This module is a resource for lecturers
Detection mechanisms: auditing and reporting
Corruption can be detected through a variety of methods, the most common of which are audits (internal and external) and reports (by citizens, journalists, whistle-blowers and self-reporting). The strengths and weaknesses of these methods are discussed in the following paragraphs. Where relevant, consideration is given to the use of modern technology in detecting corruption, including blockchain technology, smartphone applications and open data web platforms. Given the importance of whistle-blowing, a subsequent segment is dedicated to approaches that encourage such reporting. There are other methods for detecting corruption, such as asset and interest declarations and sample surveys; however, given its introductory nature, this Module focuses on the core methods of auditing and reporting.
Audits: traditional and blockchain
An important method used to detect corruption in both public and private sector organizations is the auditing process. A simple definition of an audit, provided by the Merriam-Webster dictionary, is "a formal investigation of an organization's or individual's accounts or financial situation" as well as "a methodical examination and review". Audits can be internal, meaning that they are conducted by the organization itself, or external, which means they are conducted by another outside independent entity.
Internal and external audits have different purposes. Internal audits review items such as the effectiveness of an organization's safeguards against fraud and corruption, whereas external audits often focus on an organization's financial statements and whether that organization has followed all relevant laws and regulations. Internal audits offer the management of an organization a snapshot of how policies and procedures are functioning, while external audits give a broader view and are often public. Audits are an example of integrity management mechanisms, which are discussed in more detail in Module 11 and Module 13 of the E4J University Module Series on Integrity and Ethics in connection with the private and public sectors, respectively.
Both internal and external audits can play a substantial role in detecting corruption (Jeppesen, 2018). In South Africa, for example, auditors are legally required to report any suspicious activity (UNODC, 2015). In many countries, the role of an external auditor of public institutions is assigned to specialized governmental body such as supreme audit institution or national audit office. Such specialized bodies have an important role in controlling public expenditure and ensuring accountability in the public sector. Therefore, they should be granted independence to effectively perform their oversight functions. One of the oldest examples of such oversight bodies is the Spanish General Comptroller of the State Administration (IGAE), which was established in 1874. IGAE is responsible for conducting monitoring, financial control and audits of the Spanish public sector's economic and financial activities. IGAE ensures that all public spending complies with the principles of legality, efficiency and effectiveness. It also guarantees the transparency of the public expenditures as it provides publicly available accounting information. In Brazil, for example, the Federal Government established the Controladoria Geral da União (CGU), or the Office of the Comptroller-General, in 2003. Not long after its creation, the CGU established a programme to address corruption in municipal governments through random audits. The municipalities to be audited are chosen at random through a public lottery. The CGU gathers information on federal funds received by the selected municipality and then issues randomized audit orders for various projects where those funds have been used. A study by Avis, Ferraz and Finan (2018) found that corruption was eight per cent lower in those municipalities in Brazil that had been subject to an audit in the past.
The detection of corruption through auditing has the potential to be even more effective with the development of new technologies. One such possibility is using blockchain technology. The blockchain is essentially a digital ledger made up of records called blocks. Each block has information regarding a transaction and has a time-stamp that cannot be modified. Currently, most companies and governments have their own systems of documenting transactions and they provide this information to auditors. However, with the blockchain, information is stored in a decentralized manner and auditors would not have to spend so much time externally confirming records. This article and this PowerPoint presentation explain the use of the blockchain. This technology is leading to new, online continuous auditing, which should also aid in corruption detection and enforcement. In 2018, the Switzerland based company Auditchain has produced a White Paper detailing how such a system can be implemented. While regular audits are "backward-looking", a blockchain protocol becomes a continuous audit in real time and with a reliability far exceeding a traditional audit.
It should be noted, however, that even well-written policies and audit systems can fail when faced with organization-wide corruption. The Siemens corruption scandal is one such example. In this case, Siemens appeared to do business according to the highest ethical and legal standards. The corporation had several anti-corruption norms and codes of conduct which had been in place since 1991 (Vernard, 2018). Yet, in 2006, after a police investigation, it was discovered that the Siemens corporation had used bribes and corruption for business gain. In 2008, the Siemens corporation pleaded guilty to committing bribery and other corrupt practices in foreign business dealings and paid 1.6 billion to American and European authorities as part of a settlement agreement (Lichblau and Dougherty, 2008). Significant reforms in Siemens followed this corruption case. An outsider, who was chosen as the new Chief Executive Officer of Siemens, restructured many aspects of the business, including its organizational structure and culture. More information about the lessons learned form the Siemens case is available in this news report .
