07d-GUID-5330-GTFD.pdf

30th Abr 2024

1

Exposure draft on GUID 5330
Comments from the Working Group on Auditing Disaster Management within
the framework of the Sustainable Development Goals
COMMENTS
(Version August 26 , 2020)
This document aims to systematize the comments and contributions of SAIs from
members of the Working Group on Auditing Disaster Management within the
framework of the Sustainable Development Goals.
It consists of three sections:
● The first responds to the three questions posed in GUID memo 5330 (pages 1 –
9) .
● The second brings together the suggestions, recommendations and additions
in the body of the GUID, (pages 10 to 27) and
● The third refers to the comments on the annexes (pages 28 to 55)
● A comparative table is included between the ISSAI 100/GUID 5330 prepared by
the SAI of Mexico (56 to 57)

Section 1: On the three questions posed, we have the contribution of the SAIs of
Argentina, Colombia, Cuba, Ecuador, Nicaragua, Mexico, Peru and the Dominican
Republic, as well as the Honorable Court of Accounts of Buenos Aires, Argentina.
Question 1 Does the proposed GUID provide useful and relevant guidance material?
The response of the SAIs is unanimous:
a) It is considered useful and relevant.
b) The state policy perspective that it confers is highlighted as it is a topic that
involves the countries.
c) The value of considering the evaluation of all phases for the development of an
audit is highlighted, as well as the audit objective examples it provides.

Question 2 Are there other important disas ter management issues that you consider
useful and that could be included in the proposed GUID? If so, please identify and
explain.

a) Define the audit of disaster risk management at the beginning of the GUID so
that each SAI contextualizes it within the regulatory framework of each country.
b) Define the scope of the audit, since the approach may be varied; planning
should aim at prioritizing or privileging aspects such as protecting lives, avoiding
economic losses or avoiding considerable environmental loss es, which allows
focusing the materiality of the audit on preventive aspects of disaster
management.
c) Indicate the profile of the audit teams and their professional competencies, if

2

they must be multidisciplinary or experts in matters not necessarily relate d to
accounting or finance.
d) Expand the texts on factors generating disaster risk, particularly related to the
effects of climate change and the emergencies produced by this phenomenon
in the face of governments’ preparation for this type of event. Also, on
adaptation to climate change in the disaster management cycle. Link to the
implementation of the Sustainable Development Goals (SDG).
e) Study risk levels in depth, particularly scenarios of internal and external risk,
and cumulative risks in complex topics or extensive areas. Recommending that
the assessment is to know the situation of the subject matter to be audited, the
involvement or consultation of experts, and/or the development of training
courses on this topic, are proposed.
f) Also consider, as possib le risks of fraud, the diversion of financial aid to non –
priority economic sectors or without legal competencies in helping other social
and/or economic sectors; as well as the inexistence of information systems that
register the priority beneficiaries of the aid, either individually or by groups.
g) Incorporate the systems perspective in SAIs, based on the experience of
COVID -19, since the pandemic, as a health matter, has effects in all sectors:
education, work, agriculture, transport, tourism, etc.
h) Include guidelines on follow -up to the results of disaster management audits,
and the recommendations made to the audited bodies, so as to maximize their
positive impact on disaster management.
i) Organize the glossary based on the disaster management cycle as an ini tial
criterion and, subsequently, in alphabetical order.

3 Does the proposed GUID provide a sufficient basis for SAIs to conduct disaster
management performance and compliance audits?

● If it is a sufficient basis and is strengthened when the elements rai sed in the
second question are considered.
● If, conceptually, it contains the generalities of the disaster risk management
cycle and presents two complementary guiding elements, such as examples of
audit objectives and examples of elements to consider in planning the audit. It
adheres very well to t he ISSAI 100.
● If it would be desirable to have model forms, matrices and reports that illustrate
the ways to present the audit.

Comments by SAI are presented in the table on the next page.

3

Section 1. Questions to Consider
1 Does the proposed GUID provide useful and relevant guidance material?

SAI of Argentina
Affirmative conclusion
SAI of Colombia
The GUID 5330 provides important elements for the audit of resources and the development of
risk management for different events, in addition to bringing risk management closer to
countries as part of a state policy, which is why it is considered useful. R egarding relevance, it
is timely because it is a topic of broad interest for many countries, and a challenge for SAIs,
who are facing challenges in conducting oversight and control of the management carried out
by official entities to face the disaster ris k. Therefore, this guide provides clear objectives and
actions on disaster management assessment processes.

SAI of Ecuador
In Ecuador, risk management includes prevention, reaction, mitigation, reconstruction and
transfer actions, to face all threats of natural or anthropogenic origin that affect the territory and
will be managed concurrently and in an articulated manner by all levels of government in
accordance with the policies and plans issued by the responsible national body, according to
the Constitution and the law.

GUID 5330 constitutes a guide for Supreme Audit Institutions, which provides guidance for the
disaster management audit with the objective of evaluating whether the activities before, during
and after the disaster have the app ropriate controls and guarantees.

The document also provides relevant guidelines to be considered by auditors, such as the
importance that in disaster management audits must be taking into account the existence of a
governance and policy framework for dis aster risk reduction management, or the disaster –
related operations.

It provides guidance on how auditing of different aspects of disaster management could be
addressed using financial, management or compliance auditing, and how they can be carried
out at any stage of the disaster management cycle, in which it is making evident important
segments such as, the preventive and preparatory measures that the government can establish
and apply before a disaster occurs, and the activities that follow the occurr ence of the same.

It sets out examples of objectives that can be addressed in planning for disaster management
audits, and provides elements of how overall risk assessments should be carried out at each
stage, considering that the risk of fraud and corrup tion is greatest in the context of an
emergency.

The GUID 5330 will be a great contribution to the Supreme Audit Institutions, providing
guidance to carry out disaster risk management audits to ensure the adequate and transparent
use of public resources a nd of those that come from contributions from donor countries during
a disaster, as well as the resources that are allocated to rehabilitation and reconstruction
activities .
SAI of Mexico
The material is useful since it can function as a reference for auditing disasters, considering as
an objective to guide SAIs in auditing Disaster Management, including pre – and post -disaster

4

activities since these are not predictable for taking the phase of occurrence into account, but
rather, one must anticipate it and respond when it happens. It is applicable for all audit phases
(planning, execution, reporting and follow -up); as well as, for the six stages of the Disaster
Management cycle for financial, performance and compliance audits since disasters regularly
have a considerable human, environmental and economic impact on the countries where they
occur.

Regarding the relevance of the document in the audit process, it makes it possible to present
rele vant performance and compliance results by collecting evidence. In order to facilitate audits
on disaster management, the stage of the disaster management cycle applied in each country
should be identified; the type of disasters that occur and their probab ility, the objectives sought
in the audits, the regulatory environment, internal controls and financial systems as sources of
evidence, considering the attributions of the entities involved in the processes; as an example
of the above, Mexico is adopting C omprehensive Risk Management ( GIR ), for which the SAI of
Mexico currently carries out the following 15 performance audits focused on Disaster
Management: two at the mitigation stage, six at the preparation stage, and seven at the
reconstruction stage, due to damage caused by natural disasters that occurred between 2017
and 2018. It is worth mentioning that disaster management is a responsibility shared between
the government, the private sector and civil society; therefore, it is considered relevant to
iden tify risks in the stages of the cycle associated with each type of audit so that the
recommendations made and the resulting reports would be used by other entities for different
purposes.
Although the application of the GUID is voluntary, in the case of fi nancial audits, it would seem
to be limited, but this should not be the case if we consider that the risk of fraud and corruption
increases in the rehabilitation and reconstruction stages after a disaster occurs; therefore, the
audit of public resources de stined to these stages is necessary. It is important that risks of fraud
or corruption be considered with the same relevance in terms of the resources that
governments use in implementing policies in the other stages of Disaster Management.

SAI of Nicaragua
The SAI of Nicaragua considers that the GUID effectively provides important guidance to carry
out the auditing process for Disaster Management, bringing together elements that contribute
to the evaluation of pre -event activities and guidelines f or conducting audits, its contents aligned
with auditing standards.
SAI of the Dominican Republic
Yes, the proposed GUID is a very complete instrument with guidelines for conducting a disaster
management audit. It includes all the phases for the development of an audit, as well as
examples of audit objectives.

Yes, it is very useful material as it fulfills the objective of serving as guidance to SAIs when
auditing Disaster Management, especially since its guidelines are based on the fundamental
principles of the ISSAIs.

It is appropriate, thus providing guidance to SAIs to assess both pre – and post -disaster
activities.

5

2 Are there other important disaster management issues that you find useful that could be
included in the proposed GUID? If so, please identify and explain.
SAI of Argentina
Affirmative conclusion
SAI of Colombia
Factors generating disaster risk: It is considered necessary to expand the text against several
factors that are related in the guide and that can generate emergencies because, in the initial
parts and in the development of the guide, greater clarity is me ntioned, but not offered, such as
the phenomenon of Climate Change as a series of events that generate or potentiate
emergencies. Therefore, we consider it pertinent to include this and other factors that generate
disaster risk in the guide, as well as an explanation in the governments’ preparation phase for
these events.

Adaptation to Climate Change: Within the actions of preparation in the disaster management
cycle, it is considered necessary to dedicate a broader space to talk about “adaptation,” this in
reference to one of the most important preparation tasks that governments should consider in
the face of emergencies generated by climate change.

Scope of the audit for disaster risk management: Regarding the Audit Planning section r elated
in the guide, it is considered necessary to include an element in the definition of the scope of
the audit because the approach can be varied in terms of emergency preparedness or
management, emergency care, or post -care review. In this sense, as th ere are several issues
or elements to be considered in relation to disaster management, planning should be oriented
to prioritize or privilege, for the scope, those that may be more relevant in aspects such as the
protection of lives, avoiding economic los ses or avoiding considerable environmental losses,
that is, focus the materiality of the audit on the preventive aspects of disaster management.

Disaster Risk Management Systems: Taking into account that risk management is a strategic
topic for local gove rnments, in addition to knowing the nature of the entity and the project to be
audited, it is necessary to refer to the need to know the system of organization for risk
management in each country or territory where the exercise of the audit is carried out because,
depending on the type of emergency, each country designs different levels of activation ranging
from local, regional or national, depending on the magnitude of the event, this being a relevant
point for understanding the matter to be audited.

De tailing risk levels: Because the task of evaluating the quality of risk assessment carried out
in a country or project is complex, it is possible that there is a lack of emphasis on risk levels,
particularly of internal and external risk scenarios, as well as cumulative risks in complex issues
or extensive areas, so it would be necessary to recommend that this evaluation, necessary to
know the situation of the matter to be audited, consider the linking or consultation of experts on
the topic, or the develop ment of training courses on this topic.

