What is the purpose of an audit?
Every activity has a goal. In some areas, achieving that goal produces a tangible result, such as a product or service. In other areas, it does not. The implementation of preventive measures to strengthen national security is an example of an objective that does not necessarily produce a tangible (or measurable) result: if an attack is thwarted, it may not always be possible to determine whether this was the result of effective preventive measures or some other reason, such as the would-be perpetrator falling ill. As in all areas of life, there is a degree of luck involved.
«As a rule, audits are a preventive measure. They do not necessarily lead to concrete findings, but rather to improvements in the system.»
As a rule, audits are a preventive measure. They do not necessarily lead to concrete findings, but rather to improvements in the system.
As the oversight authority for the intelligence services, we face the dual challenge of making our work tangible to the public and, above all, achieving measurable results in the form of improvements in the services we oversee. Did we achieve this in 2024? This report seeks to answer that question.
First, we had to reiterate the need for the FIS to strengthen its legal and administrative powers in order to provide a professional and harmonious working environment for its staff. The fact that we raised this issue in several areas shows that one audit was not enough. However, there are now signs of greater awareness and organisational developments in the right direction.
In the MIS, we found that risk management, for example in new crisis situations, works pragmatically in the daily work of employees, but is not yet established in administrative processes. The documentation is currently being revised. We are therefore monitoring this issue closely to ensure that management remains in touch with the day-to-day reality of staff.
Sometimes audits show that an area where we make a recommendation needs to be improved before other issues are addressed. We do not intervene indiscriminately, but carry out our audits based on an analysis of current or recurring risks. Services that are going to be audited sometimes make certain improvements in anticipation of an audit.
This report presents summaries of all our audits. This year, the summaries are accompanied by additional information to show the stages of our work, the time taken to reach our conclusions and the number of contacts we had with the audited services.
One final thought on the purpose of audits. Audits are used to promote positive developments, improve poor conditions, identify and correct problems and improve work processes. In other words, audits ensure that tasks are carried out in a professional way rather than based on luck.
I hope you enjoy our report.
Prisca Fischer, OA-IA Head