Another mechanism of detecting corruption is self-reporting. Some States have laws and incentives that encourage individuals to report on corruption in which they played a role. This process, known as self-reporting, is often associated with private sector entities, but is applicable to corruption in any organization. Punishment for corruption can be severe, and therefore penalty mitigation is a common incentive to encourage self-reporting. It is noted in this regard that article 37 of UNCAC requires States to encourage corruption offenders to self-report, including by offering penalty mitigation and even immunity in certain cases. Article 39 encourages the private sector to report on corruption and to cooperate with the authorities on investigating corruption. Additional discussions about self-reporting in private sector can be found in UNODC's "An Anti-Corruption Ethics and Compliance Programme for Business: A Practical Guide" as well as this B20 paper (chapter 5) and this WEF report (part 1).
One of the challenges of addressing corruption through self-reporting is finding the balance between the investigative benefits that arise from cooperation and the prosecution of persons committing corrupt acts. While there is no general legal duty to disclose corrupt activities in many countries, specific legislation in areas such as securities and corporate law may require self-reporting. The United States Foreign Corrupt Practice (FCPA) Act, penalizing companies, registered in the US, for their activities abroad, creates a violation for failure to self-report corrupt acts involving financial books and records. In fact, many countries have provisions for penalty mitigation as an incentive to self-report. In the United Kingdom, self-reporting may obviate criminal prosecution and limit penalties for civil fines. In the United States, prosecutors are regularly more lenient in their charging and sentencing recommendations if defendants have self-reported. In Australia, cooperation with law enforcement is also a factor in the imposition of a more lenient sentence. In China, there is an express provision "for reduction or exemption of the applicable sanction in the event that a person voluntarily discloses conduct that may constitute bribery" of a foreign public official, and more generally with domestic bribery (Turnill and others, 2012).
Members of the public are often the first ones to witness or experience corruption, particularly in the area of public services. To help expose corruption, members of the public can be instrumental in reporting on corruption through standard crime-reporting channels at the national or municipal level, such as the police. To encourage citizen reports on corruption, many governments have developed more direct ways for the public to report corruption. For example, specialized anti-corruption bodies can establish dedicated reporting channels for corruption offences. Governments are required by article 13 of UNCAC to inform the public about such anti-corruption bodies and how to report corrupt acts, including anonymously. Information about anti-corruption bodies around the world, organized by countries, is available on the UNODC website.
In addition to specialized anti-corruption bodies, new technologies are increasingly playing an instrumental role in facilitating citizen reporting. For example, in many countries, websites and smartphone applications enable citizens to report incidents of corruption easily. Perhaps the most popular example is I Paid A Bribe in India, which has registered more than 187,000 single reports by citizens and over 15 million visitors as of August 2019. Its interactive map allows the website's visitors to monitor in which cities and sectors in India corruption occur the most as well as the amounts of bribes paid. A similar mobile phone scorecard programme was developed in the Quang Tri province in Vietnam. This allows citizens to score the performance of the administration of public services and to report on whether they had been asked to pay a bribe. New data are released each quarter and local media regularly discuss the results. Within a little over a year, reports of bribery had significantly decreased. For more information, see the case study Vietnam: the M-Score. In Papua New Guinea, a programme called Phones Against Corruption was introduced in 2014 within the Finance Ministry. The programme allowed members of the public to report corruption anonymously via text messages. For a further discussion of citizen reporting, including through resorting to anti-corruption agencies and by using technology, see Module 10 of the E4J University Module Series on Anti-Corruption. To learn more about anti-corruption agencies, see Module 13 of the E4J University Module Series on Anti-Corruption. The ways in which anti-corruption bodies, the police and private organizations should handle citizen reports of corruption are discussed below.
Journalism and media reporting
Journalism and the media play a key role in reporting, exposing and curbing corruption. Reporting on corruption is "making a valuable contribution to the betterment of society" and investigative journalism in particular "holds the potential to function as the eyes and ears of citizens" (UNODC, 2014, pp. 2, 6). Media reporting can be a means of corruption detection that prompts organizations and law enforcement agencies to conduct investigations (or further investigations) into allegations of corruption. Reports of corruption in the media can also be used to gather more information about and evaluate instances where corruption has been detected and requires further investigation. One highly publicised example is the Mossack Fonseca Papers case, which is commonly referred to as the Panama Papers (this case is further discussed in Module 10 of the E4J University Module Series on Anti-Corruption).