Definition of audit for disaster risk management: According to Colombian legislation, risk
management allows obtaining a comprehensive view of the possible damages and losses that
may occur to goods, people and the environment and provides tools to establish priorities and
design strategies for protection, conservation and care.

According to Law 1523 of 2012 “For which the national disaster risk management policy is
adopted and the National Disaster Risk Management System is established,” the risk
management process is divided into three fundamental moments, which make up the actions
that are planned and implemented at the territorial level: knowledge of risk, risk reduction and

6

disaster management.

In this regard, the need arises to initiate GUID 5330 from the definition of what will be
understood by a disaster risk management audit so that each SAI can provide a context within
the regulatory framework of each country on this topic.

Organization of the glos sary: In relation to the glossary, although it may be very broad, it is
recommended that the definitions be classified according to the stages of the disaster risk
management cycle, that is, before, during and after the emergency, in addition to the
alphab etical organization of the definitions within these groups. This organization of the
glossary would allow to better guide the auditor in the knowledge of the DRM stages.

Follow -up on disaster risk management audits: There is a need to generate more guidel ines
within GUID 5330 on how to follow up on improvement actions in relation to disaster risk
management, especially when several entities of various sectors converge, and when
improvement actions become mechanisms for prevention or preparation for future
emergencies.

Extraordinary mandates in emergency situations: in numeral 18 of the text, the inclusion of
extraordinary legal mandates is proposed because, in emergency situations, exceptional legal
conditions also operate, which can change the mechanisms for the flow of cooperation
resources.

Identification of risks of fraud: As possible risks of fraud, it is proposed to complement the
numerals included there with other risks, such as the diversion of financial aid to non -priority
economic sectors or thos e that do not have legal competence to assist other social and/or
economic sectors; as well as the inexistence of information systems that keep accurate records
on the groups of individuals or communities that should be the priority beneficiaries of the ai d.

SAI of Mexico
The SAI of Mexico considers that there are important issues to be included that may be
useful, as presented below:
● Disaster is defined as the result of natural causes (earthquakes, tsunamis, floods or volcanic
eruptions) or man -made causes (building in a flood, simple construction standards
inappropriate for areas prone to earthquakes or nuclear accidents); however, ri sks such as
fires, explosions, toxic leaks, radiation, spills, epidemics, plagues, contamination of the
environment and food, as well as terrorism, sabotage, vandalism, air, maritime or land
accidents, and disruption or impairment of basic services or stra tegic infrastructure should
be listed so that the guide is not restrictive and considers risks such as forest, chemical –
technological, health -ecological and socio -organizational fires.
● The guide identifies the evaluation of the legal and programmatic fram ework related to the
implementation of policies on risk reduction, but it is also important to consider a design
evaluation of each of the stages of the Risk Management Cycle that allows to specify what
is to be done and how the actions will be combined to achieve that end; observe if they are
linked and respond in a manner consistent with the financial and political resources required
to carry them out in order to identify the reasons why the policy related to each stage of the
cycle was designed; furtherm ore, to understand the problem that they intended to solve with
the instrumentation and evaluate if it is conceived in an adequate manner, in accordance
with the initiatives developed in the country or internationally.

7

● It is suggested that, in numeral 7, section 2 “Objective,” SAIs evaluating the coordination
between the government and the different actors in society is considered, as well as the
linkage of disaster management as a component of comprehensive development (social,
education, health, housing, environmental, economic, tourism, etc.) due to the fact that:
● It is suggested to add the term vulnerability to the glossary since it refers to the capacity of
tolerance and resilience of a country to face disasters and , therefore, has the relevance of
being an indicator that allows auditors to evaluate the disaster management.
● The reliability and usefulness of the evidence, including the data, is of utmost importance,
from the calculation of probabilities of the occurre nce of the disaster to the impact of the
benefit to the population in the reconstruction phase, in order to provide quality and strength
to the results obtained in performance and compliance audits. The FAO issued the Guide
“Analysis of Disaster Risk Manag ement Systems,” which includes the topic “Analysis and
interpretation of data,” so it would be necessary to include a perspective to deepen the Data
Analysis in the process of Disaster Management for SAIs.
● Although the GUID indicates that it does not cover all the problems that auditors may need
to take into account when conducting an audit on Disaster Management, neither should it
be limited to financial audits (financial statements of entities affected by a disaster) since
acts of fraud and corruption may arise and be identified with audits of this type by the
resources that governments allocate for the implementation of the stages prior to the
occurrence of the disaster.
SAI of Nicaragua
GUID 5330 does not contemplate whether these audits require multidisciplinary teams, or in
which cases experts would be needed in matters other than accounting or finance.
SAI of Peru
In paragraph 45 of the document, it is stated that “To develop an effective approach, especially
for performance and compliance au dits…” auditors can deepen their knowledge by reviewing
and understanding initiatives such as, for example, the Yokohama (1994) and Kobe (2005)
conferences, the Hyogo Framework for Action, the Sendai Framework and/or the international
Strategy for Risk Red uction. Furthermore, paragraph 1 mentions that “According to the
International Federation of Red Cross and Red Crescent Societies, more than 90% of natural
hazards are currently considered to be climate related, and climate change is a key risk factor
…”

In this regard, considering that the international community recognizes and promotes the
application of integrated approaches to the topic of disasters, climate change and
implementation of the Sustainable Development Goals (SDGs), it would be pertinent to
incorporate a paragraph in this regard, in which integration of the Sendai Framework (disaster
management), the Paris Agreement (climate management) and the 2030 Agenda
(implementation of the SDGs) is developed.

Along these lines, the document “Opportu nities and options for integrating climate change
adaptation with the Sustainable Development Goals and the 2015 –2030 Sendai Framework for
Disaster Risk Reduction” explores the options for integrating adaptation to climate change with
the SDGs and the Send ai Framework.

b) Another important issue that needs to be addressed from the disaster management
perspective, in light of the COVID -19 pandemic, is the concept of systemic risks, as developed
in the 2019 «Global Assessment Report on Disaster Risk Reducti on.” We are in a new era of
disaster risk management, which must be characterized by understanding the dynamic nature
of systemic risks, new structures to manage risk in complex and adaptive systems and it is
therefore necessary to develop tools for decisi on making in the midst of uncertainty. In this

8

sense, it is important that SAIs incorporate the systems perspective, as the COVID -19
pandemic has shown, which, being a health issue, has effects on all sectors such as education,
work, agriculture, transport ation, tourism, among others.
SAI of the Dominican Republic
Yes, in terms of the composition of the personnel that will constitute the audit team, referring to
the professional competencies to carry out this type of audit.

Yes, taking into account that the regulations of some SAIs establish that compliance with the
recommendations made by the Audit Team is mandatory, we consider it important to mention,
in the proposed GUID, the importance of following up on them so as to maximize their posi tive
impact on disaster management.

3 Does the proposed GUID provide a sufficient basis for SAIs to conduct performance and
compliance audits of disaster management?
SAI of Argentina
Affirmative conclusion
SAI of Colombia
GUID 5330 provides the necessary bases to carry out performance and compliance audits of
disaster risk management, mainly due to the fact that it addresses the aspects to be considered
in each of the stages of the audit; conceptually, it contains the gener alities of the management
cycle of disaster risk and presents two complementary guiding elements, such as the audit
objective examples and the example of elements to consider in planning the audit.

In general terms, GUID 5330 is a good proposal of guidan ce for auditing disaster risk
management, taking into account the complements mentioned in the second question and
considering that there are particularities within countries on disaster risk management, where
the criteria set out in the guide may vary, bu t should be considered by each of the SAIs adopting
it.

SAI of Mexico
The ASF concluded that the document provides a sufficient basis to carry out the planning,
execution, reporting and follow -up of performance and compliance audits, as it describes th e
importance of applying criteria and audit procedures oriented to Disaster Management through
the six stages of the cycle, identifying the normative and legal framework that regulates its
implementation, the programs and actors responsible, the identifica tion of risks, as well as the
activities corresponding to the prevention of future disasters, which is consistent between ISSAI
100 and GUID 5530, ensuring that the audit processes comply with the methodological criteria.
To verify the above, the analysis shown in the comparative ISSAI 100/GUID 5330 table
prepared by the SAI of Mexico was carried out. (located at the end of this document)

In order to enrich the document and adopt what is established in the 2015 -2030 Sendai
Framework for Disaster Risk Redu ction, it is considered necessary that GUID 5530 includes
what is related for the occurrence of virus pandemics because of what has arisen in the
international context due to the effects that COVID -19 has caused in the society and economy
of several countr ies since this document establishes that a slow -onset disaster emerges
gradually over time and could be associated with epidemic disease; in Mexico, COVID -19 is

9

classified as a sanitary -ecological phenomenon, 1 not a disease; therefore, it will be necessary
to establish the necessary guidelines and processes to audit the effects of the disaster, as it is
a disruptive agent caused by the pathogenic action of biological agents that affect the
population, causing their death or altering their health; in that se nse, GUID should make it clear
how these types of disasters are considered in the international arena for SAIs.
SAI of Nicaragua
The guide establishes the technical guidelines that must be followed for the development of
audits aimed at disaster management, and is complemented by the regulatory framework
established in the ISSAIs. However, it would be recommended that the GUID provide approach
models in some of the disaster management cycles, indicated in figure No.1.
SAI of the Dominican Republ ic
Numeral 6: For the purposes of the Guide, this part of the financial audit is mentioned only in
relation to the specific risk associated with the audit of the financial statements of entities
affected by a disaster, it could be eliminated and refer to the risks of not auditing some specific
areas and their impact on the report.

Numeral 9: The GUID provides support for all audit stages with more detailed support for the
planning phase of the audit process as defined in ISSAI 100, especially the following two
principles: gaining understanding and carrying out a risk assessment. In fact, it is in this process
that most of the specificities related to disaster management will have to be addressed by
auditors.

In ANNEX III, the questions should be formulated in such a way that the answers can fit into
YES or NO alternatives, indicating the argument of the alternative in the Note.

In addition to the excellent guidance provided by the GUID, it is necessary that model forms,
matrices, and reports to b e used, among others, are attached in order to standardize the
processes to facilitate the review in a future coordinated audit.

1 Sanitary -Ecological Phenomenon: Disturbing agent generated by the pathogenic action of biological agents that affect the population, c ausing their death or
the alteration of their health. Epidemics constitute a health disaster.

