ISSA Guidelines

Good Governance
ISSA Guidelines on Good Governance

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 3

ISSA Guidelines on Good Governance

The ISSA Guidelines for Social Security Administration consist of internationally-recognized professional
standards in social security administration, and form part of the ISSA Centre for Excellence in Social
Security Administration.

The ISSA Guidelines have been developed by the ISSA Technical Commissions and staff of the ISSA
Secretariat, based on a broad consultation with experts, international organizations and the worldwide
ISSA membership.

English is granted precedence as the authoritative language for all ISSA Guidelines.

The ISSA Guidelines and related resources are available at <http://www.issa.int/excellence>.

While care has been taken in the preparation and reproduction of the data published herein, the ISSA
declines liability for any inaccuracy, omission or other error in the data, and, in general, for any financial or
other loss or damage in any way resulting from the use of this publication.

This publication is made available under a Creative Commons Attribution-NonCommercial-NoDerivs

3.0 Unported License (CC BY-NC-ND 3.0).

License details <http://creativecommons.org/licenses/by-nc-nd/3.0>

International Social Security Association - Case postale 1 - CH-1211 Geneva 22 / Switzerland

www.issa.int

First published 2013

ISBN 978-92-843-1209-2

© International Social Security Association 2013

4 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

Contents
Introduction 9
Objectives of the ISSA Guidelines on Good Governance 10
Definition of Good Governance 11
Governance Framework for Social Security Institutions 13
Financial sustainability 13
Sound investments 13
Member coverage and contributions, and member benefits and services 13
Resource management: Human resources and ICT infrastructure 13
Structure of the ISSA Guidelines on Good Governance 15
Acknowledgements 16
A. Good Governance Guidelines for the Board and Management 17
A.1. Principles and Guidelines for the Board 18
A.1.1. Accountability 18
Guideline 1. Powers and responsibilities of the board 19
Guideline 2. Delegating powers and responsibilities of the board 20
Guideline 3. Independence of the board from political interference 21
Guideline 4. Suitability and competence of members of the board 22
Guideline 5. Legal liability of the members of the board 23
Guideline 6. Performance standards for the management 24
Guideline 7. Strategic planning 25
Guideline 8. Risk management 26
Guideline 9. Internal and external systems of control 27
Guideline 10. Investment management 28
Guideline 11. Financial sustainability of the programme 29
A.1.2. Transparency 29
Guideline 12. Policy on disclosure 31
Guideline 13. Code of conduct 32
Guideline 14. Public reports 33
Guideline 15. Members’ right to information on benefits 34
A.1.3. Predictability 34
Guideline 16. Duties and responsibilities of members and beneficiaries 35

INTERNATIONAL SOCIAL SECURITY ASSOCIATION v

 Guideline 17. Rights and privileges of members and beneficiaries 36
Guideline 18. Consistent application of board decisions 37
A.1.4. Participation 37
Guideline 19. Board representation of stakeholders 38
A.1.5. Dynamism 38
Guideline 20. Implementing rules and regulations for legislation, policy or decree 39
Guideline 21. Leadership and innovation in the institution 40
A.2. Principles and Guidelines for the Management 41
A.2.1. Accountability 41
Guideline 22. Powers and responsibilities of the management 42
Guideline 23. Clarity in powers and responsibilities 43
Guideline 24. Accountability of the Head of Management 44
Guideline 25. Independence of the management from political interference 45
Guideline 26. Suitability and competence of the Head of Management 46
Guideline 27. Legal liability of the management 47
Guideline 28. Strategic planning 48
Guideline 29. Risk management 49
Guideline 30. Internal and external systems of control 50
Guideline 31. Investment management 51
Guideline 32. Financial sustainability of the programme 52
Guideline 33. Performance standards for management officers and staff 53
A.2.2. Transparency 53
Guideline 34. Policy on disclosure 54
Guideline 35. Code of conduct 55
Guideline 36. Public reports 56
Guideline 37. Members’ right to information on benefits 57
A.2.3. Predictability 57
Guideline 38. Duties and responsibilities of members and beneficiaries 58
Guideline 39. Rights and privileges of members and beneficiaries 59
Guideline 40. Information and communications strategy 60
A.2.4. Participation 60

vi INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 Guideline 41. Participation of stakeholders 61
Guideline 42. Management of stakeholder initiatives 62
A.2.5. Dynamism 62
Guideline 43. Leadership and innovation in the institution 63
Guideline 44. Encouragement of staff involvement 64
B. Guidelines for Specific Areas in Social Security Administration 65
B.1. Strategic Planning 66
Guideline 45. Initiating the strategic planning process 67
Guideline 46. Development of a vision statement 68
Guideline 47. Strategy formulation 69
Guideline 48. Strategy implementation 70
Guideline 49. Strategy diagnosis and performance review 71
B.2. Operational Risk Management 72
Guideline 50. Process model 73
Guideline 51. Scanning and scenario analysis 74
Guideline 52. Clarity of responsibilities and measures in case of an intervention 75
Guideline 53. Aligning and coordinating risk management activities 76
B.3. Internal Audit of Operations 77
Guideline 54. The internal audit charter 78
Guideline 55. Communication between the internal auditor and the actuary 80
Guideline 56. Performance assessment and quality assurance 81
Guideline 57. Implementation and management of audit findings 82
B.4. Actuarial Soundness 83
Guideline 58. Actuarial measures of the social security programme 84
Guideline 59. Actuarial valuations of the social security programme 85
Guideline 60. Changes in contribution rates and benefit entitlements 86
Guideline 61. Investment performance and benchmarks 87
B.5 Enforcing the Prudent Person Principle in Investment Management 88
B.5.1. Guidelines for institutions with internal investment units 88
Guideline 62. Prudent person principle 89
Guideline 63. Investment policies 90

INTERNATIONAL SOCIAL SECURITY ASSOCIATION vii

 Guideline 64. Due diligence 91
Guideline 65. Valuation of the investment portfolio 92
Guideline 66. External safekeeping measures 93
B.5.2. Guidelines for institutions with external fund managers 93
Guideline 67. Selection process for external fund managers 94
Guideline 68. Alignment of incentives 95
Guideline 69. Custody of investment assets 96
B.5.3. Guidelines for institutions with representation on boards of companies 96
Guideline 70. Objectives of representatives on boards of companies 97
B.6. Prevention and Control of Corruption and Fraud in Contributions and Benefits 98
Guideline 71. Prevention and control of corruption and fraud in contributions 99
Guideline 72. Prevention and control of corruption and fraud in benefits 100
B.7. Service Standards for Members and Beneficiaries 101
Guideline 73. Contribution collection services 102
Guideline 74. Benefit distribution services 103
Guideline 75. Developing new services for members and beneficiaries 104
B.8. Human Resources Policies: Development, Retention and Succession 105
Guideline 76. Recruitment, selection and promotion policies 106
Guideline 77. Performance appraisals of personnel 107
Guideline 78. Development and training 108
Guideline 79. Talent management and retention 109
Guideline 80. Succession planning 110
Guideline 81. Personnel morale, compensation policy and decent work 111
Guideline 82. Promoting corporate values 112
B.9. Investments in ICT Infrastructure 113
Guideline 83. Standard policies and procedures 114
Guideline 84. Ex-post evaluation of new ICT infrastructure 115
Guideline 85. Maintenance of ICT infrastructure 116

viii INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Introduction
Good governance is central to the effective delivery of social security and is a priority of the International
Social Security Association (ISSA), which has the constitutional mandate to promote and develop social
security worldwide through technical and administrative improvement.

The ISSA Guidelines on Good Governance seeks to provide a practical and comprehensive reference on
good governance. The guidelines are underpinned by a governance framework that spans the range of
internal governance issues that are involved in the administration of social security programmes. The
guidelines recognize accountability, transparency, predictability and participation as principles of good
governance, and introduce dynamism as an additional important characteristic.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 9

ISSA Guidelines on Good Governance

Objectives of the ISSA Guidelines on Good Governance

The diversity in governance practices around the world is a reflection of differences in the political,
social, economic and cultural histories of countries. There is common recognition, however, that good
governance is aimed at delivering what is mandated and ensuring that what is delivered is responsive to
the evolving needs of the individual and society. Improved education and new technologies have
increased the expectations of the public for accountable and transparent administration, including constant
improvements in the delivery and performance of social services.

Good governance is an important objective for social security organizations and a key principle of the
ISSA. To provide ISSA member organizations with a basic framework on good governance, a project on
governance and social security was included in the Association’s 2008-2010 Programme and Budget. The
ISSA Good Governance Guidelines for Social Security Institutions that was launched at the World Social
Security Forum in Cape Town in December 2010 was an outcome of this project.

The current guidelines are a compendium of the ISSA’s work on social security governance over the two
triennia of 2008-2010 and 2011-2013. They seek to provide ISSA member organizations with guiding
principles and practical guidelines on good governance. The guidelines begin by defining, for the first
time, what the ISSA means by “good governance”. The governance framework that underpins the guide-
lines aims to give the user an overview of the range of internal governance issues involved in social
security administration.

The ISSA Guidelines on Good Governance presents a virtual checklist of the essential elements which
would help engender and support good governance within the institution. Suggestions are given on how
to apply each guideline by describing governance structures and mechanisms that would facilitate its use.

The ISSA Guidelines on Good Governance provides a basis on which the ISSA Secretariat will continue to
develop further tools to facilitate capacity building and support the efforts of members to promote and
improve the governance of their institutions, including training modules, e-learning applications, and
indicators and benchmarks for good governance.

