Ehsaas Governance and Integrity Policy – July 14, 2019

For ancillary organizations of the Poverty Alleviation and Social Safety Division (PASSD)

All ancillary organizations of the Poverty Alleviation and Social Safety Division (PASSD) are directed to comply with the following governance parameters. The purpose is to build systems that limit opportunities for corruption, and to promote efficiency, transparency and accountability for results and compliance with rules. These measures are meant to make organizations involved in delivery of welfare, effective and responsive to the needs of those who they are meant to serve, and to ensure rule-based control on the use of public resources.

1. All organizations must comply with the stipulations of their respective legal instruments/governing law. Public sector companies need to comply with Public Sector Companies Corporate Governance Rules 2013 (amended in 2017). A governance roster should be developed to ensure that the Board is convening, at a minimum, as required by law.

2. Board sub-committees on Finance, Human Resource and Audit must be constituted and should be enabled to meet regularly to thoroughly debate agendas before they are brought to the Board. Organizations having a budget of one billion rupees or more should also establish the Board Risk Assurance sub-committee.

3. The organization must have a board-approved conflict of interest policy applicable to members of the Board, management, employees, consultants and anyone acting on behalf of the organization. Such a policy should clearly lay down circumstances where a person may be deemed to have actual or potential conflict of interest, and the procedure for disclosing such interest. All board members must be required to sign conflict-of-interest declarations every year. At every board meeting, it should be affirmed by board members that there has been no change in their status. The Conflict of interest policy should be duly enforced. When a person has a Conflict of Interest related to an agenda item to be discussed, that person must remove themselves from any discussion, decision or action related to that agenda item. A “register of interests” should be maintained.

4. Certifications should be offered to board members under an appropriate program, e.g., through the Pakistan Institute of Corporate Governance to ensure that board members are well conversant with their role.

5. Each organization should develop clearly laid out policies for each functional area with regard to project operations, administration, financial management, risk management, human resource management, procurement management, monitoring and evaluation and internal audit and others that may be relevant (e.g. with regard to the organization’s oversight, and normative roles). Each policy should be approved by the Board and should be clearly posted on the organization’s website. The covering page of each policy should have a document control list. An organization-wide timetable of policies should denote date of approval, version, the term for which policies are effective, and timeline to commence process for renewal.

6. The Board should establish appropriate arrangements to ensure it has access to all relevant information (audit reports, third party assessments of any kind), advice and resources necessary to enable it to carry out its role effectively. Significant issues should be placed before the Board for its information and consideration, in order to formalize and strengthen the decision-making process.

7. Each organization must have a board-approved Whistle Blowing Policy and develop a plan to communicate it to staff, effectively. The policy should be clearly accessible through the website and social media channels.

8. Each organization should develop a Gender Policy and integrate the gender perspective in every aspect of governance, the process of policy formulation, operational functioning and in data capturing.

9. In line with the provision of “The Protection against Harassment of Women at the Workplace Act 2010” all the organizations are required to adopt an Internal code of conduct and a complaint/ appeal mechanism aimed at establishing environment free of intimidation and abuse. In pursuance of subsection (1) of Section (3) of the Act, the competent authorities must constitute an inquiry committee to address all such harassment related complaints.

10. A comprehensive Risk Register and risk assurance and management objectives should be developed for each organization, which define risks; their category (operational, financial, reputational, legal etc.) and the means of risk mitigation. Organizations should be able to identify and respond to changing and emerging risks. Risks should be categorized as high, medium and low so that tracking of high risks can be done on a priority basis. Assurance arrangements including but not limited to internal audit, external audit, IT audit, review of policies, impact assessments, spot checks, cash-flow tracking exercises, procurement reviews, beneficiary feedback etc. should be applied depending on the nature of risks. Necessary risk mitigating actions should be mapped on a detailed workplan with specific timelines and accountabilities with regard to implementation. This should include error fraud and corruption-related risks, and encompass prevention, detection, deterrence and monitoring-related risks.

11. Every organization must have an adequately-staffed and qualified Internal Audit department/team that should be given sufficient financial resources and unlimited access to information and records. Internal audit should develop a risk-based audit plan. The head of the internal audit department should report to the Board Audit Committee chair, and not to the management and his/her Annual Confidential Report should be written by the chair of the Audit Committee.

12. IT security department must be developed in organizations involved in digital transfer of benefits to beneficiaries, to ensure data integrity and to hedge against abuse and hacking. Holistic security controls must be developed as per international security standards with regard to IT infrastructure, IT application, databases, and cyber security vigilance.