10

Sección 2: Cuerpo de la GUID
Los principales comentarios y sugerencias

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
TABLE OF CONTENTS
1. INTRODUCTION
2. OBJECTIVE
3. DEFINITIONS
4. SCOPE OF THE GUID
5. DISASTER MANAGEMENT CYCLE
6. AUDITING DISASTER MANAGEMENT
7. ANNEXES

SAI of Nicaragua
“Incorporating an automatic content
table is suggested”
1. INTRODUCCIÓN
1) Disaster can strike any part of the world at any time. It
may be the result of natural causes (e.g. earthquakes,
tsunamis, flooding or volcanic eruptions) or man -made
ones (e.g. building in a flood plain, inappropriate
building standards for earthquak e-prone areas or
nuclear accidents), or a mixture of the two. They can
occur suddenly (e.g. earthquakes) or develop slowly
(e.g. drought). According to the International
Federation of the Red Cross and Red Crescent
Societies more than 90 percent of natural hazards are
now regarded as climate -related, and climate change is
a key driver of risk, bringing with it ever more intense
weather and growing uncertainty.
SAI of El Salvador
«A pandemic such as COVID -19 could
be considered (as an example) within
the category of a disaster, considering
that it is a phenomenon that has
disrupted the functioning of a society
vulnerable to it.»
2) Disaster can often have a considerable human,
environmental and economic impact. Consequen tly,
significant sums are spent on humanitarian aid and the
rehabilitation of the people affected, together with the re –
building and reconstruction of infrastructure and
public facilities affected by disasters. Furthermore,
significant amounts are al so spent on disaster risk
reduction activities, which are estimated to be highly
cost -effective.

3) Supreme Audit Institutions (SAIs) have an important role
in ensuring accountability and transparency in the way
disasters are managed. This may include raisi ng
awareness of those issues (especially of risk reduction),
assessing the cost effectiveness of risk reduction
actions and auditing the post disaster aid and
rehabilitation and reconstruction work in a context

11

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
where, often, ex -ante controls may not work, standard
operating procedures are not in place and institutional
mechanisms are weak.
4) Guidance pronouncements or GUIDs are non –
mandatory guidelines for use by auditors applying the
International Standards of Supreme Audit Institutio ns
(ISSAIs) in all types of audit.

SAI of Dominican Republic
It is suggested to put in quotation
marks, and in Latin, «ex ante.»
5) The principles of public sector auditing are enumerated
in ISSAI 100. In auditing Disaster Management, auditors
therefore refer to the General Principles and Principles
Related to the Audit Process in ISSAI 100.

2. OBJECTIVE
6) This GUID aims to serve as guidance for SAIs when
auditing Disaster Management. The fundamental
auditing principles provided in ISSAI 100, are applied in
all phases of direct reporting engagements
(performance and compliance audit) in order to produce
qual ity audit reports. Financial audit is mentioned only in
relation to specific risk relating to audit of financial
statements of entities affected by a disaster .

SAI of Dominican Republic
«For the purposes of this Guide, the
text in red may refer to the risks of not
auditing some specific areas and their
impact on the report.
7) This GUID provides SAIs with guidance to assess
whether pre -disaster activities / disaster risk reduction,
emergency response, post disaster aid and
rehabilitation and reconstruction:
• Limit the impact of and increase preparedness for
disasters in a cost -effective manner
• Improve the effectiveness, economy and efficiency of
disaster aid
• Have appropriate internal controls and promote
accountability and transparency
• Ensure that appropriate internal control and
procurement procedures are in place and are
routinely tested
• Prevent or reduce fraud, waste and abuse; and
• Assess the costs and benefits of recovery
investments to ensure infrastructure is resilient to
future disasters

3. DEFINITIONS
Annex I

4. SCOPE OF THE GUID

8) The GUID covers the audit phases (planning, execution,

12

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
reporting and follow -up) 2 for the entire Disaster
Management cycle (from pre -disaster activities
(mitigation and prevention and preparedness) to post
disaster activities once a disaster strikes (recovery and
relief, national and international response to emergency
response, rehabi litation and reconstruction). Audits can
be undertaken for any stage of the Disaster
Management Cycle .

9) The GUID provides support for all audit stages with more
detailed support for the planning phase of the audit
process as defined in ISSAI 100, specially the following
two principles: obtain understanding and conduct risk
assessment. This is indeed under this process that most
of the specificities related to disaster management will
need to be dealt with by auditors .

SAI of Argentina:
«with a more detailed treatment»
10) Thus, this guideline provides guidance on how the
issues relating to auditing different aspects of disaster
management could be addressed by using financial
audit, in limited cases (i.e. in relation to specific risks
relating to audit of financial statements of entities
affected by a disaster), or performance or compliance
audit. The GUID does not contain any requirements for
the conduct of the audit .
SAI of Chile

It is suggested to delete the final
sentence of the paragraph «GUID does
not contain any requirements for
conducting the audit.»

5. DISASTER MANAGEMENT CYCLE

11) For practical purposes, Disaster Management is
depicted here as a cycle divided into six segments, as
shown in figure 1. Two of these segments relate to the
preventive and preparatory measures which
government can establish and operate in advance of
potential disaster (pre -disaster activities). The other four
segments describe the activities that follow the
occurrence of disaster (post -disaster activities) .

2 As required by ISSAI 100 Paragraphs 44 -51.

13

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments

Figure 1: Disaster management cycle showing pre –
and post -disaster phases

Source: Prepared by the SAI of Indonesia

SAI of Nicaragua
«Consider translating Figure 1 into the
languages that will be in the final
version»
12) In advance of a disaster, governments focus on
prevention, mitigation and preparedness measures
which are carried out in preparation for a potential
disaster. They include activities such as assessing the
risk of disaster, the installation of early warning systems,
developing and testing plans of action, educating the
population at risk and taking actions to reduce the
vulnerability of infrastructure to disaster impacts (…)
These activities must reflect relevant lessons from
previous or similar disasters. Pre -disaster activities can
be grouped together under the heading “ Disaster Risk
Reduction ”.

SAI of Chile

It is suggested to add the elaboration
of risk maps, as a way t o incorporate
the geolocation component of the risks
in (…) .

SAI of El Salvador:

«Vulnerability of health or sanitation
systems could be included to respond
to cases of pandemic»
13) Activities which take place once disaster strikes can be
emergency or non -emergency in nature and can be
carried out at individual, local, national and international
level. Emergency response activities include :

• rescue, recovery, first aid, assistance , evacuation of the
injured and dignified and proper management of the
dead;
• emergency assistance and services (shelter, water,
medicines, etc.);
• emergency food aid; and
• coordination of the relief and assistance actions, and

SAI of El Salvador
Add «Medical or health care for the sick
in cases of pandemic».

SAI of Chile

14

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
crisis commun ications. It is suggested to add «tasks of order
and security in the affected areas»
14) Once the urgency of the situation abates, post -disaster
rehabilitation and reconstruction activities
commence. These are designed to rebuild housing and
infrastructure, while exploring opportunities to reduce
future disaster risks, and restore services and the
functioning of the local economy and alleviate survivor’s
emotional distress .

6. AUDITING DISASTER MANAGEMENT

15) This section aims at providing auditors with
supplementary guidance on the matters to consider
when performing Financial (in relation to specific risks
relating to audit of financial statements of entities
affected by a disaster), Performance, and Compliance
audits of Disaster Management. It does not cover all the
issues auditors may need to take into account when
performing an audit on Disaster Management. For
auditing standards relevant to each type of audit,
auditors would refer to the principles and standards of
the related ISSAIs and corresponding GUIDs .

Planning the Audit
16) ISSAI 100 requires that auditors when planning an audit
need to apply the following principles :

• Establish the terms of the audit clearly ;
• Obtain and understanding of the nature of the entity /
programme to be audited;
• Conduct a risk assessment or problem analysis and
revise this as necessary in response to the auditing
findings;
• Identify and asses the risk of fraud relevant to the audit
objectives; and
• Develop an audit plan to ensure that the audit is
conducted in an effective and efficient manner.

SAI of El Salvador
Adding or «Scope of Audit”
«To know the competencies of the
entity to be audited»

Add:

Identify the actors involved, whether
they are from the same entity or
several.
Establish the terms of the audit
17) In Disaster Management auditing, as for any other topic,
SAIs agree or establish a common understanding of the
terms of the audit with the audited entity’s management,
those charged with governance and others as
applicable .

15

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments

18) They can also usefully consider the legal mandate under
which they operate since, for example, audit work can
involve examining aid paid directly to operational
agencies which are not part of the government. They
may also consider cooperating with other SAIs, for
instance in situations where multi -donors operate .

19) Since the audit often takes place in a difficult
environment, when defining the terms of the audit,
particular attention can be given to a risk analysis in view
of defining a realistic and feasible scope and audit
objectives. The same applies for the acces s to or
availability of information, which may be challenging in
situations of emergency. Disaster management or
governance is often characterized by multiple layers and
therefore it is useful to clearly defining the respective
roles, responsibilities and obligations to the
engagement .

SAI of Chile:
In addition to risk analysis, the possible
limitations that the audit team may
have to comply with the audit work
(either in the accreditations field or in
documentary verifications) must also
be studied, and according to these
analyses, the terms of the audit must
be defined.

It is suggested to define the period in
which the audit will be executed,
considering that it will be in an
emergency environment
20) In a financial audit, auditors determine t hrough the
collection of audit evidence, whether an entity’s financial
information is presented in its financial statements in
accordance with the financial reporting and regulatory
framework applicable. The disaster may affect the
circumstances under whic h the financial audit can be
conducted .

21) Performance auditors assess the economy, efficiency
and effectiveness of government undertakings, systems,
programmes or operations in relation to the disaster .

22) Compliance auditors assess whether activities
undertaken in relation to a disaster comply with
legislation (i.e. the building code, public procurement
act), agreed policies or principles outlined in
international agreements aiming at guiding entities that
are providing emerg ency assistance (i.e. adherence to
the humanitarian principles of humanity, neutrality,
SAI of Chile
It is suggested to add «to

verify the fulfillment of the functions of
the entities involved in an emergency,
for example, the entities of social aid,
reconstruction, etc.»

16

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
impartiality and operational independence 3).
SAI of El Salvador
«Evaluate whether the existing
legislation is up to date for the steps to
be taken in response to a disaster and
whether there is legislation governing
procurement in cases of emergency
since this type of procurement is not
covered by public procurement
legislation, creating a legal vacuum
that can lead to corruption or fraud.»
Obtain understanding of the subject matter at its
context

23) For the audit on d isaster management, this includes
determining at which stage of the disaster management
cycle the country is. It also includes understanding the
disaster types, the likelihood with which they are
expected to occur, the relevant objectives, operations,
regu latory environment, internal controls, financial and
other systems and researching the potential sources of
audit evidence. Knowledge can be obtained from regular
interaction with those charged with governance and
other relevant stakeholders. This may also mean
consulting experts and examining documents (including
earlier studies and work done by other SAIs) .