Presently, the guidelines are focused on the internal governance of a social security institution and
on nine specific areas that are among its major concerns. Future work remains for developing guide-
lines in other specific areas of operation that are of equal importance to social security administration.
Governance guidelines which span the interaction and coordination between the social security institu-
tion and other agencies, including stakeholders and the political authorities, may likewise be developed
in the future.

10 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Definition of Good Governance

The concept of governance is understood in many ways by different people. Its definition often depends on
the goals to be pursued, the entities involved, and the socio-political environment within which these goals
are to be achieved.

Many definitions of governance focus on processes, structures and arrangements that pertain to the
administration of an entity or unit of organization. The ISSA aligns its definition of governance with
those that underscore the exercise of authority and power. The Asian Development Bank (ADB) describes
governance as “the manner in which power is exercised in the management of a country’s economic and
social resources for development”. Similarly, the World Bank refers to governance as consisting of the
traditions and institutions by which authority in a country is exercised.

In the context of social security administration, the ISSA defines governance as the manner in which the
vested authority uses its powers to achieve the institution’s objectives, including its powers to design,
implement and innovate the organization’s policies, rules, systems and processes, and to engage and
involve its stakeholders. Good governance implies that the exercise of the vested authority is accountable,
transparent, predictable, participative and dynamic.

Various authors define and associate a number of principles with good governance, four of which are of
particular relevance to social security institutions: accountability, transparency, predictability and
participation. The ISSA includes dynamism as a fifth principle to characterize good governance. Each of
these principles reinforces the four others. Observing one principle facilitates the practice of the other
principles, thereby creating a virtuous environment for good governance. In the context of social security
administration, the principles are defined in the literature as follows.

Accountability is the ability to hold legally responsible the officials who are in charge of the institution. It
requires establishing norms and standards to evaluate the achievement of the institution’s mission, and a
well-functioning system of redress that protects the interests of stakeholders and deters mismanagement
and deviations from the institution’s mandate. As trustees, social security administrators are responsible,
and hence accountable, for managing the programme prudently, efficiently and equitably.

Transparency is the availability and accessibility of accurate, essential and timely information to ensure that
stakeholders are well informed of the true state of the social security programme and how it is being
managed. Transparency in the decision-making process promotes honesty, integrity and competence, and
discourages wrongdoing. Clarity and simplicity of rules, systems and processes help to limit the areas that
would require discretion and arbitrariness in programme administration.

Predictability refers to the consistent application of the law and its supporting policies, rules and reg-
ulations. For social security programmes, the rights and duties of members and beneficiaries must be
well defined, protected and consistently enforced. Surprises and sudden changes in contribution rates,
benefit entitlements or other features may seriously undermine the credibility of the programme.

Participation refers to the active education, engagement and effective involvement of stakeholders to
ensure the protection of their interests. The meaningful participation of stakeholders depends on their
access to information about the institution and their capacity to understand and act on such information.

Dynamism is simply defined as the element of positive change in governance. While the other four prin-
ciples of governance may well be applied in the context of maintaining a status quo, dynamism refers to

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 11

ISSA Guidelines on Good Governance

changing and improving on the status quo itself, by doing things more efficiently and equitably, and by
responding to the evolving needs of programme members and beneficiaries, thereby creating new value.

12 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Governance Framework for Social Security Institutions

Most mandatory social security programmes are created by legislation, decree or some official act of
government, to define the mandate of the institution that is responsible for the implementation of the
programme. The mandate often draws a distinction between the “board” and “management”, with the
board as the governing and policy-making body of the institution and the management as the body that
administers the programme and implements the resolutions of the board.

The governance framework that has been developed for these guidelines attempts to span the entire
range of responsibilities of the board and management in social security administration. The framework
describes social security administration in terms of four broad governance areas: financial sustainabil-
ity; sound investments; member coverage and contributions, and member benefits and services; and
resource management, in particular, human resources and information and communication technologies
(ICT) infrastructure. The scope of each of these governance areas is briefly summarized below.

Legislation, decree or policy will establish the governance scope of the institution. For example, there
are programmes that are wholly tax financed and hence have no mandate to collect contributions; some
have no investment reserve funds, others have units to manage fund investments, while some have fund
management institutions that are wholly separate and independent from those that administer member
contributions and benefits.

Financial sustainability
The board and management are duty bound to maintain an adequate level of funding to deliver the
promised benefits to members and beneficiaries, and to ensure the cost effectiveness of the administration
of the social security programme. Maintaining the financial sustainability of the programme and
balancing the inflow of contributions and investment income with the outflow of benefit payments are
some of the key management challenges in this area.

Sound investments
For programmes with an investment mandate, the board and management must ensure that reserve
funds are invested in accordance with basic prudential rules such as profitability, safety, liquidity and
diversification. Framing the investment policy and strategy, portfolio and asset-liability management,
enforcing the prudent person principle, valuation of assets, representation on the boards of companies in
which the institution has significant asset holdings, and policies on investments with socio-economic utility
are some of the issues in this governance area.

Member coverage and contributions, and member benefits and services

The raison d’être of social security institutions is to administer the rights and obligations of members and
beneficiaries. Coverage extension, collection of contributions, adequacy of benefits, distribution of benefits,
quality standards of service for members, and prevention of fraud and corruption in the programme are
some of the central issues in this area.

Resource management: Human resources and ICT infrastructure

The board and management must ensure proper resource management, in particular, the availability of
competent human resources, and efficient ICT infrastructure to support programme administration and

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 13

ISSA Guidelines on Good Governance

operations. Human resources management - attracting, retaining, training, mentoring and compensat-
ing expert, loyal and motivated staff - is key to the successful governance of any organization. Staffing
and compensation, succession planning, merit and performance appraisals, and adherence to a staff
code of ethics are among the key policy instruments to consider in motivating and managing the institu-
tion’s human resources. In the area of ICT infrastructure, the key operational issues include maintaining
the integrity of the member database, evaluation of investments in new ICT, matching existing systems
with new ICT, and integrity and cost effectiveness of backup and recovery systems for the institution.

14 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Structure of the ISSA Guidelines on Good Governance

The following guidelines are organized in two parts.

Part A, Good Governance Guidelines for the Board and Management, provides some guidelines
for the board and the management of the social security institution. The guidelines are aligned with the
five identified good governance principles, including suggestions on governance structures and
mechanisms to enable the implementation of the guidelines.

Part B, Guidelines for Specific Areas in Social Security Administration, addresses nine specific
areas that are of common concern to social security institutions. It begins with three cross-cutting
topics in programme administration:

¡¡ Strategic planning;
¡¡ Operational risk management;
¡¡ Internal audit of operations.
Then, in the area of financial sustainability, the topic is:

¡¡ Actuarial soundness.
In the area of sound investments, the topic is:

¡¡ Enforcing the prudent person principle.

The area of member coverage, contributions, member benefits and services covers:

¡¡ Prevention and control of corruption and fraud in contributions and benefits;

¡¡ Service standards for members and beneficiaries.
The area of resource management covers:

¡¡ Human resources policies: Development, retention and succession;

¡¡ Investments in ICT infrastructure.
Within each part, specific guidelines are grouped according to these elements. They are presented as follows:

Guideline. The guideline is stated as clearly as possible.

Structure. This is the suggested structure that may support the application of the guideline and
facilitate the promotion of the underlying governance principle. A sound governance structure is
essential for the effective functioning of the social security institution. It should ensure an appropri-
ate division of operational and oversight responsibilities as well as the suitability and accountability
of the persons involved.

Mechanism. There are different ways through which a guideline may be implemented. The
suggested mechanisms for good governance are designed to ensure appropriate controls, processes,
communication and incentives which encourage good decision-making, proper and timely execution,
successful outcomes, and regular review and assessment.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 15

ISSA Guidelines on Good Governance

Acknowledgements
Acknowledgements

The ISSA Guidelines for Social Security Institutions were prepared by the ISSA Secretariat with the ISSA
Technical Commissions.

The ISSA Guidelines on Good Governance were produced in 2008-2010 under the auspices of the ISSA
Technical Commission on Organization, Management and Innovation chaired by Errol Frank Stoové of the
Netherlands Social Insurance Bank (SVB) and the ISSA Technical Commission on the Investment of Social
Security Funds chaired by Omar Al-Razzaz of the Social Security Corporation, Jordan, and in 2011-2013
under the auspices of the ISSA Technical Commission on Organization, Management and Innovation
chaired by Adriana Lender of the Swedish Social Insurance Agency. The Guidelines were prepared by a
team at the ISSA Secretariat led by Maribel D. Ortiz. Expert support and contributions were provided in
2008-2010 by Alberto R. Musalem of the George Washington University, Washington, DC, United States;
Hugo Bertin of the University of La Plata, Argentina; and Roberto Calvo of the Universidad Argentina de
la Empresa, Argentina; and in 2011-2013 by Jan-Erik Hunn, Svenja Falk and Carmen Uys of Accenture.

16 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

A. Good Governance Guidelines for the Board

and Management

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 17

ISSA Guidelines on Good Governance

A.1. Principles and Guidelines for the Board

The board is the group of persons who, under the legislation or by-laws establishing the entity, is given
the responsibility to govern the social security programme and to exercise oversight on its administra-
tion. The entity could be a government ministry or department, a statutory body or a private entity.

The 21 guidelines for the board support and promote the following five principles of good governance, as
applied to social security institutions:

1. Accountability

2. Transparency

3. Predictability

4. Participation

5. Dynamism.

Each principle is described briefly. Guidelines are then provided on how each principle may be applied.

