DRAFT ISSAI 55XX
Audit of disaster preparedness:
Guidance for Supreme Audit Institutions
May2012
Arife COSKUN – 16042012 version the draft guide for audit of disaster preparedness (0II.04)
Turkish Court of Accounts (TCA) Inonu Bulvarı, No: 45, Balgat/ Ankara - Turkey
e-mail: acoskun@sayistay.gov.tr
Tel: +90 312 295 37 01
i
Preamble
I.
The INTOSAI Working Group on Accountability for and the Audit of Disaster-related Aid
(AADA) was established by the XIXth INCOSAI in Mexico in 2007 as a successor to the INTOSAI
Tsunami Task Force. Building on the knowledge and experience of this Task Force, the
Working Group has developed audit guidance for SAIs as well as a tool for harmonized
reporting of disaster-related aid.
II.
Disasters of the magnitude of the 2004 Indian Ocean Tsunami, which triggered the
establishment of the INTOSAI Task Force, fortunately do not happen often. However, many
disasters occur every year, and the toll in terms of loss of human life, human suffering and
physical, social and economic damage is rising. This is partly caused by greater exposure and
vulnerability due to population growth and the increase in the occurrence of certain types of
disasters as a result of climate change. A welcome consequence of the recognition of these
developments is the focus by governments on reducing the risk of disasters and on reducing
their potential impact. The Working Group aims to contribute to this by providing guidance
for SAIs not only on the audit of disaster-related aid, but also on auditing disasterpreparedness. In carrying out well-defined audits of the disaster-preparedness of
government, SAIs can stimulate effective policies aimed at reducing risks of disasters and
mitigating their impact.
III.
The Working Group observed the pressing need to improve the traceability of aid following
the occurrence of a disaster. Notable features of post-disaster activity include large amounts
of resources flooding into disaster-affected areas, which may be in poor countries with weak
or newly damaged institutions and infra-structure and frequently pre-existing power
imbalances. Aid may be disbursed by a number of different actors with varying levels of
experience and in situations where the pressure to deliver aid rapidly to individuals in great
need may lead to the circumvention of normal procedures. Lack of coordination and
inattention to accountability and reporting of disaster-related aid can render the
establishment of the audit trail by auditors difficult. The Working Group has sought to help
SAIs improve their audits of disaster-related aid, which can give rise to recommendations on
how to improve in the eventuality of future disasters.
IV.
In preparing guidance on the audit of disaster-related aid, the Working Group considered the
interests of the victims of disasters to be of primary importance. SAIs can play an important
a role here in verifying that victims receive aid, in reassuring donors and potential donors
that aid is used efficiently and effectively, and that waste and improper use of aid is
prevented as much as possible.
ii
V.
Disaster management is the term often used to describe the systematic process of using
administrative decisions, organizational assets and operational skills and capacities of the
society and communities to implement policies and strategies to lessen the impact of natural
hazards and related environmental or technological disasters. Thus, disaster management
encompasses disaster preparedness through preventive and mitigating measures, emergency
response, including relief and early rehabilitation measures, and post-disaster rehabilitation
and reconstruction. SAIs audit the whole of the disaster management cycle and report on
the quality of the management of each phase, making recommendations with a view to
reducing the risk and impact of potential future disasters.
VI.
The four sets of guidance in this series of ISSAIs are closely related and appropriately cross
referenced. The focus of the guidance is on disaster-related aid. For guidance on general
audit methodology and procedures, SAIs should refer to first, second and third level ISSAIs,
especially those on financial audit, performance audit and compliance audit.
VII.
The Turkish SAI led the preparation of guidelines for auditing disaster-preparedness. In
addition to direct assistance from the SAIs of Austria and Kenya, the SAI of Turkey also
received data from a number of INTOSAI members for a survey it carried out. The SAI of
Turkey also organized a parallel audit in order to collect relevant input for the guidelines. The
SAIs of Azerbaijan, Chile, India, Indonesia, the Netherlands, Pakistan, the Philippines,
Romania, Ukraine and Turkey participated in this parallel audit.
VIII.
The Indonesian SAI developed the guidelines for the audit of disaster-related aid, with direct
assistance on one of the subtopics from the SAI of Peru. The SAI of Indonesia carried out two
surveys and a parallel audit to gather data to feed into this guidance. Like the ISSAI on
auditing disaster-preparedness, this ISSAI takes the disaster management cycle as a point of
departure, but focuses on the different phases and activities carried out in response to
disasters, from emergency relief through to rehabilitation and reconstruction. Although the
title refers to disaster-related aid, the guidelines are considered useful for auditing any type
of humanitarian aid.
IX.
The Working Group considered disaster-related aid to be at especially high risk of fraudulent
and corrupt activity, given the nature of the expenditure and the circumstances surrounding
disasters. The European Court of Auditors has prepared guidance for auditors to take account
of the increased risk of fraud and corruption in the emergency phase of disaster-related aid.
This guidance expands on ISSAI 1240 in broadening the scope to consider the risk of
corruption as well as of fraud. It focuses on that phase, following disasters, when procedures
and controls might not function as they may normally be expected to do. To assist auditors,
the guidance outlines risks and red flags of which auditors should be aware and provides
advice on how to adapt audit procedures accordingly.
X.
Recent developments in disaster management have led to the use of new tools, such as
Global Information Systems. The SAI of the Netherlands has developed guidance on the use
iii
of GIS when auditing disaster-related aid with the support of external experts in this field. In
addition to providing guidance on how to use geospatial information for auditing disasterrelated aid, this ISSAI provides a comprehensive introduction of geospatial information and
may therefore also be useful for SAIs conducting audits in other areas not related to disasters
or disaster-related aid.
XI.
In presenting this series of ISSAIs the Working Group aims to inform and enrich the audit by
SAIs of disaster-related aid. Whilst it reflects current best practice, INTOSAI members should
use the guidance as is appropriate and adapt it as required by specific conditions and
mandates. The guidance should be considered as a first step towards documenting best
practice and advice and requires early updating in the light of further experience.
XII.
SAIs involved in auditing disaster-related aid have suffered consistently from the near
impossibility of establishing a reliable and complete audit trail due to the lack of
accountability and transparency which often result from the urgency and complexity which
often reign in post-disaster situations and because of the failure to properly prepare for
disasters. The Working Group therefore went further than establishing guidance for the audit
of disaster-related aid. It also developed a tool to allow disaster-related aid to be reported on
in a standardised and harmonised format by all actors. In addition, it has canvassed support
for the implementation of this reporting format on a global scale. More information about
this tool, the “Integrated Financial Accountability Framework (IFAF)” is available in the Final
report of the Working Group to the XXIst INCOSAI in 2013.
XIII.
The INTOSAI Working Group on Accountability for and the Audit of Disaster-related Aid
wishes to express its appreciation for the contributions made by INTOSAI members,
especially those which replied to the surveys, those which contributed to the Guidelines, and
those which participated in the parallel audits. The Working Group is also grateful for the
valuable contributions made by others, such as the Special Representative of the UN
Secretary-General for Disaster Risk Reduction (UN ISDR), the Under Secretary-General of the
UN Office for Internal Oversight Services, the Director General of the European Commission,
the xxxxxx (Transparency International?; both for developing and improving the guidelines
and for their input during meetings of the Working Group.
iv
Audit of disaster preparedness
Table of contents
Part 1: Disaster and disaster management
1.
Background
2.
Purpose and structure of the Guidelines
3.
A Conceptual Framework for Disaster Preparedness
Definitions of Disaster
Types of Hazard
Scope of Disaster Preparedness
Disaster Management Cycle
4.
Parliament and Government
5.
Disaster Management Laws, Plans and Information
Disaster Management Law
National Disaster Plans
Sub- Plans
Geographical Information Systems (GIS)
Risk Assessment-Prediction with GIS
Planning with GIS
Part 2: Audit of disaster preparedness
6. Introduction
The experience of SAIs in auditing disaster preparedness
7. Audit Mandate of SAIs
8. What are the challenges that SAIs face?
9. Cooperation among SAIs
10. Types of Audit
v
11. Principles for auditing disaster preparedness
12. Assessment of the Audit Environment
13. Planning and carrying out an audit study
Audit Approach/ Scope
Audit Objectives
Audit Methodology
Audit Criteria
Audit Findings and Recommendations
Part 3: Audit program for disaster preparedness
14. Audit Program
Identification of the disaster characteristics
Specifying and understanding the national strategy and action plans
Identification of the framework and organization of the authorities involved
Assessment of the adequacy of coordination
Assessment of disaster management tools and early warning systems
Assessment of emergency exercises and training/public awareness
Assessment of disaster funds and grants administration
Assessment of the adequacy of making urban areas resilient and reducing urban risk
Urban planning/Building development plans and their implementation
Reinforcement and reconstruction activities/urban transformation
ANNEXES
ANNEX 1: SAIs which participated in the WG AADA survey and the parallel audit
ANNEX 2: An example for governance structure - Canada
ANNEX 3: Geographical Information Systems (GIS)
ANNEX 4: A case for understanding the organization and framework of authorities preparing for
disaster
ANNEX 5: Audit Objectives - examples concerning disaster preparedness
ANNEX 6: Audit Criteria - examples concerning disaster preparedness
ANNEX 7 Audit Recommendations - examples concerning disaster preparedness
Glossary
Bibliography
vi
vii
Part 1: Disaster preparedness
1. Background
1.1
The occurrence and impact of disasters has dramatically increased over the last few
decades, owing to social, demographic, political, environmental and climatic factors.
The degree of vulnerability and exposure, leading to larger losses, has also increased
considerably caused by the growth of urban development and population density in
exposed areas. The increasing uncertainty of weather patterns due to climate change
are additional reasons for the occurrence of major disasters.
1.2
These developments have led to changes in international policies concerning disasters
over the past decade. Previous policies resulted in the concentration of resources on
post-disaster relief and reconstruction activities. In recent years the international
community has moved towards new policy objectives which reflect the desire to
reduce risks prior to the occurrence of a disaster. The Yokohama (1994) and Kobe
(2005) Conferences and the Hyogo Framework for Action (HFA) have set new
objectives and criteria to reduce disaster risk. These are monitored by the UNISDR1
(2010), which has established the Global Platform for disaster risk reduction and
proposed the formation of National Platforms, comprising not only the relevant
official bodies but also NGOs and Universities. The goal of these actions is to make the
world less vulnerable to disasters.
1.3
Some disaster risk factors increase the impact of disasters and challenge the capacity
of federal and provincial/territorial governments, and sometimes the international
community, to manage emergencies. These risk factors include increased
urbanization, critical infrastructure dependencies and interdependencies, terrorism,
climate variability and change, animal and human health diseases, and the increased
mobility of people and goods around the world. Risk reduction or mitigation policies
call for new approaches, new methods and expertise: identifying various types of risk
at different levels, making projections of likely consequences, and also a capacity for
devising methods to avoid, reduce and share risks. Disaster preparedness thus
requires developments in management approach and, accordingly, the approach to
audit by SAIs.
2. Purpose and structure of the Guidelines
The UN International Strategy for Disaster Reduction, “Hyogo Framework for Action 2005-2015: Building
the Resilience of Nations and Communities to Disasters”, http://www.unisdr.org/eng/hfa/hfa.htm, March
2010.
1
1
2.1
The purpose of this guidance is to assist SAIs in the audit of the disaster preparedness
of governments. Where governments have not yet accepted the importance of
disaster preparedness policies and plans, the guidance can assist SAIs in making
recommendations on this fact. Where governments have policies related to disaster
preparedness/risk reduction and the principle has been accepted, the following
document provides practical guidance based on exchanges of experience between
SAIs. SAIs are well placed to identify the key activities necessary to implement the
new policies required under the Hyogo Framework for Action. This means that in
addition to providing assistance to SAIs, this guidance supports governments and
communities in improving mechanisms, procedures, and institutions so as to reduce
the risk of exposure of communities and assets to disasters.
2.2
Another objective of the guidance is to encourage SAIs and their auditees to take a
more active role in preventing the potentially disastrous impact of natural events.
Issues faced are as follows:

The need to convince government that investing in disaster preparedness may be
a more efficient and effective use of resources than paying the bill for disaster
response. This lack of awareness arises because the added value of investing in
disaster preparedness can only be assessed if and when a disaster actually
happens (and when it is in fact too late). Preparedness costs, but its benefits may
never occur (or will only do in many years’ time) or may not be clearly visible.

The need for awareness on the part of SAIs of the role they have to play in
prevailing upon governments to invest in disaster preparedness. Failure of SAIs to
recognize this is exacerbated by the tendency to look at ex-post events (after
disasters occur) and to use public expenditure as the basis for selecting audit
topics: if governments do not invest in disaster preparedness, SAIs will not audit
it.