SAI of Chile
Indicate that the instruments and
actions adopted by the countries, in
each of the stages, to face a given
disaster should be known.
24) Because disaster management is primarily the
responsibility of governments, an important element for
auditors to consider at this stage is the existence of a
governance framework and policies for managing
disaster risk reduction or disaster -related short -term,
medium -term and/or long -term operations. Gaining
knowledge on these issues would also help auditors to
better understand how, for instance, national disaster
plans are based on an analysis of potential risks, outline
disaster management strategies, an d provide the basis
for prioritizing disaster management activities and
coordinating them at all levels (see Annex III –Point A.1) .

3 United Nations General Assembly Resolutions 46/182 of 1991 and 58/114 of 200

17

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
25) In defining their own disaster management policies,
countries at risk have the primary role of establishing
and maintaining adequate arrangements for dealing with
their vulnerability to disaster. But disaster management
is also a shared responsibility between government, the
private sector and civil society, hence there are many
other institutions or agencies involv ed in disaster risk
reduction, in providing, coordinating, delivering and
reporting on relief, in recovery and emergency
responses, and in post disaster rehabilitation and
reconstruction .

26) In order for auditors to apply their professional
judgement throughout the audit process and to identify
the potential sources of evidence, it is important that
auditors identify and gain an understanding of the
entities involved , their legal framework and
organizational structure and the stage of the disaster
cycle (see figure 1) at which they operate. This also
includes understanding their roles and responsibilities,
the programmes or activities they manage, the
cooperation mechanisms in place between the m and the
tools they are using, such as disaster plans, risk
assessment and appropriate information systems (see
Annex III –Point A.2)

Conduct risk assessments or problem analysis

27) ISSAI 100:46 states that “the auditor should consider
and assess the risk of different types of deficiencies,
deviations or misstatements that mayoccur in relation to
the subject matter”. This can be done by the auditor
while obtaining an understanding of the subject matter
and its context. Thereby the auditor assesses
mana gement’s response to identified risks, as well as
how this response is implemented. It may cover an
evaluation of the appropriateness and quality of the
risk/vulnerability assessment carried out by the
government’s agency responsible for developing
disaste r plans for instance as well as an analysis of
internal controls .

28) The task of evaluating the quality of the risk assessment
carried out in a specific country is a complex one: when
is it good or good enough? what is sufficient? Therefore,
SAIs can often benefit from sharing experience with

18

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
other SAIs to identify answers to some of these
questions by referring to examples from previous audits.
SAIs can also consider using the work of external
experts. The G20/OECD methodological framework for
Disaster Risk Assessment and Risk Financing 4 could
provide a useful guide for aud itors on how to assess, or
promote the assessment of, disaster risk .
29) Due to the complexity of managing disasters or to the
fact that governments may not accurately estimate
their exposure to a disaster, auditors need to conduct
risk assessments of the audit environment to properly
identify high -risk areas as potential audit subject
matters or audit objectives (See Annex III –point B).
Undertaking such assessment may help auditors :
• to identify the elements at risk in the community and
whether those elements have been prioritized or
protected by authorized parties ;
• to identify whether government has defined
appropriate disaster preparedness and mitigation
responses which the community will include in the
disaster plan ;
• to identify whethe r a community is aware of the
potential disaster risk and what they and related parties
can do about it ;
• to assess capabilities at all levels of government
against established criteria to identify gaps in
preparedness ;
• to obtain other disaster specific information; and
• to identify emergency relief needs and compare .

30) In performance audit , auditors need to specify the risks
with regard to economy, efficiency, and effectiveness.
The extent to which these risks exist depends on the
type of disaster, its risk of occurrence and the impact it
is likely to have. Once this information has been
documented, risks to economy, efficiency, and
effectiveness are likely to result from inadequate risk
assessment; organization, planning, monitoring, inter nal
control, coordination and lack of a sound disaster
management information system. Assessing the risks
allows the auditors to identify control weaknesses and
high -risk areas in disaster risk reduction measures and
activities (see Annex III – Point B.1).

4 http://www.oecd.org/gov/risk/g20oecdframeworkfordisasterriskma nagement.htm -This framework is intended to
help government in developing more effective disaster risk management strategie

19

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
31) In compliance audit , auditors’ risk assessment starts
by identifying significant risks of non -compliance with the
regulatory framework of the country and/or international
agreements (see Annex III – Point B.1).
SAI of Chile
In the regulatory framework, it would
be convenient to name the disaster
risk management instruments either
national or international.
32) In financial audit , auditors identify and assess the risk
of material misstatement in the financial statements as a
whole, and at assertion level, in order to determine the
most appropriate audit procedures to address those
risks. Auditors assess the risk of financial state ments
being materially impacted by a disaster. (see Annex III –
Point B.2).

Identify the risk of fraud
33) Auditors make enquiries and perform procedures to
identify and respond to the risks of fraud relevant to the
audit objectives. They maintain an attitude of
professional skepticism and are alert to the possibility of
fraud throughout the audit process..

34) There are specific risks of fraud in disaster
management activities which can be assessed:
• increased risk of fraud and corruption in emergency
situations following the occurrence of a disaster, due to
the large volume of aid arriving quickly into affected
regions for rapid distribution to disaster victims;
• once rehabilitation and reconstruction activities
commence, increased risk of fra ud and corruption in
procurement associated with high volumes of public
expenditure on reconstruction projects; and issues
around tax revenues and insurance recoveries which
may also require careful examination by auditors. 5
SAI of Guatemala
It is proposed to add to the end of
number 34, or to incorporate in the
Glossary, «Fraud that arises in the
exercise of their position, or for
reasons of their position, in any
commission, contract or public assets,
agreed on with the interested parties,
in orde r to defraud the State.
Corruption is the action and effect of
corrupting, the process of deliberately
breaking the order of the system, both
ethically and functionally, for personal
benefit.”
35) Fraud and corruption can take various forms, such
as overstated needs and data manipulation
(exaggerating the number of victims for instance),
demands for kickbacks from suppliers and from
those applying to receive aid, as well as mark -ups
and embezzlement or asset theft.
SAI of Chile:
It is suggested to add «Diversion of aid
to those who do not require it, delivery
of benefits to people who, in reality, are
dead, or do not live in the country. In
addition to aspects associated with
conflicts of interest: acquisitions from
companies linked to public servants at
5 Véase, por ejemplo, https://www.auditnz.govt.nz/who -we -are/news/scott -tobin -feature

20

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
non -competitive prices or without
contracting or purchasing processes.

SAI of El Salvador:
Regarding profit margins «This risk can
also occur in the acquisition of goods
and services purchased during the
emergency, because they are
purchased with surcharges due to the
lack of regulation in the acquisitions
that public entities make during
emergency events.»

Develop an audit plan and design the Audit
36) Planning for a specific audit includes strategic and
operational aspects.

37) Strategically, planning defines the audit scope,
objectives and approach. The objectives refer to what
the audit is intended to accomplish. The scope relates to
the subject matter and the criteria which the auditors will
use to assess and report on the subject matter an d is
directly related to the objectives. The approach will
describe the nature and extent of the procedures to be
used for gathering audit evidence. The audit needs to be
planned to reduce audit risk to an acceptably low level.

38) Operationally , planning entails setting a timetable for the
audit and defining the nature, timing and extent of the
audit procedures. In post -disaster conditions, it is
important for auditors to assess the appropriate timing of
the audit. During planning, auditors assign tasks to the
members of their team as appropriate and identify other
resources that may be required, such as subject experts.

39) Audit planning need to be responsive to significant
changes in circumstances and conditions. It is an
iterative process that ta kes place throughout the audit.
Before selecting the audit area/topic/ subject matter,
auditors consider, where relevant to the audit, whether
they have:
• understood the disaster management processes and the
focus of each phase (pre disaster, emergency relief, post
disaster);
• understood the structural, legal and regulatory framework
of the entities being audited;
• assessed the nature of the risks in each phase; and
familiarized themselves with the internal controls applied
SAI of Guatemala
It is proposed to add at the end of
number 39, or to add to the Glossary:
«Pe rformance auditing focuses on
the principles of economy, efficiency
and effectiveness of actions in
programs, activities, systems or
others, carried out in natural disasters.
Its main objective is to provide
recommendations for improvement.

Compliance auditing focuses on
determining whether the activities,

21

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
by each of the organiz ations responsible for managing
disaster -related aid and tested whether those internal
controls are operating and are sufficient to overcome or
reduce the risks.
financial operations and information
presented by the institutions that
intervened in response to the natural
disaster, comply with all aspects of
laws, regulations, budget resolutions,
pol icies, agreements or general
principles of a public sector financial
administration»
40) In financial audit , often defined in national legislation
and in SAIs’ mandates, auditors proceed to designing
the audit based on the results of the assessment of risks
of material misstatement due to error and fraud.
Disasters may affect the quality of financial statements.
Financial audits include a review of the accounts and the
underlying transactions, including disaster -related
expenditure .

41) For compliance and performance audits , based on
the audit risks assessed as critical/priority, auditors
decide on the following :
• whether to conduct a compliance audit or performance
audit or a combination of both; and
• the specific life cycle stage(s) of the di saster management
cycle to be covered in the scope of the audit .

42) Auditors identify and rank potential audit topics for
performance audit based on two criteria :
• audits expected to add maximum value in terms of
improved accountability, transparency, economy,
efficiency and effectiveness; and
• audits that ensure an appropriate coverage of disaster
management within the limitations of the resources
available for the audit .

43) Auditors need also to take account of whether they have
sufficient knowledge and audit experience collectively as
a team to audit the potential topics .

44) Once auditors have chosen an audit area/topic/subject
matter, they start designing the specific audit. To define
the scope of the audit, auditors identify which entities are
to be included in the audit. The audit objective(s) can be
the basis for defining the overall audit question to which
auditors will seek an answer. Examples of audit
objectives per types of audits are provided in Annex II.

22

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
45) In order to develop an effective approach, especially for
performance and compliance audits, auditors may find
useful to obtain a sufficient understanding of initiatives /
tools developed by the international community to
develop or deepened their knowledg e of the matter,
such as the Yokohama (1994) and Kobe (2005)
conferences, the Hyogo Framework for Action, the
Sendai Framework and/or the International strategy for
risk reduction 6 for instance .

