Are there regular assessments of the areas of greatest corruption risk for ministry and armed forces personnel, and are the findings used as inputs to the anti-corruption policy?
10a. Risk assessments
New Zealand score: 100/100
No defence-specific assessment of corruption risk has been commissioned or taken place in the last 2-3 years.
There is some awareness regarding risk areas, but an official risk assessment has not been conducted for the ministry or armed force as a whole, or within individual departments. The government may have commissioned or taken part in ad hoc assessments done by external parties or agencies.
There has been a partial assessment of corruption risks, but it does not clearly articulate risks for the ministry or armed forces.
Corruption risks are clearly identified, but risk assessments are conducted on the ministry or armed force as a whole, rather than with focus on individual departments.
Corruption risks are clearly identified. Individual departments conduct their own risk assessments in a process that reflects "business-as usual," whereby corruption risk assessment is a regular practice.
The Office of the Auditor-General (OAG) is the main conductor of independent assessments for the defence sector. Apart from audits as part of the regular Annual Reports, the OAG announces upcoming assessments within its Annual Plan, of which the 2020/21 version has indicated that a “review of New Zealand Defence Force processes and capability for managing significant service contracts” will be conducted . However, there is no Inspector-General of the Defence Force that provides comprehensive oversight in administration and operations, although this is likely to be created in the near future .
The NZDF Risk and Assurance Committee provides high-level advice and recommendations on the risk management framework. The NZDF risk management framework is contained within Defence Force Orders 081 Risk Management and is supported by Defence Force Instructions 0.81 to aid in consistent application. According to the NZDF Fraud Control Framework, “together these documents set out the policy, requirements and responsibilities for risk management in the NZDF” . Corruption risks are also identified through CDF Directive 41/2020, which promulgates the NZDF policy for managing fraud (the Directive interprets fraud in the broader sense). It does so by expanding fraud to cover issues relating to honesty and values, to include deceit or avoiding obligations, and not only monetary concerns . The NZDF operates the Three Lines of Assurance Model to assure effective risk management through multiple redundancy screenings, the first of which is directly applied by NZDF management to assess, control, and mitigate risks . With respect to fraud and corruption, an assessment of NZDF’s fraud risks was carried out by the MoD independent review team in 2016. In June 2019, a high level re-assessment of the MoD review was carried out at the request of the NZDF Risk and Assurance Committee. The re-assessment highlighted the top 10 fraud risks faced by the NZDF. In addition to this, NZDF Internal Audit published organisation wide guidance in 2020 with regard to changes in Fraud risk levels. Specifically, a Counter-Fraud Toolkit ‘staying alert to the risk of fraud in a COVID-19 environment’, was issued in response to a sudden shift in Fraud risk conditions. .
Regarding the MoD, risk management is “considered as part of the Leadership team’s consideration of the Ministry’s strategic risk” and includes fraud and corruption . A close-reading of the Ministry’s Annual Reports for 2019 and 2020 suggests that risk management is incorporated with departments’ every-day approach, however specific details of an equivalence examined for the NZDF could not be found [7, 8].
Regarding the New Zealand Intelligence Agencies (NZSIS and GCSB), the IGIS does not have an internal role in implementing anti-corruption policy within the agencies though it could in principle recommend that such policy is followed or introduced, although the State Service Commission or the Auditor-General might be the lead external agencies for such a recommendation. Moreover, within the IGIS, the Security Officer advises staff of any security issues that may arise and the agencies have similar processes in place . This creates an added barrier against potential avenues leading to corrupt activities. Nonetheless, according to the Agencies themselves, and in keeping with good governance practices, they maintain strategic risk registers which are used to manage areas of serious risk. This is based in part on internal auditing and trends from reporting on compliance with relevant legislative requirements, rather than on specific assessments into areas of perceived risk .
1. Controller and Auditor-General, Annual Plan 2020/21, p. 44, https://oag.parliament.nz/2020/annual-plan-2020-21/docs/annual-plan.pdf/view.
