Audit of Disaster-Related Aid: ISSAI 5520

ISSAI 5520
INTOSAI
The International Standards of Supreme Audit Institutions, ISSAI, are issued by the
International Organization of Supreme Audit Institutions, INTOSAI. For more information visit
www.issai.org
Audit of disaster-related aid
I NT OS AI P r ofe ss i o n a l S t an d ar ds Co m mi t te e
PSC-Secretariat
Rigsrevisionen Store Kongensgade 45 1264 Copenhagen K Denmark
Tel.:+45 3392 8400 Fax:+45 3311 0415 E-mail: [email protected]
INTOSAI
EXPERIENTIA MUTUA
EXPERIENTIA MUTUA
OMNIBUS PRODEST
OMNIBUS
PRODEST
INTOSAI General Secretariat - RECHNUNGSHOF

(Austrian Court of Audit)
DAMPFSCHIFFSTRASSE 2
A-1033 VIENNA
AUSTRIA
Tel.: ++43 (1) 711 71 Fax: ++43 (1) 718 09 69
E-MAIL: [email protected];
WORLD WIDE WEB: http://www.intosai.org
Table of content
Foreword (separate document)
Part 1: Disaster and disaster management
1.
2.
3.
Background
Purpose, scope and structure
Definition of terms
4
5
6
Part 2: Disaster-related aid

4.
5.
6.
7.
Definition of disaster-related aid

Roles and responsibilities
Features of disaster-related aid for consideration by auditors
Risk factors for different disaster-related aid activities
11
11
14
15
Part 3: Good practice and examples of auditing disaster-related aid

8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
Preparing the audit

Cooperation between auditors of disaster-related aid
Information and data gathering
Selection of audit topics
Types of audit
Financial audit and disaster-related aid
Performance audit and disaster-related aid
Compliance audit and disaster-related aid
Reporting audits of disaster-related aid
Audit tools for disaster-related aid
21
23
24
26
31
32
33
35
37
38
Appendices (separate document)

1. Characteristics of disasters
2. Risk-based strategy for auditing disaster-related aid management
3. Audit design matrix
4. Example of disaster auditing guidelines for private sector auditors
5. Examples of audits of disaster-related aid
6. Financial audit of the emergency response following the earthquake in Pisco, Peru
7. Financial audit of recovery and reconstruction following the Wenchuan earthquake in China
8. Performance audits of recovery and reconstruction after the Great East Japan Earthquake
9. Performance audit of the European Commission response to the South East Asian tsunami
10. Performance audit of relief and rehabilitation after the 2004 tsunami
11. Performance audit of disaster-related aid following hurricane Katrina
12. Compliance audits of emergency, rehabilitation and reconstruction disaster-related aid
13. Acronyms and abbreviations
14. Glossary
15. References and bibliography
Part 1 Disaster and disaster management
Background
1.1 Disaster can strike any part of the world at any time. It may be the result of natural
(e.g. floods) or man-made (e.g. nuclear accidents) causes, or a mixture of the two and
can occur suddenly (e.g. earthquakes) or develop slowly (e.g. drought). Whatever the
cause, the human and economic impact of disaster can be considerable.
1.2 Since 2001, the annual average number of deaths from disasters is 106,891 and the
yearly average number of reported victims is 232 million people.1 The overall number
of victims is typically the highest in Asia. However, in 2011 African countries
dominated the top ten in terms of disaster victims as a proportion of total population
size.2 Economic damage in 2011 was the highest ever registered, at an estimated USD
366.1 billion. This was largely due to the Great East Japan Earthquake, but reflected
the increasing occurrence of disasters in high-income and middle-income economies.3
The United Nations estimates that in the first 12 years of the twenty-first century
alone disasters claimed 1.1 million lives and caused USD 1.3 trillion in economic
damage.4
1.3 In a disaster situation, individuals, communities, governments and international
agencies act very quickly. Assistance and aid flow toward the affected area. The
emphasis is on saving lives, alleviating poverty and hardship and maintaining human
dignity. Throughout the emergency response, relief, rehabilitation and reconstruction
activities of the post-disaster phase, order has to be maintained and normality has to
be regained. SAIs have a vital contribution to make in keeping governments and
others managing disaster-related aid accountable to parliaments and citizens for the
use of resources. The issue of accountability is fundamental to the legitimacy of the
state and the continued operation of the political system. This has been recognised in
recent years, for example, by the Inter-Agency Standing Committee Transformative
Agenda.5 INTOSAI is part of the worldwide movement for greater transparency and
accountability.
1
2
3
4
5
Centre for Research on the Epidemiology of Disasters, Annual Disaster Statistical Review 2011, page 23,
http://cred.be/sites/default/files/2012.07.05.ADSR_2011.pdf
Ibid., page 13
Ibid., page 1
http://www.flickr.com/photos/isdr/6853316682/in/set-72157628015380393/
http://www.humanitarianinfo.org/iasc/pageloader.aspx?page=content-about-default
Purpose, scope and structure

2.1 The 5500 series of ISSAIs includes three ISSAIs on auditing the different parts of the
disaster management cycle. The pre-disaster phase is covered in ISSAI 5510. ISSAIs
5520 and 5530 cover the post-disaster phase (recovery and relief activities, national and
international response to emergency, rehabilitation and reconstruction). ISSAI 5520
addresses the audit of the whole of the post-disaster phase while ISSAI 5530 focuses on
taking account of the increased risk of fraud and corruption in the emergency activities
following disaster. The disaster management cycle shown in figure 1divides the
activities supported by disaster-related aid into six segments. Two of these relate to the
preventive and preparatory measures which government can establish and operate in
advance of potential disaster. The other four segments describe the activities which
follow the occurrence of disaster.
Figure 1: Disaster management cycle showing pre- and post-disaster phases
Pre-disaster activities
Post disaster activities
Mitigation and
Prevention
Risk assessment,
prevention, hazard
mapping, assessing
vulnerability, structural
Duration: Long-term
Preparedness
Contingency planning,
early warning,
evacuation, consolidate
preparations for next
disaster Duration:
Long-term
Reconstruction
Full resumption of
services plus preventive
measures
Duration: months to
years
Disaster
Recovery and Relief
activities
Rehabilitation
Restoration of basic
services and functions
Duration: weeks to
months
National and
International
Response to
Emergency
Individual efforts to
rescue victims and
recover property,
provision of first aid,
secure supplies
Duration: Short-term
Search & Rescue,

security, food, water,
shelter, clothes,
medicine, trauma care
Duration: Short-term
Source: Prepared for WG AADA by the SAI of Indonesia

2.2 The post-disaster phase begins as soon as disaster strikes or an emergency is
declared. Initially the focus is on recovery and relief activities. These are followed by
rehabilitation and reconstruction activities. The activities supported by disaster-related
aid can last only a few days where physical and economic damage are not great and
the main focus is on recovery and relief, or many months and even years where the
reconstruction effort required is considerable.
2.3 The 5500 series of ISSAIs on disaster-related aid focuses on natural disasters,
although the guidance and good practice cited is equally relevant to the audit of manmade disasters. The ISSAIs have been prepared for SAI auditors but can be used by
other auditors or stakeholders in the field of disaster-related aid. ISSAI 5520 is not
compulsory for SAIs and should not be used as standalone guidance. It should be used
to supplement the level 3 and level 4 ISSAIs, which are published by INTOSAI and
available on the website of the Professional Standards Committee.6
2.4 ISSAI 5520 provides examples of auditing disaster-related aid7 and includes an
example of guidelines for private sector auditors of disaster-related aid (Appendix 4).
ISSAI 5520 is structured as follows:
Part 1 defines disaster and the different phases of disaster management.
Part 2 defines disaster-related aid and key players and features of disaster-related aid
and develops a matrix of the key topics and risks in the management of disasterrelated aid.
Part 3 highlights aspects of the audit process illustrated by the experiences of SAIs
which have audited disaster-related aid: cooperation between auditors, information
and data gathering, selection of audit topics, financial, performance and compliance
auditing of disaster-related aid, reporting disaster-related aid and tools for auditing
disaster-related aid.
Definition of terms
3.1 The UN ISDR defines disaster as follows:
A serious disruption of the functioning of a community or a society causing
widespread human, material, economic, or environmental losses which exceed the
ability of the affected community or society to cope using its own resources. 8
3.2 Disasters exhibit different characteristics depending on a number of factors.
Length of forewarning how much advance notice is given to people at risk at
disaster.
Magnitude of impact the extent of losses of people, infrastructure and
buildings and disruption to the social structure and essential functioning of a
community.
6
7
8
www.issai.org
The SAI of Indonesia conducted a survey to collect examples and led a parallel audit to test ISSAI 5510. The other
participants in the parallel audit were the SAIs of India, Pakistan and Turkey. See WG AADA final report.
http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf
Geographical scope of impact geographical features susceptible to

designation of a disaster area. A natural hazard without human vulnerability
such as a landslide in an uninhabited zonewill not result in the designation of
a natural disaster area.
Duration of impact the period (short or long) during which the effects of a
disaster are felt.
Speed of onset how fast a disaster strikes an area. For example, floods may
strike rapidly, while a volcanic eruption or a drought may take longer to have
an impact.
9
3.3 Disasters have a number of consequences.
Disruption to the normal pattern of life. Such disruption is usually severe and
may also be sudden, unexpected and widespread.
Human effects such as loss of life, injury, hardship and adverse effects on
health.
Effects on social and physical structures such as destruction of or damage to
government systems, buildings, communications and essential services.
Community needs such as shelter, food, clothing, medical assistance and social
care.
3.4 For inclusion in the International Emergency Disasters Database (EM-DAT)
maintained by the Centre for Research on the Epidemiology of Disasters (CRED) a
disaster should meet at least one of the following criteria:10
10 or more people reported killed;

