Disclosure of Internal Audit Reports
UNDP is committed to organizational transparency. In accordance with decision 2012/18 of its Executive Board, UNDP is publishing the audit reports issued by its Office of Audit and Investigations (OAI) as from 1 December 2012.
The policy for the disclosure of audit reports issued by OAI has evolved over the years. This page describes which disclosure policy is applicable over which period in time.
Questions regarding the disclosure of internal audit reports should be directed to OAI through the following email address: firstname.lastname@example.org.
On the basis of its audit results, OAI assigns an overall rating for the business unit audited. OAI uses three rating categories: "satisfactory"; "partially satisfactory"; "unsatisfactory". A definition of each of the audit rating is available here.
For internal audit reports issued since 1 December 2012
In accordance with Executive Board decision 2012/18 of June 2012, all audit reports issued by UNDP Office of Audit and Investigations (OAI) since 1 December 2012 are publicly disclosed on this website, one month after they have been issued internally. (click here)
For internal audit reports issued between 1 July 2012 and 30 November 2012
In accordance with the Executive Board decision 2012/18 the executive summaries of internal audit reports are publicily available on this website. (click here)
The access of the full contents of an internal audit report issued between 1 July and 30 November 2012 is done in accordance with the process described below.
For internal audit reports issued between 1 October 2008 and 30 June 2012
The disclosure of internal audit reports to Member States and to eligible donors is governed by the UNDP oversight policy and related decisions of the UNDP Executive Board. Requests for access to internal audit reports should be made in writing to the UNDP Administrator, with a copy to the Director of the Office of Audit and Investigations (OAI), stating the reason and purpose for the request and confirming adherence to the procedures for disclosure of internal audit reports, including confidentiality. For details of the disclosure process, see document "Procedures for disclosure of internal audit reports".
A rating of "satisfactory" means that internal controls, governance and risk management processes were adequately established and functioning well; the audit has not disclosed any issues that would significantly affect the achievement of the objectives of the audited entity.
A rating of "partially satisfactory" means that internal controls, governance and risk management processes were generally established and functioning, but needed improvement; the audit has disclosed one or several issues that may negatively affect the achievement of the objectives of the audited entity.
A rating of "unsatisfactory" means that internal controls, governance and risk management processes were either not established or not functioning well; the audit has disclosed significant issues that need to be addressed as a matter of priority in order not to compromise the achievement of the audited entity's objectives.