Introduction

Today, many supreme audit institutions are faced with the fact that the traditional “object-oriented” approach – auditing individual organizations, programs, and projects – no longer reflects the actual architecture of public resource management. Sovereign and extra-budgetary funds, central banks, financial regulators, and state-owned enterprises form an interconnected system where risks, decisions, and responsibilities are distributed among different institutions.

The article proposes the possibility of applying a systematic approach to conducting state audits, taking into account ISSAI standards and international experience (EU, Canada, Norway). Based on an examination of the practices of Kazakhstan and the Supreme Audit Chamber of the Republic of Kazakhstan (hereinafter referred to as the SAC), some “blind spots” in the current powers (audit of the National Bank, contracts in the raw materials sectors, extrabudgetary funds) are examined, and a roadmap for reforms is proposed, including expansion of the mandate, access to information while maintaining confidentiality, a methodology for systematic audit planning, and expansion of competencies.

The purpose of this article is to offer a practical vision of how supreme audit institutions (hereinafter referred to as SAIs) can transition from auditing individual entities to assessing the integrity of the entire national resource management system.

1. Why SAI needs a systematic approach

Public finances are managed not only through budgets and ministries, but also through various extra-budgetary funds, state-owned banks, regulators, state-owned companies, and complex contractual relationships. Thus, the management of public resources resembles a network consisting of institutions and mandates.

The traditional approach to auditing facilities in these conditions is fragmented; it does not see the whole system; it poorly identifies risks at the intersection of powers; it does not answer the question of the sustainability of the resource management architecture.

The systemic approach considers entire management systems (e.g., management of oil revenues, financial stability, extrabudgetary funds), rather than individual institutions; it analyzes the distribution of roles and accountability, information flows, and decision-making, assessing systemic risks and policy coherence

Thus, the systemic approach in public audit can be described by three key ideas:

Figure 1 – Systemic approach: the path from object to sustainability

This is fully consistent with the recommendations of ISSAI 100 and ISSAI 300, according to which SAIs should ensure accountability, transparency, and sustainability of public resources by assessing not only the legality of operations but also their effectiveness and management architecture [1].

2. International practice in applying a systemic approach

The experience of a number of SAIs demonstrates how a systemic approach is already being applied in practice.

The European Court of Accounts is shifting its focus from individual programs to auditing major EU policies and instruments (Recovery and Resilience Facility, climate and digital policy, agriculture, tax policy) [2]. The logic of instruments, consistency, and risk management are analyzed.

The Office of the Auditor General of Canada assesses not only the costs of anti-crisis measures (Canada Emergency Wage Subsidy), but also their design, targeting, risks of abuse, and impact on the sustainability of companies, comparing its findings with World Bank studies [3,4].

In resource-dependent economies, SAIs broaden their control over the entire value chain in the extractive sector: licensing, contract terms, revenue collection, and fund management [5]. “The literature on the ‘resource curse’ emphasizes the importance of accountability institutions such as state auditors...” for monitoring contract enforcement and resource management [6]. This is in line with World Bank recommendations and the goals of reducing the “resource curse.”

At the same time, central banks retain their independence: SAIs do not assess decisions on base rates or directly interfere with the powers of central banks, but analyze the implementation of programs with significant fiscal implications (interventions, guarantees, liquidity support programs) [7-9].

Thus, the systemic approach allows SAIs to move from controlling individual expenditures to assessing the integrity of public policies and the financial system as a whole.

3. Kazakhstan: Blind spots in systemic auditing

Kazakhstan illustrates the typical challenges faced by SAIs operating in resource-dependent economies with rapidly developing financial systems.

Financial sector and central bank. The Law on State Audit and Financial Control (hereinafter referred to as the Law) (Article 12) excludes the National Bank of the Republic of Kazakhstan (NBRK) and the financial regulator from the list of entities subject to regular audits [10]. Audits of the use of NBRK assets and trust management of pension assets are only possible on the instructions of the President (Article 12 of the Law) [11]; banking secrecy significantly restricts access to information [12]. As a result, the SAC cannot regularly and systematically assess the relationship between fiscal and monetary policy, as well as the risks to public finances.

Oil, gas, and mineral resource contracts. Despite the high share of revenues from subsoil use, there is no consistent practice of auditing key contracts and the entire chain of “licenses – contracts – revenues – fund – budget.” This is inconsistent with the recommendations of ISSAI and the World Bank on the need for external control at all stages of the value chain.

Extrabudgetary funds. The Supreme Audit Chamber has already begun auditing individual extrabudgetary funds and is expanding their list. However, a unified system and methodology for auditing extrabudgetary funds has not yet been developed, and there is no integrated picture of the entire architecture of public finances.