100 people reported affected;
declaration of a state of emergency; or
a call for international assistance.
3.5 Disasters can occur as a result of natural or man-made causes, or a mixture of the two.
Natural disasters can result from geophysical, hydrological, climate-related,
meteorological or biological phenomena. Technological or man-made disasters are
events caused by humans and occurring in or close to human settlements and may
include environmental degradation, pollution and accidents. The Asian Development
Bank (ADB) divides disasters into 11 types: earthquake, volcanic eruption, tsunami,
tropical cyclone (typhoon, hurricane), flood, landslide, bushfire (or wildfire), drought,
epidemic, major accident and civil unrest. The characteristics of different types of
disaster, their counter measures and problem areas are explored in Appendix 1.
3.6 The International Federation of Red Cross and Red Crescent Societies (IFRC) defines
disaster management as:
the organisation and management of resources and responsibilities for dealing with
9
10
W. Nick Carter. Disaster Management: A Disaster Managers Handbook. Manila: ADB. 1991.
http://www.emdat.be/
all humanitarian aspects of emergencies, in particular preparedness, response, and

recovery in order to lessen the impact of disasters. The main focus of disaster
management is to reduce or avoid loss caused by disasters, assure prompt assistance
to victims, and achieve rapid and effective recovery.11
While countries define their own disaster management policies to establish and
maintain adequate arrangements to deal with their vulnerability to disaster, disaster
management is also a shared responsibility between government, the private sector
and civil society. Effective coordination between these different actors is a
prerequisite for successful disaster management.
3.7 The disaster management cycle in figure 1 shows activities in the pre-disaster and
post-disaster phases. In practice, there is no clear division between these phases and
disaster management activities are carried out in the different phases as appropriate
to each disaster and to the way in which and the extent to which the population is
affected. For example, rehabilitation activities may continue to be carried out in
emergency circumstances months after the occurrence of the disaster and disaster
preparedness activities may begin immediately after the occurrence of a disaster to
take better account of the lessons learnt from that disaster.
3.8 The aim of pre-disaster activities is to reduce the potential loss of life and property
caused by a disaster and the development of disaster management plans at the
household and community level. Such activities include the prevention of hazards
from developing into disasters or the reduction of the effects of disasters when they
occur. These measures can be structural such as flood barriers or the strengthening
of weak buildings and infrastructure, or non-structural such as legislation, land-use
planning (for example the designation of non-essential land, such as parks, to be
used as flood zones) and insurance. Other pre-disaster activities involve the
development of action plans for what to do if a disaster strikes, for example:
preparing and communicating action plans;
developing a multi-agency coordination mechanism and line of command for
post-disaster structures;
carrying out maintenance and training of emergency services resources and
personnel;
developing and testing emergency warning methods;
maintaining supplies and equipment related to emergency shelters and
evacuation plans.12
3.10 In recent years some SAIs have themselves experienced severe disruption following
the occurrence of disaster. In the aftermath of a disaster, SAIs may not only need to
recover the ability to function quickly and easily, but also to provide appropriate
assistance to government in responding to the disaster.13 Due to the potential impacts
of disasters it is important for SAIs to plan in advance and put arrangements in place
11
12
13
www.gdrc.org/uem/disasters/1-dm_cycle.html
See ISSAI 5510 for more on Disaster Risk Reduction
See Audit New Zealands account of Audits in challenging times following the Canterbury earthquakes in 2010
and 2011 http://www.auditnz.govt.nz/who-we-are/scott-tobin-feature
that will help them recover and start functioning as soon as practically possible. For
that reason, SAIs, and particularly those located in disaster prone areas, develop their
own business continuity plan. INTOSAIs Capacity Building Committee has
published a guide on business continuity to assist SAIs.14
3.11When disaster strikes urgent action is necessary to ensure that victims' needs are met
and losses are minimised. The post-disaster phase begins with emergency activities
which focus on recovery, relief and initial rehabilitation. The type of response
depends on the immediate requirements of the affected people and can include rescue,
medical attention, water, food and communication. These activities are mainly
directed towards saving lives, protecting property and dealing with the immediate
disruption, damage, and other consequences of the disaster. They can continue for just
hours or days after the disaster takes place up to several months, depending on the
nature and extent of the disaster and on how well-prepared the affected region and
population were for the possibility of disaster.
3.12 Once the urgency abates, activities concerned with the continued rehabilitation and
reconstruction of affected areas or communities commence. Rehabilitation is a shortto medium-term activity and involves taking care of the victims of the disaster and reestablishing basic facilities. Urgent, initial rehabilitation activities can begin during
the emergency. Reconstruction has the longer-term objective of restoring living
conditions to a level equal to or better than before the disaster struck. There will
inevitably be overlapping activities that can be classified as rehabilitation or
reconstruction. Rehabilitation and reconstruction activities aim to rebuild destroyed
property, repair of other essential infrastructure and re-establish the functioning of the
local economy.
3.13 ISSAI 5520 is concerned with the post-disaster emergency recovery and relief,
rehabilitation and reconstruction activities summarised in Table 1.15 Auditors of the
pre-disaster phase should consult ISSAI 5510 for guidance and good practice. 16
14
15
16
http://cbc.courdescomptes.ma/index.php The Capacity Building Committee prepared and published this guide in
association with the Pacific Association of Supreme Audit Institutions and the Caribbean Organization of Supreme
Audit Institutions
Table prepared by the SAIs of the Netherlands and Indonesia
http://www.issai.org/composite-280.htm
10
Table 1: Post-disaster phase activities: Emergency (recovery and relief) and non-emergency
(rehabilitation and reconstruction)
Emergency Recovery
and Relief
Timing/ Period
Target
Rehabilitation
Urgent
Short term
Medium-long term
Immediately during or
shortly after disaster.
Normally counted in days
up to 3 months after
disaster
Up to 1 year after
emergency phase
Up to 5 years or more
after rehabilitation phase
Saving lives
Taking care of victims
Restoring living
conditions
Developing basic
public facilities (at a
minimum level)
Purpose
Victim search and

rescue
Treating the sick and

injured
Construction of
permanent housing
Burial of the dead
Preventing outbreaks
of cholera, malaria,
and other
communicable diseases
Development of
economic sectors
(production, trade,
banking sectors)
Rebuilding:
Restoration of public
infrastructure
(transportation and
telecommunication
systems)
Supply of food and

drinking water
Emergency medical
care
Provision of basic
facilities
Delivery of materials
to the affected areas
Examples
Basic infrastructure
and facilities
Economic facilities
Trauma care facilities
Emergency food and

medical aid
Provision of health
care supplies
Rebuilding
social/cultural systems
Emergency distress
relief
Establishment of
temporary housing and
sanitation facilities
Re-establishing human
capacity
Meeting basic needs of

refugees
Responsible entity
Reconstruction
Establishment of
access between
affected area and the
chain of supply and
support
Rebuilding housing,
schools, clinics,
sanitation systems
Government
Government
Government
Donors
Reduced, but still

important role: donors,
NGOs/INGOs and
other parties
Reduced but still

important role: donors,
NGOs/INGOs and
other parties
NGOs / INGOs
Other parties
11
Part 2: Disaster-related aid