A.1.1. Accountability
The principle of accountability is at the heart of good governance. At a political level, it means making rul-
ers accountable to the ruled. To enforce accountability, governance structures and mechanisms are needed
to enable the principals to hold their chosen trustees legally responsible for their acts and decisions.

The board of a social security institution should be accountable to the members, beneficiaries and other
stakeholders of the social security programme. The members of the board should be liable for their
actions as well as for their failures to act. The legal liability of the board members must be defined by the
legislation, policy or decree that establishes the social security programme. As trustees, board members are
responsible, and hence are accountable, for achieving the institution’s mandate and for managing the
programme prudently, efficiently and equitably.

Internal and external governance structures and mechanisms must be in place to ensure the efficiency
of the organization in the way the institutional objectives are set and decisions are taken, implemented
and reviewed.

The board should not be able to absolve itself completely of its responsibilities by delegating certain
functions to the management of the social security institution or to external service providers.

These 11 guidelines will assist the board to promote the principle of accountability in the administration of a
social security institution.

18 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 1. Powers and responsibilities of the board

Legislation, policy or decree defines the powers and responsibilities of the board. The powers
and responsibilities of the board are clearly delineated from those of the management. There
are no areas of ambiguity, dilemma or conflict of interest.

Structure
¡¡ There should be a supervisory authority or external regulatory body to ensure the appropriate
performance of the board.
¡¡ There should be a supervisory authority or external regulatory body to ensure conformity with
the mandated separation of powers and responsibilities between the board and management.

Mechanism
¡¡ The supervisory authority or external regulatory body should conduct regular and periodic
reviews to ensure the appropriate performance of the board.
¡¡ The supervisory authority or external regulatory body should ensure conformity to the separa-
tion of powers and responsibilities between the board and management.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 19

ISSA Guidelines on Good Governance

Guideline 2. Delegating powers and responsibilities of the board

Should the board delegate its functions to a subgroup of the board, to a subgroup of
officers at management level and/or to external service providers, such delegated functions
are well defined, documented, time bound and subject to review and approval by the board.
Legislation, policy or decree provides for the responsibility of the board members for such
delegated functions.

Structure
¡¡ There should be a supervisory authority or external regulatory body to exercise oversight in
ensuring the responsibility of the board for its delegated functions.

Mechanism
¡¡ The supervisory authority or external regulatory body should conduct regular and periodic
reviews to ensure the responsibility of the board for its delegated functions.

20 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 3. Independence of the board from political interference

Legislation, policy or decree provides for the board’s independence from political
interference to implement its mandate by prescribing the selection process and by defining
the grounds for removal from office solely for just cause.

Structure
¡¡ There should be an independent and competent external authority to adjudicate complaints
against members of the board.

Mechanism
¡¡ The legal framework or the by-laws of the social security programme should establish the pro-
cess by which positions on the board are to be filled.
¡¡ Board positions may be filled either through a competitive process or by nominated repre-
sentatives of programme stakeholders, namely, government, employers’ associations, workers’
organizations and member beneficiaries.
¡¡ The board may also have independent experts in social security as board members.
¡¡ Resources for the legal defence of the board should be considered.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 21

ISSA Guidelines on Good Governance

Guideline 4. Suitability and competence of members of the board

The selection process ensures the suitability and competence of the members of the board.
The term of office of a board member and the basis for its renewal (if renewable) are clear
and well defined.

Structure
¡¡ An independent and competent external authority should ensure the compliance of the selection
process with the established suitability and competence standards for members of the board.

Mechanism
¡¡ There should be clear, unambiguous and documented suitability and competence standards
for the positions on the board.
¡¡ There should be an established policy on how these standards may be reviewed and updated.

22 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 5. Legal liability of the members of the board

Legislation, policy or decree establishes the legal liability of the members of the board for
failure to discharge their functions.

Structure
¡¡ There should be an independent and competent external authority that is responsible to take
legal action, when necessary, against the members of the board.

Mechanism
¡¡ The external authority should have investigative powers.
¡¡ The external authority may establish a protection and legal defence programme for
whistleblowers.
¡¡ Stakeholders should be aware of the process to file legal complaints against the members of the board.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 23

ISSA Guidelines on Good Governance

Guideline 6. Performance standards for the management

The board ensures that the institution is performing its mandate efficiently. It establishes a set
of standards and benchmarks to evaluate the management’s administration and
implementation of the social security programmes.

Structure
¡¡ The board should require the management to submit reports that assess the institution’s efficiency
in performing its mandate, using a set of standards and benchmarks established by the board.

Mechanism
¡¡ The board should prescribe standards and benchmarks for key areas of operations, including
efficiency in coverage and collection, operating expenses, adequacy and quality of service to
members, investment returns, prevention of fraud, and others.
¡¡ The reports submitted by the management to the board may be validated externally.
¡¡ The board should ensure that the management adopts a code of conduct and that the com-
pensation scheme for the employees of the institution provides the appropriate incentives for
adherence to this code of conduct and dedication to performance excellence.

24 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 7. Strategic planning

There is a board-approved strategic plan that lays down and spells out the key strategies
and plans of action to be implemented by the management in order to realize and perform
the legislated mandate of the institution.

Structure
¡¡ The board should provide guidance to the management in formulating the strategic plan for
the relevant period. A strategic plan usually spans a period of from three to five years. The
goals, targets, milestones and deliverables of the strategic plan should be further detailed and
rendered precise by annual plans.
¡¡ The management submits for board approval the institution’s strategic plan.
¡¡ The board should hold the management accountable for the satisfactory implementation of
the strategic plan.

Mechanism
¡¡ The management should regularly update the board on the implementation of the strategic
plan and the relevant annual plan that supports it. The update should include an evaluation of
actual performance vis-à-vis the set goals, targets, milestones and deliverables, and
recommendations on policies and measures to further improve performance or fine-tune the
strategic plan to current developments.
¡¡ The board should monitor and review the implementation of the strategic plan, and provide
guidance to the management on how performance may be improved.
Section B.1 provides more guidelines on the strategic planning process, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 25

ISSA Guidelines on Good Governance

Guideline 8. Risk management

The board ensures that the risks faced by the social security institution are properly iden-
tified and managed or averted. These risks may arise in various forms, including but not
limited to strategic, operational, political, economic, regulatory, geographic and demo-
graphic risks.

Structure
¡¡ The board should require the management to identify and study the risks faced by the institu-
tion, to propose policies and implement board-approved measures to manage or avert the risks. ¡¡
The board, as a whole or through a committee or subgroup of the board, should exercise over-
sight on the conduct of these studies by the management.
¡¡ The board should ensure that the management has the capacity to anticipate and evaluate any
and all risks that the institution may face.

Mechanism
¡¡ The management should periodically provide the board with risk studies and reports, and rec-
ommend risk management policies and measures for adoption.
¡¡ The board should adopt the necessary policy measures to minimize the long-term and short-
term impact of these risks on: (a) the financial sustainability of the scheme; (b) fund
investments; (c) member contributions and member benefits; and (d) the human resources and
the ICT infrastructure required for administering the programme.
¡¡ The governance framework defined by the ISSA Guidelines on Good Governance may serve as
a reference point to identify the potential areas that could be impacted upon by the various
risks faced by the institution.
Section B.2 provides more guidelines on operational risk management, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

26 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 9. Internal and external systems of control

Legislation, policy or decree provides for the establishment of internal and external
systems of control for the social security institution.

Structure
¡¡ There should be an internal auditor who reports directly to the board.
¡¡ There should be an external auditor who reports directly to the board.
¡¡ There should be an actuary (internal or external, or both) who reports directly to the board.
¡¡ There should be an independent, external custodian to hold and ensure the safety of the assets
of the social security scheme.

Mechanism
¡¡ Both the internal and external auditors may be mandated to report to the external authority
that has jurisdiction over the social security institution.
¡¡ The custodian should regularly check the assets under custody against the accounting registra-
tion of transactions and balances.
Sections B.3 and B.4 provide more guidelines on internal audit and actuarial soundness, respectively, with
corresponding suggestions on structures and mechanisms to facilitate the application of the guidelines.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 27

ISSA Guidelines on Good Governance

Guideline 10. Investment management

For social security institutions that have an investment mandate, legislation, policy or
decree establishes the general direction of the investment policy and prescribes the types of
allowed investment instruments. Furthermore, in order to maximize the long-term rate of
return on reserves and at the same time mitigate investment risks, the range of
instruments allowed for investments is sufficiently diversified. The board has the
technical expertise to decide on the merits and risks of an investment proposal, using
security and profitability as the main basis for an investment undertaking. Legislation, policy
or decree establishes the legal liability of the board for fraudulent investments.

Structure
¡¡ The role of the board in the investment decision-making process should be clear and unambiguous.
¡¡ There should be an external authority that has the mandate to take legal action against, or
exercise judicial authority over, the members of the board for fraudulent investments.

Mechanism
¡¡ The external authority may establish standards to evaluate the investment performance of the fund.
¡¡ Performance reports submitted by the board to the external authority should be externally validated.
¡¡ The external authority may also establish a protection and legal defence programme for
whistleblowers.
¡¡ Public access to reports should be considered.
¡¡ Section B.5 provides guidelines for: (a) institutions with internal investment units; (b) institu-
tions with external fund managers; and (c) institutions with representation on the boards of
companies in which they have significant asset holdings. Corresponding suggestions on structures
and mechanisms are given to facilitate the application of the guidelines.
The ISSA Guidelines on Investment of Social Security Funds provides guidance on a progressive process
of governance that starts with establishing the various structures involved in the investment process,
through defining their roles and how they interact, to processes to be set up to ensure that governance
objectives are met.