4. The National Fund of Kazakhstan and the Norwegian Government Pension Fund Global(GPFG)

The National Fund of Kazakhstan is a key element of the public finance system, comparable in role to the Norwegian Government Pension Fund Global (GPFG), which is often regarded as a benchmark for the management of large resource funds. However, in Kazakhstan, many aspects of asset management (operational and IT risks, the full chain of “contracts – revenues – fund”) are not yet accessible to external audit.
The Norwegian model offers practical guidelines:

Table 1. Comparison of the management models of the National Fund of Kazakhstan and the Norwegian GPFG

Aspect	National Fund of the Republic of Kazakhstan	Norwegian Fund (Government Pension Fund Global, GPFG)	Possible guidelines/adaptation for SAC
Functions and role	The savings function is to accumulate assets and ensure their long-term profitability; the stabilization function is a tool for maintaining the liquidity of the National Fund’s assets and the stability of the republican budget [13].	A savings fund based on oil and gas revenues; supports the long-term sustainability of public finances and welfare.	In the course of implementing the stabilization function of the National Fund, it is advisable to ensure maximum transparency of transfers from the fund to the budget, with the possibility of tracking their targeted use in priority areas and assessing the socio-economic effect achieved.
Policy formation and management	The President of the Republic of Kazakhstan makes key decisions on the use of the National Fund, approves reports and the monitoring commission; The Government of the Republic of Kazakhstan organises management and auditing, concludes a trust management agreement with the National Bank of the Republic of Kazakhstan (NBK); The NBK carries out trust management; The National Fund Management Council of the Republic of Kazakhstan (NFMC) makes proposals on the placement and use of assets and considers issues related to the use of the National Fund’s funds; The Monitoring Commission monitors the targeted, lawful, and effective use of funds allocated from the National Fund; The Ministry of Finance sets targets for the use of the National Fund and calculates the amount of the guaranteed transfer, jointly approves the list of oil sector organizations [13].	The Parliament (Storting) sets the legal framework; the Ministry of Finance determines the objectives and strategy; Norges Bank (NBIM) manages the assets under mandate; the NB Supervisory Board is accountable to the Storting; an external auditor and the SAI (Riksrevisjonen) conduct independent audits [15-17].	Create and maintain a “system map” for managing the National Fund (the role of Parliament, Government, Ministry of Finance, NBRK, SAC, etc.) and use it as a basis for audit planning.
Transparency and public accountability	The 2030 Concept sets a course for increasing transparency and accountability in the management of public finances, including the National Fund. There is significant potential for expanding and standardizing public reporting (strategy, risks, incidents, response measures).	High public transparency: detailed annual reports from the Ministry of Finance [15], Norges Bank/NBIM [16], the Supervisory Board, and Riksrevisjonen on strategy, risks, incidents, and management results [17].	Promote the development of standard, comparable public reporting on the National Fund (goals, strategy, risk profile, incidents, and responses to them) and use it as a key input for auditing.
Systematic approach to auditing	The National Fund is a central instrument of stabilization and savings policy. 2030 Concept opens a window of opportunity for introducing a systematic approach to its audit: from mapping the system and interdepartmental roles to assessing the sustainability of risk management and accountability mechanisms.	The GPFG is integrated into a comprehensive architecture for managing oil and gas revenues and fiscal policy; auditing and oversight focus on assessing the entire system of roles, risks, and accountability, rather than merely reviewing individual transactions.	Develop a systematic audit of the National Fund: from describing the entire chain of “resource contracts – revenues – fund – budget” to assessing the consistency of powers, the quality of risk management, and the effectiveness of accountability.
Operational, IT, and cyber risk management, outsourcing	Operational, IT, and cyber risks, as well as outsourcing risks, are critical in the context of digitalization and participation in global markets. 2030 Concept emphasizes the need to improve risk management and data quality throughout the public finance system, including the National Fund [14].	Strong focus on managing market, operational, IT, and cyber risks, as well as outsourcing risks; incidents are analyzed in detail, leading to adjustments in internal control systems and external audits [15-17].	Include IT, cyber, and operational risk assessments in the National Fund’s ongoing audit agenda; rely on specialized IT/cyber audits and stress tests.
External assessments and international expertise	International and independent assessments of the management of the National Fund, IT and operational risks, and compliance with international standards are possible. Monitoring by the SAC. The 2030 Concept involves the active use of best practices and external expertise.	The Supervisory Board regularly engages external expertise (risk management, IT and cybersecurity, outsourcing, crisis management assessments) and uses it to supervise Norges Bank and manage the GPFG.	Regularly engage external reviews (international financial institutions, independent audit firms, international ratings and assessments) as sources of evidence and a basis for developing SAC methodologies.

Note – compiled based on sources [13-17]

5. A systematic approach as a roadmap for SAI development

Based on the Kazakhstani example, a more general roadmap can be proposed for SAIs wishing to implement a systematic approach.

First, gradually expand the mandate to key elements of the system – the central bank (in terms of programs with fiscal implications), sovereign and extrabudgetary funds, and contracts in the raw materials sectors – while simultaneously implementing ISSAI standards into national law as the basis for systemic audit.

In methodological terms, it is important to map resource management systems and use such maps as a basis for risk-oriented and systematic planning, as well as to develop uniform approaches to auditing extrabudgetary and sovereign funds, linked to the overall architecture of public finances.

Finally, investment is needed in skills and organizational development to foster systems thinking, develop data analytics and understanding of IT and cyber risks, create multidisciplinary teams, and actively use INTOSAI platforms to share experiences and conduct external assessments.