4
Definition of disaster-related aid

4.1 The UN defines disaster-related aid as:
aid provided to help people, who are victims of a natural disaster or conflict, meet
their basic needs and rights.
17
Disaster-related aid is provided to the victims of disaster who are unable to get
enough of the help they need from their own community or local authorities. Disasterrelated aid is mostly humanitarian aid designed to save lives, alleviate suffering and
protect human dignity, but also includes aid which is non-humanitarian (e.g. to protect
wildlife). Global Humanitarian Assistance defines humanitarian aid as: the aid and
action designed to save lives, alleviate suffering, and maintain and protect human
18
dignity during and in the aftermath of emergency. The Development Assistance
Committee of the OECD reports humanitarian aid as making up around 9% of
Official Development Assistance in 2009.19 It is provided for specific emergency
situations and is intended only for the victims of the disaster concerned. United
Nations General Assembly Resolutions 46/182 of 1991 and 58/114 of 2004 stipulate
that humanitarian aid should be provided in accordance with the principles of
humanity, neutrality, impartiality and operational independence.20 This marks it out
from development aid which can be subject to some conditionality.
4.2 Disaster-related aid can be provided to an individual, community, organisation or
government as cash or financial aid and in-kind aid, or a mixture of these. Financial
aid is cash or other monetary assistance. In-kind aid is assistance in the form of
materials or services, such as food, tents, and the secondment of staff or international
21
military assistance. Different types of aid are appropriate depending on the nature
of the disaster, the affected region and the needs of the population. Disaster-related
aid may be from public or private sources. The type of donor varies with the type of
disaster, the nature and magnitude of the disasters impact and on public reaction to
the disaster.
Roles and responsibilities

5.1 Many individuals and entities are involved in providing, coordinating, delivering and
reporting on disaster-related aid. This is illustrated in figure 2 reproduced from the
Global Humanitarian Assistance website.22
17
http://fts.unocha.org/pageloader.aspx?page=AboutFTS-definitions
18
www.globalhumanitarianassistance.org/data-guides/concepts-definitions
http://reliefweb.int/report/world/towards-better-humanitarian-donorship-12-lessons-oecddac-peer-reviews
http://ochanet.unocha.org/p/Documents/OOM_HumPrinciple_English.pdf
19
20
21
22
http://fts.unocha.org/pageloader.aspx?page=AboutFTS-definitions
http://www.globalhumanitarianassistance.org/data-guides/humanitarian-aid-network
12
Figure 2: Financing, delivering and reporting on the response to humanitarian crises
13
5.2 UN Humanitarian Resolution 46/182 of 1991 states that the country affected by
disaster has the primary role in the initiation, organisation, coordination and
implementation of humanitarian assistance within its territory.23 When the capacity of
national and local government is surpassed, the timely involvement of the
international humanitarian system can significantly alleviate the hardship suffered by
stricken communities. Central governments can anticipate such scenarios by
preparing regulatory frameworks at national level to minimise bureaucratic obstacles
to disaster-related aid. The IFRC has produced guidance on this.24
5.3 For all types and magnitudes of disasters, central government should seek to provide a
coordinating role and pass on information on the needs of the affected communities.
When disaster strikes, rapid needs assessments should be made and the appropriate
information should quickly be made available to donor entities and international
agencies. Entities have been created to speed up the communication of such vital
information, for example the Central Emergency Response Fund (CERF). This is a
humanitarian fund established by the United Nations General Assembly in 2006 to
enable more timely and reliable humanitarian assistance to those affected by natural
disasters and armed conflicts. 25
5.4 When the international community becomes involved the key players adopt one or
more of the following roles as aid providers:
Donors are entities which provide either financial or in-kind contributions,
either directly to beneficiaries (those affected by disasters) or to governments or
operational agencies who will provide goods and services to beneficiaries.
Donors thus comprise governments (international, domestic and local) and
private donors (philanthropic organisations, corporate donors and individuals).
Operational agencies use the funds from donors to provide goods and services
to at-risk and affected populations. They include the various components of the
Red Cross Red Crescent movement, United Nations agencies, faith based
organisations and NGOs both international and national. Operational agencies
can be intermediary entities which receive aid and pass it on to other entities for
implementation, or they can carry out activities directly themselves.
Others may include the multilateral development banks, which play a major
role as donors and in managing multi-donor funds, and the armed forces, which
may be called to intervene when a situation is beyond the capacity of the local
civil administration.
5.5 Aid recipients can either be individuals or communities affected by the disaster, or
entities which act as intermediaries and dispense aid to victims or pass it on to
operational agencies:
23
24
25
Harvey, Paul. Towards Good Humanitarian Government: The Role of the Affected State in Disaster Response. HPG
Policy Brief 37. 2009
http://www.ifrc.org/en/what-we-do/idrl/idrl-guidelines/
See http://www.unocha.org/cerf/about-us/who-we-are
14
multilateral organisations - United Nations agencies and the World Bank, etc.,
NGOs and Civil Society Organisations (CSOs) these can be based in the
donor or recipient countries,
International Federation of the Red Cross and Red Crescent (IFRC), or
other entities.26
5.6 Final beneficiaries of humanitarian aid are individuals and communities of the
affected population for whom the disaster-related-aid is donated.
Features of disaster-related aid for consideration by auditors

6.1 Disasters can create unique and unprecedented situations with complex aid flows and
multiple actors. SAIs need to address these challenges to conduct their audits
effectively. SAIs of both recipient and donor governments audit disaster-related aid
which passes through public accounts. In many cases this can involve examining aid
paid directly to operational agencies which are not part of government. Whether SAIs
have an obligation or a right to audit disaster-related aid and the type and extent of
that audit depends on the mandate of each SAI. However, public expectations are
clearly that SAIs work to report on whether the intentions of donors and the interests
of aid recipients are being met. For more on this, auditors can consult a tool prepared
by the Active Learning Network for Accountability and Performance in Humanitarian
Action based on OECD guidance on evaluating humanitarian assistance.27
6.2 Special consideration should be given to post-disaster emergency activities. The
nature and circumstances of an emergency response require a degree of flexibility and
immediate decision-making that may mean disregarding existing procedures or laws
or applying them via abbreviated processes in order to save lives. Despite this, it
would still be expected that there would be a legal framework underpinning
emergency procedures.28 There is often an increased risk of fraud and corruption in
emergency situations. Auditors can recommend improvements in disaster
management to minimise the risks or fraud and corruption in the event of a future
disaster.29
6.3 When the emergency is over the need for flexibility should diminish and auditors can
check the prompt return to normal rules and procedures. Once rehabilitation and
reconstruction activities commence, auditors may consider the risk of fraud and
corruption in procurement associated with high volumes of public expenditure on
reconstruction projects. There are also important issues around tax revenues and
insurance recoveries which may require careful examination by auditors.30
26
27
28
29
30
http://www.globalhumanitarianassistance.org/wp-content/uploads/2012/07/GHA_Report_2012-Websingle.pdf page 43
http://www.alnap.org/resources/guides/evaluation/ehadac.aspx
See Fundamentals of Emergency Management of the US Federal Emergency Management Agency for guidance to
auditors http://www.training.fema.gov/EMIWeb/IS/IS230B/IS230bCourse.pdf
See ISSAI 5530 http://www.issai.org/composite-280.htm
See for example the New Zealand experience http://www.auditnz.govt.nz/who-we-are/scott-tobin-feature
15
6.4 Auditors need to understand the entire process of disaster management, including the
management of disaster-related aid and to be aware of how the main participants and
stakeholders operate. They should also be aware of each main participant's
arrangements for audit and be familiar with any disaster management plan which
exists (including any revisions), as well as accounting practices and national legal
requirements. SAI auditors may need to be trained in the key skills required to audit
disaster-related aid. They may consider the use of a multi-disciplinarian team
which could include methodologists, engineers, economists, etc., to

supplement their need for key skills required for the audit. All of these aspects
should be taken into consideration by auditors when planning the audit.
6.5 A unique feature of disaster-related aid is the impact it can have on saving lives and
property and restoring human dignity. This is because however well-prepared
governments, communities or individuals plan to be, they can never be prepared
enough to avoid all adverse effects of major disasters. Auditors can measure the
effectiveness of disaster-related aid in terms of results, the most direct examination of
which can be achieved by consulting the intended final beneficiaries of the aid. To do
this SAIs can actively seek the input of the affected population by use of interviews
and surveys and by consulting civil society organisations. SAIs can consider sending
auditors on-the-spot at an early stage of the emergency to record evidence of the way
in which disaster-related aid was implemented from the point of view of the disaster
victims.
Risk factors for different disaster-related aid activities

7.1 In planning and conducting their audit work, SAI auditors should identify risk factors
and conduct a risk assessment.31 Risk can be expressed as the possibility of future
harm - where harm is taken to mean any undesired event or outcome.32 In this context,
auditors can focus on:
the establishment by government of legal and institutional frameworks,
the definition and implementation of policies and
the management of disaster-related aid by governments and disaster
management agencies.
7.2 The following paragraphs describe nine activities related to the management of
disasters and disaster-related aid. Seventeen risk factors are then highlighted
which relate to the environment, organisations, systems, controls and people operating
in the field of disaster-related aid. The activities and risk factors are summarised in a
matrix shown in Table 2. Auditors can select topics and explore the risks associated
with each of them to plan and conduct an audit of disaster-related aid.
31
32
ISSAI 100/50 (unrevised)