28 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 11. Financial sustainability of the programme

The board implements the established actuarial measures to ensure the financial sustainabil-
ity of each of the social security programmes established by the institution. For institutions
that have investment reserve funds, standards and benchmarks are established for the returns
on investments to support the financial sustainability of the social security programmes.

Structure
¡¡ Legislation, policy or decree should identify the competent authority to determine the design,
the actuarial measures and the financial sustainability principles of the social security scheme, to
decide on any changes in its features, and to ensure compliance with these measures or principles.
¡¡ There should be no conflict of interest between the authority that sets the measures and the
authority that implements these measures.
¡¡ There should be an internal actuary and/or external actuary reporting directly to the board,
to perform regular and periodic actuarial reviews of the different social security programmes
established by the institution.

Mechanism
¡¡ The design and actuarial measures of each of the social security schemes must be documented
and well defined.
¡¡ The internal actuary and/or the external actuary may be mandated to report to the external
authority with jurisdiction over the social security institution.
¡¡ Whether by policy or rule of thumb, a minimum rate of return on fund investments may be
established to support the financial viability of the programme (the so-called actuarial hurdle
rate) and/or ensure the sufficiency of accumulated member accounts for the contingencies
covered by the programmes.
¡¡ The governance framework defined by the ISSA Guidelines on Good Governance may serve as
a reference point to identify the potential areas which could be impacted upon by the various
risks faced by the institution.
Section B.4 provides more guidelines on actuarial soundness, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

A.1.2. Transparency
Open dissemination of key information about the social security institution does not necessarily imply trans-
parency. To be transparent, such information, which is a basic right for stakeholders, members and benefi-
ciaries of the social security scheme, should be timely, reliable, relevant, accurate and objectively verifiable.

Transparency is of the highest importance to enlightened policy-making. It underpins and reinforces the
capacity of the stakeholders to hold responsible the persons entrusted with the management and
administration of the social security institution. It is a prerequisite to effective and meaningful stakeholder
participation. To the extent that it improves the availability and quality of market information, transparency
can significantly lower transaction costs.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 29

ISSA Guidelines on Good Governance

The board should conduct its business in a transparent way, and promote transparency in its
decision-making process and in its relationship with the management, members, beneficiaries and other
stakeholders of the social security programmes.

These four guidelines will assist the board to promote the principle of transparency in the administration of a
social security institution.

30 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 12. Policy on disclosure

The board establishes a policy on disclosure of information that clearly defines the
grounds on which the board may choose to exercise discretion in providing information to
stakeholders.

Structure
¡¡ The public should be informed of the board’s policy on disclosure.
¡¡ An external authority should validate the board’s policy on disclosure of information, including
those instances when the board may choose to exercise discretion in providing information to the
institution’s stakeholders.

Mechanism
¡¡ When the board chooses to exercise discretion in the disclosure of information, the external
authority may impose a time limit on the information embargo, beyond which the board would be
compelled to disclose the information.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 31

ISSA Guidelines on Good Governance

Guideline 13. Code of conduct

The board establishes and abides by a workable code of conduct, which includes a policy
on the disclosure and management of conflict of interest on the part of any board member.

Structure
¡¡ The public should be informed of the board’s code of conduct, including its policy on the dis-
closure and management of conflicts of interest, through the website and other publications of
the social security institution.
¡¡ Board compliance with the code of conduct should be under the scope of the external authority
that exercises oversight on the social security institution.

Mechanism
¡¡ The external authority may require the board to report on its compliance with its code of conduct.
¡¡ The public should have access to such reports.

32 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 14. Public reports

The board regularly, accurately and in a timely manner informs the stakeholders and the
general public on the status of the social security institution and its operations.

Structure
¡¡ The board should require the management to regularly submit timely reports that provide
accurate and comprehensive information on the status of the institution.

Mechanism
¡¡ The reports submitted by the management to the board should be validated by independent
authorities and be made available to stakeholders.
¡¡ The reports should be prepared using internationally accepted standards such as the generally
accepted accounting principles (GAAP) and the international financial reporting standards (IFRS).

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 33

ISSA Guidelines on Good Governance

Guideline 15. Members’ right to information on benefits

Members are informed about the benefits due to them under the social security programmes.

Structure
¡¡ The board should ensure that members are regularly informed about their programme benefits
and about any changes that will affect their current obligations and/or future benefits.

Mechanism
¡¡ The board should direct the management to provide the members of the social security institu-
tion with complete and relevant information and easy-to-understand statements on the bene-
fits due to them through educational campaigns and by any other means deemed appropriate.

A.1.3. Predictability
The legislation, policy or decree that establishes the social security programme normally prescribes its
manner of financing and the benefits to be provided to the covered population.

Predictability refers to the consistent and uniform application of the law, including the rules and regulations
to implement it. Stakeholders are generally averse to sudden or unannounced changes in contributions to
and benefits from the programme. The methodical application of the programme will strengthen
stakeholder confidence and support for it.

Predictability underlines the importance of stakeholder consultation and consensus building prior to the
implementation of any change in the programme. An effective communications strategy and public relations
programme are important in keeping stakeholders informed of developments in the social security scheme,
and their impact on stakeholder rights and obligations.
These three guidelines will assist the board to promote the principle of predictability in the administration
of a social security institution.

34 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 16. Duties and responsibilities of members and

beneficiaries
Members and beneficiaries are regularly and periodically informed of their duties and
responsibilities, as mandated by the legislation, policy or decree that establishes the social
security programme.

Structure
¡¡ The board should ensure that the management regularly and periodically informs members
and beneficiaries of their duties and responsibilities.
¡¡ The board should ensure that the management implements measures to enforce compliance
with these duties and responsibilities.
¡¡ There should be an Ombudsperson or similarly authorized office to provide assistance to members
and beneficiaries with the filing and resolution of complaints against the social security institution.

Mechanism
¡¡ The board may set standards and benchmarks to exercise oversight on the management’s effi-
ciency in enforcing compliance with the programme.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 35

ISSA Guidelines on Good Governance

Guideline 17. Rights and privileges of members and

beneficiaries
Members and beneficiaries are regularly and periodically informed of their rights and privileges,
as mandated by the legislation, policy or decree that establishes the social security programme.

Structure
¡¡ The board should ensure that the management regularly and periodically informs members
and beneficiaries of their rights and privileges.
¡¡ The board should ensure that the management consistently applies the rights and privileges of
members and beneficiaries.
¡¡ There should be an Ombudsperson or similarly authorized office to provide assistance to members
and beneficiaries with the filing and resolution of complaints against the social security institution.

Mechanism
¡¡ The board may set standards and benchmarks to evaluate the management’s efficiency and
consistent application of the rights and privileges of members and beneficiaries.
¡¡ The board should monitor the efficiency of resolving member and beneficiary complaints
against the institution.

36 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 18. Consistent application of board decisions

Decisions of the board are applied consistently and do not affect acquired rights of
programme members and beneficiaries.

Structure
¡¡ When the decisions of the board have a direct impact on the contributions or benefits of any
of the social security programmes, the board should direct the management to implement
such decisions prospectively and consistently, without affecting the rights already acquired by
programme members and beneficiaries.

Mechanism
¡¡ The management should implement safeguards and measures to ensure consistent application
of board decisions including, in particular, those that affect acquired rights of members and
beneficiaries.
¡¡ There should be an Ombudsperson or similarly authorized office to assist members and bene-
ficiaries in the filing and resolution of complaints against the social security institution.

A.1.4. Participation
Participation refers to the effective involvement of stakeholders in the institution’s decision-making
process to protect their interests and to support the social security programme. It is a way of building
partnership between the board and the institution’s stakeholders, allowing better policy-making,
improvement of trust among stakeholders and the enhancement of transparency.

The most solid form of participation is the power to decide. Less extensive forms are participation in the
decision procedures, participation in the nomination of representatives, the possibility to provide advice and
attend meetings, and the right to be informed. Members and beneficiaries must have channels by which
to monitor those responsible for the management of the social security programme. Redress mechanisms
should be in place to empower stakeholders with monitoring, oversight and/or disciplinary powers over
those entrusted with the programme.

This guideline will assist the board to promote the principle of participation in the administration of a
social security institution.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 37

ISSA Guidelines on Good Governance

Guideline 19. Board representation of stakeholders

Legislation, policy or decree provides for the balanced representation of the different
stakeholders on the board of the institution.

Structure
¡¡ An external, competent authority should ensure compliance with the mandated composition of
the board, and ensure the conformity of the selection process to the established suitability and
competence standards for members of the board.
¡¡ It is incumbent upon a new board member to ensure his or her knowledge of the duties and
responsibilities of the office and the working relationships with the management, external
offices and stakeholders.

Mechanism
¡¡ Through their representatives on the board, stakeholders may influence the administration and
management of the social security programme in the promulgation of board decisions which the
management is duty bound to implement.

A.1.5. Dynamism
Dynamism is the governance element of innovation or positive change, the effect of which is to henceforth
improve the efficiency of an organization.

Governance may well be in accordance with the principles of accountability, transparency, participation
and predictability. The principle of dynamism improves on the status quo and enables the institution to be
more faithful to its mandate and to respond to the evolving needs of its members.

