector organizations[1]. Since 2017, with the adoption of the OECD Recommendation of Public Integrity, the discussion on public integrity has been growing and strengthening worldwide. As this debate evolves, auditors could become important allies of integrity managers – referred to here as integrity management units (IMUs)[2] – to strengthen integrity and governance in public organizations.

It is important to clarify that we are looking at a consulting role for auditors rather than an assurance one, played from the third line of defense[3], We discuss how internal auditors could support IMUs, particularly in defining indicators for monitoring integrity programs. We also provide a perspective from the second line of defense based on previous experience in assisting in the early steps of establishing public integrity programs in Brazil.  We observed that recently constituted IMUs often lack both expertise and knowledge needed to perform their new duties. This can be detrimental in structuring, implementing and monitoring the integrity program. We also noticed that some organizations tried to assign management of the integrity program to the internal audit unit, which should not be an internal auditor’s role or responsibility. Support from auditors to the IMU through consulting services could be a way for the organization to benefit from their knowledge and expertise without direct involvement in managing integrity programs. Lessons from our experience in Brazil could be replicated more widely, taking into consideration the specific characteristics of each country and institution.

Aligning concepts: integrity, public integrity and public integrity programs

On an individual level, integrity is often referred to as a quality associated with honesty or rightness. On a broader level, we can analyze the integrity of systems or organizations. In this context, public integrity is defined as “the consistent alignment of, and adherence to, shared ethical values, principles and norms for upholding and prioritizing the public interest over private interests in the public sector”[4]. That means that we are not observing the individual values of each person in a society or organization, but rather trying to identify, build and strengthen the shared ones.

Many of the measures used to monitor public integrity programs[5] are already  well-established in organizations, covered by existing regulations and overseen by other units, e.g. Internal Audit, Ombudsman, Ethics Commission and Inspector’s Office. Other measures may emerge in the context of the integrity programs and are led by the IMU, such as specific actions to address cultural and behavioral patterns. A public integrity program also comprises, but is not limited to, the level of commitment from top management, management of integrity risks, development and periodic review of an integrity plan[6] and monitoring and continuous improvement of the integrity program.

Challenges in monitoring public integrity programs and how auditors can help

In the context of establishing public integrity programs, an important element often discussed is which elements should be assessed and how to monitor them. Indeed, governments need to verify if these measures have strengthened integrity within an organization after establishing an integrity program. Auditors could help IMUs in establishing indicators to monitor programs by providing their knowledge and experience on risk management and anti-corruption issues. Three opportunities for potential cooperation are outlined below. In each, auditors provide their expertise via consulting services, while integrity managers  carry out the tasks.

The first is how to monitor the evolution of integrity, mainly in its cultural and behavioral aspects, viathe integrity program. Auditors with previous experience in auditing integrity or ethics could assist IMUs to develop indicators regarding these “soft” elements of the program. Insights from audits of culture[7], which explore how employees and other stakeholders feel about the standards and behavior of the organization, could be especially useful. As a practical example, auditors could help to define questions for surveys to be applied by the IMU within the organization, to first establish a baseline at and then to periodically review the integrity program, and assess its results.

The second is how to monitor the functioning of the IMU and the integrity-related units. It is crucial for the effectiveness of the integrity program that these units are properly structured and functioning in a coordinated manner. Auditors already assess and monitor the structure and performance of these units through assurance services. As a result, they can provide insights on improving coordination in these areas in the context of the integrity program via consultancy. For example, given their familiarity with the work of integrity units, auditors could make the IMU aware of products of one unit (for example, trends of common misconduct dealt with by the Inspector’s Office) that could be used by another (such as prioritization of risk assessments or communication campaigns). Finally, the third is how to monitor integrity risks. Since auditors’ knowledge of risk management practices, they could help the IMU to establish the basis for monitoring integrity risks in the organization. This consultative role would be particularly relevant when there is no specific area in the second line of defense (e.g. a risk management unit) which could offer this kind of support. Two possible approaches are presenting options of frameworks and methodologies to be adopted or providing training for counterparts that are engaged in risk management practices.


This piece presents opportunities for collaboration between auditors and integrity management units to strengthen public integrity. Benefits include sharing knowledge and expertise, and better alignment between the elements of the integrity program that is monitored by the IMU and evaluated by auditors. In a wider context, this cooperation has the potential to strengthen management and governance in public organizations, as well as the overall public integrity system. We have focused on the monitoring of integrity programs, however many other possibilities could be explored. Other examples could be discussed within this community, perhaps from those who comprise the third and the first lines of defense. Our examples were based on the Brazilian reality, but we believe that they could be applied to different country contexts. Other members of the community are welcome to share their views and experiences.

[1] EUROSAI (2017). Audit of ethics in public sector organisations (Guideline). May 2017. Retrieved from: <http://www.eurosai-tfae.tcontas.pt/activities/Guidance/Activities/TFAE%20Guidelines%20to%20audit%20ethics/g-english-TFAEGuidelines%20to%20audit%20ethics.pdf>.

[2] In Brazil, the IMU is a new actor in public organizations, part of the second line of defense. It is responsible for coordinating the structuring, implementation and monitoring of integrity programs and for providing guidance and training within its scope (CGU’S Ruling no. 57 of 2019).

[3] According to the Institute of Internal Auditors (IIA), consulting services are advisory in nature, generally performed at the request of an engagement client and, while providing them, internal auditors should maintain objectivity and not assume management responsibility. IIA (2017). International Standards for the Professional Practice of Internal Auditing. Page 2. Retrieved from: <https://global.theiia.org/standards-guidance/Public%20Documents/IPPF-Standards-2017.pdf>.

[4] OECD Recommendation of the Council for Public Integrity. Retrieved from: https://www.oecd.org/gov/ethics/recommendation-public-integrity/.

[5] We can define a public integrity program as “a structured set of institutional measures aimed at preventing, detecting, punishing and remedying corrupt practices, fraud, irregularities and ethical and conduct deviations”. CGU’S Ruling no. 57 of 2019. Retrieved from: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/58029864.

[6] The integrity plan describes the features of the integrity program and organizes the integrity measures to be adopted in a given period, being periodically reviewed. CGU’S Ruling no. 57 of 2019.

[7] To deepen this discussion, consult: EUROSAI, 2017.

About the expert

Hevellyn Albres is an integrity, risk management and responsible business conduct expert (TRACE Anti-Bribery Specialist, with a focus on Latin America 2018-2019, C31000 2019-2022). For the last three years, Hevellyn had provided guidance and training for the structuring, implementation and monitoring of public integrity programs in Brazil. Hevellyn is currently part of a team that coordinates the Brazilian National Contact Point for the OECD Guidelines for Responsible Business Conduct within the Ministry of Economy.

The views in this article are the author’s only, and do not necessarily represent the views of the OECD or its member countries.

Let’s Discuss


Home Forums How auditors can help solve challenges in monitoring public integrity programs

  • Author
  • Lisa Kilduff

    Here you can discuss the topic of the content

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.