The complexity of assessing the quality of disaster risk assessment, disaster
mitigation and disaster prevention: this requires using other types of information
(for instance geographical information, information about the probability of
events, etc.) and information from sources other than those normally used in
audits (such as information from more specialist agencies, universities,
international bodies). Examples from SAIs that have experience in tackling this
complexity
2.3
can
be
very
helpful
for
other
SAIs.
The guidance is structured as follows:
Part 1 defines disaster preparedness, situates it in the disaster management cycle and
sets out the political and operation for SAIs auditing disaster preparedness.
2
Part 2 covers what SAIs should take into account when planning or conducting an
audit of disaster preparedness. It reports on the experiences of SAIs in auditing
disaster-related aid gathered by means of a survey conducted amongst INTOSAI
members. 35 SAIs replied to the questionnaire (see table in Annex I.)
Part 3 proposes an audit programme to assist SAIs in auditing disaster preparedness.
This was prepared using the results of the survey and tested and strengthened by
carrying out a parallel/coordinated audit between 10 SAIs (see table in Annex 1).
The guidance provides assistance to SAIs by covering the following:
•
Obtaining and documenting an understanding of disaster preparedness activities
and the organization of the authorities concerned and the legislative framework
governing them;
•
Establishing a preliminary view of the strengths and weaknesses of the overall
audit environment;
•
Providing information for the assessment of risk and the design of the audit
studies;
•
Establishing an effective and sound audit process;
•
Forming
a
common
basis
for
partnership
audits
among
the
SAIs.
3. A Conceptual Framework for Disaster Preparedness
Definitions of Disaster
3.1
There are many of definitions of disaster. Variations between definitions are often
due to differences in countries’ experiences and environment. The WG AADA has
adopted the definition provided by the UN International Strategy for Disaster
Reduction (ISDR): “A serious disruption of the functioning of a community or a society
involving widespread human, material, economic or environmental losses and
impacts, which exceeds the ability of the affected community or society to cope using
its own resources.”2
3.2
The multitude of definitions makes devising and implementing a common approach
towards auditing disaster-preparedness a challenging task. SAIs are assisted in this by
a “terminology” booklet prepared by UNISDR in cooperation with many stakeholders.
This booklet fosters common understanding, and through this, common policy
making, strategy definition and planning.
2
The UN International Strategy for Disaster Reduction,“UNISDR terminology on disaster risk reduction
(2009)”, http://www.unisdr.org/eng/terminology/terminology-2009-eng.html, March 2010.
3
Types of Hazard
3.3
Most disasters are the consequence of natural hazards (earthquakes, tsunamis,
volcanic eruptions, etc.) that affect human life and others are caused by human
decisions and activities, such as building in a flood plain or the lack of building
standards in earthquake-prone areas. Disasters also arise from man-made hazards
such as negligence or failures in the system. However, the distinction between natural
and man-made hazards is not a clear-cut one since many natural events turn into a
disaster due largely either to a failure to take precautions in time or to
mismanagement.
All types of hazard are man-made to a certain degree and
vulnerability to natural and man-made hazards is very often similar.
Figure 1: Hazard Types
HAZARD TYPES
HYDROLOGICAL/METEOROLOGICAL
(Windstorms, floods, tornados, droughts etc.)
GEOPHYSICAL
(Earthquakes,
tsunamis, land
slides, etc.)
NATURAL
HAZARDS
CLIMATOGICAL
(Desertification,
freezes, etc.)
TECHNOLOGICAL
(Nuclear weapons, nuclear plant
melt down, etc.)
MAN-MADE
HAZARDS
BIOLOGICAL
SOCIOLOGICAL
(Plagues, Epidemics, etc)
(Terrorism, Famine, etc)
Identifying human induced root causes, and advocating structural and political
changes to combat them, is long overdue. For example, the destruction of the natural
environment because of logging or inappropriate land uses for short-term economic
gain is one of the major factors causing floods or mudslides. Similarly, the migration
of populations to urban and coastal areas increases human vulnerability to disasters.
Accordingly, population densities increase, infrastructure becomes overloaded, living
4
areas move closer to potentially dangerous industries, and more settlements are built
in fragile areas such as floodplains or areas prone to landslides. By the same token,
poor economic planning and mismanagement of natural resources – for example
using farm land for urban development – can lead to widespread famine. As a result,
natural hazards affect more people and economic losses increase in both lower
income and high income countries.
3.4
The large majority of disasters are events of hydro-meteorological origin such as
floods, droughts and windstorms. Events of geological origin such as earthquakes are
secondary to these. Disaster risks arise when hazards interact with physical, social,
economic and environmental vulnerabilities. For example, despite the fact that
seismic activity has remained constant over recent years, the effects of earthquakes
on the urban population appear to be increasing.
3.5
The precautions taken by government institutions depend on the type of hazard,
because different hazard types attract different management risks. Depending on
this, management risks arise in different areas. For example, for some disasters, such
as famine or terrorist attacks, control risks may be come to the fore. For others, like
earthquakes and tsunamis, the risk of poor coordination by management might rank
more highly. A sound knowledge of hazard types is therefore vital for auditors of
disaster preparedness.
Scope of Disaster Preparedness Measures
3.6
UNISDR defines disaster preparedness3 as follows:
"The knowledge and capacities developed by governments, professional response and
recovery organizations, communities and individuals to effectively anticipate, respond
to, and recover from, the impacts of likely, imminent or current hazard events or
conditions." Disaster preparedness includes activities that prepare communities for a
possible disaster and improve the reaction of the various parties involved to such an
event. These measures aim to reduce the impact of the disaster by ensuring that the
various stakeholders are not caught unprepared by the disaster and that assistance is
provided in a coordinated manner4. Disaster preparedness measures include risk
assessment, prevention and mitigation. These are defined by UNISDR as follows:
3
UNISDR uses the term 'Disaster risk reduction' to denote the concept and practice of reducing
disaster risks through systematic efforts to analyse and reduce the causal factors of disasters. Reducing
exposure to hazards, lessening vulnerability of people and property, wise management of land and the
environment, and improving preparedness for adverse events are all examples of disaster risk reduction. Both
Disaster Risk Reduction and Disaster Preparedness are umbrella concepts which cover the activities of risk
assessment, prevention and mitigation.
4
The European Commission on EU Strategy for Disaster Risk Reduction, 15/4-2008 and Austrian
Development Cooperation, “International humanitarian aid policy document”, Vienna, March 2009, p.9.
5
Risk assessment: "A methodology to determine the nature and extent of risk by
analysing potential hazards and evaluating existing conditions of vulnerability that
together could potentially harm exposed people, property, services, livelihoods and
the environment on which they depend."
Prevention: "The outright avoidance of adverse impacts of hazards and related
disasters." This includes measures intended to ensure a permanent protection against
a given disaster. They include engineering, physical protection measures, legislative
measures for the control of land use and codes of construction. These activities
reduce physical vulnerability and/or risk exposure by providing new infrastructures,
improving existing infrastructures and through sustainable development practices.
Mitigation: "The lessening or limitation of the adverse impacts of hazards and related
disasters." This consists of activities taking place before the occurrence of
unavoidable disasters to minimize damage caused by impending risks and to reduce
or eliminate their impact on society and the environment. Disaster mitigation
measures also reduce risks by lessening the physical vulnerability of existing
infrastructures and vulnerable sites, which might directly endanger the population
(e.g. retrofitting of buildings, reinforcing “lifeline” infrastructure) and natural or
economic resources.
The scope of disaster preparedness measures shapes government’s role and
responsibilities with regard to management and those of the SAIs with regard to their
audit.
3.7
In broad terms, disaster preparedness encompasses operational and strategic
considerations:
“Strategic” preparedness consists, inter alia, of:

preparing for disasters through development plans and interventions that reduce
and mitigate disaster risk, reduce poverty, and contemplate a sustainable use of
natural resources;

the development of a system capable of understanding hazard risk, climate
variability and vulnerabilities so as to raise awareness of the need for reducing
disaster risk and provide the knowledge and guidance needed to achieve this; and

adapting the institutional, legal and policy framework to enable decision makers
and practitioners to effectively take appropriate action to enable the population
at large to reduce its exposure and vulnerability to disasters as well as effectively
respond to disasters as they occur.
“Operational” preparedness focuses, inter alia, on:
6

appropriate early warning mechanisms being in place;

the public being properly informed about risks and the actions to take;

funding being immediately available to support relief operations;

contingency plans being regularly updated at local and central levels to adjust to
changing environmental and societal situations;

coordination mechanisms including all the relevant stakeholders;

information being able to flow in a timely fashion;

local communities being well committed and informed, with training and drills
taking place.
3.8
The SAIs’ auditing of disaster preparedness can therefore cover all activities that
prepare communities, the economy and the environment for possible disasters and
also those that mitigate not just their impact but also the risk of their happening, i.e.
reducing vulnerability and/ or exposure to natural hazards.
Disaster Management Cycle
3.9 The increase in the frequency of disasters and the effects in terms of casualties and
damage means disaster preparedness (especially disaster mitigation and prevention)
has gained importance in recent years. The core idea is to minimize the risks and
potential impact of disaster.
Figure 2: Disaster Management Cycle
Pre-disaster
RISK MANAGEMENT
Mitigation&
Prevention
Risk
Assessment
Preparedness
Prediction and
Early Warnings
Risk Reduction
Disaster
Recovery
Reconstruction
Rehabilitation
Emergency response
Recovery
CRISIS MANAGEMENT
Post-disaster
Disaster management consists of pre-disaster risk management and post-disaster
crisis management. Figure 2 shows that pre-disaster risk management begins with risk
assessment and extends over prediction and early warnings. Risk management
includes many actions, such as identifying, assessing and monitoring disaster risks and
7
enhancing early warning systems, reducing the underlying risk factors, using
knowledge, innovation and education to build safety and resilience at all levels, and
strengthening disaster preparedness for effective response. Expenditure on these
actions is the focus of the present guidance. The remainder of the management cycle
is concerned with post-disaster crisis management. Large amounts of government
resources are spent on post-disaster relief and reconstruction activities. Refer to ISSAI
55XX for more on this.
Parliament and Government
4.
4.1
The success of disaster preparedness depends primarily on the support of parliaments
and strong government programs. Governments play a major role in establishing
policy and setting out the institutional framework and programs for disaster
preparedness in the context of disaster management. Governments are generally
responsible for numerous disaster preparedness activities including disaster alarms,
evacuation, supply and the assessment of the situation. In this context, governments
should identify risks, assess and monitor them properly and develop a governance
model for all the parties concerned - government institutions, regional and local
organizations and civil society, including volunteers, the private sector and the
scientific community.
4.2
In cases where government does not give appropriate priority to disaster
preparedness SAIs may need to report to parliament on this. Parliament’s oversight of
the budgetary process provides an excellent opportunity to reflect on and monitor
adequately government’s commitment to disaster preparedness. Parliament can also
help to raise public awareness of the risks and potential impact of disasters and bring
disaster preparedness issues and disaster sensitive programs onto the public agenda
using the appropriate channels and platforms. SAIs may consider including in their
reports to parliament information which supports the oversight function and raises
the awareness of parliamentarians to the requirements of adequate disasterpreparedness.
5. Disaster Management Laws, Plans and Information
5.1
Disaster preparedness involves many activities of government; it is multi-sector and
inter-disciplinary in nature and requires the involvement of many institutions and
local, national and international bodies. Governments require appropriate disaster
management tools to facilitate the management and coordination of the
organizations and activities involved. SAIs need to obtain, understand and assess the
legal framework insofar as it affects disaster-preparedness, overall strategic national
disaster plans, operational local or activity-specific plans and the disaster information
systems, in particular the geographical information system (GIS) available to
8
government.
Disaster Management Law
5.2
A disaster management framework is usually laid down in a disaster management
law, which should act as a basis for national disaster plans. These plans are essential
tools for guiding the institutions involved in the disaster management process to
ensure that timely, proactive and forward-looking precautions are taken. They should
enable the authorities to provide the most appropriate response at every stage of
disaster management and constitute the single most important tool in the field of
disaster preparedness.
5.3
Most countries enact a basic national law covering the general framework of disaster
management.
The disaster management law generally includes the following
provisions;

Developing
a
national
disaster
management policy;

Preparing
national
plans
and
programs under this policy;

Setting up a general framework for
the responsibilities and roles of the
institutions involved in disaster
management
arrangements
and
for
the
coordination
Canada: The Emergency Management
Act of August 2007 governs the national
leadership responsibility of the Ministry of
Public safety for emergency management
and for conserving critical infrastructure.
It also defines cooperation between the
federal ministries.
Sri Lanka: The Disaster Management Act
of May 2005 governs the establishment,
responsibilities and duties of The National
Council for Disaster Management and the
Disaster Management Center and the
preparation of disaster management plans.
between these institutions, etc.
5.4
National disaster law provides a basis for good governance and accountability.
Auditors should scrutinize the adequacy of legal the framework in terms of planning
and implementing disaster preparedness and put forward recommendations for
improving new legal arrangements.
National Disaster Plans
5.5
Disaster management legislation usually includes provisions for the preparation of a
national plan. These are often called “National Disaster Management Plans”, although
their exact names differ from country to country5. They set out national strategies
and provide a basis for setting priorities for all functions of disaster management by
considering all potential national and international risks. National Disaster Plans cover
all the players and activities in the field and provide coordination between the
5
Hereinafter “National Disaster Plan”.
9
relevant institutions. By virtue of these features, national disaster plans are the main
documents for audits of disaster preparedness.
5.6
In countries which have more experience of disaster management, the national
disaster plan is prepared with the aim of drawing up a general framework for disaster
management. In addition to this plan, there are implementation plans, known as
specific plans, operation plans or emergency plans. Countries which are new to
setting up disaster management structures have national disaster plans which are
more like operational plans.
5.7
Disaster management activities, including those which involve disaster preparedness,
are carried out at many different levels, and by many different organizations and
individuals. Responsibility for coordination should be specified in the national plan.
This and the other main components of a national plan include:
•
The national strategy: When determining the national strategy, it is critically
important to assess the risks in terms of potential threats and weaknesses with
which the country may be faced. Hazard mapping, disaster databases, costbenefit and impact analysis, including an assessment of the annual average and
probable maximum losses are available tools for risk assessments.
•
Priorities: In the context of disaster
management planning, priorities
are also set by using the results of
risk assessments. When designing
national disaster plans, it is of
In Canada, strategies are determined and
action plans are designed for 10 sectors
which are prioritized as “critical
infrastructure”. The sectors include
Health, Information and Communication,
Technology, Energy and Utilities.
prime importance that priorities
should be determined rationally, taking account of limited resources.
•
Coordination: Comprehensive coordination at all stages of disaster management
(pre, during and post disaster) is essential for carrying out activities and fulfilling
responsibilities that are shared among many institutions. National plans provide
for coordination tools, such as meetings and committees.
•
Governance structure: Governance is a key element in implementing disaster
preparedness properly and involves a set of relationships between different levels
of government. Governance also provides the structure through which the
objectives are set and the means for attaining those objectives and monitoring
performance. For this reason, it is essential to create a governance structure in
which corporate responsibility areas are defined exactly. National plans define the
primary functions of disaster management and the organizations that are
responsible for performing these functions. Indeed, there is no single, specific
model of good governance for disaster preparedness. Therefore, examining the
legal, institutional and regulatory framework in the light of the different models
10
that exist helps the auditor identify some of the common elements underlying
good governance. (See Annex 2 for an example.)
•
Guidance: National disaster plans guide the responsible institutions in their
disaster management work. In this connection, the corporate aims and goals, risk
assessments etc. laid down in the corporate disaster plans should be aligned with
the national plan’s strategy. Therefore, the planning, monitoring and reporting
capability of the main institution responsible for national disaster planning should
be optimal, with additional resources provided if necessary.
Sub-Plans
5.8
In addition to National Disaster Plans, the individual institutions that are responsible
for disaster management functions draw up plans and programs related to their own
fields of responsibility. These plans
can
vary
depending
on
the
institutions
concerned
and
on
disaster types. Some examples are as
follows:
•
In Canada, a “National Disaster Mitigation
Strategy” is prepared and the mitigation
activities are carried out in accordance with
this plan. Similarly, one of India’s disaster
preparedness plans is “Preventive/Protection
and Mitigation from Risk of Tsunami”
Departmental/operational/emerg
ency management plans, made by institutions/local authorities;
•
Specific plans/strategies, designed for specific disasters to which countries attach
importance;
5.9
•
Business continuity plans which are related to disaster preparation; and
•
Action plans which will be applied during a disaster.
The importance of disaster preparedness activities means that they occupy an
important place in disaster sub-plans. Such plans often cover the following points:
•
Coordination: Coordination with the national plans and sub-plans is of primary
importance. In order for there to be effective disaster management, including
preparedness, activities such as
policy,
planning,
assessment,
training,
risk
public
awareness-outreach
and
protection
of
critical
infrastructure
need
to
be
carried out in a coordinated
In Canada, a “Federal Emergency Response
Management System” has been established and
the coordination tools and processes are defined
within this structure. On the one hand, “the
management team”, which is composed of
delegates of the institutions involved in disaster
management, collects the needs of the
performers. On the other hand, it issues guidance
to them regarding cooperation and coordination.
manner by the stakeholders in the field. For example, the “Istanbul Provincial
Disaster and Emergency Directorate” was established with the main purpose of
ensuring coordination and cooperation between the relevant institutions in the
11
region. To do this, the Directorate uses telecommunication tools and information
systems.
•
Risk assessment: The sub-plans specify probable risks (generally the risk
assessment tool for natural disasters is hazard mapping, and for man-made
disasters
the
appropriate
tools are
monitoring and reporting). In addition,
vulnerability assessments are also drawn
up;
for
the
purposes
assessments, preparedness
of
these
is tested
Tsunami Risk in India and the Tools
of its Assessment
 Tsunami Hazard Map
 Tsunami Vulnerability Assessment
 Tsunami Risk Assessment
 Practical Applications
through practical applications.
•
Training: Training is another important issue covered by sub-plans. Many
countries have a training unit which organizes the training activities related to
each stage of disaster management. For example, the Emergency Management
Institute in Australia has such a training unit. Additionally, sub-plans emphasize
the need to prepare training programs concerning specific subjects. For example,
in Canada the “Emergency Management Training Program” and the “Chemical,
Biological, Radiological, and Nuclear (CBRN) First Responder Training Program”
are prepared to be used for training qualified personnel who will be employed in
disaster preparedness activities.
•
Public awareness: In the context of disaster preparedness, public awareness
concerning disasters should be raised with a view to reducing the adverse affects
of disasters. Raising public awareness requires cooperation and coordination
between all of the authorized
institutions in this field, and the
private sector and NGOs. For this
purpose, disaster guidelines giving
In Australia “Emergency Action Guides” are
developed and each action guide offers clear
and concise information on how to be
prepared, what to do during a major hazard,
and what steps to take afterwards.
information and advice about the
actions to be taken pre, during disaster and post disaster are prepared –
Educational public awareness-raising programs are also organised.
•
Critical Infrastructure: This is a service, facility, or a group of services or facilities,
the loss of which will have severe adverse effects on the physical, social,
economic or environmental well-being or safety of the community6. The risks to
critical infrastructures have to be identified and managed in an appropriate way.
To reinforce the critical infrastructures by minimizing the risks affecting them, it is
vital that governments, local governments and especially the critical
infrastructure owners and private business managers should work in cooperation.
6
Critical Infrastructure Emergency Risk Management and Assurance Handbook, Australia 2004.
12
•
Measures: Operational plans should itemize measures to be taken during the
disaster management process, such as structural measures including the
reinforcement of existing buildings, the construction of disaster-resistant
India’s Specific Measures for Safety from Tsunamis







