Office of the Inspector General Status of OIG

Office of the Inspector General Status of OIG Recommendations & Plan to enhance their monitoring OAS/OIG, November 2017

Agenda • Status of OIG Recommendations as of November 17, 2017 • Plan to Enhance Monitoring of OIG Recommendations November 2017 Review of OIG Recommendations with the CAAP 2

Overview of OIG Recommendations Activity 120 109 99 100 80 66 60 71 95 27 40 29 3 27 39 20 14 27 26 Corrections Issued in 2017 13 out of 66 closed recommendations in 2017 correspond to an OIG’s review of no longer applicable ones as recommended by the Board of External Auditors. 28 0 2016 Investigations Audits Closed Open as of November 17, 2017 Total Corrections: 2015 and 2016 Investigations recommendations not accounted for in previous reports November 2017 Review of OIG Recommendations with the CAAP 3

Overview of OIG Recommendations Activity by Secretariat Responsible Area Secretariat for Administration and Finance Strategic Counsel for Organizational Development Office of the Assistant Secretary General Executive Secretariat for Integral Development Secretariat for Access to Rights and Equity Office of the Secretary General Secretariat for Multidimensional Security Secretariat for Legal Affairs Secretariat for Strengthening Democracy Secretariat for Hemispheric Affairs Inter-American Defense Board Total GS/OAS Open Recommendations November 2017 High 36 7 3 1 1 1 49 Audit Medium 9 2 4 1 2 1 1 1 21 Review of OIG Recommendations with the CAAP Low 1 1 Sub. Total 45 9 7 3 3 Investig. Total 23 1 1 68 10 8 3 3 2 1 1 1 99 - 2 1 - 1 1 1 71 1 28 4

High risk recommendations • 49 recommendations rated as “high-risk” remained open as of November 15, 2017. • The Board of External Auditors (BEA) advised the OIG to review all open audit recommendations including a reevaluation of its rating. They noted that at the time of their review approximately 65% of all audit recommendations were ranked as “high”, which in their opinion can be not practical for management to immediately act on every recommendation. • The quarterly review process of OIG’s recommendations introduced by the CAAP has demonstrated to be a valuable support the Organization, to ensure the Secretariat moves ahead in implementing recommendations. Nonetheless , the review suggested by the BEA should be addressed by the OIG to ensure a prompt response from Management to the most important and relevant subjects. • Considering the existing OIG’s ongoing initiatives and priorities (details in Appendix 2 & Appendix 3), the OIG plans to address the BEA’s recommendation on Q 1/2018. That activity should lead to a reduction of the number of recommendations rated as “high-risk” which are the ones the Organization should focus with priority and act upon. • Appendix 1 shows the list of all current open “high-risk” recommendations. November 2017 Review of OIG Recommendations with the CAAP 5

Agenda • Status of OIG Recommendations as of November 17, 2017 • Plan to Enhance Monitoring of OIG Recommendations November 2017 Review of OIG Recommendations with the CAAP 6

Open OIG recommendations have remain steady in around 100/year which suggests the monitoring process should be reviewed in order to pursue a higher level of effectiveness Process Strengths Quarterly review process of OIG’s recommendations introduced by the CAAP is enhancing management’s attention. – A best in class software (Team. Mate) for audit management in place at the OIG. – Improvement Opportunities Increase the frequency of OIG’s monitoring and reporting. – Ensure an appropriate prioritization of recommendations by introducing rating criteria. – Enhance clarity of specific actions required from management to close recommendations. – Ensure new audit recommendations are valid, feasible and understood by discussing them in audit exit meetings. – November 2017 Review of OIG Recommendations with the CAAP 7

Objectives in the OIG Mid-Term Plan 2017 -2019 addressing the improvement opportunities noted Year Action 2017 Foster management’s engagement Enhance Secretariat’s attention to new OIG recommendations by with audit recommendations ensuring those are valid, understood, risk-based, feasible and address the root cause of the issue 2018 Enhance monitoring process Implement a comprehensive plan to: -Reduce the existing open recommendations to a manageable level -Implement an effective and systematic follow-up process to monitor and ensure that management actions are effectively implemented or that senior management has accepted the risk of not taking action 2019 Automate the follow-up process through Team. Mate/Team. Central Enhance process efficiency November 2017 Purpose Review of OIG Recommendations with the CAAP 8

2017: Fostering management’s engagement with audit recommendations • As part of our quality assurance process, we are ensuring that our audit observations are risk-based. • In order to promote management’s engagement with audit observations, the OIG is now coordinating exit meetings after audit completions. Mutual understanding is pursued in those meetings and the following principles are promoted: – – The audit process should be seen as a tool for continuous improvement. Every finding only once! (i. e. focus on addressing the root cause of the issue). November 2017 Review of OIG Recommendations with the CAAP 9

