SAINT stands for Self-Assessment INTegrity, a tool developed by the Netherlands Court of Audit in cooperation with the Ministry of the Interior and the Bureau of Integrity of the city of Amsterdam. By using the SAINT tool, public sector organizations can assess their vulnerability to integrity violations and resilience in response to those violations. SAINT also yields recommendations on how to improve integrity management. This article, based on the SAINT manual, outlines the concept of integrity, the basic principles of SAINT and its components, and its design and operation as implemented in a 1-day workshop.
SAIs are well placed to promote the integrity of the public sector by contributing to accountability and transparency. SAINT may help SAIs to assess integrity risks and the resilience of integrity management systems.
The Concept of Integrity
Integrity is not a simple concept to define. Many overlapping and distinct definitions are used. The term integrity is derived from the Latin in-tangere, meaning untouched. It refers to virtue, incorruptibility, and the state of being unimpaired. Integrity is closely related to the absence of fraud and corruption, but it also entails common decency. In this context, it is a positive and broad concept related to ethics and culture. The SAINT tool also uses a broad and positive definition of the term integrity.
Integrity means more than simply observing rules and laws. The law provides a lower limit and a minimum moral starting point. An integrity policy calls for a combination of repression and prevention. On the one hand, an organization must adopt measures to take if its staff act inappropriately (repression). On the other, it must do all it can to remove temptations that might induce civil servants to act inappropriately (prevention). Priority should be given to prevention. Not only is it is more effective, but on balance the investment is many times smaller than the cost of repairing damage caused by inappropriate behavior.
The Concept of Integrity
The Concept of Integrity
Outline of the SAINT Workshop
SAINT is a self-diagnosis tool that is presented in a 1-day workshop. Table 1 outlines the steps in the process and the order in which they are taken. SAINT consists of four modules that are presented in morning and afternoon sessions.
Module 1a: Analysis of Processes. The first step is to analyze the primary and secondary processes relevant to the organization. By way of preparation, the organization must draw up a full list of its primary and secondary processes and send it to the moderator before the workshop. The workshop can then get off to a "hot start."
Module 1b: Selection of the Most Vulnerable Processes. In this step, an estimate is made of the vulnerability-i.e., the potential exposure to integrity violations-of all the processes named in step 1a. The participants ultimately choose the two or three most vulnerable processes so that the related risks can be identified in the next step (1c).
Module 1c: Analysis of the Integrity Risks of the Most Vulnerable Processes. In this step, participants analyze the integrity risks-i.e., the concrete risks of integrity violations-of the processes selected in step 1b as being the most vulnerable.
The characteristics of a vulnerable process are known from both research literature and practice. They are summarized in table 2.
Processes that have one or more of these characteristics are vulnerable to integrity violations. The left-hand column contains two characteristic elements for assessing vulnerability. Processes in which there is intensive contact with "clients" are more vulnerable to violations because there are more opportunities and temptations. The same is true of processes that involve valuable public assets.
In addition to the vulnerability caused by characteristics of a function or process, factors inherent in certain circumstances can increase vulnerability. Table 3 lists examples of factors that increase vulnerability.
While the factors above are not integrity risks in themselves, they can increase vulnerability because they increase the probability of a violation occurring and the consequences (impact) of a violation.
Using the knowledge about vulnerabilities and risks, the participants analyze the main integrity risks for each vulnerable process. A list of the risks identified for each process is then drawn up.
Module 1d: Selection of the Main Risks. In this module, the main integrity risks are selected from the list drawn up in step 1c. Based on the aggregated individual scores of the participants, the top five greatest perceived risks for each process are listed and consensus is reached on the scores.
Module 2: Assessment of the Maturity of the Integrity Management System. In this module, the participants assess the maturity of the integrity measures that together form the organization's integrity management system. SAINT uses an integrity control framework based on research literature and international standards set by organizations such as the United Nations and the World Bank. The system is divided into 14 clusters, which are subdivided into three blocks (general, hard, and soft controls), as shown in figure 1.
The hard controls are, as the term suggests, concerned chiefly with regulations, procedures, and technical systems. The soft controls are designed to influence behavior, working atmosphere, and organizational culture. The clusters in the general controls category are more wide ranging or have a mix of hard and soft elements.
During the workshop the participants assess the maturity of all the measures by awarding them points. SAINT has a relatively simple classification model consisting of the four maturity levels and associated selection criteria shown in table 4.
In principle, the highest level is the required maturity level. In certain organizations, however, some measures will be less relevant or not applicable. This will become clear when the maturity level is scored and will be taken into account when the measures are prioritized.
Modules 3a and 3b: Management Report and Action Plan. This module reveals the link between the most vulnerable processes (1c) and the measures (2). The central question is which measures are the most appropriate to make the most vulnerable processes more robust. Subsequently, the participants are asked to suggest how the organization can improve and implement the most important measures. These suggestions form the building blocks for the management report and action plan.
Module 4: Evaluation of the workshop. At the end of the SAINT workshop, the participants are asked to answer a series of questions to evaluate the workshop itself.
SAINT in an International Context
The results from the SAINT workshops held in The Netherlands, including one by the Netherlands Court of Audit itself, are very promising. We believe sharing and explaining the concepts of SAINT may be beneficial to other INTOSAI members. However, we feel that pilot workshops may be desirable to further test the tool's applicability in different cultural and technical environments. We also believe that widespread use of SAINT among SAIs would make it possible to learn from others' experiences and would also facilitate further improvement of the instrument itself.
For additional information about SAINT, or if your SAI would be interested in pilot testing the tool, please contact the authors at For additional information about SAINT, or if your SAI would be interested in pilot testing the tool, please contact the authors at email@example.com or firstname.lastname@example.org.