PACS Standard 12:

Independent Auditing

PACS Standard 12 forms part of GIACC’s Project Anti-Corruption System (PACS), which comprises 15 PACS Standards (see links at foot of this webpage). 

[NOTE:  The webpages on PACS Standards 1 to 15 are being updated until 20th October 2021, during which time the page content may not be complete, and there may be inconsistencies on these pages.]


  1. Auditing:  The Project should be audited by an independent auditor(s) in accordance with paragraphs 1 to 12 below.
  2. Selection, appointment, qualification and termination:
    1. The independent auditor should be selected by an independent body which should ensure that the auditor is:
      1. an individual of integrity or a reputable organisation
      2. independent of government, the Project Owner, and any organisations or individuals involved in the Project
      3. without any conflict of interest in relation to government, the Project Owner and any organisations or individuals involved in the Project
      4. appropriately qualified and experienced.
    2. The independent auditor who is selected under the above process should be appointed and paid by the Project Owner, by an independent body, or by another appropriate body.
    3. A different auditor may be appointed to carry out the different types of audit in paragraph 4 below, in order to ensure that the auditor is appropriately experienced in that type of audit.
  3. No influence: The Project Owner should ensure that the independent auditor is able to undertake her/his responsibilities free from any interference or influence from government, the Project Owner, or any organisations or individuals involved in the Project.
  4. Scope of auditing:  The independent auditor should carry out the following audits in relation to the Project in order to verify that the Project was carried out in accordance with applicable laws, regulations and procedures, and without corruption.
    1. Financial audits:  These audits should verify that:
      1. all payments by the Project Owner in respect of the Project were properly made to legitimate persons and for legitimate purposes
      2. all revenues due to the Project Owner in respect of the Project have been received in full, and were from legitimate persons and for legitimate purposes
      3. the financial management in relation to the Project was properly carried out in accordance with PACS Standard 6.
    2. Technical audits:  These audits should verify that:
      1. there was a genuine need for the products supplied in relation to the Project
      2. the Project has been designed and specified in accordance with good technical practice and provides good value for money
      3. the Project has been properly completed in accordance with the Project Contract design and specification.
  5. Identifying corruption:  In carrying out the audits in paragraph 4 above, the independent auditor should seek to identify any suspicion of corruption and whether any issues or deficiencies found during these audits may have been caused by corruption.  If the auditor identifies any such issues, the auditor should investigate and report such issues in accordance with paragraph 10 below.
  6. Standard of audit:  The independent auditor should undertake the audit in compliance with recognised international audit standards.
  7. Timing of auditing:
    1. Financial audits should be carried out annually if the Project duration is in excess of a year, and upon completion of the Project.
    2. Technical audits should be carried out upon completion of the Project.
  8. Access:  In relation to the performance of her/his duties, the independent auditor should be allowed to have, without requiring advance notice, unrestricted access to any of the following in relation to the Project Owner, and all Suppliers and Sub-suppliers:
    1. office and site premises
    2. personnel
    3. records and correspondence
    4. works, products, services, equipment and materials.
  9. Resources:  The independent auditor should be provided with sufficient funding and resources to be able to undertake the auditing function effectively.
  10. Investigating and reporting corruption:
    1. The independent auditor should investigate matters of concern which may suggest corrupt activity.
    2. Where the independent auditor identifies reasonable grounds to suspect corruption, the auditor should report such suspicions to the Project Owner and to the law enforcement body.
  11. Record-keeping and reports:  The independent auditor should:
    1. record in writing all activities, findings and outcomes of the auditing process
    2. submit a detailed written report of these activities, findings and outcomes to the Project Owner and to the appointing body of the independent auditor, together with copies of, or reference to, all relevant documents
    3. retain these records and reports for a minimum of [12] years from Project completion.
  12. Transparency to the public:  In relation to any Project which is wholly or partly publicly owned or funded, the full independent auditor’s reports should be published promptly by the Project Owner on its freely accessible public website.


G1:  How can financial and technical audits assist in preventing and identifying corruption?

Financial and technical audits are good management practice.  They may identify financial irregularities, technical inadequacies, inappropriate design, failure to build in accordance with the specification, over-costing, or poor value for money.  These problems may have been caused by human error, or lack of training and skill.  However, corruption may be the cause of these problems, and so it is essential that financial and technical auditors are aware that this may be the case, and are required to be alert to and report suspicions of corruption.  

The fact that the project is being financially and technically audited will act as a significant deterrent against corruption.  In addition, the audits may uncover actual corruption. 

G2:  Who should select the independent auditor?

