Stakeholder workshops Corruption risk mapping

State Audit Office of Hungary

5 and 6 November
2007-11-15

Introduction
On 5 and 6 November 2007 the SAO organized two workshops for external relations
(stakeholders) that are involved in the anti-corruption efforts in Hungary. This workshop took
place in the framework of a development project on corruption risk mapping in Hungary. The
Hungarian State Audit Office and the Netherlands Court of Audit are partners in this project
that is financed by the EU. In this project we aim to develop a risk assessment methodology to
help identify type, nature and place of high corruption risks in the public sector of Hungary in
a systematic way. This may be integrated in an audit approach (directed at financial
statements, financial management, operational management or performance) or may be
further developed and utilised as self-assessment methodology. Also the risk assessment
may be part of integrated or comprehensive audits. The results of this project will help to
advise the Hungarian government on anti-corruption measures.
The Stakeholder workshop was meant to gather input from important players in the anticorruption effort in Hungary for the risk assessment and risk mapping methodology. The
workshop was centralised around corruption in organisations. The objectives of both
stakeholder workshops were:
1. Introduction of the objectives of the project and the role of stakeholder involvement
2. Exploration of ideas and possible contributions to the project related to:
Corruption risks in organisations
Anti-corruption measures in organisations
Viability of a base-line standard to prevent and fight corruption in the (near) future
3. Exploration of the possible information sources from stakeholders and others
The workshops were attended by 8 senior officials from ministries/municipalities and 6 senior
experts in the field of anti-corruption efforts (List of participants in annex).
The workshops have yielded valuable insights. Generally the conclusion of both workshops
was that the focus on organisations and what they can do to prevent and repress corruption
could be a valuable addition to the Hungarian anti-corruption strategy.
The risk assessment methodology that was explored in the workshops proved to be a good
basis for further adaptation for use in Hungary.

Corruption risks in organisations

The basis for this methodology is a structured assessment of vulnerabilities of organisations for
corruption. All organisations in the public sector have vulnerable processes, but, according to
international literature, some functions, tasks or processes are more vulnerable than others. These
are:
Areas dealing
Collecting
with the public or
with the private Contracting
sector
Payment
Granting/ issuance
Supervising/
enforcement
Areas dealing
Information
with government
property
Money
Goods

Assessments, taxes, import duties,

excise duties, fees, charges
Tenders, orders, assignments, awards
Subsidies, benefits, allowances,
grants, sponsoring
Permits, passports, driving licenses,
identity cards, authorisations,
inspections
Supervision, control, inspection,
prosecution, detection, justice,
punishment
National security, confidential
information, documents, dossiers
Cash/giro via budgets, premiums,
expenses, bonuses, allowances, etc
Purchase, management and
consumption (stocks, computers etc)

The first step is to look if any of these inherent vulnerabilities apply to the organisation. The
second step is to assess if there are any other sources of increased vulnerability in or around the
organisation. These sources could be within or around the organisation. Some well known sources
are:
o
o
o
o
o
o
o
o

Deficiencies in accounting system and/or internal control system

New organisation
Semi(independent) organisations with poor supervision
Bureaucracy
Dependency (information, politics, etc.)
Lack of resources
Incomplete unclear or complex legislation
Unclear/unrealistic goals or performance indicators

Other sources of vulnerability concern the people working within the organisation. Those include:
o
o
o
o
o
o
o
o
o

Conflicts of interests
Low income
Poor education or professional competences
Low career prospects
Low status
Poor ethical standards
Overspending life style, addictions (alcohol, drugs, etc)
Personal secrets (blackmail)
Threats on personal or family safety

The participants of both workshops considered this approach and these vulnerabilities also
relevant for and applicable in the Hungarian situation.