Aid risks in fragile and transitional contexts OECD, 2010. http://www.oecd.org/development/incaf/47672264.pdf
16
The management of disasters and disaster-related aid

1)
Damage and needs assessment

The damage and needs assessment process is a means of identifying the damage
caused by a disaster, the location of the victims and their basic requirements. The
assessment is then used to guide those providing shelter, emergency food and water
and distributing donations or financial relief.
2) Aid selection
The aid provided should meet the victims particular needs. Damaged or obsolete
stocks should be avoided. The selection of aid is more effective if it is based on a
proper needs assessment.
3) Aid collection
Aid is collected from donors. Aid collection begins with the agreement between donor
and recipient countries, followed by the commitments made by parties engaged in the
agreements and ends with the disbursement itself.
4) Procurement
Financial aid can be used for procuring the necessary goods and services to meet the
victims needs. Procurement processes should be as cost-effective as possible with
due attention to questions of quality, quantity and timeliness.
5) Storage
Goods and materials, whether donated in kind or purchased using financial aid are
inventoried and stored so that they can be retrieved as required to meet the victims
needs.
6)
Distribution
Distribution is the process of moving goods and materials from storage to the disaster
victims, either directly or through the appropriate distribution channels.
7)
Infrastructure building
Infrastructure damaged or destroyed by disaster must be repaired or rebuilt and made
operational. At the same time, new infrastructure can be constructed to prevent and
mitigate future potential disasters.
8)
Reporting
Recipients of disaster-related aid should report on the management and use of
financial and in-kind contributions received.
9)
Accountability
Donors require recipients of disaster-related aid to account for their management and
use of funds and in-kind contributions received. This can result in multiple reporting
by recipients who are expected to comply with the individual accountability and audit
requirements of each donor. This can create a heavy burden on recipients and may
17
lead to the diversion of resources away from relief and reconstruction activities.33 The
provision of information for the purposes of accountability, whether in an ex ante
investigation or an ex post requirement of disclosure may improve transparency.
Risk factors
A. Delay
When a disaster occurs, the first priority is that aid be given promptly in order to
save lives and meet victims needs. Delays in the collection and distribution of aid
may be caused by unfamiliarity with the immediate disaster response protocol,
infrastructure damage or unsuitable human and organisational resources.
B. Unintended recipients
Disaster managers should conduct a needs assessment to ascertain the number of
victims and determine their specific requirements. The definition of victims and the
procedure for registering them should be clearly set out. Unintended recipients are
people who are not entitled to receive aid. Inadequate demographic data may result
in misleading information on victims and ultimately cause aid to be channelled away
from needy individuals/communities.
C. Undistributed funds/materials/aid
Financial and in-kind aid not distributed to the victims is of no use. Inappropriate
human or organisational resources, a lack of information on the procedure for
requesting and distributing aid and damaged infrastructure may cause aid to remain
in storage. Another reason for non-distribution might be an inappropriate needs
assessment, resulting in the delivery of aid or materials that are unnecessary or
unsuitable for the culture or circumstances of the affected population.
D. Fiduciary controls
Rapid response to disaster-aid is critical in the effort to minimise damage from
natural or man-made disasters. To deliver services and goods swiftly to the affected
population, the procurement processes and flow of funds must be well-defined and
tested in advance and include sufficient flexibility to accommodate unexpected
events in post-disaster environments. These processes should have built-in
mechanisms to detect delivery bottlenecks and to make adjustments to processes
during implementation.
E. Fraud and corruption

Appropriate internal control standards and mechanisms to prevent fraud and
corruption should be established and operational. Following disasters, substantial
flows of aid arrive quickly, which may provide the opportunity for fraud and
corruption in the form of overstated needs and data manipulation (for example
33
INTOSAI GOV 9250 proposes a framework for unique reporting of humanitarian aid. See
18
exaggerating the number of victims), demands for kickbacks from suppliers and
those applying to receive aid, as well as mark-ups and embezzlement or asset theft.34
F. Poor economy
Particular attention should be paid to questions of economy when using disasterrelated aid to procure goods and services for disaster victims (i.e. not paying
significantly more than the normal market price). During the emergency phase, lives
should not be risked for the sake of economy, but such purchases should be clearly
documented. In the reconstruction phase, when the main purpose is to rebuild
infrastructure, procurement procedures must follow the established rules and
regulations and any exceptions provided for during the emergency phase can no
longer apply.
G. Inflation
In the aftermath of disaster there is high demand for skilled labour, building
materials, building equipment and housing. High demand for scarce resources leads
to higher prices and thus to the risk of overspend of available budgets. High prices
can lead to lower output and/or poor quality (for example, houses).
H. Inefficiency
Disaster-related aid should be used efficiently (i.e. maximum success in meeting
victims needs with aid received. This is of particular importance during the
reconstruction phase, where resources are used for building infrastructure:
unnecessary or overlapping works should be avoided and waste minimised.
I.
Ineffectiveness
The use of disaster-related aid should be used as effectively as possible.
Ineffectiveness results where the aid received is used up without the victims needs
being met. For example, when rebuilding infrastructure, governments and disaster
management agencies must take into account the suitability of the infrastructure to
the local conditions, culture and geography.
J. Financial statement risk

A financial statement risk is the risk that financial statements have been materially
misstated. When auditing financial statements (which include aid receipts), auditors
should test the validity of management "assertions" regarding existence,
completeness, rights and obligations, valuation and allocation, presentation and
disclosure.
K. Unrecorded aid
34
In the emergency phase, auditors should use their professional judgment when assessing the possibility of fraud, since
many infrastructures may be damaged and people (including the aid managers) may exhibit unusual behaviour. The
auditor should check the mechanisms in place to evaluate the genuineness of the claimant. However, there should be
periodic improvements to disaster management, and the reinforcement of internal controls is essential if fraud is to be
prevented in the event of a future disaster. See ISSAI 5530 http://www.issai.org/composite-280.htm
19
Unrecorded aid is that received but not recorded in the recipients books. This could
be because of collection agencies which are unidentified, multiple accounts, failure
by the authorities to make available information on aid management mechanisms
and poor coordination among disaster management agencies.
L. Damaged aid
During transportation items donated in-kind or bought using financial aid can
become damaged or obsolete and no longer meet required standards for distribution,
because of inappropriate storage or inadequate human and organisational resources
to manage them.
M. Unequal aid distribution
When individuals or groups are favoured in aid distribution at the expense of others,
there is inequality which may result in disaster-related aid not reaching the
population affected most acutely by disaster. For example, a particular region may
receive more aid than another as a political favour.
N. Environmental damage
Many disasters cause damage to the environment and ecosystems. The process of
rehabilitation and reconstruction may cause further damage and this may cause
future disasters.
O. Assets ownership
Ownership of assets resulting from the rehabilitation and reconstruction phases must
be carefully defined. This should include the legal right to occupy the assets and the
obligations of owners in respect of their assets, such as the requirement to carry out
subsequent maintenance.
P. Double funding
Following disasters, there can be multiple flows of financial aid from donors to
recipients. Lack of transparency of these aid flows engenders the risk that aid
organisations may receive aid funds from multiple sources (donors) for any one
given project. There may be a risk of double funding and misuse.
Q. Information flows
In an immediate post-disaster situation the dissemination of clear and objective
disaster information to the public and stakeholders is critically important to avoid
misinterpretation or speculation. The timely receipt of feedback from the public and
disaster relief agents on the ground to the government bodies implementing disaster
aid is equally important. Two-way communication is essential.
20
Table 2 Disaster-related aid activities and associated risk factors matrix
Risk(s)
Topic(s)
A
1. Damage and needs
assessment
2 Aid selection
3
X
X
X
7 Infrastructure
building
8 Reporting
X
X
9 Accountability
5 Storage
6 Distribution
Aid collection
4 Procurement
X
X
X
X
X
X
X
X
Delay
Financial statement risk
Unintended recipients
Unrecorded aid
Undistributed aid
Damaged aid
Fiduciary controls
Unequal aid distribution
Fraud and corruption
Environmental damage
Poor economy
Assets ownership
Inflation
Double funding
Inefficiency
Information flows
Ineffectiveness
21
Part 3: Good practice and examples of auditing disaster-related

aid
Part 3 of ISSAI 5520 is based on experiences of auditing disaster-related aid collected by
WG AADA. The Working Group consulted widely with SAIs involved in auditing
disaster-related aid and conducted two surveys and a parallel/coordinated audit.35 This
work was led by the SAI of Indonesia and covered ten topics.
Preparing the audit
Information and data gathering
Selection of audit topics
Types of audit
Financial auditing and disaster-related aid
Performance auditing and disaster-related aid
Compliance auditing and disaster-related aid
Reporting audits and disaster-related aid
Audit tools for disaster-related aid
Sections 8 to 17 refer to relevant guidance and include examples, referred to in the text
itself and expanded upon in the appendices. The examples relate experiences provided by
SAIs auditing disaster-related aid.
Preparing the audit