The selection of the independent auditor is a separate issue from the appointment.  Selection is the choosing of the independent auditor.  Appointment is the contractual appointment of the auditor to the role, and payment of the auditor.  Greater independence would be assured if the independent auditor was selected by an independent and reputable institution (such as a professional institution or specialist organisation) and then appointed by the relevant party (see G 3 below).  This would reduce the opportunity for any undue influence by the appointing party, and would help prevent the situation where an auditor may be inclined not to report corruption as she/he may fear that reporting financial or technical issues or corruption would prevent a future appointment.

G3:  Who should appoint the independent auditor?

The independent auditor can be appointed by the project owner, by an independent body, by a body established for this purpose (e.g. a National Audit Office), by a government department, or by the organisation (e.g. bank or regulatory authority) which requires the appointment.  The appointing body should be required to appoint the independent auditor who is selected by the independent body under G 2 above.

Where a government introduces the requirement for independent auditing across all or a large number of its projects, there could be an independently approved panel of auditors from which an auditor could be allocated to a project on a full time or part time basis according to the size of the project.

In all cases, the appointment by an independent body is preferable, as there is a danger that appointment by the project owner or government department could compromise the independence of the auditor.  Appointment by an independent body is also more likely to be perceived by the public and project participants as genuinely independent. 

G4:  Who should pay the independent auditor?

The independent auditor could be paid by the government, by a National Audit Office, by the project owner, or by the bank funding the project.  However, it is vital that the auditor should be selected, act, and be seen to act, independently, regardless of who pays.

Payment by an independent body is preferable, as there is a danger that, if the auditor is paid by the government or a project participant, that body could try to influence the auditor by withholding or delaying payment.

G5:  Who can be an independent auditor?

The independent auditor should be a person of integrity, be suitably qualified, and be genuinely independent of the project and all project participants.  The auditor should be someone who has detailed experience of the type of matters being audited.  

It is possible that an organisation may be appointed as independent auditor.  In this case, the organisation should have the highest reputation for integrity, and the personnel employed by the auditing organisation to undertake the auditing activities should possess the above personal skills required of an individual auditor.  

G6: How should the independent auditor investigate matters of concern which may suggest corrupt activity, and make appropriate reports where there is evidence of corruption?

In carrying out these duties, there are a number of risks for the independent auditor.  For example, the auditor may:

  • be liable for defamation if she/he makes allegations that she/he is unable to substantiate
  • may alert the wrongdoer prematurely to an investigation so enabling the wrongdoer to destroy or tamper with evidence
  • may put herself/himself in danger if wrongdoers are aware that she/he suspects them
  • may put others in danger if they are key witnesses to suspected corruption.

The auditor should, therefore, have some discretion in the way in which she/he carries out the auditing duties in order to balance and minimise the above risks.  The auditor should investigate any situation which gives cause for concern.  In doing so, it may be advisable initially simply to make further inquiries and gather more information in order to assess whether there is a genuine cause for concern.  This may involve speaking only to the party or parties directly concerned.  In doing so, the auditor should be aware of the need to preserve evidence and protect potential witnesses. 

If the auditor believes that there is evidence of corruption, she/he should then report the relevant facts to the appropriate persons.  This should include at minimum the project owner and law enforcement body.  If appropriate, reports could also be made to the party who appointed the auditor, the project funders, and other project participants who may be affected by the corruption.  The importance of reporting fairly widely is to limit the risk of the matter being suppressed, to avoid any perception of collusion by the auditor and a particular party, and also to limit the risk that the auditor could be in personal danger as being the only person who is aware of the potential corruption.  However, the reporting should be done in such a way as to limit the risks of danger to any person, allegations of defamation, and any unwarranted damage to reputation should the concerns prove to be unfounded. 

The auditor’s role is not to undertake a full investigation in the same way as a law enforcement body would do.  The auditor should only make initial enquiries to ascertain whether there are reasonable grounds to suspect corruption.  As soon as the auditor ascertains reasonable grounds, the auditor should then report to to the law enforcement body.  The auditor should thereupon cease her/his own investigations into the matter.  For example, if the technical auditor ascertains that a supplier has provided a cheaper and lower quality product than required by the contract, and yet has billed the project owner the full price for the contractually required product, and it seems unlikely that this was a genuine mistake, the auditor would report this issue to the law enforcement body.  The auditor would not be obliged to investigate the full circumstances in which the wrong product was provided.  The auditor would simply report that an inferior product was supplied, and yet the full price was invoiced, in circumstances which did not suggest a mistake.  Further investigation would be the responsibility of the law enforcement body.