For media reporting and journalism to play an effective role in corruption detection, the media have to be free, independent and responsible. Access to information laws are useful tools that journalists and the media can use to assist in detecting corruption. Moreover, there must be legislative frameworks in place to protect journalists and their sources from unfounded lawsuits, recrimination and victimization. On the extreme end of the scale, journalists have been killed for their role in exposing corruption (OECD, 2018; see also TI's campaign to protect journalists). Media reporting on corruption can only have an impact if the public trusts the media and the work it produces. Therefore, if the media is to play a role in exposing corruption and informing society, it should also take measures to ensure that the reports are done in accordance with high professional and ethical standards. Such measures may include establishing codes of conduct for journalists or creating independent self-regulatory body for the media sector. For a detailed discussion of safe and responsible reporting on corruption by the media see UNODC's 2014 publication Reporting on Corruption: A Resource Tool for Governments and Journalists. These and related issues are also discussed in Module 10 of the E4J University Module Series on Anti-Corruption and in Module 10 of the E4J University Module Series on Integrity and Ethics.
Given that corruption can benefit the individuals directly involved, and there is a variety of means to cover up corruption within organizations, some corruption cases can only be detected if someone on the inside reports it. This kind of reporting activity is frequently called "whistle-blowing", because the reporting person sends out an alert about the activity, in the hope that it will be halted by the authorities. Usually, the whistle-blower reports the act to an appropriate internal manager, executive or board member. Some entities have established protocols for reporting. If that proves unsuccessful, whistle-blowers might raise the issue with external regulatory or law enforcement agencies or may choose to expose the matter publicly by contacting the media.
To date, the most commonly used academic definition for whistle-blowing is from Near and Miceli (1985) who define whistle-blowing as the "disclosure by organisation members (former or current) of illegal, immoral or illegitimate practices under the control of their employers to persons or organisations who may effect action". At the same time, a review of relevant legislation from around the world (see here for a recent overview) reveals that whistle-blowing is defined differently across jurisdictions. Indeed, the term whistle-blowing is not easy to translate into other languages (a provisional list of terms in other languages can be found here). For this reason, UNCAC uses the term "reporting persons" instead.
It should be noted that whistle-blowing is not limited to reporting on corruption, but covers reporting on a variety of misconduct, illegal acts, harassment, wrongdoing, and risks to persons' lives, health and environment. With ever more countries starting to adopt whistle-blower protection legislation, the international debate about good practices and standards is increasing. In this regard, in 2019, the G20 adopted High-Level Principles for the Effective Protection of Whistleblowers. For a discussion of different approaches to protecting reporting persons see Resource Guide on Good Practices in the Protection of Reporting Persons (UNODC, 2015).
Whistle-blowing versus leaking
Besides the lack of an agreed-upon definition of whistle-blowers, there is also confusion about how to distinguish the notion of whistle-blower from other terms. In English, for example, there is confusion about what the distinction is between a whistle-blower and a "leaker" (Savage, 2018). While "leaker" is not a legal term, it has been widely used by the media. Notably, some well-known cases have been described both as leaking and whistle-blowing. Examples include: Chelsea Manning's disclosure of documents to Wikileaks, Rui Pinto's Football Leaks, and the Mossack Fonseca Papers. The best way to consider and discuss the difference is through the following continua:
- Is there an identified harm to society? Whistle-blowing is used in cases where the person making the report articulates a particular concern about harm to society and might provide some evidence, whereas leaking refers to cases in which people make unauthorized disclosures of documents without articulating a particular concern about harm.
- Is the identity of the reporting person known to anyone? What is referred to as a case of leaking can become whistle-blowing when the identity of the reporting person is known. For example, Football Leaks started to be discussed as whistle-blowing when it became public who was disclosing the documents.
- Is the reporting authorized? As more countries develop legislation on the protection of whistle-blowers, reporting to regulatory agencies or media becomes authorized under certain conditions. Reports that follow such authorized procedures are called whistle-blowing, whereas reporting that does not follow authorized procedures is called leaking. For example, in the United States, a whistle-blower is someone who has certain legal protections because he or she has reported to the appropriate federal or state authorities, whereas a leaker is someone who shares information with a person or organization not authorized to receive it. While some leakers may eventually benefit from legal protection, this is not guaranteed at the time of the report. Leakers can be prosecuted or sued in civil courts for violating a secrecy act or non-disclosure agreements, or for inflicting harm.
The following part continues the discussion on whistle-blowing, with an emphasis on a few significant areas of contemporary scholarly and practical debates, including the motivations and importance of whistle-blowing and whistle-blower protections.
Next: Whistle-blowing systems and protections
Back to top