8.1 Following a disaster, SAIs audit flows of disaster-related aid. The scope and
objectives of each audit and the way in which it is planned and conducted depend on
the mandate of the SAI and the regulatory framework within which it operates as well
as on whether the SAI is auditing from the perspective of the donor or the recipient.
The survey conducted by INTOSAI WG AADA revealed considerable differences
between the approaches of SAIs to auditing disaster-related aid. This was often due to
differences in the external audit model (the three most common models being the
Auditor General model, the Court of Accounts (or Audit) model and the Board of
Collegiate model).36 Another factor was the type of audit SAIs were either required or
authorised to conduct. For example, some SAIs are required to carry out a financial
audit which allows them to express an opinion on whether the financial statements
are prepared, in all material respects, in accordance with an applicable financial
reporting framework.37 Other SAIs are required by national law to carry out audits of
disaster-related aid, or specific areas of disaster-related expenditure, using audit
35
36
37
The parallel audit was led by the SAI of Indonesia. The other members were the SAIs of India, Pakistan and Turkey.
See WG AADA final report.
ISSAI 1000/46-48
ISSAI 1000/56
22
programmes addressing a number of audit objectives which may be financial,

performance, compliance or a mixture of these. Clear objectives assist the auditors to
focus the audit work and facilitate follow up of audit observations and
recommendations
8.2 Before embarking on an audit, SAIs should understand the processes for the
management of disaster-related aid and the focus of each phase (recovery, relief,
rehabilitation and reconstruction). They should assess the nature of the risks in each
phase, familiarise themselves with the internal controls applied by each of the
organisations responsible for managing disaster-related aid and test whether those
internal controls are operating and are sufficient to overcome or reduce the risks.
Figure 3 has been prepared by the SAI of Indonesia as an example of priority-setting
and design of an audit of disaster-related aid.
Figure 3 Priority-setting and design for an audit of disaster-related aid
Focus on implementation of plan, activation of
counter-disaster system, search and rescue,
EMERGENCY
provision of emergency food, water, shelter,

medical assistance, etc., bringing services and
systems back on line, survey and assessment,
- Delay risk
- Unintended
recipients
- Undistributed
funds/materials
- Unrecorded aid
- etc.
Early
walkthrough
testing of
affected
areas
Focus on provision of health care supplies, health

care, drinking water or the establishment of
temporary sanitation facilities and reREHABILITATION
establishment of reliable access and

communication between the affected areas and
the chain of supply and support.
Focus on rebuilding physical infrastructure

roads, bridges, water, sewage and sanitation
systems, housing, schools, clinics and hospitals,
RECONSTRUCTION
and re-establishing capacity of doctors, nurses,

teachers, and administrators to assist disaster
victims return to normality.
- Financial
statement risk
- Poor economy
- Inefficiency
- Ineffectiveness
- Conflict of
interest
- Fraud and
corruption
- Environmental
damage
- etc.
-
Fraud
Poor economy
Inefficiency
Ineffectiveness
Conflict of
interest
- Environmental
damage
- Asset
ownership
Policy matters
(awareness campaign, strengthening existing weak buildings and infrastructures, and
developing disaster management plans at household and community level)
F
C
(emer-
gency
and
normal)
Internal
control
system
Regular basis
(ensuring ongoing improvements
23

9.1 The flow of disaster-related aid from donors to recipients and the corresponding flow
of information from recipients to donors is complex. Figure 4 shows a donors
perspective (in this case, the Government of the Netherlands) of aid flows to victims
of the tsunami that devastated large coastal areas in South-East Asia in December
2004. The high death-toll stimulated multiple donations of disaster-related aid which
were often channelled through NGOs. The SAI of the Netherlands compared the
accounts of 50 NGOs and found that they all used different reporting models. The
auditors were not able to follow the aid from donors to final recipients.38
Figure 4: The flow of disaster-related aid: Indonesian tsunami case study
Source: The SAI of the Netherlands

9.2 Several different auditors may seek to audit aid flows as complex as those shown in
figure 4: auditors of governments donating humanitarian aid, international agencies
and governments receiving aid. There is often scope for cooperation between auditors
which can involve carrying out joint, parallel or coordinated audits. For example, two
or more SAIs of donor governments may seek to cooperate on auditing national
contributions to a disaster-affected population, or donor and recipient government
SAIs may find it to be of mutual advantage to coordinate their audits of aid provided
38
http://www.courtofaudit.nl/english/Publications/Audits/Introductions/2008/12/Lessons_on_accountability
24
by the donor government for a specific disaster in the recipient country. This is
especially the case when major disasters take place and many donors are involved in
making significant donations. SAIs of donor governments can learn much from SAIs
in recipient countries about the national legal and operational environment of auditing
disaster-related aid and SAIs from recipient countries can learn about the international
context of receiving disaster-related aid. The exchange of information and transfer of
knowledge between SAIs in the context of disaster-related aid can be of mutual
benefit.39
9.3 The objectives of audit cooperation can be:
sharing information and experiences;

training auditors and clarifying terminology;
overcoming problems of access rights;
taking reliance from the work carried out by another auditor;
enhanced transparency and accountability;
developing and disseminating good practice.
9.4 The conditions for cooperation should be set out clearly in an audit plan:
the scope and objectives of the audit;

which body is responsible for coordination;
budget and audit tools available;
reporting arrangements.
For more on cooperative audits, see the INTOSAI Guide For Cooperative Audit
Programs Between Supreme Audit Institutions.40
10 Information and data gathering

10.1 The objectives of gathering information and data are as follows:
to understand the government's response to the disaster;
to identify potential weaknesses in the governments response to be
investigated further during the audit;
to collect documentation on the legal and regularity framework and how
entities are complying with that framework, as well as memoranda of
understanding, agreements between the recipient government and donors and
agreements with the various intermediaries;
to document disaster-related aid flows and collect other relevant information
which can be used to make choices regarding which approach to follow.
39
40
See WG AADA final report for more the WG AADA parallel/coordinated audit of disaster-related aid
http://cbc.courdescomptes.ma/index.php?id=20&tx_abdownloads_pi1[action]=getviewcategory&tx_abdownloads_pi1[cate
gory_uid]=29&tx_abdownloads_pi1[cid]=81&cHash=8526d20286
25
10.2 When gathering information and data on disaster-related aid management, auditors
should decide what information and data are needed and what role they will play during
the assignment to achieve the audit objectives. To gather such data the auditor can:
conduct physical observations in the disaster zone, making extensive use of
photos and videos. Such recorded evidence can then later be compared to
physical documents and witness reports to corroborate findings;
interview the intended beneficiaries of disaster-related aid;
identify the roles and responsibilities of staff in the organisations responsible
for handling disaster-related aid;
obtain key information about the aid (donors, recipients, collection,
distribution, storage, aid conditions, registration, etc.);
identify the activities performed by the organisations responsible for handling
disaster-related aid; and
identify the relevant internal control systems and procedures.
10.3 SAIs recognise the importance of technical audits and on-the-spot physical
inspections in disaster-related aid audits. Some SAIs send auditors to the site of a
disaster at a very early stage to gather information. Appendices 6 and 7 provide
examples of this. Such an approach can be of benefit because auditors gain a first-hand
understanding of the situation and can collect evidence including by interviewing the
affected population. Their presence should not disrupt relief operations but may allow
them to both make timely and constructive recommendations and to act as a deterrent to
potential perpetrators of fraud and corruption. The mandates of other SAIs preclude
such as approach, for example the SAI of India. Other sources of information which
can be gathered include official government sources, the websites of international
humanitarian organisations such as real time evaluation data provided by UN OCHA
and online crowd sources, such as Google Earth, Maps, OpenStreetMaps and Ushahidi.
10.4 The information and data gathered during the emergency phase may concern:
the rescue and evacuation of disaster victims;

the response to victims' basic needs;
aid selection, collection, storage and distribution;
control procedures/activities during the emergency phase (including
authorisations, separation of duties among disaster management agencies, etc.);
accounting for disaster-related aid (for example how in-kind donations are
valued, quantified, and recorded);
controls over goods received and distributed including reconciliation between
the records of the different organisations involved;
the effectiveness of information, communication and coordination among those
responsible for disaster-related aid management, victims, and other parties
concerned with the collection and distribution of aid (donors, aid collection
agencies, NGOs, etc.);
damage and loss assessment;
the validity of data held by disaster management agencies on the disaster
victims (including criteria and the agencies' verification of victims);
the executive agencies' preparation of victim and loss data; and
26
monitoring carried out by the coordinator of disaster management activities.