Tsunami Effects and Design Solutions
Specific Design Principles for Tsunamis
Know the Tsunami Risk at the site
Avoid new developments in Tsunami Run-up Areas
Site Planning Strategies to reduce Tsunami Risk
Tsunami Resistant Buildings – New Developments
Protection of existing buildings and infrastructure–Assessment, Retrofit, Protection
measures
 Special Precautions in locating and designing infrastructure and critical facilities
 Planning for Evacuation
buildings and the evacuation of residential areas before and/or during disasters.
5.10
Given the importance of disaster preparedness management planning, auditors
should pay special attention to them during audit work on disaster preparedness.
Examining similar plans at international level and making comparisons with them will
provide good benchmarks and will facilitate the work of SAIs.
Geographical Information System (GIS)7
5.11
In general terms, Geographic Information System (GIS) is applications which integrate,
store, analyze, manage and present data
that are linked to locations. They are used
in various areas, such as cartography,
remote sensing, land surveying, utility
management, navigation, geography, urban
planning and emergency management. Like
many disciplines, auditing can also benefit
from GIS technology. This is because GIS
technology enables users to create their
own
searches
and
analyze
spatial
GIS8 is an integrated collection of
computer software and data used to
view and manage information
connected with specific locations,
analyze spatial relationships, and
model
spatial
processes.
GIS
technology
integrates
common
database operations, such as query
and statistical analysis, with the
unique visualization and geographic
analysis benefits offered by maps.
information, edit data and maps, and present the results of all these operations. For
example, GIS might enable emergency planners to calculate emergency response
times easily in the event of a natural disaster.
5.12
The ability of leaders and administrators to make sound disaster management
decisions, to analyze risks and decide upon appropriate counter-measures can be
7
8
See annex 2 for examples
ESRI, Geographic Information Systems and Pandemic Influenza and Response, s.6.
13
greatly enhanced by the cross-sector integration of information9. GIS technology is
used to combine information on natural hazards, natural resources, population, and
infrastructure etc. easily, precisely and in a timely manner. This combination of
information can help to identify areas where further hazard evaluations are required,
areas where mitigation strategies should be prioritized and less hazard-prone areas
which are most suited to development activities10. Basically, GIS can;
•
improve the quality and analytical power of natural hazard assessments and risk
assessments;
•
guide development activities, assist planners in the selection of mitigation
measures and in the implementation of preparedness and response actions11;
5.13
All these characteristics make GIS one of the most important tools for effective
disaster management, development planning and decision making. It is also an
important tool for SAIs in carrying out performance audit studies on disaster
preparedness.
Risk Assessment-Prediction with GIS
5.14
GIS technology can also be used for natural hazard assessments to show where
hazardous natural phenomena are likely to occur. This combined with information on
natural resources, population, and infrastructure, can make it possible to assess the
risk posed by natural hazards and to identify critical elements in high-risk areas. This
information can then be used to design less vulnerable development activities and/or
mitigation strategies to lessen vulnerability to acceptable levels.12 Also, the auditors
can benefit from this information when assessing risk mitigation strategies and
activities.
5.15
In the audit work on disaster preparedness, it should be evaluated whether the GIS
will make the evaluation of risk assessments, risk analysis and vulnerability
assessments easier, and also on whether existing GIS elements are suitable for use in
the process of disaster preparedness or not. This is very important in terms of
efficiency and effectiveness.
Rego, Aloysius J, “National Disaster Management Information Systems & Networks: An Asian Overview”,
p.1.
10
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
9
11
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
12
14
Planning with a GIS
5.16
With a GIS, it is possible to analyze an almost unlimited number of factors associated
with historical events and present conditions, including present land use, presence of
infrastructure, etc. So planners can use the GIS to draw up specific mitigation
strategies for disaster prevention activities. At the national level, the GIS can be used
to provide general familiarization with the possible disaster area, providing a
reference for the overall hazard situation and helping to identify areas that need
further studies to assess the effect of natural hazards on natural resource
management and development potential13. For example, in Indonesia, GIS activities
aim to develop risk maps at national, provincial and district level. The national and
provincial-level maps are used to determine priority provinces and areas for disaster
management activities, planning and the installation of early warning systems,
whereas the district-level maps are used for district contingency planning. Under this
system, a number of modules on Forest Fires, Earthquakes/Tsunami, Volcanic
Eruption and Social Unrest have been developed for building a database system in an
internet mode 14.
5.17
When known hazards and potential sources of disasters are mapped, better decisions
and plans can be made. Exposure and vulnerability assessments need to complement
the hazard maps to create full risk analysis for informed decision-making. The role of
mapping has many aspects and influences the performance of systems in many
ways15:
•
It improves the ability of decision makers, planners, academics, researchers and
care professionals to organize and link thematic and spatial datasets;
•
It makes it possible to create relations between datasets that may seem unrelated
without using the geographical dimension. These links help in discovering and
creating new knowledge which can be translated into action or policies;
•
Mapping enables professionals to understand complex spatial relationships
visually, and as planning has an element of informed prediction, mapping can be a
powerful
5.18
tool
for
forecasting
and
trend
analysis.
Planning underlies the activities of disaster preparedness. Hence, the auditors should
examine all kinds of plans and the process of planning. For evaluating the plans, the
13
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
14
Rego Aloysius J, “National Disaster Management Information Systems & Networks: An Asian Overview”,
s.3.
15
Al-Shorbaji, Najeeb: “Use and potential of geographic information systems for health mapping in the
Eastern Mediterranean Region”, s.3.
15
GIS will help both the auditors and the planners. For more information on GIS see
ISSAI 55XX.
16
Part 2: Audit of disaster preparedness
6. Introduction
6.1 Many actors are involved in defining and implementing policies for disaster-preparedness,
not only the different parts and levels of governments, but also international
organizations, NGO’s, private sector bodies and academic experts. Disaster risk transcends
national boundaries, and so should policy-making in respect of disaster preparedness. This
calls for audits that take account of the complex environment surrounding disaster
preparedness, including the international dimension. This part of the guidance covers
issues SAIs should take into consideration when planning or conducting an audit of
disaster preparedness.
The experience of SAIs in the audit of disaster preparedness
6.2 The role of government varies according to the way in which countries are affected by
disasters. Different roles within countries determine government’s scope of action, the
tasks it has to fulfill and, as a consequence, the challenges faced by SAIs with regard to
their audit. The results of the survey conducted among INTOSAI members show that
about 57% of SAIs have experience of auditing disaster-related aid. In most cases this
experience arises from audits of post disaster activities. However, approximately 43% of
SAIs’ experience was in the disaster preparedness field covering both mitigation and
preparedness.
6.3 Many countries have moved towards implementing policies in support of disaster
preparedness and disaster risk reduction. As with any new policy SAIs are then confronted
with the question of how to do the audit. They need to acquire knowledge on the
17
implementation of the policies and where appropriate can play a significant role in
bringing new policies concerning disaster preparedness onto the agenda of countries and
in drawing their parliaments’ attention to the absence of policies. SAIs can provide
considerable assistance to their governments by auditing the implementation of disaster
preparedness policies and assessing whether the funds allocated for disaster
preparedness were used efficiently and effectively for the purposes intended. To help
them carry out these innovative tasks, SAIs require practical guidance illustrated with
examples drawn from exchanges of experience in audits of disaster preparedness.
7. Audit Mandate of SAIs
According to the results of the survey carried out by the AADA WG, most SAIs have a
mandate to audit government institutions. However, some SAIs do not have a mandate to
audit some government institutions. 40 % of SAIs replied that they can audit the funds
provided by foreign governments, by international financial institutions and by other
institutions/donors and a few that they have a mandate to audit NGOs and private
entities, especially foreign ones. However, the mandates of many SAIs do not extend to all
areas related to disaster preparedness.
7.1 The information available on expenditure on disaster preparedness is often not complete.
This is despite the fact that such information is required by stakeholders (government,
parliament and others financing disaster preparedness. In addition, stakeholders and civil
society need to know how prepared countries actually are for potential future disasters.
The lack of information stems in part from the existence of different bodies concerned
with implementation which have different audit arrangements. As a consequence no
single audit body has access to comprehensive and reliable information. One solution to
this may be for SAIs to conduct joint audits of disaster preparedness.
7.2 SAIs are well-placed to gain an overview of the structures involved in disaster
preparedness. The survey carried out by the AADA WG revealed, however, that
approximately 41 % of the SAIs did not have access to (all) relevant audit reports such as
those prepared by the governmental internal auditors, public accounting firms, the
provincial auditor general, the external audit function, the office of inspector general and
special governmental commission, etc. The survey also revealed that while some 59% of
the SAIs responding had right of access to audit reports prepared by other institutions,
many SAI mandates did not include access to all of the activities and organizations
involved in disaster preparedness.
18
ISSAI 1/10 states that SAIs should have access to information concerning the audit,
including internal and external audit reports, and that this should be enshrined in the
legal mandate of the SAI.
8. What challenges do SAIs face?
8.1 Many SAIs face serious constraints in meeting the requirements of their mandate
regarding disaster preparedness. These challenges relate to institutional, technical,
political, and communication issues:

Institutional challenges: when auditing new policies and activities related to disaster
preparedness SAIs need to consider acquiring different types of professional
expertise including predictive and forward planning skills.

Technical challenges: in the field of disaster preparedness, the increasing use of new
technologies (IT, GIS, GPS, remote sensing, etc.) and new approaches have generated
additional technical challenges for SAIs. The skills of auditors need to be
strengthened accordingly to allow them to use these systems and data sources to
evaluate disaster prediction, risk assessments, urban planning etc. and monitor the
progress of the implementation of national disaster plans.

Political challenges: SAIs may face political challenges when the interest shown by
governments and parliaments in the risks related to disaster is insufficient and low
priority is accorded to disaster preparedness. In such cases, SAIs should work to raise
the awareness of parliament regarding the importance of a disaster preparedness
policy. This may cause the SAI to broaden the scope of the audit to include the
examination of risk prediction and assessment.
19

Communication challenges: a further risk related to the political challenge is that of
poor communication between SAIs and their parliaments, governments, the media
and the public at large. The success of disaster preparedness depends on the
participation of society as a whole, including an understanding of the importance of
the resilience of nations and communities. The clarity of SAI reports is vital in this
respect, to ensure maximum impact.
Some of these obstacles can be overcome by forming and strengthening alliances
between SAIs, other audit institutions, parliaments and civil society.
9. Cooperation between SAIs
9.1The impact of many disasters is not limited to one country. The fact that disasters can
strike several countries at the same time highlights the importance of international
cooperation in disaster-preparedness. SAIs should also take the international dimension
into account, and should be prepared to cooperate with other SAIs in this area. Such
cooperation is needed in order to cover all aspects of disaster-preparedness.
9.2 By cooperating in the field of disaster preparedness, SAIs can perform comprehensive and
meaningful
enhance
their
audits
and
confidence
work,
in
contribute
towards creating public
awareness
and
the
improvement of activities
& programs, strengthen
political
interest
accountability,
common
share
in
uphold
criteria,
and
knowledge
both
domestically
and
worldwide. The “Guide for
cooperative
audit
• Parallel Audit: A decision is taken to carry out similar
audits. Methodology and audit approach would be
shared. The audit is conducted more or less
simultaneously by two or more autonomous auditing
bodies, but with a separate audit team from each body,
usually reporting only to its own governing body and
only on matters within its own mandate.
• Coordinated Audit: A coordinated audit is either a
joint audit with separate audit reports to the SAIs own
governing bodies or a parallel audit with a single audit
report in addition to the separate national reports.
• Joint Audit: Key decisions are shared. The audit is
conducted by one audit team composed of auditors
from two or more autonomous auditing bodies who
usually prepare a single joint audit report for
presentation to each respective governing body.
Source: INTOSAI - Capacity Building Committee - Sub Committee 2
Guide For Cooperative Audit Programs
programs between SAIs”16
can be taken as a framework and ISSAI 5140 “How SAIs may cooperate on the audit of
international environmental accords”17 can be used as a model. Against this background,
cooperation between two or more SAIs can be carried out in three forms: parallel,
coordinated and joint audits.
16
INTOSAI - Capacity Building Committee - Sub Committee 2
Guide For Cooperative Audit Programs. See also See
INTOSAI, How SAIs May Co-operate on the Audit of International Environmental Accords, 1998; INTOSAI,
Cooperation Between Supreme Audit Institutions - Tips and Examples for Cooperative Audits, 2007, Introduction.
17
ISSAI 5140: How SAIs may cooperate on the audit of international environmental accords.
20
10. Types of Audit
10.1When auditing disaster preparedness, the SAIs can perform all types of audit. Many SAIs
perform both financial and performance audits in the field of disaster preparedness. In
addition, a few SAIs perform mixed audits. The survey carried out by the AADA WG
showed 61% of disaster preparedness audits carried out by participating SAIs to have
been performance audits. In all cases, the basic principles of auditing and generally
accepted standards (general standards, field standards and reporting standards).apply.
10.2Financial audit coverage of disaster preparedness expenditure tends to take place as part
of annual financial audits of government departments/institutions. However, some SAIs
carry out separate financial audits of national disaster preparedness funds or as donors of
foreign aided projects. Many SAIs reach the conclusion, however, that to address specific
aspects of the activities of disaster preparedness management in a way that best meets
the needs of stakeholders, performance audits should be carried out. In general, carrying
out performance audits allows SAIs to get a better overview of the disaster preparedness
field, including the activities and organizations that may normally lie outside the SAIs’
mandate.
10.3The activities and expenditure related to disaster preparedness often extend over several
years and are carried out by different bodies. Financial audit is usually annual and may
cover the transactions of only one entity. As many activities in this field do not require
capital resources, and since many organizations are outside the SAIs’ jurisdiction, the
contribution of financial audit may add only limited value to the management of disaster
preparedness. Activities and funds extending over several years and the different
institutions that have responsibility in the disaster preparedness field, however, may well
be the subject of performance audit and financial audit undertaken concurrently. SAIs
21
should focus on the risks involved in disaster preparedness in order to decide which type
of audit to carry out.
10.4Audits of international agreements on disaster preparedness can also be either financial
or performance audits. Such audits are of great importance and can bring to light
inadequate implementation or the failure to apply agreements.
11. Principles for Auditing Disaster Preparedness
Audits of disaster-preparedness should aim to convince government and parliament to
adopt adequate disaster-preparedness measures.
11.1 In cases where disaster preparedness policies are a new concept for government in the
field of disaster management, or where there is lack of awareness of the need for disaster
preparedness measures, SAIs may seek to influence policy-making and help to promote
public awareness. The audit should be oriented towards the SAIs’ goal of raising the
interest and understanding by parliament of the issues. Where better disasterpreparedness requires international cooperation, SAIs should recommend that parliament
enacts appropriate laws or concludes international agreements to facilitate this.
Cooperation between SAIs should be developed in conformity with the INTOSAI
Guidelines and Standards.
11.2 Disaster preparedness activities in one country may be funded by another country. In
such cases the need for the SAIs of donor and recipient countries to collaborate to allow
their audits to cover all aspects of disaster preparedness takes on added importance.
Collaboration between SAIs of different countries is equally important when auditing
bilateral or multinational treaties on reducing disaster risks and/or promoting cooperation
on hazards which transcend national borders such as the establishment of early warning
systems. Both domestic and international cooperation and coordination are vital if SAIs
are to contribute to improving activities or strengthening accountability in the disaster
preparedness area. Such cooperation may range from a simple exchange of information,
which is already intrinsically beneficial, to much closer cooperation in the form of
coordinated or joint audits, allowing the exchange and sharing of audit experience and
results between SAIs. The latter scenario requires a common understanding of the audit
methodology to be applied and of the relevant audit criteria to be followed. To this end,
an agreement (for example, a memorandum of understanding or protocol) may be
established to define the scope, extent and form of the intended cooperation between
the relevant SAIs.
Joint audits among the SAIs of countries which are party to international agreements in
areas exposed to the risk of disasters may contribute towards good governance and
accountability in the field of disaster preparedness.
22
11.3 Disaster preparedness activities are usually financed from the national budget and are
therefore subject to audit by the SAI of the country concerned. Where additional
funding is provided by donors, the auditors of these donors will also become involved.
Where cooperation is necessary to tackle disaster risk factors SAIs may need to pay
attention to bilateral or multilateral agreements, or the absence thereof.
11.4 Despite possibly different objectives, SAIs should consider relying on the work of other
auditors. Alternatively SAIs may consider carrying out joint or parallel audits which allow
them to pool resources, share tools, learn from each other and possibly overcome issues
regarding the adequacy of individual SAIs’ audit mandates.
SAIs should foster relationships with other relevant audit bodies.
11.5 Many bodies may be responsible for auditing different aspects or phases of disaster
management. Examples of other audit bodies include public or private sector internal or
external auditors of central, state, regional or local government or auditors of specific
agencies. SAIs should be clear on who audits what and on what is the relationship
between themselves and these auditors. Constructive cooperation at all levels should
be fostered between SIAs and other auditors.
12. Assessment of Audit Environment
12.1 The audit of disaster preparedness should start with an assessment of the audit
environment on which the decision as to what type of audit should be performed and
what is to be its scope is based. Auditors should first evaluate the appropriateness and
quality of the risk assessment carried out by the government agency responsible for
developing disaster plans. The starting point should be a sound event analysis. Next, the
preparedness activities, including prevention and mitigation should be examined, and
the adequacy of early warning systems and disaster prediction assessed. Figure 1 shows
the different activities of disaster preparedness. These do not follow chronological steps
or fall into mutually exclusive phases.
23
Figure 1: Disaster Preparedness
Preparedness
Early warning
&Prediction
 Organisation
 Finance planning
 Deployment planning
 Early warning systems
 Information about
hazards&risks
Hazard
Vulnerability
Risk
Assessment
Exposure
Prevention/
Mitigation




