Aadhaar and Audit
Ms. K.Ganga, IA&AS
Ms. Rajalakshmi Devaraj, ADG, UIDAI
Shri N N Subarmaniam, DD, UIDAI
Background
Unique Identification Authority of India (UIDAI) was constituted under the aegis of the Planning Commission primarily to provide (i) unique identification to every resident of the country that is robust enough to eliminate fake and duplicate identities and (ii) an online authentication service that is ubiquitous and cost effective. The UID number (Aadhaar number) establishes uniqueness by the process of biometric de-duplication and the online Aadhaar authentication service enables verification of the identity digitally online anytime and from anywhere. This is a transformational e-Governance initiative aimed at establishment of an identity infrastructure towards providing unique identity to residents, enhancing the quality of service delivery of various social sector schemes of the Government of India, facilitating financial inclusion and development of Aadhaar enabled applications.
Financial inclusion with Aadhaar enabled micropayment infrastructure, aimed at providing access to financial services for the marginalised sections of the society, is a key ‘lighthouse’ application of UIDAI. The technology infrastructure for micropayments is already in place and the Aadhaar enabled micropayment infrastructure is being implemented to complete the micropayments solution. The ability of Aadhaar to uniquely identify a resident electronically makes it a valuable tool and a cost effective electronic payments platform for administration of beneficiary linked social welfare schemes and benefits as Aadhaar serves as a natural payment address on the basis of which funds can be directly transferred to the beneficiaries’ Aadhaar linked account. The Government of India has launched the Direct Benefit Transfer scheme that leverages the Aadhaar enabled bank accounts to transfer subsidies and other entitlements directly to the targeted beneficiary accounts – a paradigm shift from the existing indirect mechanism of regulating and administering subsidies, which is prone to inefficiencies and leakage of Government funds.
Leveraging the Aadhaar platform would result in substantial saving of effort, time and cost for the Government, while enhancing service delivery. In addition it would render full traceability, non repudiation of fund flow from Government to the beneficiaries and sets the tone for enhanced scrutiny by Audit.
The Supreme Audit Institution of India (SAI) which is, inter alia, vested with the responsibility of auditing the Government receipts and expenditures conducts Compliance, Performance and Information Technology audits. The systemic weaknesses and other shortcomings brought out by the SAI form the basis for continuous improvements in processes and procedures. UIDAI and the SAI are therefore in complementary roles.
Aadhaar directly addresses the administration of all benefit linked, subsidy based social programs of the Government and collection of direct tax revenues. The annual expenditure on five such beneficiary linked flagship programs of the Government of India (NREGA, SSA, MDM, IAY and NRHM) and food, fertilizer and oil subsidies during 2011-12 accounted for Rs. 87,800 crore and Rs. 2,11,319 crore1 respectively, which is 20 per cent (approx) of the total Union Government Budget. This apart, the revenue from Income tax for 2011-12 was Rs. 1,64,485 crore. Considering the expenditure on other beneficiary linked programs and those undertaken by the States it is estimated that SAI could leverage Aadhaar for conducting the audit of roughly 25 per cent of the entire Audit Universe.
Mission congruence- UIDAI and SAI:
In pursuance of its mandate of conducting high quality audit and accounting of all Government expenditures and revenues, the SAIs mission envisions promoting transparency, accountability and good governance, while providing independent assurance to all stakeholders, Legislature, the Executive and the Public that funds are utilized efficiently and for the intended purpose. UIDAI also espouses identical values while establishing the identity management infrastructure. Viewed from the functional perspective, the goals pursued by UIDAI and the SAI are also identical as shown below:
UIDAI Goal |
SAI Goal |
Provide a unique identification to each resident of India to eliminate duplicate and fake identities. |
Review of schemes and processes to provide assurance that control mechanisms have been implemented by the Executive to:
- Prevent duplicate and fake identities.
- Prevent leakages and wastages of Government funds.
- Administer the schemes efficiently and effectively.
- Achieve the goals and objectives of the schemes.
- Utilising funds for the intended purposes.
|
Provide online authentication services to curb leakages and wastages. |
Provide a platform for development of Aadhaar enabled applications to enhance the service delivery of social sector schemes. |
Provide an enabling mechanism for targeted delivery of benefits to beneficiaries and direct transfer of subsidies. |
Therefore while on the one hand UIDAI facilitates development of a robust control framework for the various Government departments /other institutions on the other the SAI provides the assurance framework to achieve similar goals.