10.5 The information and supporting data obtained, including positive and negative aspects
of disaster management and the management of disaster-related aid should be
documented appropriately. This is important since not all information and data obtained
is followed up during the audit. Auditors may also use the data and information as
preliminary documents for the purpose of audit planning.
11 Selection of audit topics

11.1 The scope and extent of SAIs financial audit is often defined in national legislation and in
SAIs mandates. Performance and compliance auditing, on the other hand, usually
involves a choice of audit topics. SAIs can use strategic plans to direct such audits towards
areas where an external, independent audit may add value. The selection of topics for
performance and compliance audit should be made by the SAI without outside pressure.
However, SAIs can decide to audit topics requested or proposed by government or
parliament.41
11.2 The selection of topics should take account of the need to prioritise resources, capacity,
budget and time. This involves planning and scoping an audit to help appropriately focus
resources on addressing overall risk and to direct auditors in the field work and reporting
stages. Figure 5 shows an example of the process auditors may follow to select topics for
performance or compliance audits of disaster-related aid.42 The procedure for selection of
audit topics is described in paragraph 11.3.
41
See ISSAI 3000/44
42
See also ISSAI 1315 on a risk based approach to financial audit
27
Figure 5: Selecting topics for performance or compliance audits of disaster-related aid
Request from parliament, government, or

other*
Input
No
Topics
propose
Topics selected by SAI
Phase I: Understanding entity and business process

Yes
Specific issues
Process
Phase II: Identify risks
Phase I: Understanding Stakeholders Expectation
Phase III: Identify actions by disaster management

agency to mitigate the risks
Phase II: Aligning topics/subtopics with risk and
vice versa (audit design matrix)
Phase IV: Choose audit topics and priorities
* (This will vary according to the SAIs mandate)
Source: The SAI of Indonesia
Tools
Design matrix
Output
Audit program
28
11.3 Procedure for selection of audit topics

Auditors familiarise themselves with disaster-related aid policies, measures and
activities. To begin with they can list all potential areas for audits. This list is likely
to be long and choices have to be made based on established selection criteria
including risk analysis.
Phase I: Understand entities and processes
Auditors need to understand the entities involved and the processes for managing
disaster-related aid. This can be done by collecting information on key players,
documenting disaster-related aid flows, identifying the internal control systems in
operation and examining the role and responsibility of management. Documentation
of previous disaster-related aid flows should also be consulted.
Phase II: Establish selection criteria
To allow them to explain the process of selecting topics for audit and the selection
of topics itself auditors should establish and document in advance clear criteria for
the selection of topics. For each area of disaster-related aid, these may include:
the extent to which the audit will contribute to improving management or

aid delivery;
the knowledge that problems which require resolution exist;
the added value that the audit can provide;
the result of the risk analysis.
Phase III: Risk Analysis

The result of the risk analysis is a key selection criterion. The analysis of disasterrelated aid can be complex and comprehensive data may not be available. In
carrying out a risk analysis, auditors may need to consult external sources, such as
studies done by NGOs, interviews with relevant officials and representatives, donor
websites, media reports and other sources such as academic papers. For specific
risks related to fraud and corruption, see ISSAI 5530. Factors which may indicate
high risk in areas of disaster-related aid are:
high financial or budgetary value;
area already known to be risky or reported by civil society organisations or
in the media as such;
previously unaudited (the first time this type of disaster has occurred) or
especially urgent (rapid onset) disaster;
lack of information on prevention and mitigation activities (inadequate
disaster preparedness measures in place).
Table 3 below shows some of the risks faced by key players in disaster-related aid
and the characteristics that should be considered in managing the those risks. (Refer
to table 2 in part 2 of this ISSAI).
29
Table 3: Risks faced by key players in disaster-related aid

Risks
Delay
Undistributed aid
(material and financial)
Poor economy
Inefficiency
Ineffectiveness
Unrecorded aid
Damaged aid
Other
Characteristics to consider
Nature of disaster
management phase
- Emergency response
Key players
Disaster management agency

Relevant government institutions
NGOs implementing aid
Affected population
- Rehabilitation and
reconstruction phase
Nature of disaster
- Routine
- Massive
- Complex
Source: SAI of Indonesia
Phase IV: Identify and evaluate actions by disaster management to mitigate

risks
The entity responsible for managing the disaster-related aid may have already taken
action to resolve the risks identified. Auditors can assess whether the action taken by
the management agency and other key players is adequate to compensate for the
risks identified. This can be done by reviewing legal regulations, government
policies and instruments and standard operating procedures, and by interviewing key
players, such as relevant staff and senior officials at the managing entity, as well as
officers in the field. Auditors may consider carrying out sample checks of whether
the systems and procedures are sufficiently effective and reliable.
Table 4 below provides some examples of action taken by disaster managers to
address risks identified in disaster-related aid.
30
Table 4 Examples of action taken by disaster managers to address risks

Risks
Delay
Undistributed aid
(material and financial)
Poor economy
Inefficiency
Ineffectiveness
Unrecorded aid
Damaged aid
Other
How
Improve existing policies and procedures

Modify existing or enact new legislation
Conduct needs assessment
Establish Memorandum of Understanding
or contract
Source: SAI of Indonesia
Phase V: Prioritisation of topics

Possessed of a good knowledge of the entity, using effective selection criteria and
following a comprehensive risk analysis, auditors are in a position to select topics to
propose for audit. Auditors making the final selection require adequate skills,
training and experience and need to exercise professional judgment. The list of
potential audit topics selected can be prioritised appropriately with a view to the
efficient and effective use of resources and time, potential audit impact, financial
materiality, the risk to good management, complexity, significance, visibility,
coverage and multi-sector relevance. The selection should be documented and
reviewed by the hierarchy.
For guidance on selection of topics for performance audits see ISSAI 3000.43
11.4 Audit topics proposed to the SAI

Depending on the mandate of the SAI and its relationship with parliament, government, or
other stakeholders, topics for audit may be proposed to or selected for the SAI. It is
important for the auditors to understand the reasons for the proposal and stakeholders
expectations of the audit. The SAI should reformulate the stakeholders proposals as audit
topics with audit objectives and determine the associated risks. Stakeholder proposals are
43
ISSAI 3000/43-46 http://www.issai.org/composite-344.htm
31
sometimes described in terms of areas of risk rather than areas of interest. Appendix 2
shows the risk-based strategy used by the SAI of Indonesia in auditing the management of
For the subsequent stages of the audit, auditors are referred to the stages in the design
matrix in Appendix 3. The audit design matrix can assist auditors to define audit
objectives, researchable questions, audit criteria, audit evidence, sources of audit evidence,
methods of obtaining audit evidence and check the reliability of that evidence, the
limitations that auditors might face and the audit findings.
12 Types of audit
12.1 SAIs can carry out financial, performance or compliance audits of disaster-related aid. In
all cases the audits should fall within the mandate given to the SAI and be carried out in
accordance with the national and other relevant legislation and auditing standards which
apply. Reference should be made to which standards have been complied with
(International Standards on Auditing (ISAs), ISSAIs44 and/or other national and relevant
auditing standards) and whether compliance with such standards is total or partial. ISSAI
1000 provides guidance on this.45
12.2 Much of disaster-related aid comes from or is received into the budgets of national
governments and is subject to periodic audit in this context (usually annual financial
audit). Where there is no statutory requirement to carry out an audit of disaster-related aid
or when any type of disaster-related aid is excluded from their mandates, SAIs may
consider recommending to government to amend or enact the necessary legislation.
12.3 An audit of disaster-related aid may include aspects of financial, performance and
compliance auditing. However, the objectives of these different types of audit are not the
same and should be stated clearly and separately. Financial audit focuses on reports and
accounts, compliance audit is concerned with the respect of legislation, policy or agreed
upon terms and performance audit addresses the economy, efficiency and effectiveness of
government undertakings, systems, programmes or operations. Each type of audit should
be completed in accordance with applicable standards. The following are the relevant
ISSAIs:
General Auditing Guidelines on Financial Audit
1000-1810
General Auditing Guidelines on Performance Audit 3000-3100
General Auditing Guidelines on Compliance Audit 4000-4200
Appendix 5 contains references to audits of disaster-related aid carried out by SAIs in
recent years.
44
Notably level 3 INTOSAI Standards. See