Land use planning
Technical measures
Biological measures
Making cities resilient
etc.
12.2 The type and source of data/information required should be detailed in the audit
program.
 For assessing the risks relating to disasters the following information should be
sought:
 where will natural events take place?
 how vulnerable are people who live there/how vulnerable is the critical
infrastructure in that area?
 what is the chance of an earthquake with epicentre X and strength Y / that a
volcano will erupt with certain strength / that a cyclone with force Z will hit a
certain location, etc?
 To assess the risks associated with the operational management/ implementation of
disaster management, the following information should be sought:
 who should be responsible for what?
 who should cooperate with whom?
 what information is needed to plan and coordinate? etc.
24
The complexity of assessing the quality of risk assessment makes the evaluation difficult:
When is it good or good enough? What is sufficient? Sharing of experience between SAIs
can help to find answers to some of these questions by referring to examples from
previous SAI audits.
12.3 In assessing the audit environment, auditors should try to obtain knowledge regarding
the following issues:
•
The organizational structure and main activities which ensure that the systems,
procedures and resources fulfill the disaster preparedness requirements. This covers
the preparedness of communities to help themselves in the event of a disaster
including training, awareness raising, establishment of disaster plans, evacuation
plans, pre-positioning of stocks, early warning mechanisms and strengthening local
knowledge. Auditors also need to establish the arrangements for financial
preparedness to minimize the macro-economic or budgetary impact of a disaster
(budgetary provisions, contingency financing, stand-by agreements, risk insurance).
•
The preventive measures to be taken before a disaster occurrence with a view to
reducing or eliminating the impact on society and the environment if and when it
does occur. This includes reducing the physical vulnerability of existing
infrastructures or vulnerable sites which may directly endanger the population, e.g.
retrofitting of buildings and reinforcing lifeline infrastructure.
•
The identification of prevention activities conceived to ensure permanent protection
against a disaster, including engineering, physical protection measures, legislative
measures for the control of land use and codes of construction. These activities
reduce the physical vulnerability and/or exposure to risks through infrastructure.
13. Planning and carrying out an audit
13.1In line with the INTOSAI Auditing Standards (AS 3.1.1), the auditor should plan the audit in
a manner which ensures that a high quality audit is carried out in an economic, efficient
and effective way and in a timely manner. Careful advance planning will reduce the risk of
problems arising at a later stage of the audit. Before starting the audit, it is important to
define the audit objectives, the scope, and the methodology to achieve the objectives.18
13.2After obtaining enough background information and knowledge about the audit
environment, the auditor should specify the risks with regard to economy, efficiency, and
effectiveness (the 3Es) in broad terms. Depending on disaster types and their probability
and the risk impact, the management risks in terms of the 3Es will arise in different areas.
INTOSAI Implementing Guidelines for Performance Auditing, Part 3 p. 3.3 July 2004. “What does
planning of individual performance audits involve?”
18
25
Inadequate organization, planning, monitoring, control, coordination, lack of a sound
disaster management information system, etc. are the main risks to the 3Es in this field.
Their relative importance depends on the type of disaster. Examining the risks allows the
auditors to identify control weaknesses and high risk areas regarding disaster
preparedness within disaster management.
13.3As Figure 2 shows, there is a strong correlation between the risks to the 3Es and audit
criteria and recommendations. For this reason, identifying the risks to the 3Es at the
outset is very important for designing a successful performance audit of disaster
preparedness. Audit criteria show “what should be”. The area for which the criteria
should be set can be determined once the risks to the 3Es have been identified and
recommendations can then be produced to address areas in need of improvement. (See
paragraphs 3.17 and 3.18 for further discussion of audit criteria.)
Figure 2: Correlation between risks/criteria/recommendations
Audit Approach/Scope
13.4According to the INTOSAI Auditing Standard, performance auditors must be free to
examine all government activities from different perspectives (AS 4.0.4, 4.0.21-23 and
2.2.16). The INTOSAI Implementation Guidelines for Performance Auditing (ISSAI 3000/
26
1.8) point out that performance auditing is normally based on an overall owner
perspective, that is, a top-down perspective. It concentrates mainly on the requirements,
intentions, objectives and expectations of the legislature and central government.
However, the possibility of adding a ‘client-oriented perspective’ is also emphasised. The
audit mission may thus be interpreted as a way for SAIs to focus on problems of real
significance to the people and the community.
13.5The 21st UN/INTOSAI Symposium (2011) focused on the theme of “Effective practices of
cooperation between SAIs and citizens to enhance public accountability”. The symposium
concluded that SAIs should be responsive to the needs and concerns of citizens and help
to build public confidence. Both the INTOSAI Standard and Guidelines and the
recommendations and conclusions of 21st UN/INTOSAI Symposium support the notion
that SAIs should interpret and reconsider the audit mission in the field of disaster
preparedness from the perspective of enhancing public accountability. From this point of
view, SAIs, in auditing disaster preparedness, should focus on the interests of the public
and approach the issues from a bottom-up perspective. The use of a performance audit
approach to the audit of disaster preparedness facilitates this.
13.6Practice shows that different SAIs employ different approaches to auditing disasterpreparedness. For example, Turkey used a risk-based audit approach in a performance
audit of disaster preparedness entitled “How well is Istanbul getting prepared for the
earthquake?” During their enquiries, the auditors tried in particular to detect problems
and drawbacks in implementation. This audit approach helped the auditors determine the
most risky activities and areas. In a different example, from Kenya, financial audits used a
systems based approach to establish the effectiveness of internal controls in an audit of
the financial statements drawn up for the funds allocated for disaster management. The
reports on the financial statements gave opinions as to the fairness and truth of the
financial statements.
13.7As seen in these examples, the auditor should first identify the risks and then determine
an appropriate type of audit and audit approach according to these risks.
Audit Objectives
13.8The most important step in designing the audit is to establish the specific issues to be
studied and the audit objectives to be pursued. The way in which the audit objectives are
determined varies depending on the type of audit to be carried out. In financial audits, the
audit objectives are generally defined by legislation and SAIs audit the government
institutions/departments annually. These audits cover a review of the accounts and the
underlying transactions, including disaster-related expenditure. Financial audits are
conducted to ascertain whether funds have been disbursed properly and to assess the
legality and regularity of expenditure. An example of a financial audit objective might be
27
to examine the management of the funds earmarked from the State Budget for protection
against floods.
13.9In performance auditing, however, the audit objectives set depend on the disaster
preparedness issues that are being focused on. In determining their objectives, the
auditors must take into account the roles and responsibilities of the SAIs within the
management of disaster preparedness and the expected impact of the audit in this field.
There are a great number of interrelated activities in the area of disaster preparedness
with a large number of actors performing work in separate fields. Audits should be
designed to take account of the complex and possibly unstable environment of disaster
preparedness and an appropriate audit scope set accordingly.
13.10 Within the audit scope, the auditors should set the audit objectives. Disaster
preparedness contains a range of precautions taken against future disaster. These
precautions are based on different possible scenarios which form part of the National
Disaster Plans and/or the sub-plans and should form the basis for setting the audit
objectives.
13.11 Some examples of audit objectives for performance auditing are given below19:
•
To evaluate the distribution and use of resources from the disaster fund; decisionmaking approaches, division of functions and coordination between federal,
regional and local authorities. (Preparedness-Mitigation/Austria)
•
To determine whether Public Safety Canada can demonstrate that it has exercised
leadership by coordinating emergency management activities, including critical
infrastructure protection in Canada and to determine whether Public Safety
Canada, along with federal departments and agencies, can demonstrate progress
in enhancing the response to and recovery from emergencies in a coordinated
manner. (Preparedness-response/ Canada)
•
To assess the effectiveness and operating efficiencies of recently established
“National Disaster Management Support System” (NDMSS) to provide an
independent verification of the reliability of the information contained in the
NDMSS and to examine the stock management of relief goods and materials.
(Preparedness/Korea)
•
To determine factors affecting the efficient distribution of food relief aid.
(Mitigation/Lesotho)
19
Compiled from SAIs which participated in the survey and parallel/coordinated audit
28
•
To audit whether the Minister of Home Affairs has fulfilled his responsibility for
the
organization
of
disaster
management
in
the
Netherlands.
(Preparedness/Netherlands)
•
To specify the risks faced during the short and medium-term preparatory work to
minimize the damage caused by a possible Istanbul earthquake and to identify
the measures to be taken. (Preparedness/Turkey)
•
To determine whether the resources donated reached the intended beneficiaries
and to determine their impact in mitigating the effects of the famine. (Kenya)
Audit Methodology
13.12 Audit methodology is the set of techniques developed for data collection and analyses.
According to the INTOSAI Auditing Standards to support the auditor’s judgment and
conclusion regarding the activities under audit, competent, relevant and reasonable
evidence should be obtained.20
13.13 In financial audits, evidence is based on the transactions, financial statements, project
implementation reports, physical verification, independent technical assessment,
compliance with tender/procurement procedures, etc. The auditor focuses on the
following:
 Reviews of internal controls and procedures,
 Reviews of documents (disbursement and receipt of donations) and records
in the accounts,
 Tests of accounting records,
 The validation of beneficiaries on a sampling basis.
13.14 Evidence in performance auditing may include the above or may be different. It should
above all be persuasive and should be obtained by the collection and analysis of data,
information and knowledge from appropriate sources.
13.15 Some of the methods used for collecting and analyzing data in performance auditing are:
•
File examination. Auditors should gather and analyze relevant guidance,
protocols, legislation, disaster planning documents and post-event reports at all
levels of government, especially those of the bodies responsible for disaster
management. For example, for Turkey’s audit study concerning earthquake
preparedness, building development planning, application works, ground
condition reports and the documents related to the reinforcement activities of
Istanbul Metropolitan Municipality and district municipalities were scrutinized on
site.
20
See INTOSAI Auditing Standards p. 3.5.1
29
•
Site Visit. Auditors may make site visits to observe and evaluate the work of
relevant institutions included in the audit scope and interview key local
individuals. This is the most effective method for auditors to observe what
happens during inspections of storage and transportation facilities.
•
Interview. Auditors may envisage direct interviews with individuals designated to
play a key role in minimizing risks in the event of a disaster. These include the
authorized personnel of disaster management institutions, heads and staff of
service groups and relevant professionals taking part in disaster plans. Examples
of service groups include transportation, communication, rescue and debris
removal, first aid and health service groups. Interviewing is an important tool for
assessing coordination and collaboration between levels of government, and the
contribution of the different parties concerned. Interviews with scientists and
NGOs and other bodies, such us the Red cross/Red crescent, the Chamber of City
and Regional Planners, local or municipal governments, etc., known to have
contributed in minimizing disaster risks, can also help auditors formulate audit
criteria and obtain audit findings.
•
Surveys/Questionnaire. Auditors may employ the use of surveys for evaluating the
activities of community preparedness and training and to collect similar data from
a large number of different institutions, such as ministries, municipalities, fire
brigades and provinces. Surveys can also help the auditor evaluate public
awareness to disaster preparedness.
•
Literature Review. Reviewing articles, studies, other audits reports and
evaluations concerning disaster preparedness will help in:
 understanding the overall control environment for disaster preparedness,
 specifying different needs for and approaches to disaster preparedness,
 formulating audit criteria,
 developing recommendations.
•
Assessment of the adequacy of management tools. Carrying out activities related
to disaster preparedness depends on the adequacy of management tools such as
disaster plans, Geographic Information Systems (GIS), Remote Sensing (RS), the
Global Position System (GPS), disaster information systems and other relevant
software. The disaster plans should therefore be analyzed and the adequacy of
these systems should be assessed.
•
Risk assessments, including hazard maps, disaster loss databases, vulnerability
assessments and exposure calculations. Disaster preparedness measures are
implemented on the basis of risk assessments and scenarios. For that reason, risk
analyses should be evaluated in performance audit studies.
30
•
Observation and case studies. Observation and case studies are suitable tools for
evaluating the drills and the training and education of professionals who are
involved in disaster preparedness activities.
•
Sampling. Since it is rarely feasible to test the whole of the disaster preparedness
audit area, sampling methods should be used. GIS and/or other similar tools help
the auditor to select samples.
13.16 The data obtained needs to be reliable, accurate and up-to-date. Data and
information must be obtained from many different organizations, and auditors should
therefore carefully collect, cross-check and analyze the evidence, as well as
establishing their own database containing reliable and accurate data and updating it
during the study. Geographical Information Systems (GIS) could be used to
complement such a database.
Audit Criteria
13.17 Audit criteria give direction to the assessment and help auditors to determine
whether the activities/programs meet expectations or not. In financial audits, criteria
are laid down in the laws on financial management and the legislation establishing
the audit body. In performance audits, audit criteria are generally formulated by the
auditor. Thus, in performance auditing, the general concepts of economy, efficiency,
and effectiveness need to be interpreted according to the subject. For this reason,
criteria will vary from one audit to another.21
13.18 In performance audits of disaster preparedness, auditors should specify audit criteria
in accordance with the issues selected for audit. The general concepts of
performance, economy, efficiency and effectiveness should be turned into specific
criteria relating to disaster preparedness activities. Otherwise, the criteria will not
provide direction to the audit study and might be vague. (See Annex 6 of the guideline
for examples of audit criteria).
Audit Findings and Recommendations
13.19 Audit findings should be supported by evidence gathered by the auditor and should
satisfy the audit objectives, provide answers to audit questions and meet the audit
criteria. They show the current situation, i.e. “what is”. The audit program in Part III is
designed to help auditors to establish audit findings.
13.20 The auditor should develop audit conclusions and recommendations by carefully
analyzing the causes and effects of the findings. As mentioned in paragraph13.3,
there is a strong correlation between the risks in terms of the 3Es and audit criteria
and recommendations. When producing recommendations, auditors should bear this
21
INTOSAI Implementation Guidelines for Performance Auditing, July 2004,p.52
31
in mind and propose reasonable solutions to areas in which weaknesses and risks to
the 3Es are identified. (See Annex 7 of the guideline for examples of audit
recommendations).
32
Part 3: Audit of disaster preparedness
14. Audit Program
14.1
The audit of disaster preparedness should be based on a sound audit program
focused on understanding the operational environment of disaster preparedness. This
includes the organizational structure and resources of all the relevant authorities, as
well as the overall audit environment. The aim is to design a sound audit study and
prepare a reliable audit report with a high impact. The audit program which follows is
based on an assessment of SAIs’ audit reports, the disaster management plans of
various countries and the results of the survey which was prepared by the AADA WG.
defines terms, presents different approaches illustrated by examples from SAIs
around the globe and contains best practice criteria on individual topics (still under
preparation) derived from the experience of SAIs and the parallel audit on disaster
preparedness conducted by the AADA WG.
14.2
The audit program covers many issues and should be adapted and expanded upon
according to which areas require particular attention and taking into account the
conditions in the country being audited the specific tasks established by their SAI and
the particularities of the disaster. SAIs should use the questions and criteria which
are relevant and appropriate to their audits on disaster preparedness.
14.3
There are two parts to this audit program which address the activities of disaster
preparedness: preparedness actions including prevention and mitigation and
activities aimed at making urban areas resilient and reducing urban risk. Preparedness
activities are best considered at national and international level whereas activities
involved in making cities resilient are better handled at local/city level. The audit
program consists of eight parts:
•
Identification of the characteristics of the disaster;
•
Specifying and understanding the national strategy and action plans;
•
Identification of the framework and organization of the authorities involved;
•
Assessment of the adequacy of coordination;
•
Assessment of disaster management tools and early warning systems;
•
Assessment of emergency exercises and training and communication/creating
public awareness;
•
Assessment of disaster funds and grants administration/resources;
•
Assessment of the adequacy of the activities for making urban areas resilient ;
33
Identification of the characteristics of the disaster
14.4
Specifying disaster types and the probability with which they are expected to occur
should be the first step in auditing disaster preparedness. Government approaches
and policy preparedness activities depend on this calculation. The government
approach to the potential disaster will determine the scope of the audit. These are
factors which should be taken into account when designing and undertaking an audit
of preparedness activities.
14.5
The auditor should first have knowledge of the following issues:

What types of disaster may occur in the country?

What is the probability of each type of disaster?

Does the government (specific agency) prepare risk assessments, taking into
account, among others, the following aspects:
 natural, human, indirect hazards;
 specific vulnerabilities;
 specific geographic locations;
 disaster management capacities.

Are there (up-to-date) hazard maps and/or hazard analyses?

What is the extent to which communities, structures, services and geographic
areas are likely to be damaged or disrupted by the impact of a particular hazard,
on account of their nature, construction and proximity to hazardous terrain or a
disaster prone area (physical & socio economic vulnerabilities)?

What are the possible combinations of types of disasters?

What could be the average annual and probable maximum extent of loss or
damage?

What is the government’s approach to prepare for such disasters?

What is the recent experience of major disasters? What were the government’s
responses? What lessons have been learned?

What was the worst disaster experienced by the country and how much was the
damage?

…………………………………………………………………………………………………………………………..
(Please add your own questions)
Specifying and understanding the national strategy and action plans
14.6
For the auditor, the national disaster plan (or a substitute tool) is one of the most
important tools in the evaluation of disaster preparedness. The national disaster
plan/substitute tool, which is prepared by the authority responsible for disaster
34
management, along with event-specific and departmental plans, will guide the central
government response to disasters. It should outline the processes and mechanisms to
facilitate an integrated government response to a disaster. It should address specific
threats, the response to international emergencies, and the National Emergency
Response System which outlines a harmonized federal and provincial/territorial
response to disaster. With a good national disaster plan, the auditor can specify and
examine all activities related to disaster preparedness as a whole.
14.7
Comparison between the national disaster plan and those of other countries exposed
to similar disasters will help the auditor to evaluate the adequacy of disaster
preparedness. Moreover, national disaster plans will be a good source for determining
audit criteria because they identify what to do and to expect. In order to understand
the government’s approach to disaster preparedness, the auditor should also examine
whether any consistency and can be identified between the disaster plans in various
regions and the national disaster plan.
14.8
To understand the government’s approach to disaster preparedness, the auditor
should carefully examine the national disaster plan and/or substitute tools and
assess its aims and targets:

Is there a legal framework for disaster management, including disaster
preparedness/risk reduction?

Has the State signed any bilateral or multilateral treaties or agreements on
reducing disaster risks and/or promoting cooperation against the threat of
hazardous events?

Has a national disaster plan been prepared or are there any substitutes for a
national disaster plan?

Do the disaster plans/substitute tools cover the international treaty/agreement
obligations?

Are the disaster plans/substitute tools updated regularly?

Are there procedures for systematically reviewing plans/substitute tools for
timeliness, completeness, consistency with existing guidelines and overall
usefulness?

What are the reviewing entities? Are they independent third parties with
objective views?

Which events/situations are accepted as disasters in the national disaster plan, or
the substitute tools?

Have the national disaster plans/substitute tools been designed on the basis of
analyses like disaster risk maps, risk assessments, etc.?

To what extent do the disaster plans have priority over other legislation? (e.g.
limitations of ownership or property rights in case of emergency.)
35

Do these plans/substitute tools provide a good basis for timely, clear and
organized action – including when and who will perform such action during an
emergency or disaster?

Within the disaster plans/substitute tools, how are the roles and responsibilities
defined and allocated to each unit responsible?

Are NGOs/POs (Red Cross, international organizations) involved in the design of
the National Disaster Plan?

Is there a contingency plan for external collaboration mechanisms in an
emergency situation?
 Formal structures?
 Collaboration at international, national, regional and local level?

Which body is responsible for coordinating disaster planning?

What are the main activities for disaster preparedness within the plans/substitute
tools? Do they cover all necessary activities?

Are disaster preparedness planning efforts consistent and adequate? (General
preparedness plans as well as hazard-specific plans.)

Are there realistic options to counter threats, decrease vulnerabilities or mitigate
consequences?

Do the disaster plans promote regular disaster preparedness exercises, including
evacuation drills, with a view to ensuring rapid and effective disaster response
and access to essential food and non-food relief supplies, as appropriate to local
needs?

Do they provide for a review and amendment of the existing zoning regulations,
building codes and bylaws (including a review of enforcement mechanisms for the
bylaws etc) and the creation of an awareness among building experts that this
might be necessary?

Do they adopt preventive maintenance policies and action towards earthquake
safety in hospitals and key public institutions?

Is the critical infrastructure determined on a national scale within the scope of
disaster plans/substitute tools?

Are specific measures designed, or taken, to protect critical infrastructure?

Have the goals, objectives and strategies set out in the disaster plan been
integrated into the annual budget process (emergency operations and grant
application processes)?

Is the National Disaster Plan allocated with a sufficient government budget to
carry out the plan?

Is the National Disaster Plan properly disseminated to all units of government?
36

Is the public allowed access to the plans? If so, what methods are used to
disseminate them?

Is the public informed about what actions it can take to prepare for a possible
disaster, and what actions to take in case of a disaster?

What kinds of action plans and alternative plans are prepared?

Are the sub-plans (action plans etc.) prepared in accordance with the national
plan/ substitute tools?

Are all units of government such as regional, provincial, city and municipal levels
required to prepare their own Disaster Plan based on the National Disaster Plan?

Is consistency and harmonization ensured between the disaster plans in various
regions and the national disaster plan?

Are disaster preparedness plans and policies at all levels prepared or reviewed
and periodically updated with a particular focus on the most vulnerable areas and
groups?

…………………………………………………………………………………………………………(Please
add
your own questions)
Identification of the framework and organization of the authorities involved
14.9
As stated before, there are many institutions and agencies in this field. Coordination
among them can assist the completion of the interrelated activities without
duplication and in a timely manner. For this reason, the auditor should have a
comprehensive knowledge of the legal framework and organizational structure, which
includes entities that are both within and outside the SAIs’ jurisdiction. Establishing
their roles, responsibilities and how to ensure cooperation among them will help the
auditor assess where and how to collect data, who is responsible for what actions, etc.
Additionally, it is beneficial to answer questions like “is there a sufficient legal
framework? are the activities well-coordinated? what is the governance structure
like”. (See Annex 3 for an example.) The disaster preparedness auditor should also
focus on how coordination and concerted action can be achieved by the various bodies
involved in disaster preparedness.
14.10 In order to design a sound audit of disaster preparedness and understand the
organization, the auditor should look at the following points:

What are the applicable laws/directives/national/local initiatives in this respect?

Which body has the main responsibility for disaster preparedness?

Which bodies are related to disaster preparedness at each level? (evaluate the
organization structure as a whole)

Are the organizational structures and systems well defined and designed to
facilitate successful disaster preparedness activities?
37

Are the relevant functions of these bodies formulated clearly and sufficiently?

Are authority and responsibility clearly assigned?

Is there a reliable and effective internal control for the activities of disaster
preparedness?

Is there an existing communication system that will effectively provide timely
information to each level of government with regard to disaster preparedness?

Does the main body responsible have capable and sufficient human resources?

What are the staffing profiles? Is the staffing appropriate in order to coordinate
and carry out disaster preparedness activities?

Are there any specific plans to ensure that the government can continue
operating even in case of a disaster?

Does the main body responsible have a complete and detailed overview of the
resources allocated to disaster preparedness activities?

Is there a Quick Response Team to respond to disasters as they occur?

In which areas within the disaster preparedness process do non-government and
other organizations act?

Could the main body responsible provide the facilities and support necessary for
the activities of the non-government bodies?

Has a monitoring mechanism been established with a view to monitoring extrabudgetary funds and the activities of non-government bodies?

What lessons have been learned from previous experiences of disasters in view of
the position and authority of the relevant organizations? Have these lessons been
properly reflected in such areas as the reorganization and strengthening of
authorities?

…………………………………………………………………………………………………………………...
(Please add your own questions)
Assessment of the adequacy of coordination
14.11 Recent events, such as Katrina, the tsunami and earthquakes in Pakistan and Haiti,
have shown that the management of large-scale disasters is a matter that concerns
not only the government, but also other stakeholders including businesses and
individuals exposed to disaster risks. Therefore, the evaluation of coordination
between all stakeholders is increasingly important. In fact, coordination should
encompass intergovernmental bodies and regional organizations as well as national
bodies and institutions, and non-governmental organizations at the national and
international level.
38
14.12 The national disaster legislation and the national disaster plan are the main tools for
evaluating coordination, along with event-specific and departmental plans.
Additionally, the auditor should pay special attention to the activities of the main
authority responsible for coordination and examine its management system and
governance structure.
14.13 To assess the adequacy of coordination with bodies at regional, national and
international level, the auditor should examine the following issues:

Has a coordination mechanism been established that should function in case of a
disaster?

Are all relevant participants identified and included in this coordination
mechanism (national/regional/local level and the main contact point for external
bodies)?

Has the expected level of coordination between and among the agencies
concerned been achieved during the occurrence of recent disasters (if any)?

Is there a monitoring mechanism to provide information to help ensure
cooperation, as appropriate, with different bodies at the regional, national and
international levels?

Does the existing coordination foster collaboration in order to avoid the
duplication and overlap of activities in the field, to make the most efficient use of
resources and to raise awareness of the risk of disaster?

Are different forms of cooperation for disaster preparedness activities, such as
technical assistance, consultancy, equipment and supplies, etc. specified in
accordance with the nature, role and work of different participants in this field?

What alternative means of communication are ready, such as telephones, radios
and the internet? Are there multiple options in case of a disaster?

…………………………………………………………………………………………………………………………..
(Please add your own questions)
Assessment of disaster management tools and early warning systems
14.14 Geo-science technologies are in widespread use for disaster preparedness. Geographic
Information System GIS is a tool that can be used in all types of disaster to collect
various types of data. GIS is structured in different ways from country to country
according to the disaster risks faced. For example, to understand the full short and
long-term implications of floods and plan accordingly, an analysis needs to be made of
combined data on “meteorology, topography, soil characteristics, vegetation,
hydrology, settlements, infrastructure, transportation, population, socioeconomics
39
and material resources”22. These aspects, which vary in the field of disaster
management, are easily processed with the help of a GIS and can be used for risk
analysis and the planning.
14.15 GIS, and other instruments such as Remote Sensing (RS) and the Global Positioning
System (GPS), are mostly used by planners. Before deciding to acquire or use a system,
planners need to make a meticulous evaluation of their needs. This must include a
definition of how their planning activities and decisions will be assisted by using a GIS.
Specific objectives and applications of the GIS should be established and planners need
to assess carefully if the quantities of spatial calculations and analyses to be
performed justify automating the process. Therefore, the auditor must scrutinize the
GIS and planning process well in order to audit disaster preparedness.
14.16 Effective use of GIS and other instruments in disaster preparedness will depend on the
reliability, accuracy and adequacy of data and the elements of these systems. At the
same time, the benefit to be had from the data gathered by using a GIS effectively is
closely related to the extent to which these data have contributed to the planning
process. The hazard maps, zone maps and risk assessments which are obtained by
using a GIS should be submitted to decision-makers at the appropriate level and on
time and these data should also be used in the planning process. In this context, the
auditors should determine whether there is a mechanism that transfers the technical
data produced at this stage to the planning process.
14.17 Additionally, the GIS will increase communication and improve cooperation among the
users of the information. GIS is an important tool for the auditor to evaluate the
adequacy of communication among the relevant bodies. In performance audits of
disaster preparedness, the adequacy of the disaster management information system
and especially the GIS have to be evaluated carefully.
14.18 Special attention should be paid to tools such as GIS from a different point of view.
Duplication and lack of coordination among relevant entities in introducing new IT
equipment are common problems. This is the same in the area of disaster
preparedness. GIS could easily be another area of duplicate investment if they are
developed separately by different stakeholders. According to the survey, the utilization
level of the NDMSS “National Disaster Management Support System” was much lower
than expected, but it was very difficult to conclude that it was an overinvestment.
14.19 In order to evaluate the adequacy of management tools used to accomplish the
goals for disaster preparedness, the auditor should assess the following:
Rego, Aloysius J: “National Disaster Management Information Systems & Networks: An Asian
Overview”, s.1.
22
40

Does the country have early warning mechanisms to predict calamities that may
hit the country come during a certain period?