2. See Recommendation 2 of the Report of the Government Inquiry into Operation Burnham and related matters (July 2020), p. 33.
3. New Zealand Defence Force, Fraud Control Framework, c. 2020, p. 6.
4. Chief of Defence Force, CDF Directive 41/2020, HQ NZDF, Defence House, Wellington, 16 December 2020.
5. New Zealand Defence Force, Fraud Control Framework, c. 2020, p. 5.
6. Ministry of Defence, “Our Fraud Control Framework”, July 2019.
7. Ministry of Defence, Annual Report 2019, https://www.defence.govt.nz/assets/publication/file/8a6a51d666/MOD-Annual-Report-201819.pdf
8. Ministry of Defence, Annual Report 2020, https://www.defence.govt.nz/assets/publication/file/annual-report-2019-2020.pdf
11. Interview with the Inspector General of Intelligence and Security and the Deputy Inspector of Intelligence and Security, 12 August 2020.
12. Interview with a member of the New Zealand Intelligence Community, 30 September 2020, via email.
13. Ministry of Defence (New Zealand). Comments on Government Defence Integrity Index (GDI) 2020.
New Zealand score: 50/100
There is no regular schedule for risk assessments.
There is a schedule for risk assessments, but they are conducted on a less-than-annual basis.
Risk assessments are conducted on an annual basis or more frequently.
The Office of the Auditor-General performs annual assessments but may “at any time examine” a public entity’s efficiency and effectiveness in carrying out its duties, compliance with statutory obligations, an act or omission of wastage or potential wastage, a lack or potential lack of probity, and financial prudence on behalf of the public entity . The Auditor-General may also enquire “into any matter concerning a public entity’s use of resources” .
As per the NZDF Three Lines of Assurance Model, risk assessments are conducted on a gradually increasing gradient, which starts with the NZDF management directly, and progresses through to specific internal oversights bodies/units/departments [3, 4]. The exact regularity of risk assessments could not be determined. Actually, assessment of NZDF’s fraud risks was carried out by the MoD independent review team in 2016. In June 2019, a high level re-assessment of the MoD review was carried out at the request of the NZDF Risk and Assurance Committee. Moreover, A single risk register is maintained for all capability projects. Risks are reported at a project level to individual project boards, which meet monthly and to strategic governance boards – both the Capability Governance Board and the Ministry’s Leadership Team.
Within the Intelligence Agencies, lessons identified through risk management are incorporated into a range of internal policies, which are periodically reviewed, the frequency of which are not disclosed .
1. Public Audit Act 2001, Section 16, http://www.legislation.govt.nz/act/public/2001/0010/latest/DLM88598.html.
2. Public Audit Act 2001, Section 18, http://www.legislation.govt.nz/act/public/2001/0010/latest/DLM88900.html.
3. New Zealand Defence Force, Fraud Control Framework, c. 2020, p. 5.
4. New Zealand Defence Force, NZDF Internal Audit Consultation Document, Proposal for Change: Improving our assurance value, 2 May 2018, p. 7.
5. Interview with a member of the New Zealand Intelligence Community, 30 September 2020, via email.
6. Ministry of Defence (New Zealand). Comments on Government Defence Integrity Index (GDI) 2020.
10c. Inputs to anti-corruption policy
New Zealand score: 100/100
Risk assessment findings are not used to inform anti-corruption policy or practice.
Risk assessment findings may be used to develop an anti-corruption policy or action plan, but they are not used to regularly update either policy or practice.
Risk assessment findings are used to develop and regularly update the anti-corruption policy and institutional action plans.