http://www.issai.org/media(1075,1033)/Purpose_and_authority_of_the_INTOSAI's_professional_standards.pdf
45
ISSAI 1000/28
32
13 Financial audit and disaster-related aid
13.1 The purpose of an audit of financial statements is to enhance the degree of confidence
of intended users in the financial statements. This is achieved by the expression of an
opinion by the auditor on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework.46 The
definition of the scope of the audit depends on regulations, mandate and
organisational structure of the SAI.47
13.2 When conducting a financial audit of disaster-related aid, auditors should take
account of the specific nature of disaster-related aid. The audit of financial statements
could address, among other things:48
the requirements of the applicable accounting standards in the light of the
special circumstances surrounding disasters (emergency procedures, large
volumes of public expenditure during or after the emergency);
the existence and operation of adequate internal control systems during the
different post-disaster phases and activities (relief, recovery, rehabilitation and
reconstruction);
the increased risk of fraud and corruption in emergency activities;49
whether the legislation regarding contracts provide for emergency provisions
and whether this is appropriately reported in the financial statements;
reconciling disaster-related aid budgeted for and accounted for;
the possible existence of gaps in funding between executive units engaged in
similar activities;
reconciling donors' and recipients records and reports;
comparing project expenditure recorded by donors with figures for total aid.
Auditors should refer to ISSAIs 1000-2999 Financial Audit Guidelines.
13.3 Following disasters, especially major disasters, SAIs may find themselves facing
challenging new situations. In some cases SAIs visit the site of the disaster as soon as
possible to gather information or start the audit work. This was the case for the SAI of
Peru after the 2007 earthquake in Pisco and for the SAI of China following the 2008
Wenchuan earthquake. The audit carried out by the SAI of Peru concentrated on
emergency activities. The post-Wenchuan audit concentrated on recovery and
46
47
ISSAI 200/20
See ISSAIs 100 and 1000/20 and 21
48
See ISSAI 1300: Planning an audit of financial statements
49
ISSAI 5530
33
reconstruction and was a real-time audit which lasted three years, i.e. virtually the
whole of the reconstruction period. The main objectives of these post-disaster audits
were financial but the audits included performance and compliance aspects. See
Appendices 6 and 7 for summaries of these audits.
14 Performance audit and disaster-related aid

14.1 Performance audits carried out by SAIs are independent, objective and reliable
examinations of whether governments undertakings, programmes, systems or
organisations are performing in accordance with the principles of economy, efficiency
and effectiveness and whether there is room for improvements.50 Auditors develop
strategies that will help in setting priorities and audit topics and plan in such a way as to
ensure that audits are of high quality and are carried out in an economic, efficient,
effective and timely manner.
14.2 Performance audits of disaster-related aid may examine whether due attention has
been paid to:
the economy with which the disaster-related aid was used. Auditors can test
whether financial and in-kind aid were used to carry out activities in
accordance with sound administrative principles and practices and management
policies;
the efficiency with which human, financial and other resources have been used.
Auditors can seek to establish whether maximum output has been achieved
from the disaster-related aid. Looking at questions of efficiency requires the
examination of information systems, performance measures and monitoring
arrangements and the procedures followed by audited entities for remedying
deficiencies identified; and
how effectively those responsible for managing and implementing disasterrelated aid have performed in relation to the objectives set. To measure
effectiveness, auditors have to compare the actual impact of activities with their
intended impact.
Auditors should refer to ISSAIs 3000-3299 Performance Audit Guidelines.
14.3 A performance audit may seek answers to the following questions:51
Trust Has the aid pledged been provided? Has the aid pledged led to
appropriate expenditure?
Regularity Has the aid been spent on the intended purposes?
Efficiency Has the aid been spent as efficiently as possible?
Effectiveness Has the aid been spent as effectively as possible?
50
51
ISSAI 300/2
http://www.intosaijournal.org/technicalarticles/technicaloct06b.html
34
14.4 The following are some of the aspects which performance auditors may consider:
Goals attainment: did the affected population receive the help it needed?
Process: were procedures adequately prepared in advance and then respected
during the post-disaster period?
Cost/benefit: were the objectives of the disaster-related aid met at the lowest
possible cost?
Quality: was the quality of the output (food aid, shelters, etc) acceptable?
14.5 When conducting a performance audit, SAIs should bear in mind the need to make
recommendations to feed into measures to prepare for the event of future disasters. For
example, in the field of infrastructure development, SAIs should ensure that the
rebuilding of infrastructure is intended not only to replace damaged facilities, but also
to reduce the impact of future disasters and create a resilient community. Another
example is where auditors observe inadequate preventive, detective and reactive
controls to deter, detect and follow-up on fraudulent and corrupt activities, they can
propose that a fraud and corruption prevention strategy should be built into preparations
for a future potential disaster.52 SAIs may also seek to issue recommendations of
general application regarding, for example, improvements to be made in human
resources and organisational capacity development.
14.6 Appendix 8 presents two performance audits conducted by the SAI of Japan.
Following the Great East Japan Earthquake in 2011, the SAI of Japan reported on
questions of economy and efficiency of recovery and reconstruction expenditure and
found that emergency housing could have been supplied more economically and that
disaster-generated waste was not being disposed of with adequate efficiency.
14.7 Appendix 9 summarises a performance audit carried out by the SAI of the
European Union of the European Commissions humanitarian response to the 2004
tsunami in South East Asia. Recommendations concerned the role the Commission
could consider playing in helping affected governments to manage donor coordination
more effectively, the need for better clarification of roles between Commission
services, the necessity to improve monitoring and the availability of information and
the importance of obtaining access to documentation on projects implemented by UN
agencies.
14.8 In the aftermath of the South East Asian tsunami, the SAI of India carried out a
performance audit of national expenditure and international disaster-related aid across
the disaster management cycle at national, state and district levels. The audit found the
mechanisms for managing and monitoring aid to be inadequate and that there were no
clear criteria for assessing expected financial assistance. The construction of both
temporary shelters and permanent housing was found to be ineffective and there were
52
ISSAIs 5510 and 5530
35
delays in construction. The audit also covered financial and compliance audit objectives
and revealed irregularities in aid payments, in the identification of beneficiaries and in
the administration of infrastructure projects. See Appendix 10 for a summary of the
audit.
14.9 The United States of America (US) is one of the worlds largest donors of disasterrelated aid.53 In 2005 Hurricane Katrina struck the Gulf coast of the US, causing
billions of dollars in damage and dislocating thousands of residents. As the storms
devastation and destruction were viewed around the world, many countries offered both
cash and in-kind donations, including military donations to the United States. Since the
US government had not received such substantial amounts of international disaster
assistance before, ad hoc procedures were developed to accept, receive and distribute
the cash and in-kind assistance. The SAI of the US carried out a performance audit to
determine the amount of cash that was donated by foreign countries and the extent to
which it had been used to assist in the relief efforts. The audit also examined the extent
to which those federal agencies with responsibilities for the assistance had policies and
procedures in place to help ensure the appropriate accountability for the acceptance and
distribution of in-kind donations, including military donations. Based on the findings
of the audit, the SAI recommended improvements to the policies, procedures, planning
and oversight relating to international donations. See Appendix 11.
15 Compliance audit and disaster-related aid

15.1 The objective of compliance auditing is to enable SAIs to report to the appropriate
bodies on audited entities compliance with particular sets of criteria. This involves
reporting on the degree to which the audited entities are accountable for their actions
and exercise good public governance.54 SAIs carrying out compliance audits should
refer to the General Auditing Guidelines on Compliance Audit.55
15.2 Compliance audit can be performed as a separate audit task. It can also be related to
performance audit, or to the audit of financial statements. Some SAIs may have
special compliance audit tasks and responsibilities established by their mandate or
otherwise. Such tasks may include the judicial function of SAIs, activities related to
suspected fraud and corruption, investigation of suspected illegal acts or other
misconduct for the purpose of decisions on the sanctioning of individuals or reporting
to law enforcement authorities, or the assessment of the truth and completeness of
information submitted by ministers to a parliament.
15.3 The INTOSAI Fundamental Auditing Principles highlight two key concepts of
compliance auditing:
53
http://www.ifrc.org/Docs/Appeals/statistic/donors12.pdf.
54
ISSAI 400/20
ISSAIs 4000-4200
55
36
Regularity the concept that activities, transactions and information pertaining

to an auditee are in accordance with the authorising legislation, regulations
issued under governing legislation and other relevant laws, regulations and
agreements, including budgetary laws, and that they are properly sanctioned.
Propriety the general principles governing sound public sector financial
management and the conduct of public sector officials.
15.4 When carrying out compliance audits of disaster-related aid auditors may seek to
verify compliance with the requirements of international agreements covering
recovery, relief, rehabilitation and reconstruction measures and activities. For
example, governments are required by United General Assembly Resolutions 46/182
of 1991 and 58/114 of 2004 to adhere to the humanitarian principles of humanity,
neutrality, impartiality and operational independence.56 SAIs can report on failure by
government to comply with these principles in the use of disaster-related aid.
15.5 Auditors should be aware of emergency procedures which may be in operation during
the emergency phase following disaster. It may not be possible to comply with all
laws and regulations in emergency situations and auditors should take into account
the need to circumvent some rules in exceptional circumstances to prioritise the
saving of lives and the alleviation of human suffering. However, auditors should
expect that, where it is reasonable, the deviations from rules should be documented
and explained. Auditors should also verify and make recommendations regarding the
degree to which appropriate disaster preparedness measures existed and whether they
took into account the need for pre-defined emergency procedures.
15.6 Appendix 12 presents two compliance audits carried out by the SAI of Indonesia in
2010 and 2009 respectively of emergency response, rehabilitation and reconstruction
disaster-related aid activities. The audits included performance as well as compliance
objectives. The auditors of the emergency response to an earthquake in 2010 found
that disaster management regulations in the province concerned were not adequate,
that the legal requirement to set up a local disaster management agency was not
respected and that the construction of emergency infrastructure did not comply with
legal requirements. The auditors of recovery and reconstruction expenditure (national
expenditure together with international disaster-related aid) reported the failure to
comply with national budget regulations and that local government had not complied
with requirements on reporting disaster-related aid.
56
http://ochanet.unocha.org/p/Documents/OOM_HumPrinciple_English.pdf
37
16 Reporting audits of disaster-related aid