Conclusion

A systematic approach allows SAIs to move from auditing “islands” to assessing the integrity of the national resource management architecture. The example of Kazakhstan illustrates the typical challenges faced by SAIs in resource-dependent economies:

A key prerequisite is the expansion of the SAI's mandate to include programs with fiscal implications, including audits of the National Bank, extrabudgetary funds, and strategic contracts in the raw materials sectors. The experience of European SAIs shows that such an expansion of the mandate does not lead to a violation of the independence of central banks, but ensures public control over fiscal risks.

The second critical condition is the establishment of clear procedures allowing SAIs to access the necessary information without violating confidentiality, with a parallel distinction between internal (confidential) and public parts of audit conclusions. The Norwegian model demonstrates that full transparency in the management of public resources is compatible with compliance with the law on secrecy and business confidentiality.

The implementation of a systematic approach requires investment in the organizational development of SAIs. It is necessary to foster systematic thinking among management and auditors, including an understanding of complex interactions in public administration; develop competencies in big data analytics; specialized training in cyber risks, IT security, and digital transformation management; creation of interdisciplinary teams; active participation in international networks (INTOSAI, ASOSAI, EUROSAI) to exchange experience and conduct external evaluations.

Applying a systemic approach can contribute to more efficient use of natural resources, reduced corruption, and strengthened financial stability in these countries.

INTOSAI has already established a conceptual framework for such an approach through ISSAI 100 and ISSAI 300. The next step is to adapt the systems approach in national contexts by moving from auditing individual programs to auditing management systems – sovereign wealth funds, financial stability, resource revenues, and their impact on sustainable development. This requires rethinking the role of SAIs not as controllers of operations, but as strategic partners of the state in ensuring the long-term sustainability of the management of national wealth and the well-being of future generation.

List of sources used

1. INTOSAI. International Standards of Supreme Audit Institutions (ISSAI 100, ISSAI 300.). www.issai.org
2. European Court of Auditors. Multiple reports on EU policies and funds (including the Recovery and Resilience Facility, climate and digital agenda, agriculture, innovation, tax policy). www.eca.europa.eu/en/multiple-reports
3. Office of the Auditor General of Canada. 2021 Reports of the Auditor General of Canada to the Parliament of Canada – Report 7: Canada Emergency Wage Subsidy. www.oag-bvg.gc.ca/internet/English/parl_oag_202103_02_e_43784.html
4. World Bank Group. Policies to Support Businesses through the COVID-19 Shock: A Firm Level Perspective (2021). documents1.worldbank.org/.../Policies-to-Support-Businesses-through-the-COVID-19-Shock-A-Firm-Level-Perspective.pdf
5. World Bank. Oil, Gas, and Mining: A Sourcebook for Understanding the Extractive Industries, World Bank, 2017, p.234. documents.banquemondiale.org/fr/publication/documents-reports/documentdetail/222451496911224999
6. Oil, Gas, and Mining: A Sourcebook for Understanding the Extractive Industries, World Bank, 2017, p.307.
7. European Court of Auditors Publication. www.eca.europa.eu/en/publications?did=44556
8. 2021 Reports of the Auditor General of Canada to the Parliament of Canada - Report 7—Canada Emergency Wage Subsidy. www.oag-bvg.gc.ca/internet/English/parl_oag_202103_02_e_43784.html
9. World Bank Group: Policies to Support for Business through the COVID-19 Shock: A Firm Level Perspective (2021). documents1.worldbank.org/.../Policies-to-Support-Businesses-through-the-COVID-19-Shock-A-Firm-Level-Perspective.pdf
10. Law of the Republic of Kazakhstan “On State Audit and Financial Control” dated November 12, 2015, No. 392-V ZRK. adilet.zan.kz/rus/docs/Z1500000392
11. Law of the Republic of Kazakhstan “On State Audit and Financial Control” dated November 12, 2015, No. 392-V ZRK. adilet.zan.kz/rus/docs/Z1500000392
12. Law of the Republic of Kazakhstan on the National Bank of the Republic of Kazakhstan dated March 30, 1995, No. 2155. adilet.zan.kz/rus/docs/Z950002155_
13. Budget Code of the Republic of Kazakhstan. Code of the Republic of Kazakhstan dated March 15, 2025, No. 171-VIII. adilet.zan.kz/rus/docs/K2500000171#z1439
14. On the approval of the Concept of Public Finance Management of the Republic of Kazakhstan until 2030. Decree of the President of the Republic of Kazakhstan No. 1005 dated September 10, 2022. adilet.zan.kz/rus/docs/U2200001005
15. Ministry of Finance of Norway. The Management of the Government Pension Fund. Annual white papers and reports on the management of the Government Pension Fund Global and Government Pension Fund Norway. www.regjeringen.no/en/whats-new/meldingen-om-statens-pensjonsfond-2025/id3097032/
16. 16. Government Pension Fund Global Annual Report 2024. Norges Bank Investment Management.
17. Norges Bank Investment Management Reports. www.nbim.no/en/news-and-insights/reports/