Roles and Responsibilities of UIDAI
Towards achieving the aforementioned goals, UIDAI is entrusted with certain roles and responsibilities, which among others include the following:
- Generate and assign UID to residents.
- Frame policies and administrative procedures related to updation mechanism and maintenance of UID database on an ongoing basis.
- Define usage and applicability of UID for delivery of various services.
- Define mechanisms and processes for interlinking UID with partner data bases on a continuous basis.
- Ensure standardisation of data elements that are collected and digitised and enable collation with UID and its partner databases.
- Ensure ways for leveraging field level institutions appropriately such as PRIs in establishing linkages across partner agencies.
Approach of UIDAI
UIDAI envisions Aadhaar as the nucleus around which an entire ecosystem would be built leveraging the service delivery potential of Aadhaar. UIDAI has espoused certain fundamental design and implementation principles that significantly promote integration of the diverse technologies deployed by the various stakeholders with Aadhaar and enhance the efficiency of the entire process.
1. Design principles - The following design principles have been adopted:
- Minimalism
- Open standards Architecture
- Interoperability
- Portability
- Application Programming Interface
- Front end simplicity and back end complexity
- Risk mitigation
- No Vendor lockin
- Unified platform approach
- Transparency
- End to end tracking
- Continuous feedback and monitoring
- Constant innovation
- Crowd sourcing
2. Implementation principles
The following implementation principles have been adopted:
- Creation of a large and sustainable Aadhaar eco system:
UIDAI has advocated a partnership model to leverage the existing infrastructure of Government and other institutions and to promote a model for sustainable development of various eco system partners.
- Outcome based approach of implementing and making payments for various project elements:
This is a paradigm shift from the conventional model of reimbursement of actual costs and does not involve micro management, while affording freedom, motivation and incentive to implementers to maximize the output or its quality and ensuring that the outcome has been achieved as envisaged before payments are released for the project component.
- Flexibility within a standardized framework:
UIDAI has ingrained flexibility wherever feasible to enable the various stakeholders to adopt varied approaches within a standardised framework and affording the element of choice to residents. Enabling, encouraging and emphasising this to the stakeholders has been a very important part of UIDAIs approach
- Handholding approach:
UIDAI has advocated a model whereby template RFPs/RFQs have been prepared by UIDAI for the various stakeholders and has empanelled agencies/firms who understand the concept and approach of Aadhaar, which have enabled adoption of efficient models.
- Incentive compatible approach:
The distinguishing features of Aadhaar platform would most certainly drive the redefinition of process flows across various domains. UIDAI has advocated an incentive compatible approach to enable this transformation.
Distinguishing features of Aadhaar platform
The intrinsic value of Aadhaar vis-a-vis other IT endeavours is undoubdtedly its twin features of uniquely establishing the identity of a resident through biometric attributes and verifying the identity of a resident online. These features enable complete end to end trackability, including the last mile trackability of the end user/beneficiary, which in itself is a landmark accomplishment as it undeniably evidences actual consumption of goods and services.This cutting edge information can be harnessed by the Government departments/Ministries/ other stakeholders and used as a foundation to transform and redefine the nature, extent and timing of core processes to enhance efficiency and effectiveness of service delivery.The interoperable Aadhaar enabled payments architecture leverages these attributes and eliminates process delays, leakages and wastages of Government funds/revenues while ensuring an enhanced quality of service delivery.
Challenges in the existing eco system
The Ministries/Departments implementing various beneficiary linked social sector and welfare schemes and collecting revenues from residents are in various stages of computerisation. While some of them still operate on the traditional manual system, others have created Information and Communication Technology infrastructure and have automated their core processes. These automations, however, do not provide the visbility of benefits/entitlements reaching the intended end users/beneficiaries. The Administrative Reforms Commission after obtaining inputs from the SAI,among others, has also highlighted the lack of visibility in the existing system with reference to the end user of the funds provided by the Government.