16.1 When preparing audit reports, SAIs should consider the specific context and needs of
the country concerned, as well as legal mandates and any other information relevant
to the stakeholders. Separate audit reports might be prepared for different parts of the
post-disaster phase (emergency response, rehabilitation or reconstruction activities).
These reports may have a similar overall structure, with their content depending on
the phase concerned. In all cases, reports should be addressed to the appropriate
authority for follow up on the recommendations made.
16.2 Reports on financial audits of disaster-related aid should respect national
requirements. SAIs should refer to the INTOSAI guidelines.57 If the financial
statements have been prepared in accordance with a special purpose framework,
auditors should consider including an emphasis of matter paragraph in the report on
the financial audit of disaster-related aid.58
16.3 Following performance or compliance audits, auditors should provide written reports
to communicate the results of the audit to all levels of government and other
stakeholders. The fact that reports are written make the results less susceptible to
misunderstanding, make the results available for public inspections and facilitate
follow-up to determine whether corrective action has been taken.
16.4 Performance audit reports should be reliable and informative. Recommendations
should be logical and clear, and linked to the audit objectives and the findings. The
auditors should report the audit objectives, scope, methodology and sources used, as
well as audit findings, conclusions and recommendations. The audit reports should be
complete, accurate, objective, convincing and as clear and concise as possible. See
ISSAI 3000 for guidance.59
16.5 Compliance audit reports should include the objectives and scope of the audit, the
time period covered, identify or describe the subject matter and the criteria, the
responsibilities of the various parties (legal basis), the auditing standards applied in
performing the work, a summary of the work performed and a conclusion. See ISSAI
4100 for guidance.60
16.6 INTOSAI has spearheaded an initiative called The Integrated Financial
Accountability Framework (the IFAF) to improve the quality and availability of
financial information on humanitarian aid.61 The proposal is for all stakeholders in
57
ISSAI 1700 Forming an Opinion and Reporting on Financial Statement.
58
ISSAI 1800: Special Considerations Audits of Special Purpose Financial Statements
59
http://www.issai.org/media(797,1033)/ISSAI_4100_E_Endorsement_version_June.pdf
60
http://www.issai.org/media(797,1033)/ISSAI_4100_E_Endorsement_version_June.pdf
61
38
humanitarian aid to prepare IFAF tables , for these tables to be audited by external
auditors and for them to be made publically available by publishing them as open
data. The objective of the IFAF is to standardise and simplify humanitarian aid
reporting, improve transparency and accountability and make ex-post, final, audited
financial information on the whole of humanitarian aid available to all interested
parties. Once the IFAF is operational, SAIs can use the improved information to
support their work on auditing financial statements and to assist them in their
performance and compliance audits. For more information see INTOSAI GOV 9250
on the IFAF.62
17 Audit tools for disaster-related aid

17.1 The complexity of auditing disaster related-aid makes the use of audit tools a
necessity for SAI auditors. However, before using the tools, auditors should obtain
assurance regarding the quality and reliability of the information on which they are
based. Some of these tools are described below.
17.2 Governments use Geographic Information Systems (GIS) as a source of
information. These can be used to integrate, store, analyse, manage and present data
that are linked to locations. GIS technology can be used to assess where hazardous
natural phenomena are likely to occur. In a disaster-related aid audit, GIS can be used
to identify the area(s) affected by the disaster to be audited. GIS is useful both in
planning and in conducting the audit. For further discussion of GIS and how it can be
used for auditing disaster-related aid, see ISSAI 5540.63
17.3 Online databases can be useful for SAI auditors where many stakeholders are
involved in disaster-management. Some examples of online databases used in
auditing tsunami related aid in Indonesia are RAN-DTF, ETS, FTS, and the United
Nations Relief website. Due to the important role these databases play in disaster
management, auditors should also assess the quality of these databases and the
information they contain. SAIs are referred to the final report of the INTOSAI Task
Force of the Accountability for and Audit of Disaster-related Aid64 for criteria for
assessing the quality of online databases for disaster management and specifically for
The Task Force considered that databases for disaster-related aid should contain:
complete, reliable, timely and comparable data;
62
ibid
63
64
Task Force on the Accountability for and Audit of Disaster-related Aid (2008), Lessons on accountability, transparency
and audit of Tsunami-related aid. See website: http://eca.europa.eu/portal/page/portal/intosai-aada/home.
39
information on the reliability and timeliness of the data: Has the information
been verified or audited? When was the information collected?
data over the whole period of relief, rehabilitation and reconstruction.
17.4 INTOSAI GOV 9250 on the IFAF (see paragraph 16.6) includes the proposal that
IFAF tables should be made available as open data. The audited information
published in IFAF tables can be used as a tool for auditors seeking to construct global
audit trails for individual disasters or specific aid flows. IFAF tables can also be used
by auditors seeking to establish coverage by other auditors of the humanitarian aid in
which they are interested and as such can become tools to further collaboration and
cooperation between auditors.65
65

Audit of Disaster-Related Aid: ISSAI 5520

Uploaded by

Audit of Disaster-Related Aid: ISSAI 5520

Uploaded by

ISSAI 5520

Audit of disaster-related aid

INTOSAI General Secretariat - RECHNUNGSHOF

Part 2: Disaster-related aid

Definition of disaster-related aid

Part 3: Good practice and examples of auditing disaster-related aid

Preparing the audit

Appendices (separate document)

Part 1 Disaster and disaster management

Purpose, scope and structure

Post disaster activities

Search & Rescue,

Source: Prepared for WG AADA by the SAI of Indonesia

Geographical scope of impact geographical features susceptible to

3.3 Disasters have a number of consequences.

10 or more people reported killed;

all humanitarian aspects of emergencies, in particular preparedness, response, and

Taking care of victims

Victim search and

Treating the sick and

Burial of the dead

Supply of food and

Emergency food and

Meeting basic needs of

Reduced, but still

Reduced but still

Part 2: Disaster-related aid

Definition of disaster-related aid

Roles and responsibilities

Figure 2: Financing, delivering and reporting on the response to humanitarian crises

Features of disaster-related aid for consideration by auditors

which could include methodologists, engineers, economists, etc., to

Risk factors for different disaster-related aid activities

ISSAI 100/50 (unrevised)

The management of disasters and disaster-related aid

Damage and needs assessment

E. Fraud and corruption

J. Financial statement risk

Table 2 Disaster-related aid activities and associated risk factors matrix

Financial statement risk

Unequal aid distribution

Fraud and corruption

Part 3: Good practice and examples of auditing disaster-related

Preparing the audit

programmes addressing a number of audit objectives which may be financial,

provision of emergency food, water, shelter,

Focus on provision of health care supplies, health

establishment of reliable access and

Focus on rebuilding physical infrastructure

and re-establishing capacity of doctors, nurses,

Cooperation between auditors of disaster-related aid

Source: The SAI of the Netherlands

sharing information and experiences;

the scope and objectives of the audit;

10 Information and data gathering

the rescue and evacuation of disaster victims;

monitoring carried out by the coordinator of disaster management activities.

11 Selection of audit topics

See ISSAI 3000/44

See also ISSAI 1315 on a risk based approach to financial audit

Figure 5: Selecting topics for performance or compliance audits of disaster-related aid

Request from parliament, government, or

Topics selected by SAI

Phase I: Understanding entity and business process

Phase II: Identify risks

Phase I: Understanding Stakeholders Expectation

Phase III: Identify actions by disaster management

Phase IV: Choose audit topics and priorities

* (This will vary according to the SAIs mandate)

Source: The SAI of Indonesia

11.3 Procedure for selection of audit topics

the extent to which the audit will contribute to improving management or

Phase III: Risk Analysis

Table 3: Risks faced by key players in disaster-related aid

Disaster management agency

Source: SAI of Indonesia