Are assessments of hazard risk, vulnerability and disaster risk, at national and subnational levels, undertaken on a regular basis?

Is the conduct of risk and vulnerability assessment activities properly documented
for reference and audit purposes?

Are cost-benefit analyses of a range of disaster risk reduction measures
performed on a regular basis and are they a requirement for public investment
planning?

Is a monitoring system in place to determine the extent of loss or damage
following a disaster?

Is there an up-to-date disaster management information system?

Is the existing disaster management information system suitable for analyzing
risks and planning efforts to reduce the risk and/or mitigate the impact of
disasters?

Does the management information system contain enough information on
hazards and risks to determine, at the local level, who is exposed and who is
vulnerable?

Has the main authority developed effective and appropriate instruments to guide
the local authorities in making the risk assessment in their own areas in
accordance with the national strategy and policies?

Is an appropriate geographical information system used? For what purpose?

Does the main agency responsible regularly review its disaster management tools
and measures on their efficiency and effectiveness? When is this assessment
done?

Are the results of this assessment used for decision-making and the improvement
of future disaster management initiatives?

The questions below will help the auditor (as well as the planners) assess the
needs for and use of a GIS in disaster preparedness:23
 What planning decisions need to be made?
 Which decisions involve the use of mapped information and information
appropriate for map display?
 What information cannot be managed efficiently with manual techniques?
 What information management activities can be supported by the proposed
GIS?
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
23
41
 What types of decisions can be supported with a GIS?
 Is the GIS principally appropriate for analysis? Is quality cartographic output
needed?
 To what extent will a GIS help achieve the desired objectives?

To assess the suitability of the GIS, the following questions can help the auditor:
 Are its capabilities compatible with the needs of the new users?
 Is the in-house technical expertise capable of serving the new users?
 What are the institutional arrangements that would enable the appropriate
use of this GIS?

In order to evaluate the sustainability of the GIS, the following questions can help
the auditor:
 Who will be the users of the information generated with the GIS?
 In terms of information, time, and training needs, what is required to obtain
the desired results? Can these requirements be fulfilled?
 Is there sufficient budget and staff support?
 What agencies are participating in similar projects?
 To what extent would a GIS help to attract the interest of other agencies and
facilitate cooperation?

Are hazard maps prepared taking into consideration the existing environmental
plans, land use planning and building development schemes, etc.?

Are there any special tools intended to mitigate disaster risks and impacts?

Are there any standby arrangements for purchasing, receiving, storing,
distributing disaster relief supplies?

………………………………………………………………………………………………………………………
(Please add your own questions)
Assessment of emergency exercises and training/public awareness
14.20 Large-scale disasters which have occurred in recent years have fostered better
understanding and improved relationships between national and international actors
in the field of disaster preparedness. They have also encouraged a degree of
participation and awareness-raising, both of which are important for bringing about
changes in policy.
14.21 However, there is no clear evidence that enhanced public awareness translates into
public action and greater accountability. It seems that public awareness creation is
not generally part of strategic national efforts; it is rather the result of single projects.
Large shares of national and international funds, especially for exercises, training and
community preparedness, are used by bodies like NGOs. Therefore, the possibility of
duplication in these activities is particularly high. To give all stakeholders assurance,
42
the auditor should carefully examine all training activities and public awareness
campaigns. Also, it should be assessed whether or not the organizations and
individuals have, through training, gained the necessary knowledge and skills to
effectively respond to and quickly recover from various types of disaster. In these
areas, the SAIs should pay special attention to promoting public accountability.
14.22 To assess the planning and implementation of emergency exercises, training and
community preparedness, the auditor should try to answer the following:

Is the government promoting public awareness and education and strengthening
community participation in the area of disaster preparedness?

Are there plans for disaster preparedness training for the public and/or public
education campaigns in order to raise public awareness? Are these executed
according to plan?

Are education programs and training on disaster preparedness planned and
realized in schools and local communities?

Have training requirements and effective training plans been established and are
they being updated as appropriate?

Do programs provide organizations and individuals with the necessary knowledge
and skills to respond effectively and quickly recover from various types of
disaster?

At the local level, have more practical matters such as evacuation areas/ routes
and possible shelters been considered, disseminated and reflected in the disaster
drills?

Is there an overall government agency in charge of developing and conducting
emergency exercises and training?

Are local drills and simulation exercises conducted at all levels of government?

Are training/emergency exercises at the national and local levels, including at the
town level, implemented and/or supervised by an authorized body/agency?

Is it ensured that training functions and activities are not unnecessarily duplicated
or overlapping?

Is there any specific program for training/emergency exercises for particularly
vulnerable people (Patients in hospitals, students in schools, employees in
government/private sectors housed in tall buildings/dilapidated buildings, people
living in low-lying areas or near river banks)?

Are various local departments (fire dept., police hospitals), community-based
organizations, the Red Cross/Red Crescent, the media and local businesses
involved in the training/emergency exercises?
43

Has the government been involved in capacity building by sending officials to
other more developed countries for purposes of learning the most effective
emergency exercises during disasters?

………………………………………………………………………………………………………………………….
(Please add your own questions)
Assessment of disaster funds and grants administration
14.23 The social and economic costs of disasters vary widely and are difficult to estimate on
a global basis. The most expensive disasters in purely financial and economic terms
are floods, earthquakes and windstorms. Precautions taken before the disasters will
decrease the devastation and economic impact. Less developed countries with limited
economic diversity and poor infrastructure mostly need external funds when preparing
for a disaster. Conversely, in developed economies, governments, communities and
individuals have greater capacities to cope. However, disasters will adversely affect all
economies and societies whether in developed or developing countries. Therefore, the
national and external funds allocated to disaster preparedness should be used in an
economic, efficient and effective manner.
14.24 For this reason international policies concerning disaster management have moved
towards more emphasis on disaster preparedness. Financial procedures established in
accordance with previous policies that allocated large resources to post-disaster relief
and reconstruction activities need to be redefined in accordance with these changing
policies. The auditor should pay special attention to whether the financial process has
been redefined in parallel with the new policy.
14.25 In order to contribute towards improved economy, efficiency and effectiveness in this
area, the auditor should carefully examine the costs of all projects/investments. In this
connection he/she should look into whether:
 a national disaster plan and sub-plans taking into account realistic cost estimates
need to be prepared.
 the projects to be implemented within the scope of the plans need to be
determined by means such as cost-benefit analyses.
14.26 Disaster preparedness activities can continue over several years. The sustainability of
the projects/investments in the field of disaster preparedness needs to be assessed as
follows:
 Resource planning must be performed and future financing models must be
developed.
44
 In view of the high cost of investments such as GISs and their maintenance,
additional sources of finance must be sought.
14.27 In order to prevent unnecessary investment in this field and to use resources
efficiently, a mechanism should be established to monitor the physical and financial
implementation of actions, projects and investments. This should help decision-makers
take timely corrective decisions.
14.28 To evaluate the adequacy and management of the funds for disaster preparedness
activities, the auditor should answer the following:

Does central government and/or the authority responsible for disaster
preparedness have a complete overview of the funds received and/or allocated
for disaster preparedness activities by all relevant bodies?

From which sources are the funds provided for disaster preparedness?
(Government institutions, people/community, organizations/private bodies,
foreign governments, foreign or local non-government organizations NGOs,
international institutions/donors, international financial institutions etc.)

By whom are the funds from these sources used?

Are there specific laws or procedures in the country that govern the allocation
and utilization of funds for the National Disaster Plan and are they complied with?

How do the disaster preparedness policies of the central and local governments
affect the allocation of funds and the selection of projects receiving funds?

Are dedicated budget allocations made by central government to local
governments/authorities and ‘first-line’ implementing agencies?

Has the management process of receiving, managing, spending and recording of
disaster-related funds been clearly established for each of the various channels of
funds, such as governmental funds and domestic and foreign donations?

Is there any periodic reporting on disaster fund allocation and utilization by
recipient agencies?

Is there an agency in-charge of preparing a consolidated annual report to reflect
total funds allocated to and utilized by all recipient agencies?

Are donations from private sources intended for disaster preparedness duly
booked and recorded and used for the purpose for which they were granted?

Have effective administrative processes been conceived for the application and
processing of grants? (Although in principle the administrative procedures for the
allocation and use of public funds should ensure timeliness, in case of urgent
disaster preparedness activities, they may not be sufficient. Therefore specific
administrative arrangements should be in place to allow for maximum flexibility.)

Are remaining balances of grants returned to the donor, used for other purposes
or remitted to the national treasury?
45

Are donors’ reporting requirements complied with and are reports submitted on
time?

Are disaster preparedness projects/programs completed on time and within the
budget?

How much flexibility is allowed for the use of otherwise earmarked funds in local
and national budgets in emergencies/preparedness for imminent disaster events?

Does the government make use of cost-benefit and similar analyses to identify
realistic alternatives?

What disaster mitigation investment decisions should be taken?

Is there a strategic reserve of disaster relief goods?

……………………………………………………………………………………………………………………(Please
add your own questions)
Assessment of the adequacy of measures to make urban areas more resilient and reduce
urban risk
14.29 The world’s population mostly lives in cities or urban centres. Some rapidly growing
cities were not originally well constructed and environmental urban degradation,
growing informal settlements and failed infrastructure and services pose significant
disaster risks. More and more people are settling in disaster prone areas. Therefore,
constructions able to withstand the force of seismic shocks or volcanic ash and sound
urban planning for well-built cities are primary measures and concerns for disaster
prone areas.
14.30 In urban settlements, the auditor should have knowledge about key risk
considerations so as to be able to evaluate local disaster preparedness activities and
perform sampling in a sound manner. The most significant risk drivers are as follows:

Rising urban populations and increased population density: High population
density is a significant risk driver where the quality of housing, infrastructure and
services is poor.

Weak urban governance: In cases of poor urban governance, local authorities are
unable to provide infrastructure, services or safe land housing. A weak local
government with poor resources, which lacks investment capacity and
competence and is not engaged in participatory and strategic urban and spatial
planning on behalf of low-income citizens in informal settlements, will not
embrace the challenge of resilience, and will increase the vulnerability of much of
the urban population.

Unplanned urban development: In many rapidly growing cities, much of the urban
expansion takes place outside the official legal building codes, land use regulations
and land transactions. Existing planning instruments are often unrealistic. In this
46
situation, the auditor should focus on the requirements of sustainable
urbanization. Sustainable urbanization requires comprehensive steps for the
management of risk and emergency plans. It also requires the enforcement of
urban planning regulations and building codes on the basis of realistic standards,
without excluding the poor.

Lack of available land for low-income citizens. Most of the urban poor are more
exposed to hazards due to poor living conditions in high density neighborhoods,
poor capacity of the buildings to withstand seismic forces, narrow roadways that
limit access in emergencies, limited water provision and complicated electrical
installations where fires can easily take hold. This knowledge regarding the
capacities and profile of low-income citizens is crucial for an evaluation of the
economic-social impacts of urban transformation and the design of alternative
financial models.

Inappropriate construction: Building codes and regulations set minimum standards
for safety, and resistance to natural hazards in many countries. Building practices
and the enforcement of these regulations are essential because cost cutting, a lack
or distortion of incentives and corruption are the main reasons why even welldesigned buildings collapse. Informal settlements and illegal or non-engineered
constructions shelter most city dwellers in developing countries. Even if they have
money, people with no property rights or insecure tenure will not invest in safe
structures or improvements.

Upgrading critical infrastructure and public buildings is a minimum requirement
for sustainable urbanizations and resilience. Safe schools and hospitals would
provide necessary shelter and services. Storm drainage would reduce floods and
landslides - and at low cost.

Concentration of economic assets. Economic assets tend to be clustered in large
cities. Disasters in these cities can have devastating effects on local and national
economies24.
14.31 In order to assess the adequacy of the steps taken to make urban areas/cities more
resilient, the auditor should examine the following questions:

What are the main disaster risks in the urban areas covered by the audit?

What activities are planned and realized by local authorities to make cities safer
against these disaster risks?

Is there a competent and accountable local authority that caters for sustainable
urbanization with participation from all interested parties?
Urban planning/Building development plans and their implementation
24
UNISDR My city is getting ready&Local governments and disaster risk reduction
47

Have urban plans/building development plans been drawn up with a disaster
sensitive approach?

Have building development plans been drawn up on the basis of geological survey
reports?

Have building development plans been reviewed after the preparation of
geological survey reports?

Have urban plans been prepared on the basis of the participation of citizen groups
and civil society?
Reinforcement and reconstruction activities/urban transformation

Has the disaster resistance of existing buildings and common infrastructures been
examined throughout urban disaster prone areas, in line with the aim of disaster
preparedness?

Are criteria for reinforcement and reconstruction decisions specified?

Are measures taken against licensed and unlicensed buildings constructed
previously in areas declared unfit for housing?

Are priorities and long and short term strategies/program/plans specified for
making urban areas disaster-resistant?

Have there been any improvements in programs/projects for making existing
buildings disaster resistant, reinforcing them if necessary or realizing urban
transformation?

Is the safety of public buildings such as schools and health facilities assessed and
are they upgraded as necessary?

Is the legal framework adequate for the measures relating to reinforcement and
reconstruction and urban transformation projects?

Are there any studies and investments concerning critical infrastructure that
reduces risk, such as flood drainage?

Have the necessary resources been committed? Has a financial plan been
prepared according to the strategy/program/action plans?

What is the nature of these financial resources (national/local government,
other)? Does the SAI have an audit mandate for all resources?

Do the national government and/or local authorities assign a budget for disaster
preparedness to provide incentives for homeowners, low-income families,
communities, businesses and the public sector to invest in reducing the risks they
face?
48

Have any finance models for urban transformation been designed taking lowincome citizens into consideration? Have any alternatives been assessed?