13. An Accountability and Integrity Officer must be appointed in every organization and should be given the mandate to monitor the Risk Register, maintain the conflict of interest log, follow-up progress made against recommendations of internal and external auditors and third-party monitoring agents. That person should report to Audit Sub-Committee of the Board on quarterly basis.

14. Every organization should have a mandatory external audit of financial statements by an external audit firm in addition to the audit conducted by the Auditor General of Pakistan on an annual basis.

15. To strengthen fiduciary systems and financial management and to institutionalize risk management and assurance, appropriate accounting systems must be put in place. Financial management policies should provide process-level guidance. Segregation of duties among ordering, receiving, recording/payment processing and bank reconciliation processes should be ensured. Delegation of Powers should be defined for different operational activities. Payments should be processed after checking evidence of approval of activity from competent authority as per delegation of power, availability of budget, three-way match of (i) Purchase Order/Contract, (ii) Goods Receipt Note/Service Completion Certificate and (iii) Invoice.

16. To strengthen procurement systems, a comprehensive procurement manual providing procedural level guidance should be developed in line with Public Procurement Regulatory Authority Rules. Annual procurement plan should be approved by principal accounting officer. A Procurement committee should ensure transparency in procurement transactions and in dealing with the suppliers.

17. To promote transparency, each organization must publish its audited entity/project financial statements, annual progress reports, applicable policies and procedures on their websites. Letters to the Board and letter to the management by the Auditor should also be made accessible. Competition should be encouraged in procurement/recruitment processes. Recruitments/procurements must be carried out on the basis of clear and appropriate rules and procedures that are applied consistently to all potential candidates/bidders.

18. In order to promote a culture of evidence-based decision-making, appropriate information systems should be deployed (Management Information Systems) and relevant, reliable, accurate and up to date information should be presented to Senior Management/Board/Sub-committees of Board for decision making. Monthly financial and progress reports should be presented to senior management and quarterly financial and progress reports should be presented to Finance and Programme Sub-committees of the Board respectively.

19. Efficient and effective rule-based control on government functioning is necessary in an environment where predatory behaviors loom large. Bureaucrats and staff should be encouraged to conform conduct and decision-making to stated norms in order to avoid arbitrariness. Integrity and rule-based functioning should be honored and rewarded by the Board.

20. Each organization must have legally enforceable conduct rules, also comprising principles of behavior for staff. Their legal obligations should be binding and clear and these should be duly communicated to the staff. The rules should be placed on the website.

21. Training must be introduced for staff in the area of prevention, detection, deterrence and monitoring of error, fraud and corruption.

22. Human resource hiring, and deputations should be pursued through an open competitive basis without exceptions and should be rule based. The HR Committee of the Board should oversee resource hiring.

23. A formal handover process should be developed for outgoing Board, and senior management to enable smooth transition of responsibilities so that strategic policy and tactical positions are communicated to the successor Board/staff.

24. Every organization should have a detailed itemized, department-wise weekly work plan with responsibilities and accountabilities clearly defined for delivery and KPIs linked to delivery on workplans.

25. Each organization should fully convert to e-office and maintain and electronic trail of communication by the end of September and, amongst other things also draw on this tool for reporting on HR performance.

26. Engagement with the private sector and donation acceptance should be in compliance with PASSD’s private sector engagement and donation acceptance policy.1

27. Service level agreements are mandatory in contracts with organizations that are involved in servicing the poor. Special attention must be given to other instruments for quality control.

28. Organization’s involved in providing assistance to beneficiaries must develop effective complaints management and grievance redressal systems. This should also encompass complaints of embezzlement and fraud.

29. All civil society entities partnering with PASSD and its ancillary organizations need to be certified by Pakistan Centre for Philanthropy (PCP). PCP conducts performance evaluation of Non-Profit Organizations on behalf of Federal Board of Revenue (FBR) and certifies that non-profit organizations meet with the desired requirements of certification standards (notified by FBR) in the areas of internal governance, financial management and programme delivery.

30. Selection of beneficiaries must be strictly rule based.

31. Every organization must develop a monitoring and evaluation mechanism, with related metrics and the independent means of their verification. Implementation research and process learnings for policy must be institutionalized, whereas third party impact evaluations must be planned in an experimental/quasi experimental

will be released shortly

design to gauge the impact of the organizations and their projects on hard social outcomes.
This governance note constitutes initial guidance from PASSD to its ancillary organizations. PASSD will continue to refine this policy note based on lessons leant to make it more robust. To support the implementation of this policy, PASSD has appointed a governance focal person who will facilitate implementation of this Policy.2 PASSD will also strive to aim for economies of scale, through centralization of certain speciality functions; in addition to efficiency and cost saving, this will enable development of centres of excellence within organizations of the Division, e.g. for procurement, IT platforms, complaints management, strategic communications etc.