A newly appointed social security administrator may choose to maintain the status quo and, if the
previous administrator adhered to the principles of accountability, transparency, participation and
predictability, good governance will continue to prevail within the organization. Alternatively, the newly
appointed authority may opt to improve on the status quo and, through various means, motivate
programme enhancements that build on the status quo. Once an innovation is introduced and adopted, its
positive effects can alter the institution’s operating environment.

These two guidelines will assist the board to promote the principle of dynamism in the administration of a
social security institution.

38 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 20. Implementing rules and regulations for

legislation, policy or decree
There is enough flexibility within the legal framework to allow the institution to introduce
innovations and improvements in the administration and implementation of the social secu-
rity programme, without having to amend the legislation, policy or decree establishing it.

Structure
¡¡ Cognisant of the length of time involved to effect changes in the legislation, policy or decree
that establishes a social security programme, the relevant authority may draw up a separate set of
implementing rules and regulations to cover the administrative and operative details that
support the legal framework of the social security programme.

Mechanism
¡¡ The implementing rules and regulations of the social security programme may be defined by
resolutions of the executive branch of government or at the level of government ministers.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 39

ISSA Guidelines on Good Governance

Guideline 21. Leadership and innovation in the institution

The leadership of the board motivates and inspires the institution to propose and work on
innovations that would increase operational efficiency and improve the implementation of
the mandate of the programme.

Structure
¡¡ The board should promote innovation and positive change within the organization.

Mechanism
¡¡ The composition of the board should allow stakeholders, through board representatives, to
propose innovations to increase the operational efficiency of the institution and improve the
implementation of its mandate.
¡¡ The board should direct the management to establish an evaluation and screening system to
study the merits, risks and feasibility of these proposals.
¡¡ The board should also directly encourage the management to propose innovations.

40 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

A.2. Principles and Guidelines for the Management

The management is the group of persons who, under the legislation or by-laws establishing the entity,
is given the responsibility for the administration and daily operations of the social security programme.
The 23 guidelines for the management support and promote the following five principles of good
governance, as applied to social security institutions:

1. Accountability

2. Transparency

3. Predictability

4. Participation

5. Dynamism.

A.2.1. Accountability
The principle of accountability is at the heart of good governance. At a political level, it means making rul-
ers accountable to the ruled. To enforce accountability, governance structures and mechanisms are needed
to enable the principals to hold their chosen trustees legally responsible for their acts and decisions.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 41

ISSA Guidelines on Good Governance

Guideline 22. Powers and responsibilities of the management

Legislation, policy or decree defines the powers and responsibilities of the management.
The powers and responsibilities of the management are clearly delineated from those of
the board. There are no areas of ambiguity, dilemma or conflict of interest.

Structure
¡¡ Usually, it is the board that supervises and exercises oversight on the management.
¡¡ In some cases, an external supervisory authority may be tasked to supervise and exercise over-
sight on the management.

Mechanism
¡¡ The board or external supervisory authority should conduct regular and periodic reviews of the
management’s performance using established standards and benchmarks.

42 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 23. Clarity in powers and responsibilities

The powers and responsibilities of the Head of Management and senior officers are clearly
defined. There are no areas of ambiguity, dilemma or conflict of interest.

Structure
¡¡ There should be a clear delineation of powers and responsibilities between the Head of
Management and senior officers.
¡¡ The management must ensure the absence of conflicts of interest in appointments of senior
officers to perform concurrent functions.

Mechanism
¡¡ Functions delegated by the Head of Management to a committee or subgroup of senior officers
should be well defined, documented, time bound and subject to review and approval by the
Head of Management.
¡¡ At all times, the Head of Management should be responsible for all functions delegated to others.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 43

ISSA Guidelines on Good Governance

Guideline 24. Accountability of the Head of Management

The objectives and actions of the Head of Management and senior officers are aligned with
those of the board in pursuit of the mandated mission of the institution.

Structure
¡¡ The Head of Management is accountable to the board or to the designated authority, as pre-
scribed by legislation, policy or decree.

Mechanism
¡¡ The board or designated authority should establish standards and performance benchmarks to
evaluate the performance of the management and its Head.
¡¡ The public should have access to these reports.

44 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 25. Independence of the management from

political interference
Legislation, policy or decree provides for the independence of the Head of Management
from political interference by prescribing the selection process and by defining the grounds
for removal from office solely for just cause.

Structure
¡¡ The board or an independent, competent external authority should ensure that the selection of
the Head of Management complies with the established selection process.
¡¡ The board or an independent, competent external authority should be responsible for the adju-
dication of complaints against the Head of Management.

Mechanism
¡¡ The selection and removal processes should be clear, documented and of public knowledge.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 45

ISSA Guidelines on Good Governance

Guideline 26. Suitability and competence of the Head of

Management
The Head of Management is suitable and competent to fill the position in the social security
institution. The term of office of the Head of Management and the basis for its renewal (if it is
renewable) are clear and well defined.

Structure
¡¡ There should be a competent authority (external or internal to the institution) to ensure com-
pliance of the selection process with the suitability and fit and proper standards for the position of
Head of Management.

Mechanism
¡¡ There should be clear, unambiguous and documented suitability and fit and proper standards
for the position of Head of Management.
¡¡ There should be an established policy on how these standards may be reviewed and updated.

46 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 27. Legal liability of the management

Legislation, policy or decree establishes the legal liability of the management.

Structure
¡¡ There should be an independent and competent external authority that is responsible to take
legal action, when necessary, against the Head of Management and/or officers and staff.

Mechanism
¡¡ The external authority should have investigative powers.
¡¡ The external authority may establish a protection and legal defence programme for
whistleblowers.
¡¡ Stakeholders should be aware of the process to file legal complaints against the management.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 47

ISSA Guidelines on Good Governance

Guideline 28. Strategic planning

The management submits for board approval a strategic plan that lays down and spells out
the key strategies and plans of action to be implemented by the management in order to
realize and perform the legislated mandate of the institution.

Section B.1 provides more guidelines on the strategic planning process, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

48 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 29. Risk management

The management ensures that it identifies the risks that the institution faces, proposes
policies and measures to manage or avert these, and implements those that are approved by
the board. These risks may arise in various forms, including but not limited to strategic,
operational, political, economic, regulatory, geographic and demographic risks.

Structure
¡¡ Risk management should be embedded in the organizational structure of the institution.
¡¡ The management should ensure its competence to identify and evaluate any and all risks that
may affect the programme, and recommend to the board the policies and measures to be
taken to protect the institution.
¡¡ The management should assess the long-term and short-term impact of these risks on: (a) the
financial sustainability of the scheme; (b) fund investments; (c) member contributions and
member benefits; and (d) the human resources and the ICT infrastructure required for
administering the programme.

Mechanism
¡¡ The management should require senior officers to regularly and periodically submit studies and
reports that analyse the risks faced by the institution, recommend risk strategies, and imple-
ment board-approved measures to manage or avert any and all risks facing the institution.
¡¡ The governance framework defined by the ISSA Guidelines on Good Governance may serve as
a reference point to identify the potential areas that could be impacted upon by the various
risks faced by the institution.
Section B.2 provides more guidelines on operational risk management, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 49

ISSA Guidelines on Good Governance

Guideline 30. Internal and external systems of control

The accountability of the management is enhanced by internal and external systems of control.

Structure
¡¡ The internal auditor and external auditor should keep the management informed of their work
and conclusions.
¡¡ The actuary (internal or external, or both) should keep the management informed of their work
and conclusions.
¡¡ There should be an independent, external custodian to hold and ensure the safety of the assets
of the social security scheme.

Mechanism
¡¡ Both the internal and external auditors may be mandated to report to the external authority
that has jurisdiction over the social security institution.
¡¡ The custodian should regularly check the assets under custody against the accounting registra-
tion of transactions and balances.
Sections B.3 and B.4 provide more guidelines on internal audit and actuarial soundness, respectively,
with corresponding structures and mechanisms to facilitate the application of the guidelines.

50 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 31. Investment management

For social security institutions that have an investment mandate, the management ensures
that it has the technical expertise to manage the investments of the social security
institution. In particular, it manages liquid assets so as to guarantee the timely and
accurate payment of benefits, in each of the social security programmes run by the
institution. Legislation, policy or decree establishes the legal liability of the management
and/or its designated agents for fraudulent investments.

Section B.5 provides guidelines for: (a) institutions with internal investment units; (b) institutions with
external fund managers; and (c) institutions with representation on the boards of companies in which
they have significant asset holdings. Corresponding structures and mechanisms are provided to facilitate the
application of the guidelines.

The ISSA Guidelines on Investment of Social Security Funds provides guidance on a progressive process
of governance that starts with establishing the various structures involved in the investment process,
through defining their roles and how they interact, to processes to be set up to ensure that governance
objectives are met.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 51

ISSA Guidelines on Good Governance

Guideline 32. Financial sustainability of the programme

The management implements board-approved measures to ensure the financial sustainability
of each of the social security programmes run by the institution.

Structure
¡¡ There should be an internal and/or external actuary to perform regular and periodic actuarial
reviews of the different social security programmes administered by the institution. The actuary
should keep the management informed of their work and conclusions.

Mechanism
¡¡ Both the internal and external actuaries may be mandated to report to the external authority
that has jurisdiction over the social security institution.
¡¡ If necessary, the management should propose measures, for board approval, to ensure the
sustainability of the programme.
¡¡ Actuarial reports should be prepared in accordance with international standards such as those
recommended by the International Actuarial Association.
Section B.4 provides more guidelines on actuarial soundness, with corresponding structures and
mechanisms to facilitate the application of the guidelines.