46) When designing the audit auditors can also ask
themselves whether there is a benefit in cooperating
with other auditors .
SAI of Cuba
From 46 to 49
In the execution of audits whose
objective is necessary to verify the
management of the main disaster risks
in accordance with the characteristics
of each country, since their differences
(geographical, environmental,
socioeconomic, health, etc). Not
always there are a common line in the
audits. Specially, when coordinated
audits are carried out.
47) For instance, disaster management activities in one
country may be funded by another country. In such
cases the need for the donor and recipient countries’
SAIs to collaborate and thus allow their audits to cover
all aspects of disaster management takes on added
importance. Coll aboration between the SAIs of different
countries is equally important when auditing bilateral or
multinational treaties on disaster management and/or
promoting cooperation on hazards which transcend
national borders such as the establishment of early
warn ing systems .

48) Moreover, the flow of disaster -related aid from donors to
recipients and the corresponding flow of information
from recipients to donors is complex. Several different
auditors may seek to audit very complex aid flows:
governments donating hu manitarian aid, international
agencies receiving and donating aid and governments
receiving aid. There is often scope for cooperation
between auditors which can involve carrying out joint,
parallel or coordinated audits (see INTOSAI GUID
SAI of Nicaragua
«Clarify what is meant by several
different auditors”
6 https://www.unisdr.org/who -we -are/international -strategy -for -disaster -reduction

23

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
9000). For example , two or more SAIs of donor
governments may seek to cooperate on auditing
national contributions to a disaster -affected population.
Donor and recipient government SAIs may find it useful
for both parties to coordinate their audits of aid provided
by the do nor government for a specific disaster in the
recipient country. This is especially the case when major
disasters take place and many donors are involved in
making significant donations. SAIs of donor
governments can learn much from SAIs in recipient
count ries about the national legal and operational
environment for auditing disaster -related aid and SAIs
from recipient countries can learn about the international
context of receiving disaster -related aid. The exchange
of information and transfer of knowledge between SAIs
in the context of disaster -related aid can be of mutual
benefit .
49) In many cases, SAIs have similar objectives and apply
the same auditing standards. This makes it possible for
SAIs to consider the feasibility of cooperating, by
carrying out joint or parallel audits. This would allow SAIs
to pool resources, share tools, learn from each other and
possibly overcome issues regarding the adequacy of
their individual audi t mandates. Experience shows that
parallel audits are often the most convenient way of
cooperating .

50) When planning an audit, auditors may also consider
organizing an on -the -spot visit at an early stage of the
emergency to gather information and to unders tand and
record evidence of the way in which disaster -related aid
is being implemented .

51) Examples of elements to guide auditors when planning
an audit can be found in Annex III .

Conducting the Audit

52) Auditors perform audit procedures that provide sufficient
appropriate audit evidence to support the audit report
(ISSAI 100:49) .

SAI of Chile
It is suggested to write as indicated in
the standard «Sufficient audit
evidence»
53) In the same way as for any other type of audit, when
auditing disaster management, auditors’ decisions on
the nature, timing and extent of audit procedures will
affect the evidence to be obtained. Auditors’ approach to

24

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
obtaining the required audit evidence will reflect the
complexity of disaster management activities .
54) Auditors need to be aware of emergency procedures
which may be in operation during the emergency phase
following a disaster. It may not be possible to comply
with all the relevant laws and r egulations in emergency
situations and auditors need to take into account the
need to circumvent some rules in exceptional
circumstances or due to force majeure, in order to
prioritize the saving of lives and the alleviation of human
suffering. However, au ditors will expect that, where it is
reasonable, the deviations from the rules need to be
documented and explained. Auditors may also verify the
degree to which appropriate disaster preparedness
measures were already in place and whether the
measures took into account the need for pre -defined
emergency procedures .
SAI of Chile
The audit team must reveal any
shortcomings or gaps in its regulations
or instruments in the event of a
disaster.

The auditor can identify that there are
no emergency procedures
55) Furthermore, particular methods for obtaining audit
evidence such as on -the spot inspection or observation
may be challenging and require particular attention.
Therefore, if possible, alternative methods for obtaining
evidence can be applied. In such a case, auditors may
continuously evaluate if the evidence is sufficient to
persuade a knowledgeable person that the findings are
reasonable, relevant and reliable .

Reporting and follow -up
56) Auditors can perform financial, compliance or
performance audits of disaster management. They
would therefore refer to the specific reporting and follow –
up requirements of their audit engagement 7.

57) When conducting their work, auditors bear in mind the
need to make timely recommendations, which are
formulated to maximize their positive impact on disaster
management .

7 See ISSAIs 200, 300 and 400.

25

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
58) Auditors may develop recommendations that :

• would be of use in preparatory measures for potential
future disasters (for example, in the field of infrastructure
development, auditors may recommend rebuilding
infrastructure in such a way as not only to replace
damaged facilities, but also to reduce the impact of future
disasters and create a resilient community) ;
• would advocate for improvements of lo cal legislation,
regulations and/or policies, including on the need to
clearly assign roles and responsibilities ;
• would draw attention to the absence of disaster risk
reduction policies if this is the case, or raise awareness of
the importance of such poli cies if they are not a matter of
high priority to the Government ;
• advocate the establishment of clear roles and
responsibilities within the different aspects of
emergencies and for a more effective management of
donor coordination. For that purpose, they c an
recommend improvements to the policies, procedures,
planning, and oversight of international cash and in -kind
donations in response to disasters. They can also
recommend, for instance, that Parliament enacts
appropriate laws or concludes international a greements
to facilitate international cooperation ;
• propose that a fraud and corruption prevention strategy is
built ;
• seek to improve human resources, develop organizational
capacity and/or strengthen organizations’ monitoring
systems based, for instance, o n comparative cost
information ;
• advocate the inclusion of crisis counselling in post –
disaster activities .

SAI of El Salvador
It could be better understood if it were
drafted as follows:
«including the need to update the
regulations governing disaster
management, since in many cases
these do not match the current reality.»

SAI of Guatemala suggests adding a
bullet point:
«Efficiency in the coordination of the
institutions that intervene in the
emergency, to maximize the time in
functions and responsibilities, in
addition to carrying out periodic
meetings among them evaluating
aspects to be improved;»
SAI of Chile suggested to add:
» -coordination between public entities
involved in the emergency.
-establishment of emergency
proce dures in cases where they do not
exist.
-Procedures for delivering aid to those
who need it»
59) The success of disaster risk reduction depends on the
participation of society as a whole, including an
understanding of the importance of the resilience of
nations and communities. The clarity of the audit reports
is vital in this respect, to ensure maxim um impact.
Auditors may consider giving publicity to

26

Exposure Draft: Guidance on Auditing Disaster
Management
GUID 5330
SAI Comments
recommendations in audit reports by using other media,
such as civil society organizations and academia and by
making themselves available for discussion with
stakeholders .
.
60) Auditors may consider distributing their reports widely
since, for instance, other auditors, such as auditors of a
donor government, may use the work already carried out
by the auditors of the recipient government.

27

Sec tion 3: An nexes
Annexes
GUID 5330
SAI Comments
Annex I: Glossary
Annex II: Examples of audit objectives
Annex III: Examples of elements to consider when planning
an audit

Annex I: Glossary

Most of the definitions below are taken from the UNDRR
terminology adopted by the United Nations General
Assembly on 2 February 2017 8 (i.e. adopted by the
international community and generally accepted) .

DISASTER:

A serious disruption of the functioning of a community or a
society at any scale due to hazardous events interacting with
conditions of exposure, vulnerability and capacity, leading to
one or more of the following: human, material, economic and
environmental losses and impacts. The effect of the disaster
can be immediate and localized, but is often widespread and
could last f or a long period of time. The effect may test or
exceed the capacity of a community or society to cope using
its own resources, and therefore may require assistance from
external sources, which could include neighboring
jurisdictions, or those at the natio nal or international levels .
The following terms are also used :
• Small -scale disaster: a type of disaster only affecting local
communities which require assistance beyond the
affected community ;
• Large -scale disaster: a type of disaster affecting a society
which requires national or international assistance ;
• Frequent and infrequent disasters: depend on the
probability of occurrence and the return period of a given
hazard and its impacts. The impact of frequent disasters
could be cumulative, or become chronic for a community
or a society ;
• A slow -onset disaster is defined as one that emerges
gradually over time. Slow -onset disasters could be
associated with, e.g., drought, desertification, sea -level
rise, epidemic disease ;

8 https://www.unisdr.org/we/inform/terminology

28

Annexes
GUID 5330
SAI Comments
• A sudden -onset disaster is one triggered by a hazardous
event that emerges quickly or unexpectedly. Sudden –
onset disasters could be associated with, e.g.,
earthquake, volcanic eruption, flash flood, chemical
explosion, critical infrastructure failure, transport accident ;
DISASTER MANAGEMENT:

The organization, planning and application of measures
preparing for, responding to and recovering from disasters .

DISASTER PREPAREDNESS PLANNING:

Disaster preparedness planning can be defined as the
process of systematically preparing for future contingencies,
including major incidents and disasters. The plan is usually a
document shared between participants and stakeholders that
specifies tasks and responsibilities adopted in the multi –
agency response to the em ergency. It is a blueprint for
managing events and should be responsive to management
needs. It should specify the lines of action, collaboration,
command, and communication during a disaster or major
event. In other words, it is the framework for emergenc y
response. In addition, the plans are needed to maintain
continuity while managing the crisis, and to guide recovery
and reconstruction effectively, therefore disaster
preparedness planning is often referred to as contingency
planning. In addition to plan ning, another important aspect of
preparedness is assessing capabilities to better identify gaps
and measures to address these gaps .

DISASTER -RELATED AID:

Disaster -related aid covers aid provided to fund disaster
preparedness measures or activities as well as aid provided
to help people who are victims of a natural disaster or conflict
to meet their basic needs and rights .

This aid aims at saving lives, alleviating suffering and
protecting human dignity .

It can be provided from public an d private donors to those
affected by disaster (individual, community, organization or
government) as cash or financial aid and in -kind aid, or a
mixture of these .

Financial aid is cash or other monetary assistance .

SAI of El Salvador

29

Annexes
GUID 5330
SAI Comments
In-kind aid is assistance in the form of materials or services,
such as food, tents , and the secondment of staff or
international military assistance.

Disaster aid can flow:
• directly from donors to the affected by disaster, for
example from donor governments to the governments of
affected countries or from NGOs which have collected
private contributions to affected communities ;
• through one or more intermediary entities which may be
operational agencies implementing aid actions directly, or
international agencies channeling aid towards operational
agencies or directly to individuals or communities in need .

«As well as medical equipment and
supplies».

SAI of El Salvador
It can also flow from private
companies to government entities.

