Disclosure of Internal Audit Reports

Disclosure Policies

UNDP is committed to organizational transparency. In accordance with decision 2012/18 of its Executive Board, UNDP is publishing the audit reports issued by its Office of Audit and Investigations (OAI) as from 1 December 2012.

The policy for the disclosure of audit reports issued by OAI has evolved over the years. This page describes which disclosure policy is applicable over which period in time.

Questions regarding the disclosure of internal audit reports should be directed to OAI through the following email address: audit.disclosure@undp.org.

Audit Ratings

On the basis of its audit results, OAI assigns an "audit rating" for each of the areas assessed during an audit as well as an overall rating for the business unit audited. OAI uses three rating categories: "satisfactory"; "partially satisfactory"; "unsatisfactory". A definition of each of the audit rating is available here.

For internal audit reports issued since 1 December 2012

In accordance with Executive Board decision 2012/18 of June 2012, all audit reports issued by UNDP Office of Audit and Investigations (OAI) since 1 December 2012 are publicly disclosed on this website, one month after they have been issued internally. (click here)

For internal audit reports issued between 1 July 2012 and 30 November 2012

In accordance with the Executive Board decision 2012/18 the executive summaries of internal audit reports are publicily available on this website. (click here)

The access of the full contents of an internal audit report issued between 1 July and 30 November 2012 is done in accordance with the process described below.

For internal audit reports issued between 1 October 2008 and 30 June 2012

The disclosure of internal audit reports to Member States and to eligible donors is governed by the UNDP oversight policy and related decisions of the UNDP Executive Board.  According to the UNDP oversight policy, approved by the Executive Board in its decision 2008/37, the Administrator may disclose internal audit reports to Member States.  According to Executive Board decision 2011/23, the Administrator may also disclose to donor intergovernmental organizations and the Global Fund to Fight AIDS Tuberculosis and Malaria (the Global Fund), internal audit reports pertaining to a given project in which the said donor is financially contributing.

• Member States may therefore request access to any of the issued reports
• The Global Fund may request access to those reports listed in the category "Global Fund audits"
• Donor intergovernmental organizations may request access to those reports listed in the category "Project audits", provided that they have been financially contributing to the project audited.

Internal Audit Reports: Requests for access to internal audit reports should be made in writing to the UNDP Administrator, with a copy to the Director of the Office of Audit and Investigations (OAI), stating the reason and purpose for the request and confirming adherence to the procedures for disclosure of internal audit reports, including confidentiality.  For details of the disclosure process, see document "Procedures for disclosure of internal audit reports".

Audit Ratings - Definition

A rating of "satisfactory" means that internal controls, governance and risk management processes were adequately established and functioning well; the audit has not disclosed any new significant issues. While all UNDP offices strive at continuously enhancing their controls, governance and risk management, it is expected that this top rating will only be achieved by a limited number of business units.

A rating of "partially satisfactory" means that internal controls, governance and risk management processes were generally established and functioning, but needed improvement; the audit has disclosed one or several issues that need to be addressed. It describes an overall acceptable situation with a need for improvement in specific areas. It is expected that the majority of business units will fall into this rating category.

A rating of "unsatisfactory" means that internal controls, governance and risk management processes were either not established or not functioning well; the audit has disclosed significant issues that need to be addressed as a matter of priority in order not to compromise the achievement of the audited entity's objectives. Given the environment UNDP operates in, it is unavoidable that a small number of business units with serious challenges will fall into this category.