52 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 33. Performance standards for management

officers and staff
The management establishes a code of ethics and a set of standards and benchmarks for its
officers and staff.

Structure
¡¡ The management should require each unit of the institution to submit regular reports on the
unit’s actual versus target performance.
¡¡ The management should provide the appropriate coordination of the managerial units of the
social security institution.

Mechanism
¡¡ The management should establish and implement a planning and budget process, and a reg-
ular system of monitoring and review.
¡¡ The management should prescribe standards and benchmarks for key areas of operations,
including efficiency in coverage and collection, operating expenses, adequacy and quality of
service to members, investment returns, prevention of fraud, and others.
¡¡ The management should adopt a code of conduct and implement a board-approved compen-
sation scheme that provides the appropriate incentives for adherence to this code of conduct and
dedication to performance excellence.

A.2.2. Transparency
Open dissemination of key information about the social security institution does not necessarily imply trans-
parency. To be transparent, such information, which is a basic right for stakeholders, members and benefi-
ciaries of the social security scheme, should be timely, reliable, relevant, accurate and objectively verifiable.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 53

ISSA Guidelines on Good Governance

Guideline 34. Policy on disclosure

The management implements a board-approved policy on disclosure of information. The
policy identifies the limited instances when the management may choose to exercise
discretion in the disclosure of information to stakeholders.

Structure
¡¡ The public should be informed of the management’s policy on disclosure.
¡¡ There should be complete transparency between the board and the management.
¡¡ The disclosure policy of the management should comply and be aligned with that of the board.

Mechanism
¡¡ When the management chooses to exercise discretion in the disclosure of information, the
external authority or the board may impose a time limit on the information embargo, beyond
which the management would be compelled to disclose the information.

54 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 35. Code of conduct

The management adopts and abides by a board-approved, workable code of conduct for its officers
and staff, which includes a policy on the disclosure and management of conflicts of interest.

Structure
¡¡ The board should ensure that the Head of Management and senior officers comply with the
institution’s code of conduct.
¡¡ The management should ensure that the employees of the institution abide by the code of
conduct for employees of the institution.

Mechanism
¡¡ All officers and staff of the management should sign the code of conduct at the start of their
employment with the institution, and any changes thereto.
¡¡ There should be an office responsible for monitoring and reviewing staff compliance with the
code of conduct, which may include prescribed standards and measures to ascertain
compliance with the code of conduct.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 55

ISSA Guidelines on Good Governance

Guideline 36. Public reports

The management regularly informs the stakeholders and the general public on the status of
the institution and its operations.

Structure
¡¡ The management should ensure that the stakeholders are informed in a regular and timely
manner on the status of the institution and its operations.
¡¡ The Head of Management should require key management units to regularly submit timely
reports that provide accurate and comprehensive information on their areas of operation.

Mechanism
¡¡ The reports submitted by the management to the board should be cross-validated within the
institution and made available to stakeholders.
¡¡ The management should provide stakeholders and the general public with complete and
easy-to-understand statements on the status of the institution and its operations through
educational campaigns and all appropriate communications channels available to the institution
including, in particular, a regularly updated website.
¡¡ The reports should be prepared using internationally accepted standards such as the generally
accepted accounting principles (GAAP) and the international financial reporting standards (IFRS).

56 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 37. Members’ right to information on benefits

Members are regularly and promptly informed about the benefits due to them under the
social security programme.

Structure
¡¡ The management should ensure that members understand and are regularly informed about
their programme benefits and about any changes that will affect their current obligations and/ or
future benefits.

Mechanism
¡¡ The management should provide the members of the social security institution with complete
and easy-to-understand regular statements on the benefits due to them, by any means deemed
appropriate, or at the request of members.

A.2.3. Predictability
Predictability refers to the consistent and uniform application of the law, including the rules and regulations
to implement it. Stakeholders are generally averse to sudden or unannounced changes in contributions to
and benefits from the programme. The methodical application of the programme will strengthen
stakeholder confidence and support for it.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 57

ISSA Guidelines on Good Governance

Guideline 38. Duties and responsibilities of members and

beneficiaries
The management enforces compliance with the duties and responsibilities of the members of
the institution.

Structure
¡¡ The management should adopt and implement measures to enforce compliance with the duties
and responsibilities of the members and beneficiaries of the different social security schemes.

Mechanism
¡¡ The management should adopt standards and benchmarks to evaluate the efficiency, cost
effectiveness and consistency of application of measures to enforce member and beneficiary
compliance with each scheme.
¡¡ A planning, monitoring and review system should be in place to guide and assess actual versus
target performance to enforce compliance.

58 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 39. Rights and privileges of members and

beneficiaries
Members and beneficiaries are regularly and periodically informed of their rights and privileges.

Structure
¡¡ The management should adopt and implement measures to enforce the rights and privileges
of the members and beneficiaries of the different social security schemes.

Mechanism
¡¡ The management should adopt standards and benchmarks to evaluate the efficiency, cost
effectiveness and consistency of application of measures to enforce the rights and privileges of
members and beneficiaries.
¡¡ A planning, monitoring and review system should be in place to guide and assess actual versus
target performance to enforce these.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 59

ISSA Guidelines on Good Governance

Guideline 40. Information and communications strategy

The management establishes an information and communications system to provide accurate
and up-to-date information to the stakeholders of the social security programme. The goal is
to empower stakeholders with a full understanding of the programme and how it is being
governed, to enable their effective participation.

Structure
¡¡ The management should establish an information and communications system to efficiently
and effectively communicate with the stakeholders of the institution and the public at large.

Mechanism
¡¡ The management should adopt standards and benchmarks to evaluate the efficiency and effec-
tiveness of its information and communications system.
¡¡ A planning, monitoring and review system should be in place to guide and assess actual versus
target performance.

A.2.4. Participation
Participation refers to the effective involvement of stakeholders in the institution’s decision-making
process to protect their interests and to support the social security programme. It is a way of building
partnership between the board and the institution’s stakeholders, allowing better policy-making,
improvement of trust among stakeholders and the enhancement of transparency.

60 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 41. Participation of stakeholders

The management maintains open communications with the stakeholders, to encourage
exchange and suggestions on how the institution can be more responsive to their needs
and concerns.

Structure
¡¡ The management should have a dedicated unit in the organization that encourages an active exchange
with members, beneficiaries and other stakeholders on how the institution can better serve them. ¡¡
The management should ensure that stakeholders understand the programme and how it is
being administered, to enable their effective participation.
Mechanism
¡¡ The management should adopt standards and benchmarks to evaluate the efficiency and effec-
tiveness of its communications channels with stakeholders.
¡¡ A planning, monitoring and review system should be in place to guide and assess actual versus
target performance.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 61

ISSA Guidelines on Good Governance

Guideline 42. Management of stakeholder initiatives

Suggestions to improve the institution’s services to its stakeholders are properly evaluated
and, if they have merit, are submitted to the board for information or approval, before
implementation by the management.

Structure
¡¡ The management should establish a process to expedite the evaluation of the merits and fea-
sibility of adopting stakeholder suggestions, which should include an approval system at the
management and/or the board level, prior to implementation.

Mechanism
¡¡ The management should adopt standards and benchmarks to evaluate the efficiency and effec-
tiveness of changes that are introduced at the initiative of stakeholders.

A.2.5. Dynamism
Dynamism is the governance element of innovation or positive change, the effect of which is to henceforth
improve the efficiency of an organization.

62 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 43. Leadership and innovation in the institution

The Head of Management motivates and inspires the institution to propose and work on
innovations that would increase operational efficiency and improve the implementation of
the mandate of the social security programme.

Structure
¡¡ The Head of Management is the leader of the institution.
¡¡ Heads of departments are the leaders of their respective departments.

Mechanism
¡¡ A system should be embedded in the organization’s structure that encourages and processes new ideas.
¡¡ The system should analyse the merits, risks, benefits and costs of a proposal and the feasibility
of its adoption.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 63

ISSA Guidelines on Good Governance

Guideline 44. Encouragement of staff involvement

The management has strong, consistent and enabling human resources policies which would
encourage its officers and staff to propose innovative ideas and positive change.

Structure
¡¡ The management should establish a process to expedite the evaluation of the merits and fea-
sibility of adopting suggestions from its officers and staff, which should include an approval
system at the management and/or the board level, prior to adoption and implementation.

Mechanism
¡¡ The management should have a strong policy that supports the professional development and
the upgrading of skills of its officers and staff.
¡¡ The management may adopt a recognition system to give due credit to those who propose
innovation adopted by the institution.
¡¡ The management should ensure that those who propose innovation do not have a conflict of
interest in proposing the change.

64 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B. Guidelines for Specific Areas in Social Security

Administration
Legislation, policy or decree establishes the breadth of a social security institution’s functions and respon-
sibilities. There are social security programmes that are wholly budget financed and hence would have no
mandate to collect contributions from the population to be covered. For others, coverage and contributions
collection are administered by an office other than that which administers benefits and services. Some
programmes are designed to have no accumulated reserve funds, while others may be authorized to have
internal or external managers to manage fund investments. Yet others have fund management institutions
wholly separate and independent from those which administer member contributions and/or benefits.