……………………………………………………………………………………………………………………(Please
add your own questions)
49
ANNEXES
Annex 1: SAIs which participated in the survey and
parallel/coordinated audit
The SAIs which replied to the survey
1. Australia
10. European Court of
Auditors
19. Lesotho
28. Philippines
2. Austria
11. Denmark
20. Macedonia
29. Poland
3. Bangladesh
12. Germany
21. Madagascar
30. Saint Lucia
4. Cameroon
13. Guatemala
22. Morocco
31. Singapore
5. Canada
14. Hungary
23. Netherlands
32. Turkey
6. Cape Verde
15. Japan
24. New Zealand
33. Ukraine
7. Czech Republic
16. Korea
25. Norway
34. USA
8. Egypt
17. Kyrgyz Republic
26. Papua New Guinea
35. Yemen
9. Estonia
18. Latvia
27. Peru
The SAIs participating in the parallel/coordinated audit
1. Azerbaijan
3.India
5. Netherlands
7. Philippines
9. Ukraine
2.Chili
4. Indonesia
6. Pakistan
8.Romania
10. Turkey (lead)
50
ANNEX 2: An example of governance structure - Canada
Governance25
Put simply, governance means “rules, processes and behavior that affect the way in which powers
are exercised at any level, particularly as regards openness, participation, accountability,
effectiveness and coherence26.” An analysis of governance focuses on the formal and informal
participants in decision-making and implementing the decisions made and the formal and
informal structures that have been put into place to arrive at and implement the decision.
Government is one of the participants in governance.
Other participants vary, depending on the level of
government that is under examination. For example,
others may include NGOs, research institutes,
international donors, finance institutions, political
parties, etc. All these may play a role in decisionmaking or in influencing the decision-making process.
Generally, good governance has mainly 5 major
characteristics:
participation,
accountability,
effectiveness, coherence and openness. It is clear
that good governance is an ideal which is difficult to
achieve. However, to ensure sustainable development, action must be taken to work towards this
ideal with the aim of making it a reality.
An example: The Federal Emergency Response Management System Governance StructureCanada27
Canada’s Federal Emergency Response Plan (FERP) includes the Federal Emergency Response
Management System (FERMS), which is a comprehensive management system for an integrated
response to emergencies. This system provides the governance structure and the operational
facility (the Government Operations Centre) to respond to emergencies. The following figure
describes
the
governance
structure:
25
Prepared by examining http://www.unescap.org/pdd/prs/ProjectActivities/Ongoing/gg/governance.asp,
27.08.2010; European governance a white paper, Commission of the European Communities, Brussels,
25.7.2001 COM(2001) 428 final.; OECD Principles of Corporate Governance 2004,
www.oecd.org/dataoecd/32/18/31557724.pdf
26
European governance white paper, Commission of the European Communities, Brussels, 25.7.2001
COM(2001) 428 final.
27
Federal Emergency Response Plan, CANADA, Federal Emergency Response Plan, CANADA,
http://www.publicsafety.gc.ca/prg/em/ferp, (March 2010).
51
The Federal Emergency Response Management System Governance Structure
Governance
Governance here refers to the management structures and processes that are in place during
non-emergency and emergency circumstances. The Committee of Cabinet, the Deputy
Ministers’ Committee, the Federal Coordinating Officer and the Assistant Deputy Ministers’
Emergency Management Committee are identified as the highest level decision-makers.
These committees are at the ministerial level to coordinate the Government of Canada’s
response. For the disaster preparedness phase, the Committee of Cabinet coordinates the
government’s agenda, including legislation, planning and management issues. It also provides
52
a forum to address public safety, national security and intelligence issues and discuss
emergency management and readiness.
Management
At the second level, there is a management team that is responsible for the actions and
functions of FERMS. The management team conducts the completion of the objectives set for
each operational period. The management team consists of the Director General of the
Operations Directorate, who leads the management team, and four representatives.

The Operations Directorate is part of the coordinating department of Minister of Public
Safety. It is responsible for management functions and works together with the
Government Operation Centre.

Another representative from the Department of Justice or other related institutions
provides support and advice on legal issues.

As a member of the management team, the Associate Director General provides support
for communication issues.

The primary departments, designated in accordance with the nature of the emergency,
are federal departments relating to a key element of an emergency. The primary
departmental representatives inform the management team of the support needs based
on the nature of the emergency, the Director General of the Operations Directorate, in
consultation with the Federal Coordinating Officer, determines which departments are to
provide a primary departmental representative to support response within the GOC.

Within the management team, four directors from the Operations Directorate are
responsible for the primary functions. The directors guide departmental representatives
through the process.
Government Operation Centre
Public Safety Canada, which is responsible for disaster management, has an operations centre
(the Government Operation Centre or GOC) to coordinate the national response. The
Government Operation Centre is the hub of a network of operations centers run by a variety
of federal departments and agencies including the Royal Canadian Mounted Police (RCMP),
Health Canada, Foreign Affairs and International Trade Canada, The Canadian Security
Intelligence Service (CSIS) and National Defense. The GOC also maintains contact with the
provinces and territories as well as international partners such as the United States and
NATO. The GOC's primary functions are providing coordination between federal emergency
response partners and guiding them.
The GOC communicates the FERP engagement and the response level to the government’s
emergency response partners. Three response levels are intended to provide a logical
progression of activity from enhanced monitoring and reporting to an integrated federal
53
response. At level 1, there is an incident or event which has the potential to require an
integrated federal response. At this level, the GOC collects a wide range of information about
the incident and it then evaluates and shares this information with the federal emergency
response partners. Finally, it is expected that the GOC’s information and enhanced reporting
efforts should support the federal partners’ planning and response activities. At level 2,
response requires a full understanding of an incident and, as it unfolds and the requirement
for a federal response appears more likely, a risk assessment is performed. This assessment,
identifies vulnerabilities, aggravating external factors and potential impacts, and may be
formalized in an Incident Risk Analysis Report. At level 3, there should be an integrated
response activity and this level includes the previous two levels’ activities. The GOC maintains
coordination and constant communication with the federal centers. It also provides regular
situation reports for ministers and senior officials.
Primary Functions
Public Safety Canada carries out six primary functions to integrate federal response:

Operations,

Situational awareness,

Risk assessment,

Planning,

Logistics,

Finance and administration.
The scope of the emergency will determine the scale and level of engagement of each of
these functions. Within the GOC, subject matter experts and Liaison Officers from
government departments, NGOs, and the private sector organize and perform the primary
functions. For disaster preparedness activities, operations, situational awareness, risk
assessment and planning functions are of vital importance.
Federal-Regional Component
Federal organization has regional components to communicate with provincial/ territorial
authorities. These regional components provide direction on emergency management
planning and preparedness activities. They also manage the flow of information and requests
for federal assistance within the region. Thus, disaster preparedness activities are provided in
a more effectively and timely manner.
54
ANNEX 3: Geographical Information Systems (GIS)
Before making the decision to acquire a GIS, planners need to determine what planning activities
could be supported with the system and carefully assess if the quantity of spatial calculations and
analysis to be performed justifies automating the process. Before deciding to acquire or use a
system, planners need to make a meticulous evaluation of their GIS needs. This must include a
definition of how their planning activities and decisions will be assisted by using a GIS. Specific
objectives and applications of the GIS should be defined. Answers to the questions outlined in the
box below can help.28
Since GIS is a tool that can be used for all disaster types, the collection of different types of data
and the features of different technical structures are discussed according to the characteristics of
the disaster. Because of that fact, the structuring of GIS differs from country to country according
to the disaster risks which the countries face.
To understand the full short and long-term implications of “floods” and to plan accordingly,
combined data on “meteorology, topography, soil characteristics, vegetation, hydrology,
settlements, infrastructure, transportation, population, socioeconomics and material resources”
need to be analyzed. As seen in the example, the resources necessary for analyzing floods vary
from case to case, but differ from those required for other types of disaster. These resources vary,
and in the field of disaster management they are easily processed with the help of GIS and are
used in the areas such as making “risk and threat analysis” and carrying out the “planning” efforts.
An example: Turkey, Marmara Region Earthquake Preparedness Activities
An earthquake disaster which caused big losses over a wide area occurred in the Marmara Region
of Turkey in 1999.
For this reason, the earthquake movements in this region have been
monitored regularly by the “Head of Disaster and Emergency Management of the Prime
Minister’s Office”, which is the body responsible for disaster management across the country. In
May 2010, an “earthquake danger and risk analysis” was made over a 100 km radius. It estimated
that, over a 10-year period, the probability of an earthquake with a magnitude of 6 occurring was
83.8 %.
These data, which were produced with the help of the GIS, are used for regional planning. The
protection band, which is seventy five metres from each side of the fault zone, has decreased by
twenty five metres on each side, so a total 50 metre protection band is specified.
The actual benefit to be had from the data which are gathered by using the GIS effectively is
closely related to the extent to which these data contribute to the planning process. The hazard
maps, zone maps and risk assessments which are obtained by using GIS should be submitted to
the decision-makers at the appropriate level and on time, and these data should also be used in
Primer on Natural Hazard Management in Integrated Regional Development Planning, “Geographic
Information Systems in Natural Hazard Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).
28
55
the planning process. In this connection, disaster preparedness auditors should determine
whether a mechanism which transfers the technical data produced at this stage to the planning
process has been established or not.
Other Examples: India and China
India and China are among the countries that suffer from the most severe natural hazards in the
world. In order to keep the information flowing smoothly into the networks for earthquake
preparedness and rescue, their governments have started a series of programs to set up digital
networks. These digital networks, which are based on GIS, GPS and RS, incorporate a lot of new
achievements in earthquake engineering and information science. The examples of India and
China are given below.
Examples of using GIS
Vulnerability Atlas of India
China GIS Activities
In 1997, a “Vulnerability Atlas” was
prepared, taking into account the three
natural hazards which are the most
damaging to India: earthquakes, cyclones
and floods. The zoning maps at macro level
for the three hazards are available in small
scale for the whole country. These maps
were prepared in a larger scale, showing
each administrative unit and the district
boundaries, for easy identification of the
areas covered by the various intensity
zones. The Vulnerability Atlas is an
important input into State-level Disaster
Management Planning and it contains the
following information for each State and
Union Territory of India29:
• seismic hazard map
• cyclone and wind hazard map
• flood prone area map
• housing stock vulnerability table for each
district, indicating for each house type,
the level of risk to which it could be
subjected sometime in the future.
In recent years, as a part of “Digital
Earth” and China's National Information
Infrastructure (CNII) project, the
earthquake disaster mitigation system
has taken in a great deal of information
on the whole country. This includes the
geological structure, past earthquakes,
buildings and population distribution.
Most cities with a population of over
500,000 have built themselves an
information system for reducing
earthquake disasters and hazards. These
contain almost all the infrastructure
information in urban areas, such as the
water-supply networks, power systems,
telecommunication networks, traffic
systems, etc.30 The latest achievements
in earthquake engineering continually
add to this system, such as earthquake
risk analysis methods, new anti-seismic
criteria or codes, new knowledge and
experience in pre- and post-earthquake
emergencies.31
Rego Aloysius J., “National Disaster Management Information Systems & Networks: An Asian
Overview”, s.4.
30
http://www.gisdevelopment.net/application/natural_hazards/earthquakes/ma03135b.htm
31
http://www.gisdevelopment.net/application/natural_hazards/earthquakes/ma03135b.htm
29
56
ANNEX 4: Understanding the organization and structure of authorities preparing for disaster
TURKEY - audit report: “How well is Istanbul getting prepared for the earthquake?”
According to Turkey’s current legal arrangements, the main authority responsible for disaster
preparedness is the Turkey Emergency Management Directorate General (TEMAD) attached to
the Prime Minister’s Office. This body has been charged with preparing and executing disaster
plans and taking the necessary measures to provide effective emergency management
nationwide and coordinating all the bodies involved. The other organizations responsible for
disaster activities are:
•
the Ministry of the Interior, which has set up regional centers for relief and emergency
operations.
•
the Independent National Earthquake Council.
•
local authorities, whose responsibilities for disaster mitigation were extended after the TCA
report recommendations.
The activities of Turkish NGOs are all coordinated by TEMAD. These include the Turkish Red
Crescent, the Association of Social and Economic Solidarity with Pacific Countries, the Turkish Blue
Crescent Association, the Foundation for Human Rights, Humanitarian Relief and other
government institutions.
Against this background, the TCA audited earthquake preparedness via the following questions:

Does the organizational structure charged with earthquake preparedness for Istanbul
measure up to the needs?
 How does the organizational structure prepare Istanbul for earthquake?
 How are resources allocated for earthquake preparedness?
 Is effective coordination and cooperation established?
 Are activities properly planned and executed?
 Is there sufficient work related to post-earthquake fires that increase initial damage?
 How well do service groups prepare their emergency plans?
57
ANNEX 5: Audit Objectives - examples concerning disaster preparedness
Country
Background/Title
Austria
Prevention of Natural Hazards:
Use of resources from the
disaster fund
Fall 2009 Emergency
Management – Public Safety
Canada
Canada
Czech Republic
Lesotho
Netherlands
Funds spent on anti-flood
measures and prevention in
areas endangered by adverse
climate changes. The audit is
focused on finance for flood
prevention and flood
protection (meteorology and
hydrology systems, proneness
to landslides and rock collapses,
mapping of flood areas,
mapping of proneness to
landslides and rock collapses,
evaluation of floods).
The Distribution of Food Relief
Aid
Preparation for disaster
management.
Audit Type/ Disaster
Phase
Preparedness-Mitigation/
Performance
Preparedness-response/
Performance
Preparedness/ complianceperformance
Mitigation/ Performance
Preparedness/
Performance
Audit Objective
Evaluation of distribution and use of resources from the disaster fund;
decision-making approaches, division of functions and coordination
between federal, regional and local authorities.
The objectives of this audit were to determine whether Public Safety
Canada can demonstrate that it has exercised leadership by
coordinating emergency management activities, including critical
infrastructure protection in Canada; and determine whether Public
Safety Canada, along with federal departments and agencies, can
demonstrate progress in enhancing the response to and recovery from
emergencies in a coordinated manner.
Economy, effectiveness, efficiency of finance for flood protection.
To determine factors affecting the efficient distribution of food relief
aid
Audit as to whether the minister of Home Affairs has fulfilled his
responsibility for the organization of disaster management in the
Netherlands.
58
Turkey
How Well Is Istanbul Getting
Prepared for the Earthquake?
Preparedness/Performance To specify the risks faced during the short and medium-term
preparatory works aimed at minimizing possible Istanbul earthquake
damage and identifying the measures to be taken.
59
ANNEX 6: Audit Criteria - examples of performance audits concerning disaster preparedness
Austria- Prevention of Natural Hazards: Use of resources from the disaster fund

Governance and management structures for overseeing the development and delivery of the
Australia-Indonesia Partnership for Reconstruction and Development (AIPRD);

arrangements to plan assistance, and manage risks, including those relating to fraud and
corruption;

the clarity and transparency of financial management arrangements;

arrangements for monitoring, evaluating and reporting on the AIPRD program.
Canada-Fall 2009 Emergency Management – Public Safety Canada

We expected that Public Safety Canada would exercise leadership by coordinating federal
emergency management activities, as described in legislation and policies.

We expected that Public Safety Canada would coordinate federal emergency management
activities with those of the provinces and territories to provide timely and coordinated
support to communities in an emergency.

We expected that Public Safety Canada would regularly test and exercise federal emergency
management plans.

We expected that Public Safety Canada would have a risk-based plan to lead and coordinate
critical infrastructure protection efforts, and to reduce vulnerability to cyber attacks and
accidents, by:
 adopting an all-hazards approach
 agreeing upon roles and responsibilities for the federal government and others
 determining what critical infrastructure should be protected
 assessing the threats and risks to these assets
 prioritizing risks and resources to protect critical infrastructure
 implementing protective programs
 developing measures to monitor and assess effectiveness

We expected that Public Safety Canada and selected federal entities would use a risk-based
approach to identify the resources needed and to coordinate the response to and recovery
from emergencies.

We expected that Public Safety Canada would promote a common approach to emergency
management, including the adoption of standards and best practices.