The Office of the Auditor-General conducts assessments as part of its statuary mandate, but may arrange with the Financial Markets Authority to initiate a quality review of systems, policies, and procedures applying to employees of the Auditor-General, for the purpose of testing its own compliance and auditing standards . In the Auditor-General’s 2018/19 audit overview, the NZDF was found to be taking active steps in adopting the Government’s new financial reporting standard PBE IPSAS 39: Employee Benefits . In 2017 newly appointed Chief Internal Auditor led a process to ensure that the internal audit function met stakeholders’ needs and the evolving risk profile of NZDF. This contributed to the establishment of the “Value Change Journey for Internal Audit” in June 2017, and led to the dissemination of a proposal document around improving the assurance value of NZDF Internal Audit in May 2018 . Ultimately, a decision was made that allowed the NZDF to “make much-needed step change to keep pace with the evolving risk profile of NZDF, and the stakeholder demand for modern audit support” .
Regarding the intelligence community, 90 percent of IGIS recommendations to the agencies are published and as per the Legislation, any recommendation can be accepted or rejected by them. The agencies usually comment on draft recommendations, and once the report is finalised the agencies will formally signal whether they accept the recommendations. It can be trickier to identify the degree to which recommendations are implemented, although the IGIS and the agencies maintain a register of all recommendations made by the IGIS. This register is revisited and updated periodically. As a further means of strengthening risk assessment recommendations, the IGIS can also go to the minister to convince the minister of a need for change in his/her intelligence agencies . In any case the Minister in charge must respond to an inquiry report from the Inspector-General . A recent example of risk assessment recommendations being implemented into policy is the State Services Commission’s External Security Consultants inquiry (TCIL report), which stated that more awareness is required by the NZSIS in dealings with private security firms [7, 8, 9].
1. Public Audit Act 2001, Section 15A, http://www.legislation.govt.nz/act/public/2001/0010/latest/DLM4578009.html
2. Controller and Auditor-General, Central Government: Results of the 2018/19 Audits (Wellington: Officer of the Auditor General), p. 19, https://oag.parliament.nz/2019/central-government/docs/central-government-18-19.pdf
3. NZDF Internal Audit, “Proposal for Change: Improving our assurance value”, Consultation Document, 2 May 2018 (supplied in confidence).
4. NZDF Internal Audit, “Improving our assurance value”, Decision Document, 22 June 2018 (supplied in confidence).
5. Interview with the Inspector General of Intelligence and Security and the Deputy Inspector of Intelligence and Security, 12 August 2020.
6. Intelligence and Security Act 2017, Part 6, Section 187, http://www.legislation.govt.nz/act/public/2017/0010/latest/DLM6920823.html#DLM6921217
7. Public Service Commission, “External security consultants inquiry findings”, 18 December 2018, https://www.publicservice.govt.nz/resources/external-security-consultants-inquiry-findings/
8. Doug Martin, and Simon Mount, Inquiry into the use of External Security Consultants by Government Agencies (Wellington: State Services Commission, 2018), https://www.publicservice.govt.nz/assets/Legacy/resources/Report-of-the-inquiry-into-the-use-of-external-security-consultants-by-government-agencies.pdf
9. Interview with the Inspector General of Intelligence and Security and the Deputy Inspector of Intelligence and Security, 12 August 2020.
Compare scores by country
Please view this page on a larger screen for the full stats.