Some or all of the following guidelines may be relevant to a particular social security institution, depending on
its mandate. Guidance is provided in nine specific areas of social security administration:

¡¡ Strategic planning;
¡¡ Operational risk management;
¡¡ Internal audit of operations;
¡¡ Actuarial soundness;
¡¡ Enforcing the prudent person principle in investment management;
¡¡ Prevention and control of corruption and fraud in contributions and benefits;
¡¡ Service standards for members and beneficiaries;
¡¡ Human resources policies: Development, retention and succession;
¡¡ Investments in information and communication technologies (ICT) infrastructure.
The guidelines support and promote the following five principles of good governance, as applied to social
security institutions:

1. Accountability

2. Transparency

3. Predictability

4. Participation

5. Dynamism.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 65

ISSA Guidelines on Good Governance

B.1. Strategic Planning

The board and management articulate a strategic plan which spells out the key strategies and plans of
action that will be implemented in order to perform the legislated mandate of the institution. A strategic
plan usually spans a period of from three to five years, is periodically reviewed and fine-tuned, and is
further detailed and rendered precise by annual plans.
These five guidelines will support an institution’s strategic planning activities. The guidelines are
underpinned by a cyclical process of planning, budgeting, implementation, monitoring and review.
Open communications channels are important to facilitate and sustain the buy-in of stakeholders and
the alignment of efforts. Tracking and measurement tools enable continual monitoring and, when necessary,
timely interventions. A review phase will inform the next cycle of strategic planning.

66 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 45. Initiating the strategic planning process

The management provides leadership, sets the priorities and defines the strategic agenda
for the planning period. The management consults the board and key stakeholders of the
institution to define and build consensus on the strategic priorities. External and internal
factors are thoroughly analysed to better position the institution for the future.

Structure
¡¡ The board should provide guidance to the management in the formulation of the strategic plan.
¡¡ The management should initiate a consultation process with internal and external stakeholders
to build consensus on key developments and challenges to be addressed by the strategic plan.
¡¡ The management may invite external experts to provide fresh perspectives, scenario analyses
and state-of-the-art information.
¡¡ The management may have a central planning unit that is responsible for the overall manage-
ment and coordination of the strategic planning process. The main units of the organization
should be involved in the strategic planning process and provide input, feedback and new ideas.

Mechanism
¡¡ The management should lead the planning process and ensure an organization-wide consulta-
tion process in the preparation of the strategic plan.
¡¡ The management should consult internal and external stakeholders for input to the strategic
agenda. Anticipated challenges, needs and concerns of stakeholders should be discussed in an
environment of complete transparency.
¡¡ A central planning unit may coordinate the strategic planning activities of the main units of
the institution. There should be cross-consultations among the main units, with each conducting
its own strategic planning activities and strengths, weaknesses, opportunities and threats
(SWOT) analysis.
¡¡ The management should ensure that the strategic planning process covers the main responsi-
bilities of the institution, including the financial sustainability of the programmes; investment
management; member coverage and contributions, and member benefits and services; and
human and ICT resources. The individual SWOT analyses of the main units would serve as input to
an institution-wide analysis of strengths, weaknesses, opportunities and threats.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 67

ISSA Guidelines on Good Governance

Guideline 46. Development of a vision statement

The strategic plan embodies a clear statement of the institution’s vision for the planning
period. The vision statement is inspiring and easy to communicate. It is guided by the
institution’s mandate.

Structure
¡¡ The management should develop a vision statement that is aligned with the legal mandate of
the institution.

Mechanism
¡¡ The management should consult with internal and external stakeholders to ensure the rele-
vance and timeliness of the vision statement.
¡¡ The management should have open communications channels to involve and to facilitate the
support of internal and external stakeholders. It is accountable for a transparent and partici-
pative decision-making process in formulating the vision.

68 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 47. Strategy formulation

The strategic plan spells out the institution’s plan of action, goals, targets, milestones and
deliverables to achieve its vision. It articulates the programmes and activities to be
implemented, and the management environment that would ensure coherence and
maximize synergies within the institution. The formulation process ensures the
consistency of the strategic plan with the institution’s mandate.

Structure
¡¡ The management may designate a central planning unit to supervise and oversee the strategy
formulation process.
¡¡ All main units of the institution should be part of the strategy formulation process. This includes
those involved in programme financial sustainability; investment management; member cov-
erage and contributions, and member benefits and services; and human and ICT resources.
¡¡ The risk management and change management units should be involved as well as the human
resources, ICT, finance, actuary and internal audit units of the institution.
¡¡ The management should ensure that the strategy formulation process is supported with effec-
tive consultation, coordination and communication.
¡¡ The management should submit the proposed strategic plan for board approval. The plan
should have well-defined goals, targets, milestones and deliverables. It should be supported by a
budget plan of the resources that would support its implementation, such as staff numbers,
competencies and allocation, and ICT support.

Mechanism
¡¡ The vision statement should be translated into specific, measurable, achievable, relevant and
time-bound (SMART) goals, targets, milestones and deliverables.
¡¡ Each section of the strategic plan should be evidence based and supported by complete and
proper staff work, including research, analyses, consultation and coordination.
¡¡ Targets, milestones, deliverables and plans of action should be stress-tested to analyse risk
sensitivities.
¡¡ Ownership and accountability for the goals, targets, milestones and deliverables of the strate-
gic plan should be well defined and clearly established.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 69

ISSA Guidelines on Good Governance

Guideline 48. Strategy implementation

The strategic plan is cascaded to all units of the institution. Implementation is regularly
monitored and assessed. The strategic plan is revisited, evaluated and fine-tuned, if nec-
essary. Management aligns the performance trinity of strategy and vision, leadership and
management, and institutional culture and values in implementing the strategic plan.

Structure
¡¡ The board should hold the management accountable for the implementation of the strategic plan.
¡¡ The management should cascade the strategic plan to all units of the institution. The lines of
responsibility, decision-making, delegation, coordination, reporting and review should be well
defined and well understood.
¡¡ The management may centralize monitoring of the implementation of the strategic plan within
a central planning unit.
¡¡ The management should have open communications channels to facilitate monitoring of the
implementation of the strategic plan.

Mechanism
¡¡ The management should ensure that the strategic plan is translated into department-level
plans and staff responsibilities that are well defined and well understood.
¡¡ The management should regularly update the board on the plan’s implementation vis-à-vis the
set goals, targets, milestones and deliverables.
¡¡ The management should conduct periodic reviews to ensure the satisfactory implementation of
the strategic plan, the cost effectiveness of the budget plan, the efficiency of resource use and, if
necessary, to fine-tune the plan.
¡¡ Departmental performance and the institution’s overall performance should be an integral
part of the staff performance appraisal system.

70 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 49. Strategy diagnosis and performance review

The effectiveness of the strategic plan to advance the institutional mandate is evaluated.
There is an assessment of lessons learnt from achieved goals, delivered targets and proven
strategies, as well as unsuccessful initiatives. The performance review serves as input to the
next cycle of planning activities.

Structure
¡¡ The management may centralize coordination and preparation of the performance review of
the strategic plan within a central planning unit. Human resources, ICT, finance, actuary, inter-
nal audit, risk management and change management units are among the key units involved
in the review.
¡¡ The management should submit to the board the performance review of the strategic plan, with
well-defined recommendations on policies and measures based on results and lessons learnt.
¡¡ The board should review the management report and act on the recommendations in a timely manner.

Mechanism
¡¡ The management should use suitable indicators, standards and benchmarks to assess the
implementation of the strategic plan, including the efficiency and cost effectiveness with which
targets, milestones and deliverables are achieved.
¡¡ Participatory and checks-and-balances mechanisms should be in place to ensure the transpar-
ency and objectivity of the performance review.
¡¡ The management should inform internal and external stakeholders of the results of the perfor-
mance review. There should be open communications and feedback channels with stakeholders.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 71

ISSA Guidelines on Good Governance

B.2. Operational Risk Management

Risk management involves having policies, measures and approaches to manage, mitigate or prevent the
detrimental effects of risks faced by the institution. Whether risks arise from internal or external factors,
the goal is to defuse their detrimental effects on the administration of the social security programme,
including its financial sustainability; fund investments; the management of coverage and contributions,
and the delivery of member benefits and services; and human and ICT resources capacities.

These four guidelines focus on managing operational risks, a daily concern for social security institutions.
They are underpinned by a process model. The institution, having identified the potential points of
vulnerability of its main processes and services, should embed at each point a response system that ensures
active, appropriate and timely measures to contain or prevent the effects of relevant risks.
Operational risk is but one of many risks faced by social security institutions. ISSA guidelines will assist
with managing these, e.g. the governance guidelines on financial sustainability and actuarial soundness
provide guidance on managing actuarial risks to the programme; the governance guidelines on enforc-
ing the prudent person principle and the ISSA Guidelines on Investment of Social Security Funds provides
guidance on managing investment risks; and the governance guidelines on investments in ICT infra-
structure and the ISSA Guidelines on Information and Communication Technology provides guidance on
managing certain types of ICT risks.

72 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 50. Process model

A process model is developed for each administrative area to identify the potential points of
failure, the internal or external events which can trigger risk, and the corrective measures
to be implemented. There is ownership of responsibility for the potential points of failure.

Structure
¡¡ The management should identify and assess the potential risks faced by the institution over a
given timeframe, using a process model for each of the relevant administrative areas.
¡¡ The management may have a core team to perform the task of risk assessment, with the inter-
nal auditor in a central role. External specialists in risk management may advise the management
and the core team.
¡¡ The management should submit for board approval the proposed response measures to actively
manage or prevent the risks faced by the institution, including recommendations to improve
their effectiveness and cost efficiencies.