SAI of Guatemala suggests adding:
«Human resource assistance is help
from people for assistance to the
community affected by the disaster.
Support from doctors, firefighters, and
trained disaster personnel, among
others.»
DISASTER RISK:

The potential loss of life, injury, and destruction or damage to
assets which could occur to a system, society or a community
in a specific period of time, determined probabilistically as a
function of hazard, exposure, vulnerability and capacity.
Disaster risk comprises different types of potential losses
which are often difficult to quantify. Nevertheless, with
knowledge of the prevailing hazards and the patterns of
population and socioeconomic development, di saster risks
can be assessed and mapped, in broad terms at least .

It is important to consider the social and economic contexts
in which disaster risks occur and to bear in mind that people
do not necessarily share the same perceptions of risk and
their un derlying risk factors .

SAI of Chile and HTC of Buenos Aires

The definition corresponding to
disaster risk, defining «reduction» is
requested.
DISASTER RISK MANAGEMENT:

Disaster risk management is the application of disaster risk
reduction policies and strategies to prevent new disaster risk,
reduce existing disaster risk and manage residual risk,
contributing to the strengthening of resilience and reduction

30

Annexes
GUID 5330
SAI Comments
of disaster l osses. Disaster risk management actions can be
divided into prospective disaster risk management, corrective
disaster risk management and compensatory disaster risk
management, also called residual risk management.

Prospective disaster risk management act ivities address and
seek to avoid the development of new or increased disaster
risks. They focus on addressing disaster risks that may
develop in future if disaster risk reduction policies are not put
in place. Examples are better land -use planning or disaster –
resistant water supply systems .

Corrective disaster risk management activities address and
seek to remove or reduce disaster risks which are already
present and which need to be managed and reduced now.
Examples are the retrofitting of critical infrastructure or the
relocation of exposed populations or assets.

Compensatory disaster risk management activities
strengthen the social and economic resilience of individuals
and societies in the face of residual risk that cannot be
effectively reduced. They include preparedness, response
and recovery activities, but also a mix of different financing
instruments, such as national contingency funds, contingent
credit, insurance and reinsurance and social safety nets.

DISASTER RISK MANAGEMENT PLANS:

Disaster risk management plans set out the goals and
specific objectives for reducing disaster risks together with
related actions to accomplish these objectives. They should
be guided by the Sendai Framework for Disaster Risk
Reduction 2015 -2030 9 and considered and coordinated
within relevant development plans, resource allocation s and
programme activities. National plans need to be specific to
each level of administrative responsibility and adapted to the
different social and geographical circumstances that are
present. The timeframe and responsibilities for
implementation and the sources of funding should be
specified in the plan. Links can be made to sustainable
development and climate change adaptation plans should be
drawn up where possible.

9 The Sendai Framework for Disaster Risk Reduction is a 15 -year, voluntary, non -binding agreement which
recognizes that the State has the primary role to reduce disaster risk but that responsibility should be shared with
other stakeholders including local government, the private sector and other stakeholders. It aims for the substantial
reduction of disaster risk and losses in lives, livelihoods and heal th and in the economic, physical, social, cultural
and environmental assets of persons, businesses, communities and countries.

31

Annexes
GUID 5330
SAI Comments

DISASTER RISK REDUCTION:

Disaster risk reduction is aimed at preventing new and
reducing existing disaster risk and managing residual risk, all
of which contribute to strengthening resilience and therefore
to the achievement of sustainable development .

DISASTER RISK REDUCTION STRATEGIES AND
POLICIES:

Disaster risk reduction strate gies and policies define goals
and objectives across different timescales and with concrete
targets, indicators and time frames. In line with the Sendai
Framework for Disaster Risk Reduction 2015 -2030 10, these
should be aimed at preventing the creation of disaster risk,
the reduction of existing risk and the strengthening of
economic, social, health and environmental resilience

EARLY WARNING SYSTEM:

An integrated system of hazard monitoring, forecasting and
prediction, disaster risk assessment, communication and
preparedness activities systems and processes that enables
individuals, communities, governments, businesses and
others to take timely action to reduce disaster risks in
advance of hazardous events .

Effective “end -to-end” and “people -centred” early warning
systems may include four interrelated key elements: (1)
disaster risk knowledge based on the systematic collection of
data and disaster risk assessments; (2) detection,
monitoring, analysis and forecasting of the hazards and
possible consequences; (3) dissemination and
communication, by an official source, of authoritative, timely,
accurate and actionable warnings and associated
information on likelihood and impact; and (4) preparedness
at all levels to respond to the warning s received. These four
interrelated components need to be coordinated within and
across sectors and multiple levels for the system to work
effectively and to include a feedback mechanism for
continuous improvement. Failure in one component or a lack
of coo rdination across them could lead to the failure of the
whole system .

10 Ibid.

32

Annexes
GUID 5330
SAI Comments
EMERGENCY:

A serious situation or occurrence that happens
unexpectedly and demands immediate action .

EMERGENCY RELIEF:

Emergency relief represents the financial assistance, goods
or services made available to individuals and communities
that have experienced losses due to disasters .

SAI of El Salvador
Goods and services are also made
available to public entities that assist
during the emergency.
EMERGENCY RESPONSE:

Emergency response is the effort made to mitigate the impact
of a disaster on the population and the environment .

GEOGRAPHIC INFORMATION SYSTEMS (GIS)

GIS are used to integrate, store, analyze, manage and
present data that are linked to locations. GIS technology can
be used by governments to assess where hazardous natural
phenomena are likely to occur. Mapping hazards and
potential sources of disaster using GIS provides essential
data for disaster risk reduction plans by allowin g
governments to link data using a geographical dimension.
.
HTC Buenos Aires
It is recommended to include a
conceptual definition of GIS. For
example:
«A geographic information system
(GIS) can be described as a
computerized system that allows the
introduction, storage, analysis and
presentation of data, especially spatial
(georeferenced) data. A GIS can
contribute to decision making when
broad and complex information has to
be taken into account» ISSAI 5540.
HAZARD:

A process, phenomenon or human activity that may cause
loss of life, injury or other health impacts, property damage,
social and economic disruption or environmental
degradation. Hazards may be single, sequential or combined
in their origin and effects. Each hazard is characterized by its
location, intensity or magnitude, frequency and probability.

PREVENTION:
Activities and measures to avoid existing and new disaster
risks. Prevention (i.e., disaster prevention) expresses the
concept and intention to completely avoid potential adverse
impacts of hazardous events. While certain disaster risks
cannot be eliminate d, prevention aims at reducing
vulnerability and exposure in such contexts where, as a
result, the risk of disaster is removed. Examples include
dams or embankments that eliminate flood risks, land -use

33

Annexes
GUID 5330
SAI Comments
regulations that do not permit any settlement in high -risk
zones, seismic engineering designs that ensure the survival
and function of a critical building in any likely earthquake and
immunization against vaccine -preventable diseases.
Prevention measures can also be taken during or after a
hazardous event or disaster to prevent secondary hazards or
their consequences, such as measures to prevent the
contamination of water.
RECONSTRUCTION:

The medium -and long -term rebuilding and sustainable
restoration of resilient critical infrastructures, services,
housing , facilities and livelihoods required for the full
functioning of a community or a society affected by a disaster,
aligning with the principles of sustainable development and
“build back better”, to avoid or reduce future disaster risk.

RECOVERY:

The restoring or improving of livelihoods and health, as well
as economic, physical, social, cultural and environmental
assets, systems and activities, of a disaster -affected
community or society, aligning with the principles of
sustainable development and “build back better”, to avoid or
reduce future disaster risk.

REHABILITATION:

The restoration of basic services and facilities for the
functioning of a community or a society affected by a disaster.

SAI of Argentina suggests inclusion of
two terms:

«Adverse/dangerous event : a
situation, event or fact that produces
alteration in the lives of people,
economy, social systems and the
environment, caused by phenomena
of natural origin or caused by human
beings»

«Resilience: » the capacity of a
community, society or ecosystem to
absorb the negative impacts
produced, or to recover, once an

34

Annexes
GUID 5330
SAI Comments
emergency and/or disaster has
occurred. It allows strengthening
through the acquisition of experiences
to diminish its vulnerab ility.»

SAI of Peru
Suggests inclusion of the term
resilience.
«In the items «Audit plan and design of
the audit,» «glossary» and «Annex III
(Examples of elements to be taken
into account when planning an audit)»
the term «resilience» is referred to a
total of 6 times and 2 times the term
«resilient» is used; therefore, it is
essential to include its definition, in
accordance with what has been
approved and accepted in the
international community.»

SAI Peru suggests incorporating
«the definition of systemic risk, based
on the evaluation of the proposal in
subparagraph «b» on the audit of
disaster management with a systems
approach.»
Annex II – Examples of audit objectives

Examples of performance audit objectives :
• Determine if Governme nt’s activities to accomplish the
goal of disaster risk reduction, such as emergency
exercises, training and public awareness -raising or
management tools in the form of Geographic Information
Systems or Early Warning Systems are likely to mitigate
the impa ct of disaster when it strikes and/or reduce
vulnerability or exposure to hazards;
• Determine if disaster preparedness activities are based
on identified characteristics of the potential disasters and
the likelihood with which they are expected to occur;
• Determine if activities are based on national strategy and
action plans which are themselves based on sound risk
assessment, and if they are coordinated, with
responsibilities specified;
• Assess the appropriateness of the policies to reduce
disaster risk;
• Assess the appropriateness of the responses of disaster
management agencies in the event of disaster, including

35

Annexes
GUID 5330
SAI Comments
the use of disaster management tools such as Remote
Sensing and a Global Positioning System, for instance
Assess the appropriateness of th e responses of disaster
management agencies in the event of disaster, including
the use of disaster management tools such as Remote
Sensing and a Global Positioning System, for instance;
• Assess whether the aid pledged has been provided, and
has led to appropriate expenditure;
• Assess whether the aid has been spent on the intended
purposes, as efficiently and effectively as possible;
• Determine if the affected population received the help
needed;
• Assess the effectiveness of recovery and control of
operatio ns;
• Assess the economy with which the disaster -related aid
was used;
• Assess the efficiency with which human, financial and
other resources were used;
• Assess how effectively those responsible for managing
and implementing disaster -related aid have performed in
relation to the objectives set.