Anti-corruption measures in organisations

An organisation can mitigate its vulnerability and corruption risks with a good system of
integrity controls: measures that can be taken to promote the integrity of an organisation and
to prevent and combat incidents of corruption. In this way a highly vulnerable organisation
can lower its corruption risks considerably. In a risk analysis therefore these measures should
be taken into account.
In the workshops the participants considered the SAINT integrity control framework that is
developed in The Netherlands and based on the COSO internal control framework. The
framework consists of 64 measures that can be categorized in hard, general and soft controls.
The hard controls are, as the term suggests, concerned chiefly with regulations, procedures
and technical systems. The soft controls are designed to influence behaviour, working
atmosphere and culture within the organisation. The clusters in the general controls category
are more wide ranging or have a mix of hard and soft elements.

HARD

GENERAL

SOFT

Policy framework
Vulnerability/ risk
analysis
Responsibilities
Legislation and
regulation
Accounting system/
Internal Controls
Security

Values and standards

Recruitment & selection
Response to integrity
violation

Integrity awareness
Management attitude
Organisational culture

Accountability
Audit & monitoring

Some of the measures in the framework were considered by the participants to be of more
relevance than others. In both workshops the importance of soft controls i.e. measures that
influence behaviour and culture in organisations, was acknowledged.

Base-line standard
Both workshops concluded that already there are quite a number of control measures available
for organisations in the Hungarian public sector, but that a more systematic framework is
needed to make them more effective. The results of the workshops indicated that a base-line
standard for the Hungarian situation is possible and that such a baseline could help to build
the desired systematic framework. A systematic risk analysis can provide a good indication to
what measures are needed to mitigate most common vulnerabilities in Hungarian public
organisations and should therefore be included in the this baseline.

Ensuing project activities

The project team will use the input from the two stakeholder workshops to judge the
feasibility and design the methodology of risk mapping. Further project activities are:

Study visit to the Netherlands (November 2007): study of best practices in risk
mapping used by the NCA and various other experts and organisations
Design workshop (December 2007): finalisation of the feasibility study and design of
risk mapping method by the SAO.
Training (January 2008): training sessions on the use of the new methodology
Implementation workshop (February 2008): presentation of the feasibility study and
the designed risk mapping method. Design of the implementation of the risk mapping
study with SAO and key stakeholders.
A pilot (February 2008): trial assessment using the risk mapping methodology with
one or two pilot organisations
Closing workshop (March 2008): evaluation of the project and the developed risk
mapping method with SAO, key stakeholders and pilot organisations.
Conference (March 2008): communication of the results of the project and discussion
on further implementation of the method with internal and external stakeholders.

List of participants
o nov 5 workshop Participants: Ina de Haan (NCA), Diny van Est (NCA), Gusztv
Bger (Director General SAO RDI), Andrea Korbuly (councillor SAO RDI), Pl Tth
(councillor SAO), Attila Lengyel (councillor SAO), Ptern Szarka (Head of Unit
SAO), Richrd Szendi (councillor Ministry of Finance), Gyrgy Sntha (Head of Unit
Ministry of Justice and Police) Erzsbet Turai (Head of Unit Ministry of Economy and
Transport) Jen Kiss (councillor Ministry of Economy and Transport), Lszl
Csernenszky (Head of Unit Ministry of Economy and Transport), Mrton Vgi
(director National Development Agency), Rudolf Virg (State Secretary Ministry of
Local Government and Regional Development), Zsolt Fbin (Secretary General
Association of the Hungarian Local Governments)
o nov 6 workshop Participants Ina de Haan (NCA), Diny van Est (NCA), Gyula Pulay
(Deputy Director General SAO RDI), Andrea Korbuly (councillor SAO RDI), Andrea
Korssn Vgh (councillor SAO), Gbor Fldvri (councillor SAO), Ptern Szarka
(Head of Unit SAO), Norbert Pusks (Head of Unit Customs and Finance Guard),
Lszl Jnos Szab (Head of Unit Tax and Financial Control Administration), Endre
Bnyai (councillor OLAF Coordination Office of Hungary), Sndor Kapus ( (Head of
Unit National Investigation Department of Police), Zoltn Knya (councillor National
Investigation Department of Police ) va Kothencz (Head of Unit Council of Public
Procurement)