Further, data is generated from multiple sources and the manual databases are error prone. Consequentially, decisions taken based on inconsistent information/ data are inherently flawed and the administration of the schemes/welfare programmes are susceptible to ineffectiveness and inefficiency.The various Reports of the SAI have highlighted the inconsistent and unrealibale data being genertated in the present system. Cases in point are the latest Performance Audit Reports2 on National Rural Health Mission and Mahatma Gandhi National Rural Employment Guarantee Scheme, which point out wide variations in data raising serious questions on data reliability. A representational case extracted from the Report on National Rural Health Mission on data relating to Janani Suraksha Yojana reported by the various field locations is as follows:
- As per the data available with the Ministry, the number of domicilairy deliveries were ‘Nil’ in Andhra Pradesh, Bihar and Chandigarh while in the audited districts alone the records of the DHS indicated 1,81,748, 10,193 and 11,079 domiciliary deliveries respectively during the period 2005-08.
- In Bihar the inconsistency noticed in data related to institutional deliveries and payments made to beneficiaries in the audited districts were as follows:
Year |
No of institutional deliveries |
No of beneficiaries who were paid incentives |
|
As per DHS |
As per records of Health Units |
As per DHS |
As per records of Health Units |
2005-06 |
856 |
2344 |
Nil |
Nil |
2006-07 |
24079 |
17079 |
13590 |
7558 |
2007-08 |
157277 |
113344 |
137891 |
92634 |
Total |
182212 |
132767 |
151481 |
100192 |
Similarly, the Performance Audit Report on Mahatma Gandhi National Rural Employment Guarantee Scheme has concluded that the deficiencies of non maintenance and improper maintenance of basic records were in the range of 18 to 54 per cent of the test checked Gram Panchayats and that data in the present form was not susceptible to evaluation of the envisaged outputs and outcomes of the scheme. The SAI had observed that even electronic data pertaining to the scheme was replete with deficiencies and inconsistencies as illustrated below:
Extracts of deficiencies pointed out in the Report |
Detailed reference |
Ambiguous/ invalid names of registered beneficiaries were observed in 1,23,849 cases across 18 States, which rendered tha data unsuitable for (i) verification of existence of same beneficiaries more than once in the data base and (ii) cross verification with other data bases such as Census, Election Commission etc |
Chapter 12, with details in Annex 12 B of the Report |
Invalid House Nos of registered households were observed in 6,42,14,836 cases across 19 States due to which the physical availability of the beneficiaries was not susceptible of verification. |
Chapter 12, with details in Annex 12 C of the Report. |
From the Auditors perspective, availability of reliable data/information is the foundation of any audit of economy, effectiveness and efficiency else the conclusions drawn based on unreliable data are liable to be drastically skewed. In the existing system, which does not provide authentic data on end users/beneficiaries and data is generated through multiple sources in the system, Auditors sieve through unmanageable and complex data and apply corroborative procedures to assess the reliability of data.
Aadhaar with its unique features provides a technology driven solution to overcome the opaqueness and limitations of the existing eco system and is distinctly different from the other IT initiatives developed thus so far. By enabling end use tracking, non repudiable data is collected at source in a structured form serving as a single source of truth, which is continuously updated on an ongoing basis. Reliable electronic data collected and integrated in a standardised form would be readily available to Audit. The robust Aadhaar architecture therefore enables end use tracking, enhances the effectiveness of control framework, eliminates intermediary processes, promotes transparency, aids good governance and enables enhanced scrutiny by audit as discussed in greater detail below.
How SAI can leverage post Aadhaar eco system
In the post Aadhaar eco system, the SAI would therefore be able to leverage Aadhaar in the following ways:
1) Strategic Planning: As mentioned above, Aadhaar could be leveraged for about 25 per cent of the entire Audit Universe. In the post Aadhaar eco system this section of the Audit Universe would be characterized by high visibility of the end to end processing, availability of reliable real time data and meta data that describe the processes. These features enable Auditors to perform an enhanced assessment of the internal control framework and evaluation of risks facilitating Auditors to judge the extent of reliance that can be placed on the control framework. Since the post Aadhaar eco system facilitates an objective assessment of the control framework and associated risks, the SAI would be able to implement a scientific risk rating approach for strategic planning and scheduling audits.
2) Audit implementation: Aadhaar Authentication framework enables end user tracking and establishment of a robust electronic audit trail. Auditors would therefore be able to draw reasonable assurance on the adequacy and effectiveness of control framework and compliance requirements with minimum effort and employing comparatively lesser substantive transaction testing procedures. Auditors would be able to focus more on systemic issues, thereby enhancing the efficiency of audit.