Examples of compliance Audit objectives:

• Determine and document whether disaster risk reduction
policies comply with the Sendai Protocol or any relevant
international agreements on disaster risk reduction;
• Determine a nd document whether the rehabilitation and
reconstruction projects are compliant with the terms of the
contractual agreements and/or the tender/procurement
procedures;
• Determine and assess whether the Government has put
in place an anti -fraud strategy in o rder to prevent, or
detect and correct identified risks in a manner consistent
with the legal and regulatory framework;
• Verify compliance with the requirements of international
agreements covering recovery, relief, rehabilitation and
reconstruction measure s and activities (for instance with
the United General Assembly Resolutions 46/182 of 1991
and 58/114 of 2004 to adhere to the humanitarian
principles of humanity, neutrality, impartiality and
operational independence);
• Assess the extent to which potential deviations from rules,
laws and regulations, which may be required in order to
save lives and alleviate human suffering, are documented
and explained.

SAI of Chile
Determine and evaluate whether the
Government has implemented a
strategy to combat fraud to prevent or
detect and correct the risks identified
according to the legal and regulatory
framework

36

Anexo III Examples of elements to consider when planning an audit

A. Understand the subject matter and its context .
Preguntas a Yes No Not e
1. Identification of the disasters’
characteristics

Specifying disaster types and the likelihood
with which they are expected to occur can be
the first step in auditing disaster management.
Government approaches and policy
preparedness activities depend on this first
step.

What types of disaster affect each country?
What is the probability of each type of
disaster?
SAI of El Salvador
“and frequency”
Does the government (specific agency)
prepare risk assessments, taking into account
the following aspects, among others:

*natural, human, indirect hazards;
*specific vulnerabilities;
*specific geographic locations;
*disaster management capacities?
Are there up -to-date hazard maps and/or
hazard analysis?

What are the possible combinations of types
of disasters?

What is the likely average annual and
probable maximum extent of loss or damage?

What is the government’s approach to prepare
for such disasters and increase the resilience
of the country?

37

What is the recent experience of major
disasters? What were the government’s
responses?

What lessons have been learned?
What was the worst disaster experienced by
the country and how great was the damage?

2. Governance framework and policies
What are the framework and policies in place?
*At central, regional and/or local level?
*What are the accountability practices
and national requirements?

*What is the legal framework
underpinning emergency procedures,
procurement procedures, tax revenue
issues, insurance contracts,
recoveries?

*What are the internal controls in
place?

*What are the legislative measures in
place to prevent or mitigate the
vulnerability of certain areas /
population? (such as measures for the
control of land use, building
regulations, land planning…)?

*Has the State signed any bilateral or
multilateral treaties or agreements on
reducing disaster risks and/or
promoting cooperation against the
threat of hazardous events?

Do the framework provide for:
*Developing a national disaster
management policy and allocation
funds to the disaster management
plan?

*An integrated risk -based approach
between different possible disaster
types?

38

*Preparing national plans and
programs under this policy?

*Setting up a general framework for the
responsibilities and roles of the
institutions involved in disaster
management and the arrangements
for coordination between these
institutions?

*A facilitating framework for
international disaster relief and
recovery assistance?

*A specific budget for the institutions
involved in disaster management, and
if yes, is this budget in harmony with
the tasks and responsibilities of those
institutions?

Are there disaster plans (or substitutes)?
*At central, regional and/or local level if
in high -risk areas or in case of cross
border risks? Is consistency and
harmonization ensured?

*Are NGOs/International Organizations
involved in the design of the National
Disaster Plan?

*Are there specific criteria such as
accountability or transparency for
NGOs determined as part of disaster
management plans?

*Are they updated regularly?
*Do the plans include risk scenarios for
multi -disastrous events which trigger
each other?

*Are there procedures for
systematically reviewing plans for
timeliness, completeness, consistency
with existing guidelines and overall
usefulness?

*What information has been used for
the plans? What is the quality of the
information used? Have experts been
involved?

39

*To what extent do the disaster plans
have priority over other legislation?
(e.g. limitations of ownership or
property rights in the event of an
emergency.)

*Does the national plan contain
operational details to provide a good
basis for timely, clear and organized
action or is it complemented by more
detailed sub -plans?

*Is the critical infrastructure
determined on a national scale within
the scope of disaster plans/substitute
tools?

*Do the disaster plans promote regular
disaster risk reduction exercises,
including evacuation drills, with a view
to ensuring rapid and effective disaster
response and access to essential food
and non -food relief supplies, as
appropriate to local needs?

*Does the plan cover the international
treaty/agreement obligations if any?

3. Entities involved
The many institutions and agencies involved in
disaster risk reduction should be identified. For
this, the auditor should have a comprehensive
knowledge of the legal framework and
organizational structure, of all entities
involved. Establishing their roles,
responsibilities and cooperation among them
will help the auditor assess where and how to
collect data, who is responsible for what
actions, etc.

How are roles and responsibilities defined and
allocated?

Which body is responsible for coordinating
disaster planning and management?

40

Which bodies are related to disaster
management at each level? (evaluate the
organization structure as a whole, for
example, by preparing an organizational map)

Are the organizational structures and systems
well defined and designed to facilitate
successful disaster management activities?

Are authority and responsibility clearly
assigned?
SAI of El Salvador
“At each level or entity”
Does the main body responsible have capable
and sufficient human resources?

Is there a Quick Response Team to respond
to disasters as they occur?
SAI of El Salvador
At the national, municipal,
and community level
What are the reviewing entities of the disaster
plans? Are they independent with objective
views?

What is the chain of command?
What are the feedback mechanisms?
How are information flows designed among
the various actors?

What lessons have been learned from
previous experiences of disasters in view of
the position and authority of the relevant
organizations? Have these lessons been
properly reflected in such areas as the
reorganization and strengthening of
authorities?

B. Conduct risk assessment or problem analysis.
Questions to be asked Yes No Note
1. General risk assessment for compliance
and performance audits

Risk that the assessments of hazard risk,
vulnerability and disaster risk, at national and
subnational levels are not undertaken on a
regular basis

41

Risk that the following issues are not been
covered by the assessments:

* areas of the territory that are the
most vulnerable to a particular hazard?

* type of disasters and likelihood of
each disaster (natural, human,
indirect hazards, earthquake,
tsunami, epidemic, major accident
etc.)?

* possible combinations of types of
disasters?

* vulnerability of people living in that
area (identification of affected or
potentially affected people, their
needs and interests)?

* vulnerability of critical infrastructures
in that area?

* what is the extent to which
communities, structures, services
and geographic areas are likely to be
damaged or disrupted by the impact
of a particular hazard, on account of
their nature, construction and
proximity to hazardous terrain or to a
disaster -prone area (physical &
socio -economic vulnera bilities)?

* impact/influence of a disaster on the
other areas of the country?

* disaster management capacities?
Risk that those assessments do not use
information generated from GIS?

Risk that lessons have not been learned from
recent experience of major disasters?

Risk that the risk and vulnerability
assessments are not properly documented
for reference and audit purposes?

Risk that data used for these assessments
are not the data needed, or that there are
insufficient quality measures in place to
ensure quality of information/data used,
and/or that this information cannot be
exchanged between relevant entities?
HTC Buenos Aires
It is recommended
to add: Is there a
systematized and
updated information
system that
provides the
necessary data for

42

decision -making in
disaster matters?
*does it evaluate the magnitude and
likelihood of potential losses/damages?

*does it provide full understanding of
the causes and impact of potential
losses?

Risk of incompleteness linked to the fact that
the government has not used the voluntary
framework developed by the OECD (see
http://www.oecd.org/gov/risk/g20oecdfr ame
workfordisasterriskmanagement.htm )?

Risk that the risk assessment is not used to
guide the allocation of resources?

Risk that cost -benefit analyses of a range of
disaster risk reduction measures are not
performed on a regular basis and are not a
requirement for public investment planning?

Absence of a strategic reserve of disaster
relief goods?

Risks related to procurement processes and
flow of funds evaluated not well -defined and
tested to assess whether services and goods
can be delivered swiftly to the affected
population?

Procurement processes not flexible enough
in design to accommodate unexpected
events?

No pre -specification for services and goods
which may be delivered in urgent
circumstances in order to avoid low quality?
SAI of Chile
Add “Do the
procurement processes
have prior controls that
avoid conflicts of
interest?”
In urban settlements, the auditor can
consider the key risks to be able to evaluate
local disaster risk reduction activities and
perform sampling in a sound manner:

* Risk that rising urban populations
and increased population density is
leading to poor quality of housing,
infrastructure and services.
HTC Buenos Aires
It is recommended to
add «poor sanitary
conditions» to include
the risk of pandemic
outbreaks, as is

43

currently the case.
* Weak urban governance
preventing local authorities to provide
infrastructure, services or safe land
housing.

*Unsustainable urbanization:
unplanned urban development taking
place outside the official legal
building codes, land use regulations
and land transactions.

* *Increased risks in case of disaster
if economic assets are clustered in
large cities.

* Risks that public buildings do not
meet safety standards and are not
upgraded.

2. General risk assessment for financial
audits (in case financial statements of
audited entities are affected by a disaster)
HTC of Buenos Aires:
It is suggested to add
some item on the
constitution of
Provisions for risks of
loss of assets caused
by disasters, in case
of frequent disasters
To what extent documentation, evidence
have been destroyed by the disaster?

Are essential functioning of the entity or the
Government significantly weakened by the
scale of the disaster?

Is the aid collected from donors being
recorded correctly (non -cash donations,
committed donations that are not yet
received)?
SAI of Chile
Is the aid recorded in
the accounting ?
Are procurement rules being respected?
Are goods and materials donated in kind or
purchased stored properly?

Are damages of infrastructures properly
assessed?

44

Have the processes for receiving, managing,
spending and recording disaster -related
funds been clearly established for each of the
various funding channels, such as
governmental funds and domestic and
foreign donations?

Is there any periodic reporting on disaster
fund allocation and utilization by recipient
agencies?

Is the management and use of the financial
and in kind contributions received recorded
and reported?

Are accountability principles respected?
(government’s record of commitment to
rehabilitate or reconstruct infrastructure in
the next period, government’s accounting of
assets given or built by a donation fund,
disclosure of matters related to the receipt
and use of disaster -related aid funds in the
notes to the financial statements)?

3. Risks/problems analysis linked to
Disaster Monitoring/Management
Information
SAI of Chile
It could be added at the
end. Does the area /
province / state /
municipality have
territorial planning
instruments that
demarcate risk zones?
Does the authority allow
people to populate or
build in areas classified
as “at risk” in the event
of a disaster?
Do the design of
infrastructure and
buildings consider
criteria of resilience?
Does the design of
critical infrastructure
consider the inclusion of
effects that could
enhance the occurrence
of disasters (for
example, climate
change)?

45

Is a monitoring system in place to determine
the extent of loss or damage following a
disaster?