It is preferable that the auditor has a duty to report evidence of corruption.  Firstly, this duty will act as a significant deterrent to corruption, as the parties involved in the project will be aware that evidence of corruption will be reported.  Secondly, having a duty to report takes away any personal reluctance that the auditor may have to report corruption due to its potentially serious consequences.

G7:  Why is it necessary to have the agreement of project participants to the activities of the auditor?

If the independent auditor is to be able to carry out her/his duties effectively, she/he will require access to project staff, offices, documentation, records and the works, materials, equipment and services of all relevant project participants (i.e. the project owner, contractors, sub-contractors, consultants, suppliers, funders).  In order to obtain this access, the agreement of the relevant project participants will be required.  This agreement should be given in the form of a contractual obligation in the project contracts in order to ensure that the parties are obliged to provide the required co-operation and access to the auditor. 

This obligation is contained in the Project Code of Conduct (PACS Standard 8), compliance with which is a contractual obligation (PACS Standard 4).

G8:  Can the independent auditor make decisions affecting the project?

The independent auditor should not have the power to make decisions affecting the project, or to require significant action by any project participant (i.e. to stop work on the project, or change the way in which it works).  The auditor’s remit is primarily one of auditing and reporting.  The auditor should, however, be provided with the necessary power to require co-operation and access by project participants in order to enable the auditor’s duties to be carried out.   

G9:  Will the independent auditor be cost effective?

It is not possible to prove that an independent auditor will necessarily be cost effective.  Will the auditor save more money in preventing or identifying financial or technical error or wrong-doing, or corruption, than the cost of the auditing?  

Auditing has a significant deterrent effect.  If parties know in advance that the project is going to be financially and technically audited, and that auditors in addition will be observant for corruption, it is far less likely that they will deliberately be involved in financial or technical wrongdoing, or in corruption.  In addition, if the auditor does uncover financial or technical issues, or corruption, there is an opportunity for the project owner to obtain redress from the relevant parties.

It is impossible to know what would have happened on a project if it had not been audited.  However, it is widely regarded as being good practice to undertake financial and technical audits of a project, and it is reasonable to assume that the appointment of a competent auditor with a carefully controlled and reasonable scope of work and fee structure is likely to be a highly cost effective investment.

G10:  How can the integrity and safety of the independent auditor be assured?

It is an obvious risk that if the independent auditor uncovers corruption, she/he could be bribed or threatened by the defaulting party not to reveal the corruption.  This risk can be minimised, but not entirely avoided.

  • The bribery risk to the auditor can be minimised by ensuring that the auditor is a person of known integrity, and is a member of a professional association which maintains the highest ethical standards, and which has strict disciplinary procedures. 
  • The risk of personal danger to the auditor can be minimised by rapid and routine disclosure by the auditor of her/his findings to all related parties (subject to the factors in paragraph G 6 above).  Threats are normally designed to prevent information from being published.  Once the information has been published, the threats become less effective.  The auditor’s safety should be taken very seriously, and protection for the auditor may need to be provided in some countries.

G11:  What is the likelihood of the independent auditor uncovering corrupt activities?

There is no guarantee that the independent auditor will uncover any or all corrupt activities.  Some bribes or corrupt activities may be too well hidden.  Some auditors may not be sufficiently experienced, alert or diligent, or may not have adequate time under their appointment to examine certain aspects.  However, the very presence of the auditor will be a major deterrent, and is therefore likely to result in a material reduction in corrupt activities.  There is also a significant chance that the auditor will uncover corrupt activities which take place.

G12: Could the same person carry out the role of independent monitor (see PS 11 Independent monitoring) and technical auditor?

Both the independent monitor and technical auditor are likely to be required to have the same or similar professional and technical qualifications and experience.  It is possible, therefore, that the same person could carry out both functions, provided that this does not result in any dilution or compromise of the essential qualities and functions of either role.  For example, the independent monitor’s role should not be limited to that of technical audit.  The independent monitor should be independent of the project.  She/he has a roving remit to inspect as and when she/he sees fit as the project progresses.  Her/his duty relates specifically to identifying and reporting potential or actual corruption.  The technical auditor, on the other hand, will audit upon completion of the project, and will be focusing on technical issues.

G13: Could the same person carry out the role of independent monitor (see PS 11 Independent monitoring) and financial auditor?

This is unlikely to be appropriate.  The independent monitor should be a professional with detailed knowledge of the type of construction being undertaken (so that she/he can identify possible corruption during the project).  A financial auditor on the other hand is likely to be an accountant who is skilled in financial control.  It is unlikely that a financial auditor would have the necessary skill to be an independent monitor.

Updated on 18th October 2021