2018: Plan to enhance OIG’s recommendations monitoring Action Purpose 1. Review audit approach 1. Introduction of agreed SMART actions in the audit reports. 2. Introduce criteria for audit observation’s rating. 3. Apply IIA’s recommendations for small internal audit activities in compliance with Standard 2500 – Monitoring Progress - Enhance clarity of OIG recommendations - Ensure a risk-based criteria to establish priorities. - Use OIG’s scarce resources optimally. 2. Re-assess existing open recommendations 1. Re-assess the rating using new criteria 2. Apply IIA’s recommendations for small internal audit activities in compliance with Standard 2500 – Monitoring Progress 3. Conduct follow - up audits Reduce the existing open recommendations to a manageable level and ensure the focus of attention is given to the most relevant issues. 3. Report recommendation status every 2 months to the Secretariats and quarterly to the CAAP. 1. Time for monitoring will be allocated in the OIG’s resource planning process. Enhance management attention by means of a systematic reporting. - LIST OF ACRONYMS USED: IIA = The Institute of Internal Auditors; SMART = Specific, Measurable, Achievable, Responsible person, Time; CAAP=Committee on Administrative and Budgetary Affairs 10

Introduction of agreed SMART actions in the audit reports SMART acronyms stands for: Specific, Measurable, Achievable, Responsible person, Time. • Current audit reports have: OIG recommendation – Management response – November 2017 • New audit reports will include: OIG recommendation – Management comments (if any). – Specific agreed management action, including due date and person responsible for its implementation. – Review of OIG Recommendations with the CAAP 11

Introduction of criteria for observation’s ratings S E S Medium O P UR P N O I T A R TPotential financial impact below Financial S U L below USD 80, 000 a year L USD 800, 000 a year impact I R O F T F A R D Type of Observation Policies compliance November 2017 Low High Potential financial impact equal to or above USD 800, 000 a year Significant control weakness Few occurrences with Some occurrences with potential that might prevent OAS from limited potential damage pursuing its objectives Review of OIG Recommendations with the CAAP 12

IIA’s recommendations for small internal audit activities - * In Compliance with Standard 2500 – Monitoring Progress • Existing open recommendations: – • Once re-assessed, hand over to management those rated Medium or Low Priority New recommendations: – OIG commits to follow - up only on those rated High or Medium Priority *The Institute of Internal Auditors (IIA) defines a small audit activity as one which typically will have one or more of these characteristics: One to five auditors; Productive internal audit hours below 7, 500 a year; Limited level of co-sourcing or out-sourcing. 13

Appendixes November 2017 Review of OIG Recommendations with the CAAP 14

Appendix 1 – List of all Open High-Risk Recommendations as of November 15 2017 November 2017 Review of OIG Recommendations with the CAAP 15

Appendix 2: OIG – Operational Road Map 2017 - 2019 2017 Continuous Improvement Audit Activities Investigation Activities People 2018 2019 Long Term Ambition - Define and establish performance indicators - Promote an AC - OIG’s Online Portal - Update Executive Order 95 -05 - Explore Data Analytics Optimized processes led by a learning organization. - Self-assessment - Foster management’s engagement with audit recommendations - Complete or substantially finalize the audit plan - Conclude audits 2017 - Enhance monitoring process - Update risk-based plan - Audit Charter - Quality Assessment - Update manual - Implement Quality Assessment recommendations - Develop Standard Audit Programs - Automated follow - up (Team Central) - Reduce backlog - Update manual - Conduct a Peer Review - Review Harassment Policy Certified audit activity that provides value added recommendations, monitors agreed actions and ultimately helps OAS achieve its objectives through world-class audit services. Diligent and expeditious investigations that strengthen OAS transparency & accountability. - CPE fulfillment - Preparation for Quality Assessment - Initiate recruitment process - CPE fulfillment - Conclude recruitment process - Introduce IDPs - CPE fulfillment - IDP monitoring - Increase CIA/CFE team members A team that attracts and develops talent. - LIST OF ACRONYMS USED: OIG= Office of the Inspector General, AC= Audit Committee, QAIP=Quality Assurance and Improvement Program, CPE=Continuing Professional Education, IDP=Individual Development Plan, CIA = Certified Internal Auditor, CFE= Certified Fraud Examiner - Objectives in red are those related to the plan to improve the monitoring of OIG Recommendations

Appendix 3: Overview of OIG’s activity 2017 October 2017 OIG Mid Term Plan 17