Is there and up -to-date disaster management
information system?
HTC Buenos Aires
It is suggested to add:
«… complete and
accessible to all
agencies responsible for
disaster management»
Is the existing disaster management
information system suitable for analyzing
risks and planning efforts to reduce the risk
and/or mitigate the impact of disasters?

Does the management information system
contain enough information on hazards and
risks to determine, at the local level, who is
exposed and who is vulnerable?

Has the main authority developed effective
and appropriate instruments to guide the
local authorities in making the risk
assessment in their own areas in accordance
with the national strategy and policies?
HTC Buenos Aires:
It is suggested to
move, FRAMEWORK
AND GOVERNANCE
POLICIES, to point 2.
Does the main agency responsible regularly
review disaster management tools and
measure on their efficiency and
effectiveness? When is this assessment
done?

Are the results of this assessment used for
decision -making and the improvement of
future disaster management initiatives?

Does the main authority enable an integrated
database system among and between local
and central units?

4. Risks/problem analysis linked to
Geographical Information System (GIS)

Is an appropriate geographical information
system used? For what purpose?

Is there a need for using a GIS in disaster
risk reduction?

46

* What planning decisions need to be
made?

* Which decisions involve the use of
mapped information and information
appropriate for map display?

*What information cannot be
managed efficiently with manual
techniques?

*What information management
activities can be supported by the
proposed GIS?

*What types of decisions can be
supported with a GIS?
HTC Buenos Aires:
Add «Are they updated
periodically, is there a
person in charge
defined for this update ”
*Are the GIS appropriate for the
analysis? Will it produce the
necessary maps?

*To what extent will a GIS help
achieve the desired objectives?
HTC Buenos Aires:
In a GIS, the
information layers are
integrated, which
allow its evaluation.
The formulation of the
question with «to what
extent» does not
allow an objective
answer
Is the GIS suitable?
*Are its capabilities compatible with
the needs of the new users?

*Is the in -house technical expertise
capable of serving the new users?

*What are the institutional
arrangements that would enable the
appropriate use of this GIS?

Is the GIS sustainable?
*Who will be the users of the
information generated with the GIS?

*In terms of information, time, and
training needs, what is required to
obtain the desired results? Can these
requirements be fulfilled?

47

*Is the budget sufficient and is staff
availability adequate?
HTC Buenos Aires
«It’s suggested to add
if there is personnel to
interpret and manage
the information that
comes from the GIS.”
*What agencies are participating in
similar projects?

*To what extent would a GIS help to
attract the interest of other agencies
and facilitate cooperation?
It is suggested to
change it to «Is there
integration and
cooperation between
agencies for the
management of
georeferenced
information?

5. Risks/problem analysis linked to Alert
Mechanisms, Hazard Maps, and Other
Tools

Does the country have early warning
mechanisms to predict calamities that may
hit the country during a certain period?

Are the warning systems built based on
identified risks for relevant areas?

Are hazard maps prepared taking into
consideration the existing environmental
plans, land use planning and building
development schemes, etc.?
HTC Buenos Aires
It is recommended to add
«housing settlements
without adequate sanitary
conditions,» which is a key
issue during the COVID
Pandemic
Are hazard maps and/or hazard analyses
updated?

Are there any special tools intended to
mitigate disaster risks and impacts?

Are there any standby arrangements for
purchasing, receiving, storing and
distributing disaster relief supplies?
HTC Buenos Aires
Clarify what is meant by
«standby agreements”

48

6. Risks/problem analysis linked to pre –
disaster activities

Taking multi -national and stakeholders
structure of disaster management into
account, auditors would focus on how
coordination and concerted action can be
achieved by the various bodies involved.

Is the government promoting public
awareness and education and
strengthening community participation in
the area of disaster risk reduction? Are
there plans for disaster risk reduction
training for the public and/or public
education campaigns in order to raise
public awareness? Are these executed
according to plan?

Are education programmes and training on
disaster risk reduction planned and realized
in schools and local communities?

Have training requirements and effective
training plans been established and are
they being updated as appropriate?

Do programmes provide organizations and
individuals with the necessary knowledge
and skills to respond effectively and quickly
recover from various types of disaster?

At the local level, have more practical
matters such as evacuation areas/routes
and possible shelters been considered,
disseminated and reflected in the disaster
drills?

Is responsibility for developing and
conducting emergency exercises and
training clearly defined and assigned to an
appropriate agency, department or
individual?

Are local drills and simulation exercises
conducted at all levels of government?

49

Are training/emergency exercises at the
national and local levels, including at the
town level, implemented and/or supervised
by an authorized body/agency? Is it
ensured that training functions and
activities are not unnecessarily duplicated
or overlapping?

Is there any specific programme for
training/emergency exercises for
particularly vulnerable people (Patients in
hospitals, students in schools, employees
in government/private sectors housed in tall
buildings/dilapidated buildings, people
living in low -lying areas or near river
banks)? Are various local departments (fire
dept., police, and hospitals), community –
based organizations, NGOs, the media
and local businesses involved in the
training/emergency exercises?

Has the government been involved in
capacity building by sending officials to
other more developed countries for
purposes of learning the most effective
emergency exercises during disasters?

Is a communication mechanism established
and introduced into the community?

7. Risks/problem analysis linked to post
disaster activities

Risk/problem analysis related to short -term
post disaster activities

Are damages and needs assessments
performed to identify the destruction
caused by a disaster, the location of the
victims and/or their basic requirements in
order to effectively select the aid needed?

Are those assessments the basis for
providing shelter, emergency food and
water, or any other support to victims?

Does the affected population receive the
help needed?

50

* Goals attainment: did the affected
population receive the help it
needed in a timely manner,
including crisis counseling?
SAI of Chile:
Incorporate if it was
sufficient or not.
*Process: were procedures
adequately prepared in advance
and then respected during the post –
disaster period? Are procurement
processes cost -effective with due
regards to quality, quantity and
timeliness?

* Cost/benefit: were the objectives
of the disaster -related a id met at the
lowest possible cost?

* Quality: was the quality of the
output (food aid, shelters, etc)
acceptable? (no damaged or
outdated stock for instance)

Are the goods and materials donated in
kind or purchased using financial aid
inventoried and stored so that they can be
retrieved to meet the victims’
requirements?

Is the aid distribution organized in an
effective manner either directly to victims or
through appropriate distribution channels?
SAI of El Salvador
Are there mechanisms for
identifying the victims or
beneficiaries of the aid to
be delivered?
Risks/problem analysis related to medium
and long -term post disaster activities

Are the newly built infrastructures disaster –
resilient to prevent and mitigate future
potential disasters, socially acceptable and
sustainable?

Are the maintenance and operating costs of
the newly built infrastructures ensured?

Are there reporting mechanisms on
disaster -related aid and its economy,
efficiency and effectiveness?

Risk that planned reconstruction projects
do not take place

HTC Buenos Aires
It is recommended to add:
Is the generation and
application of more

51

adequate health policies
(in terms of health and
social infrastructure, food,
human resources and
other State resources,
etc.) that provide greater
security in the event of
repeated pandemics
being evaluated?

8. Risks/problem analysis linked to
coordination between the different
bodies at regional, national and
international level

Has a coordination mechanism been
established that should function in the
event of a disaster?
SAI of Chile: add
Is this mechanism known
to the entities involved?

SAI of El Salvador
For each level of
government?
Are responsibilities clear to everyone at
every layer of government: “who, when,
what?”

What responsibilities have private entities,
NGOs?
HTC Buenos Aires
It is important to ask
whether in the context of
an emergency you are
accountable to the state.
Could the main body responsible provide
thefacilities and support necessary for the
activities of the non -government bodies?

Are all relevant participants identified and
included in this coordination mechanism
(national/regional/local level and the main
contact point for external bodies)?

Has the expected level of coordination
between and among the agencies
concerned been achieved during recent
disasters (if any) or by means of test
exercises?

Is there a monitoring mechanism to provide
information to help ensure cooperation, as
appropriate, with different bodies at the
regional, national and international levels?
SAI of Buenos Aires
Is there a feedback
mechanism after the
disaster, depending on

52

the obtained results of the
monitoring?
Does the existing coordination foster
collaboration in order to avoid the
duplication and overlap of activities in the
field, to make the most efficient use of
resources and to raise awareness of the
risk of disaster?

Are different forms of cooperation to reduce
disaster risk, such as technical assistance,
consultancy, equipment and supplies, etc.
specified in accordance with the nature,
role and work of different participants in this
field?

What alternative means of communication
are ready, such as telephones, radios and
the internet? Are there multiple options in
the event of a disaster?

53

Comparative table ISSAI 100/GUID 5330 prepared by the SAI of Mexico
Audit type Audit
stage
Disaqster
management
cycle
Guideline
ISSAI 100 GUID 5330
Performance Planning
Mitigation and
prevention

Preparation

Activities of
recovery and
relief

Emergency
response

Rehabilitation

Reconstructio
n
– Establish the terms of
the audit.
– Understanding.
– Conduct a risk
assessment or problem
analysis.
– Identify fraud risks.
– Develop an audit plan.
– Establish the audit criteria.
– Understand the nature of the entity/program to
be audited.
– Conduct a risk assessment or problem analysis
and review it in response to the audit findings.
– Identify and assess the risk of fraud relevant to
the audit objectives.
– Develop an audit plan to ensure it is carried out
effectively and efficiently.
Execution – Carry out the audit
procedures to obtain
evidence of the same.
– Evaluate the audit
evidence and obtain
conclusions.
– Execute the audit procedures.
– Determine the scope of the audit to obtain
evidence.
– Know the procedures in the emergency phase,
understanding the need to circumvent some
rules in exceptional circumstances; however,
deviations from the rules must be documented
and explained.
– Apply particular and alternative methods for
obtaining sufficient, reasonable, relevant and
reliable evidence.
Compliance Reporting – Prepare a report based
on the conclusions.
– Comply with specific reporting and follow -up
requirements
– Make timely recommendations.
– Maximize the positive impact of the
recommendations on disaster management.
– Issue recommendations that are useful in
preparing for possible fut ure disasters.
– Promote improvements in local legislation,
regulations, and policies, including
assignment of roles and responsibilities.
– Draw attention to the absence of disaster
reduction policies and raise awareness of their
importance.
– Promote the estab lishment of clear roles and
responsibilities in emergency response and
effective management of donor coordination.
– Propose the construction of a strategy to
prevent fraud and corruption.
– Promote the improvement of human
resources, develop organizational ca pacity
and strengthen oversight systems of
organizations, based on comparative cost
information.
– Prepare clear reports that allow society’s
participation in understanding the importance
of the resilience of nations and communities.
Follow -up – Follow up on issues
reported as relevant

54

– Distribute the reports widely.