3) Innovative evidence gathering: Audit can leverage the Aadhaar Authentication framework as any other user department for verification of identities of beneficiaries and for obtaining other third party confirmations/verifications.
4) Data Analytics: Data interpretation and analysis of complex data of individual schemes/audit areas have been the traditional strength of Auditors. Given that the Aadhaar platform ensures data reliability and the Aadhaar numbers in the data bases serve as a unique key and a common identifier of beneficiaries across various Government schemes and databases, Auditors can now leverage their data interpretation skills and embark on the sophisticated domain of Data Analytics of the entire population.
(a) Leveraging Data Analytical tools and techniques: A variety of tools ranging widely in cost and features – commencing from adhoc capabilities and extending to ones that enable Continuous Monitoring – exist to perform Data Analytics. Data Analytics performed on entire population (100 per cent testing) eliminates sampling errors and their consequential implications. Data Analytics techniques include exploratory data analysis, confirmatory data analysis, predictive analytics, etc. which can be performed on significant processes to:
- Determine the operational effectiveness of the current control environment
- Determine the effectiveness of anti fraud procedures and controls
- Identify business process errors
- Identify business process improvements and inefficiencies in the control environment
- Identify exceptions and unusual business rules
- Identify areas where poor data quality exists
- Perform Root Cause analysis
- Provide assessments of potential cost savings and operational improvements identified through assurance activities.
(b) Aadhaar as the unique key: Aadhaar numbers in the data bases serve as a unique key and a common identifier of beneficiaries across various Government schemes and databases. This unique feature of Aadhaar provides the crucial link and simplifies integration/interlinking of databases and deployment of Data Analytic tools for an in-depth analysis from a cross departmental perspective.
(c) Continuous Auditing: With electronic data across all domains available on real time basis in the post Aadhaar eco system, the integrated system permits adoption of the evolving concept of Continuous Auditing as against the existing mechanism of periodic monitoring and audit. Appropriate Audit software such as Generalised Audit Software, Structured Audit Software, Embedded Audit modules, Integrated Test Facilities, etc. can be deployed for performing Continuous Auditing.
5) Providing actionable recommendations: Data virtualization and reporting provide an integrated end to end view of the entire process using highly granular data, which enhances the auditors’ ability to identify specific operational/process related weaknesses in addition to bringing out systemic weaknesses. In the post Aadhaar eco system, therefore, auditors would be able to provide specific actionable recommendations to the auditee rather than restricting to conceptual, general and broad high level recommendations. The specific actionable recommendations would be comparatively easier to follow up and to monitor compliance.
6) Lower cost of audit: Leveraging the Aadhaar framework universally leads to reduction of costs for all the stakeholders- user departments, residents, financial institutions and audit as it simplifies complex processes leading to minimizing the time, effort and costs. The post Aadhaar eco system will permit better estimation of audit effort and enhance audit management, which would enable the SAI to optimally allocate resources and to deploy cost effective procedures.
Conclusion:
UIDAI is a transformational project aimed at establishment of an identity infrastructure towards providing unique identity to residents and enable usage and applicability of Aadhaar in Financial Inclusion and in enhancing the service delivery of various social sector schemes of the Government of India. UIDAI has already enrolled more than 20 crore residents in the pilot phase and expects to enrol additional 40 crore residents by March 2014. UIDAI had initially envisaged a time frame upto March 2017 for completion of enrolments but with RGI also undertaking enrolments in some States/Union Territories the entire population is expected to be covered by March 2015 itself.Aadhaar authentication services have also been rolled out and these services would become ubiquitous once Aadhaar enrolment attains a critical mass in the States/Union Territories. The Central and State Government Ministries/Departments are drawing up roadmaps for integration of various services with Aadhaar. As a logical corollary the assurance procedures of the SAI would require adaptation to the changing order. This article is an attempt to generate an interest amongst members in the SAI to understand and appreciate the uses and applicability of Aadhaar and ultimately leverage the unique features of Aadhaar in providing assurance services.
Source:
1Union Government budget 2011-12
2Report No 8 of 2009-10 and Report No 6 of 2013 (Union Government Ministry of Rural Development) of the Comptroller and Auditor General of India
|