Executive summary
The Supreme Audit Institution (SAI) of Mexico, the Superior Audit of the Federation (Auditoría Superior de la Federación, or ASF), recognises the critical role that data and analytics can play in the fulfilment of its mandate and achievement of strategic goals. Within the ASF, its digital transformation work programme emphasises ASF-wide goals and objectives for equipping auditors with the infrastructure, architecture, skills and tools needed to effectively audit in a digital environment. The COVID-19 pandemic has reinforced the need for this programme so that auditors have the necessary infrastructure and tools to audit remotely.
Data-driven risk detection and analytics for identifying corruption, fraud, waste and abuse (i.e. integrity risks), are critical elements of the ASF’s strategy and activities for digital transformation. Taking advantage of data and analytics for identifying and assessing integrity risks does not typically occur in isolation from other data governance or analytics initiatives. For instance, improving data pre-processing for analysing fraud risks can have implications for data management policies and activities in other areas of the ASF’s work, such as conducting performance audits. As a result, the report offers a range of proposals for the ASF to enhance its data governance and embed analytics into its strategic initiatives, drawing from good practices of other SAIs and accountability actors.
At the ASF, analytics and data governance are decentralised and split across multiple teams. For instance, the Special Audit of Financial Compliance (Auditoría Especial de Cumplimiento Financiero, AECF) and the Special Audit of Federal Spending (Auditoría Especial del Gasto Federalizado, AEGF) have developed their own unique initiatives, processes and capacities for analytics. This report also identifies operational priorities for the ASF to build its analytics capacity, particularly with regards to the integrity context, through improved co-ordination, digital skills development, and nurturing a data-centric culture. The review does not provide an exhaustive discussion of all of the ASF’s applications of and capacity for leveraging analytics, or of the numerous ways auditors use data to support their work. The primary objective of the collaboration between the OECD and the ASF was to focus on data and analytics for integrity risk detection and the activities of the key teams working in this area, as identified by the ASF itself.
Chapter 1 emphasises that effective use of data and analytics requires taking an approach rooted in a strategy that all levels are aware of and can support. While the ASF has a digital strategy, which is best reflected in a digital transformation work programme, it does not articulate the use of data and analytics for preventing and detecting irregularities, a key area of the ASF’s investment. Thus, efforts in this area are at risk of being uncoordinated and siloed. A clear strategy, with a unified vision for the organisation, can help the ASF articulate goals and objectives to avoid these pitfalls and instil a culture that promotes decision-driven analytics. In particular, a clearer vision for analytics as it relates to anti-corruption and integrity objectives could help engage leadership, enhance co-ordination, promote data-sharing internally, and facilitate the centralisation of key data activities in this area.
Chapter 1 also stresses the need for monitoring and continuous improvement in recognition of the evolving and dynamic nature of sustaining an analytics capacity. In taking a strategic approach, the ASF could ensure that plans for continuous improvement include periodic monitoring of new and existing initiatives, and assessing their return on investment. Having baselines and clearly defined objectives can improve decision making for new investments and the scaling-up of successful initiatives based on evidence and results.
Chapter 2 explores ways the ASF could benefit from greater co-ordination between the AECF and AEGF, which could include data-sharing pilots, institutionalising a cross-functional capacity, and carrying out an internal assessment to further explore and address capacity gaps. Data on their own do not have intrinsic value. Data become an asset only when applied effectively, and part of this means having the right people and well-co-ordinated institutional structures in place.
Chapter 2 also considers a number of tools and methodologies that are available to auditors to enhance the use of data and analytics for detecting integrity risks and irregularities, such as trend analysis, continuous monitoring through dashboards, and tools that can scrutinise both structured and unstructured data. The ASF could consider these tools, along with creating more robust feedback loops in order to more easily follow up on findings. In parallel, the chapter recommends that the ASF continue to promote a data-centric culture for sustaining future analytics initiatives. This entails building data literacy and a range of skills pertaining to analytics among staff, addressing themes related to privacy, safety, ethics and collaboration.