We expected that Public Safety Canada, together with its federal partners, would provide
emergency management training, based on a needs assessment and risk-based plan.
The Netherlands- Lessons on accountability, transparency and the audit of Tsunami-related aid,
2008

Central government policy should be implemented by municipalities.
60

The Minister of Home Affairs should be active in stimulating municipalities and other entities
to be prepared for disasters and to cooperate in a coordinated manner.

Agencies should be involved in disaster management cooperation.

Risk assessment and analysis should be conducted in a structured and systematic manner.

Disaster management plans should be developed on the basis of risk assessments.

Disaster management plans should be kept up to date.

Relevant professionals should be trained properly.

Disaster management plans should be tested in practice (via drills, etc.).

The Minister of Home Affairs should have enough management information to be able to
monitor the disaster preparedness of municipalities and other entities.
The Netherlands-Counter-Terrorism Alert System (ATb)

A good procedure should be in place to transform a threat into an alert.

That procedure should be implemented (does it work in practice?).

The system related to other projects and procedures should be well-designed without overlap
or blind spots.
Turkey- How Well Is Istanbul Getting Prepared for the Earthquake?

There should be one institution initially responsible for the planning, coordination and
execution of the activities regarding earthquake preparations, which has the authority to use
the budget, staff and instruments and that is authorized to provide cooperation among
institutions.

Activities should be managed according to the data obtained from the Disaster Management
Information System. The data have to be up to date, clear, accurate, precise, integrated and
easily accessible. The results obtained should be reported after being analyzed periodically. In
disaster preparation plans, the issue of who will do what, where, when and how should be
clearly defined, and adequate staff training should be provided.

Precautions that will diminish fire danger should be given priority; in this context, early
warning and emergency intervention systems should be established as soon as possible.

In Building Development Plans and their modifications, the selection of settlement areas
should be based on a land survey.

Istanbul’s buildings should be inventoried, earthquake risk analysis should be performed in
conjunction with land survey and buildings inventories; based on this analysis, the reaction of
buildings in the face of a possible earthquake should be determined.
Audit Criteria - examples for financial audits concerning disaster preparedness
Czech Republic - Funds for programs relating to flood protection against
 Legality
61
The Netherlands - The C2000 communications network and integrated emergency switchboard

Budget estimates,

reasoning behind cost surpluses,

budget and cost monitoring,

project management,

accountability towards parliament.
The Philippines - the Annual Audit Report on the Office of Civil Defense

Manual on the National Government Accounting System.

Commission on Audit Circulars, Memoranda.

Agency guidelines and manual of operations on implementation.

Government rules and regulations on disbursement/expenditure.

the government procurement reform act.
The Philippines - Hazard mapping and assessment for effective community-based disaster risk
management (READY)
The audit was conducted in accordance with;

the provision of the Specimen Terms of Reference,

International Audit Standards and principles and procedures prescribed for the United
Nations with respect to the audit of project expenditure, which includes all disbursements
listed in the quarterly financial reports submitted by the NDCC-OCD and the direct payments
processed by the United Nations Development Program (UNDP).
62
ANNEX 7: Audit Recommendations - examples of disaster preparedness
Austria - Prevention of Natural Hazards: Use of resources from the disaster fund

Split competences make it difficult to handle emergencies consistently and adopt the
appropriate procedures.

It is not possible to prepare for disaster risks against the will of local communities or without
their consent to contribute financially.
Canada-Fall 2009 Emergency Management – Public Safety Canada

The Privy Council Office and Public Safety Canada need to ensure that all components of the
Federal Emergency Response Plan are complete and must obtain government approval for
the plan.

A consistent risk management approach is lacking. Recommendation: as stipulated in the
Emergency Management Act, Public Safety Canada must establish policies and programs and
provide advice for departments to follow when identifying risks and developing their
emergency management plans.

There has been progress in developing a government operations centre.

Lessons learned have not been used to improve emergency response.

Coordination is unclear for responses to chemical, biological, radiological, nuclear, or
explosives emergencies. Recommendation: As stipulated in the Emergency Management Act,
Public Safety Canada should ensure that its coordination role for the federal response to an
emergency is well-defined and that the operational policies and plans that departments will
follow are updated and consistent.

Standards to promote interoperability are still under development.

A strategy for protecting critical infrastructure has been slow to develop.

Canada’s critical infrastructure remains undetermined.

The energy and utilities sector is making progress on protecting critical infrastructure.

Cyber security has recently received more attention, but significant challenges remain.
Recommendation: Based on the responsibilities outlined in the Emergency Management Act,
Public Safety Canada should provide policies and guidance for departmental sector heads to
determine their infrastructure and assess its criticality, based on risk and its significance for
the safety and security of Canadians; it should establish policies and programs to prepare
plans to protect the infrastructure.
Netherlands- Lessons on accountability, transparency and audit of Tsunami-related aid, 2008
Management Information System

The Minister should improve the quality of the disaster management policy by making it more
specific and by monitoring and supervising implementation. The Minister needs to enhance
his management information system so as to be able to monitor and supervise the
63
implementation of disaster management and intervene where necessary. This management
information system should also serve for accountability.
Coordination

The minister should enhance structural cooperation between relevant agencies with specific
measures.
The Netherlands-Counter-Terrorism Alert System (ATb)

Organisation meets the requirements but is not yet optimal: In broad lines, the organisation
of the ATb meets the applicable requirements. Some 13 sectors of industry are now
participating in the system and locations have been identified in these sectors that are a
potential target for terrorist attack. The parties involved have also made agreements on the
measures to be taken for each threat level (low, moderate or high). The practicality of the
measures (for example hiring security firms or using specific equipment such as scanners),
however, has not yet been studied. Capacity problems will probably arise if the threat level is
high or prolonged. We therefore recommend that the practicality of the proposed measures
be assessed.

Confusing and unwieldy preventive systems: In addition to the ATb, other initiatives have
been taken to increase the security of critical sectors, for example the Critical Infrastructure
Protection measures (BVI). The BVI is coordinated by the Minister of the Interior and Kingdom
Relations (BZK) and the ATb by the Minister of Justice. This does not facilitate an integrated
approach. Local parties and sectors find the co-existence of different preventive systems for
different types of threat confusing and unwieldy. We recommend that central government
take action to arrive at the simplest modus operandi for all involved.

NCTb fulfils its management function inadequately: The NCTb inadequately fulfils its function
as manager of the ATb chain. Such a function is essential. Whether the ATb will actually speed
up decision-making to prevent attacks will depend in part on good cooperation between
public and private parties. Local authorities, however, do not always know what is expected of
them. Coordination of industry, authorities and the police has had mixed results. We
recommend that the Ministers of Justice and BZK clarify the management function so that
there is greater oversight of the ATb's operation.
Turkey- How Well Is Istanbul Getting Prepared for the Earthquake?
A New Management Approach

To organize Istanbul’s preparedness for a possible earthquake in the best possible way and to
minimize the likely damage, there is a need for a new management approach. To this end, the
desired outputs that are be achieved in the short, medium and long term should be clearly set
64
and, at the same time, institutions that have a role and function in obtaining these outcomes
should work in cooperation.
Coordination

Achieving targeted results depends on the development of cooperation among public
institutions based on accountability relations. In cooperation established on the grounds of
accountability, who will be responsible for what and how long, resource needs and
allocations, commitments and expectations should be clearly determined.
Planning

Public institutions should start working in cooperation within the framework of accountability,
relevant public institutions should set their objectives and develop strategies and action plans
in order to reach set objectives. Additionally, Istanbul should be integrated into the strategic
plan.

Necessary measures should be taken to carry out damage assessment and designation of
beneficiaries properly and within the shortest possible time.
Technical Personnel

A sufficient number of technical staff who are to carry out damage assessment activities and
designate beneficiaries should be trained beforehand.
Ukraine - International Coordinated Audit of Chernobyl Shelter Funds, 2007-08

Establish specific performance benchmarks for the project that need to be met before
additional pledges of funds are made in the future;

Facilitate accountability and transparency as the Project is financed by the EBRD;

Audit contract awards, planning, implementation, acceptance and invoicing under the criteria
of regularity and performance in order to evaluate the effectiveness of the CSF’s mission
performance.
Canada - Fall 2009 Emergency Management – Public Safety Canada

The Privy Council Office and Public Safety Canada should ensure that all components of the
Federal Emergency Response Plan are completed and should obtain government approval for
the plan.

As stipulated in the Emergency Management Act, Public Safety Canada should establish
policies and programs and provide advice for departments to follow when identifying risks
and developing their emergency management plans.
65

As stipulated in the Emergency Management Act, Public Safety Canada should ensure that its
coordination role for the federal response to an emergency is well-defined and that the
operational policies and plans that departments will follow are updated and consistent.

Based on the responsibilities outlined in the Emergency Management Act, Public Safety
Canada should provide policies and guidance for departmental sector heads to determine
their infrastructure and assess its criticality, based on risk and its significance for the safety
and security of Canadians; it should establish policies and programs to prepare plans to
protect the infrastructure.
66
GLOSSARY32

Building code: A set of ordinances or regulations and associated standards intended to
control aspects of the design, construction, materials, alteration and occupancy of
structures that are necessary to ensure human safety and welfare, including resistance to
collapse and damage.

Contingency planning: A management process that analyses specific potential events or
emerging situations that might threaten society or the environment and establishes
arrangements in advance to enable timely, effective and appropriate responses to such
events and situations.

Disaster: A serious disruption of the functioning of a community or a society involving
widespread human, material, economic or environmental losses and impacts, which
exceeds the ability of the affected community or society to cope using its own resources.

Disaster risk: The potential disaster losses, in lives, health status, livelihoods, assets and
services, which could occur to a particular community or a society over some specified
future time period.

Disaster risk management: The systematic process of using administrative directives,
organizations, and operational skills and capacities to implement strategies, policies and
improved coping capacities in order to lessen the adverse impacts of hazards and the
possibility of disaster.

Disaster risk reduction: The concept and practice of reducing disaster risks through
systematic efforts to analyse and manage the causal factors of disasters, including
through reduced exposure to hazards, lessened vulnerability of people and property, wise
management of land and the environment, and improved preparedness for adverse
events.

Early warning system: The set of capacities needed to generate and disseminate timely
and meaningful warning information to enable individuals, communities and
organizations threatened by a hazard to prepare and to act appropriately and in sufficient
time to reduce the possibility of harm or loss.

Exposure: People, property, systems, or other elements present in hazard zones that are
thereby subject to potential losses.

Hazard: A dangerous phenomenon, substance, human activity or condition that may
cause loss of life, injury or other health impacts, property damage, loss of livelihoods and
services, social and economic disruption, or environmental damage.
32
The United Nations International Strategy for Disaster Reduction (UNISDR), Terminology on Disaster
Risk Reduction, May 2009. NISDR
67

Land-use planning: The process undertaken by public authorities to identify, evaluate and
decide on different options for the use of land, including consideration of long term
economic, social and environmental objectives and the implications for different
communities and interest groups, and the subsequent formulation and promulgation of
plans that describe the permitted or acceptable uses.

Mitigation: The lessening or limitation of the adverse impacts of hazards and related
disasters.

Natural hazard: Natural process or phenomenon that may cause loss of life, injury or
other health impacts, property damage, loss of livelihoods and services, social and
economic disruption, or environmental damage.

Preparedness: The knowledge and capacities developed by governments, professional
response and recovery organizations, communities and individuals to effectively
anticipate, respond to, and recover from, the impacts of likely, imminent or current
hazard events or conditions.

Prevention: The outright avoidance of adverse impacts of hazards and related disasters.

Public awareness: The extent of common knowledge about disaster risks, the factors that
lead to disasters and the actions that can be taken individually and collectively to reduce
exposure and vulnerability to hazards.

Recovery: The restoration, and improvement where appropriate, of facilities, livelihoods
and living conditions of disaster-affected communities, including efforts to reduce disaster
risk factors.

Resilience: The ability of a system, community or society exposed to hazards to resist,
absorb, accommodate to and recover from the effects of a hazard in a timely and efficient
manner, including through the preservation and restoration of its essential basic
structures and functions.

Response: The provision of emergency services and public assistance during or
immediately after a disaster in order to save lives, reduce health impacts, ensure public
safety and meet the basic subsistence needs of the people affected.

Risk assessment: A methodology to determine the nature and extent of risk by analysing
potential hazards and evaluating existing conditions of vulnerability that together could
potentially harm exposed people, property, services, livelihoods and the environment on
which they depend.

Risk management: The systematic approach and practice of managing uncertainty to
minimize potential harm and loss.

Technological hazard: A hazard originating from technological or industrial conditions,
including accidents, dangerous procedures, infrastructure failures or specific human
68
activities, that may cause loss of life, injury, illness or other health impacts, property
damage, loss of livelihoods and services, social and economic disruption, or
environmental damage.

Vulnerability: The characteristics and circumstances of a community, system or asset that
make it susceptible to the damaging effects of a hazard.
69
BIBLIOGRAPHY

The European Commission on EU Strategy for Disaster Risk Reduction, 15/4-2008 and
Austrian Development Cooperation, “International humanitarian aid policy document”,
Vienna, March 2009.

Critical Infrastructure Emergency Risk Management and Assurance Handbook, Australia
2004. ESRI, Geographic Information Systems and Pandemic Influenza and Response.

Rego, Aloysius J, “National Disaster Management Information Systems & Networks: An
Asian Overview”.

Primer on Natural Hazard Management in Integrated Regional Development Planning,
“Geographic
Information
Systems
in
Natural
Hazard
Management”,
http://www.oas.org/DSD/publications/Unit/oea66e/begin.htm#Contents, (06 May 2010).

INTOSAI - Capacity Building Committee - Sub Committee 2
Guide For Cooperative Audit
Programs.

INTOSAI, Cooperation Between Supreme Audit Institutions - Tips and Examples for
Cooperative Audits, 2007.

INTOSAI Implementing Guidelines for Performance Auditing, July 2004.

ISSAI 5140: How SAIs may cooperate on the audit of international environmental accords.

UNISDR My city is getting ready& Local governments and disaster risk reduction.

UN International Strategy for Disaster Reduction, “Hyogo Framework for Action 20052015:
Building
the
Resilience
of
Nations
and
Communities
to
Disasters”,
http://www.unisdr.org/eng/hfa/hfa.htm, March 2010.

UN International Strategy for Disaster Reduction, “UNISDR terminology on disaster risk
reduction (2009)”, http://www.unisdr.org/eng/terminology/terminology-2009-eng.html,
March 2010.

http://www.unescap.org/pdd/prs/ProjectActivities/Ongoing/gg/governance.asp,
27.08.2010.

European governance a white paper, Commission of the European Communities, Brussels,
25.7.2001 COM(2001) 428 final.

OECD
Principles
of
Corporate
Governance
2004,
www.oecd.org/dataoecd/32/18/31557724.pdf

Federal Emergency Response Plan, CANADA, Federal Emergency Response Plan, CANADA,
http://www.publicsafety.gc.ca/prg/em/ferp, (March 2010).
70

http://www.gisdevelopment.net/application/natural_hazards/earthquakes/ma03135b.ht
m

www.oag- bvg.gc.ca/internet/English/parl_oag_198911_27_e_4276.html

www.oag.bc.ca/files/publications/2005/report1/report/earthquake-preparednessperformance-audit.pdf

New Zealand: www.eqc.govt.nz/abouteqc/publications/annualreport/2005-2006/reportag-06.aspx

Japan bolsters earthquake preparedness in South Asia, 21.03.2007.

Australia Indonesia Partnership For reconstruction And Development (AIPRD)
Government Partnership Fund (GPF), Guidelines, Aug 2005.
71