|Country||10a. Risk assessments||10b. Regularity||10c. Inputs to anti-corruption policy|
|Albania||25 / 100||NA||NA|
|Algeria||0 / 100||NA||NA|
|Angola||0 / 100||NA||NA|
|Argentina||25 / 100||0 / 100||NA|
|Armenia||75 / 100||NEI||NEI|
|Australia||50 / 100||25 / 100||50 / 100|
|Azerbaijan||0 / 100||NA||NA|
|Bahrain||0 / 100||NA||NA|
|Bangladesh||0 / 100||NA||NA|
|Belgium||100 / 100||100 / 100||75 / 100|
|Bosnia and Herzegovina||100 / 100||100 / 100||100 / 100|
|Botswana||25 / 100||0 / 100||NA|
|Brazil||75 / 100||0 / 100||NEI|
|Burkina Faso||0 / 100||NA||NA|
|Cameroon||0 / 100||NA||NA|
|Canada||75 / 100||100 / 100||50 / 100|
|Chile||50 / 100||50 / 100||50 / 100|
|China||0 / 100||NA||NA|
|Colombia||75 / 100||100 / 100||50 / 100|
|Cote d'Ivoire||0 / 100||NA||NA|
|Denmark||75 / 100||100 / 100||50 / 100|
|Egypt||0 / 100||NA||NA|
|Estonia||50 / 100||0 / 100||NA|
|Finland||0 / 100||NA||NA|
|France||75 / 100||0 / 100||50 / 100|
|Germany||75 / 100||50 / 100||50 / 100|
|Ghana||0 / 100||NA||NA|
|Greece||0 / 100||NA||NA|
|Hungary||50 / 100||100 / 100||0 / 100|
|India||50 / 100||0 / 100||25 / 100|
|Indonesia||25 / 100||NA||NA|
|Iran||0 / 100||NA||NA|
|Iraq||0 / 100||NA||NA|
|Israel||50 / 100||0 / 100||50 / 100|
|Italy||100 / 100||100 / 100||100 / 100|
|Japan||50 / 100||0 / 100||50 / 100|
|Jordan||0 / 100||NA||NA|
|Kenya||25 / 100||NA||NA|
|Kosovo||100 / 100||100 / 100||50 / 100|
|Kuwait||25 / 100||NA||NA|
|Latvia||100 / 100||100 / 100||100 / 100|
|Lebanon||0 / 100||NA||NA|
|Lithuania||75 / 100||50 / 100||75 / 100|
|Malaysia||75 / 100||100 / 100||50 / 100|
|Mali||0 / 100||NA||NA|
|Mexico||25 / 100||NA||50 / 100|
|Montenegro||50 / 100||100 / 100||50 / 100|
|Morocco||0 / 100||NA||NA|
|Myanmar||0 / 100||NA||NA|
|Netherlands||50 / 100||50 / 100||NEI|
|New Zealand||100 / 100||50 / 100||100 / 100|
|Niger||0 / 100||NA||NA|
|Nigeria||0 / 100||NA||NA|
|North Macedonia||75 / 100||100 / 100||50 / 100|
|Norway||75 / 100||50 / 100||75 / 100|
|Oman||0 / 100||NA||NA|
|Palestine||0 / 100||NA||NA|
|Philippines||100 / 100||50 / 100||75 / 100|
|Poland||50 / 100||0 / 100||50 / 100|
|Portugal||100 / 100||50 / 100||50 / 100|
|Qatar||0 / 100||NA||NA|
|Russia||50 / 100||50 / 100||0 / 100|
|Saudi Arabia||0 / 100||NA||NA|
|Serbia||75 / 100||50 / 100||75 / 100|
|Singapore||75 / 100||100 / 100||100 / 100|
|South Africa||50 / 100||100 / 100||75 / 100|
|South Korea||75 / 100||100 / 100||75 / 100|
|Spain||0 / 100||NA||NA|
|Sudan||0 / 100||NA||NA|
|Sweden||0 / 100||NA||NA|
|Switzerland||50 / 100||NEI||NEI|
|Taiwan||75 / 100||100 / 100||100 / 100|
|Tanzania||75 / 100||100 / 100||100 / 100|
|Thailand||100 / 100||100 / 100||0 / 100|
|Tunisia||0 / 100||NA||NA|
|Turkey||0 / 100||NA||NA|
|Uganda||75 / 100||100 / 100||75 / 100|
|Ukraine||75 / 100||50 / 100||100 / 100|
|United Arab Emirates||0 / 100||NA||NA|
|United Kingdom||100 / 100||100 / 100||100 / 100|
|United States||25 / 100||25 / 100||0 / 100|
|Venezuela||0 / 100||NA||NA|
|Zimbabwe||0 / 100||NA||NA|