Mechanism
¡¡ The management should review all process models on an ongoing basis. Process models should
identify potential points of failure that impact upon the continuity of business operations. They
should be stress-tested and challenged with other analyses and information.
¡¡ The management should supervise the development of coordinated responses for each type of risk.
¡¡ The management should calibrate risk response measures according to the expected impacts
and effects on the institution, bearing in mind the following options:
• To transfer the risk, e.g. to an insurer;
• To tolerate risks that have low probability of occurrence or insignificant impact;
• To terminate the risk by dropping the activity associated with the risk; or
• To implement measures to manage the risk.
¡¡ Risk assessment through process models may be automated to provide the management with
an early warning system.
¡¡ The management should monitor and review the effectiveness and cost efficiencies of the risk
management measures.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 73

ISSA Guidelines on Good Governance

Guideline 51. Scanning and scenario analysis

To manage or prevent risks in real time, there is ongoing monitoring of the institution’s
internal and external environment. Risk scenarios are analysed to keep the institution
constantly alert and ready.

Structure
¡¡ The management should ensure ongoing environmental scanning and risk scenario analysis to
evaluate the various risks faced by the institution.
¡¡ The board should exercise oversight on the results of the environmental scanning and risk
scenario analyses.

Mechanism
¡¡ The management should develop a set of risk indicators to monitor on an ongoing basis the
risks faced by the institution. The indicators may be automated to provide the management with
an early warning system.
¡¡ The management may task a core team to be responsible for an early warning system, to create
a list of events and corresponding threats posed to the institution, and to assess the probability of
occurrence of risks. The list should be updated on an ongoing basis.
¡¡ Process models and risk scenarios should be stress-tested and reviewed on an ongoing basis to
ensure the most appropriate corrective strategies and measures are being applied.
¡¡ Environmental scanning and risk scenario analysis are coordinated with the planning and
implementation of the institution’s strategic plan.

74 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 52. Clarity of responsibilities and measures in case of

an intervention
There is clarity in the line of authority and decision-making, and staff roles and responsibilities
to ensure coordinated, appropriate and timely responses to the incidence of risk. There is clear
understanding of the risk to be contained and the corrective measures to be implemented.

Structure
¡¡ The management should ensure that the line of authority and decision-making, and staff roles
and responsibilities are clearly defined, well understood and properly coordinated.
¡¡ The board should exercise oversight on the management’s implementation of approved risk
response measures. The management should keep the board fully informed of the details of any
intervention.

Mechanism
¡¡ A risk intervention checklist should be developed for each administrative area. The checklist
should be periodically reviewed by the management and approved by the board.
¡¡ The checklist should clearly define ownership and accountability for the implementation and
monitoring of the risk response measures.
¡¡ Staff responsible for the intervention procedures should be fully informed and trained to
implement and monitor the appropriate risk response measures.
¡¡ The management should prepare a business continuity plan and an information technology
plan to continue operations under adverse conditions.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 75

ISSA Guidelines on Good Governance

Guideline 53. Aligning and coordinating risk management activities

The management aligns and coordinates risk management activities across the institution to
maximize synergies, avoid gaps and prevent duplication of effort.

Structure
¡¡ The management should ensure that the formulation and implementation of risk management
strategies are aligned and coordinated across the institution.
¡¡ Where risk response measures call for changes in processes and systems, the management
should consider creating a change management team to ensure minimum disruption to oper-
ations and to monitor and coordinate the transition across the relevant units of the institution.
¡¡ The board should exercise oversight of the management’s overall implementation of risk
response measures. The management should keep the board fully informed of these activities on
an ongoing basis.

Mechanism
¡¡ There should be an effective monitoring and communications system to support the implemen-
tation of risk management activities.
¡¡ The management should ensure the availability of adequate human, ICT and other resources to
implement risk management activities in an effective and timely manner.
¡¡ The management should regularly evaluate the effectiveness and cost efficiencies of the risk
management activities.

76 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B.3. Internal Audit of Operations

Internal audit is the central unit that undertakes independent and objective reviews of all areas of operation
of the institution, and verifies and certifies compliance with all pertinent laws, rules and regulations. The
scope of its work is comprehensive. By undertaking independent and objective reviews of policies, opera-
tions, systems and procedures, internal controls, risk management, information management, ICT systems
and governance processes, it promotes a disciplined approach to the overall management of the institution.

The International Professional Practices Framework (IPPF) of the Institute of Internal Auditors is the
conceptual framework that organizes and provides authoritative guidance to internal audit professionals,
including those in the field of social security. These four guidelines elaborate on certain aspects of the
internal audit function which are relevant to social security administration including, in particular,
communication between the institution’s internal auditor and actuary.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 77

ISSA Guidelines on Good Governance

Guideline 54. The internal audit charter

The board or management establishes the internal audit charter of the internal audit unit.
The charter sets out the nature, role, responsibility, status and authority of the unit and
outlines the scope of its work.

Structure
¡¡ There should be a unit in the institution that is dedicated to perform the internal audit function.
¡¡ The internal audit office should report directly to the board. It should be independent of the
management and all other units of the institution whose activities are subject to audit.
¡¡ The board should supervise and exercise oversight of the internal audit office. It may consti-
tute a subgroup of the board with expertise in finance, accounting and auditing as a Board
Audit Committee to oversee the internal audit office on an ongoing basis. The Board Audit
Committee should be responsible for maintaining the working relationship between the board
and management.
¡¡ The management should be responsible for the implementation of all internal control policies,
systems and processes.

Mechanism
¡¡ The internal audit office should submit an internal audit plan for board review and approval.
The plan should be developed at least annually and be oriented toward compliance and
performance improvement.
¡¡ The plan should identify the main risk areas of the institution including those that pertain to
financial sustainability; fund investments; the administration of coverage, compliance,
contribution collection, programme benefits and services; human and ICT resources; and
compliance with all applicable laws, rules and regulations, including procurement and
accounting standards; as well as political and other risks relevant to the institution.
¡¡ The internal audit office should assess the adequacy and effectiveness of control policies and
measures to mitigate the main risks. It should perform its functions according to recognized
international standards such as the International Professional Practices Framework (IPPF) of the
Institute of Internal Auditors, the generally accepted accounting principles (GAAP), and the
international financial reporting standards (IFRS).
¡¡ The management’s appraisal ratings should include adherence to the governing rules of the
institution. Violations or lapses should be duly considered in the ratings.
¡¡ The internal audit office should regularly submit its reports and recommendations to the board,
through the management and the Board Audit Committee.
¡¡ Board-approved recommendations of the internal audit office should be time bound and mon-
itored for compliance. Delays and/or difficulties in implementation should be reported to the
board through the Board Audit Committee.
¡¡ The board should consider having an independent, external and periodic quality assessment of
the internal audit charter (e.g. every three to five years).

78 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

¡¡ The board should consider moving toward “continuous” auditing in pertinent areas. This refers
to the real-time or near real-time capability to check and share financial information -
information is constantly checked for errors, fraud and inefficiencies. This transforms auditing from
being reactive and control based to being more active and risk based, enabling the internal
auditor to identify not only current issues but also possible future concerns.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 79

ISSA Guidelines on Good Governance

Guideline 55. Communication between the internal auditor and

the actuary
When auditing the institution’s reports, the internal auditor and actuary communicate
clearly and effectively. The exchange of information between them neither compromises
nor impinges upon their respective independence.

Structure
¡¡ There should be clarity in the roles of the institution’s internal auditor and actuary.
¡¡ There should be complete transparency between the board, management, internal auditor and
actuary, including in the exchange of information between the internal auditor and the actuary.

Mechanism
¡¡ When necessary, the internal auditor and the actuary should exchange information to ensure
understanding and consistency in the areas where their work interacts. This is especially impor-
tant with the application of professional, technical and ethical standards in the preparation of
the institutional reports that use actuarial methods and/or inputs. For example, the internal
auditor may need to clarify certain points relating to actuarial assumptions, methodologies,
inputs and data to arrive at financial estimates and valuations. Or the actuary may need to
clarify certain points relating to current accounting standards and practices.
¡¡ The exchange of information between the internal auditor and the actuary should be docu-
mented and should conform to best practice and generally accepted principles and standards in
their respective professions.
¡¡ To ensure the independence of the audit opinion, the management may hire an external actu-
ary to assist the internal auditor to assess the reasonableness of the actuarial methods and
assumptions used by the institution’s actuary.

80 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 56. Performance assessment and quality assurance

There is a periodic performance assessment of the internal audit unit. A set of clearly defined
indicators measures its efficiency and effectiveness in improving the institution’s performance.

Structure
¡¡ The board tasks the Board Audit Committee to perform a periodic performance assessment and
quality assurance of the internal audit unit.
¡¡ An external auditor conducts a periodic independent quality assessment of the internal audit
charter and the internal audit function.

Mechanism
¡¡ The Board Audit Committee submits for board approval the key performance indicators that
will be used to measure the performance of the internal audit office. Indicators include
measurements of the timeliness, costs and efficiencies of processes; quality of analyses; and
usefulness and impacts of recommendations.
¡¡ The internal audit report, including a summary of findings, recommendations, and action
plans, is widely disseminated in the institution.
¡¡ The performance assessment may be fully external (e.g. by peer review) or based on a self-as-
sessment of the internal audit office that is then validated by an independent external auditor.
¡¡ The management should ensure, through training and development programmes, that the
skills of the internal audit office remain in line with current internationally accepted standards
and practices.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 81

ISSA Guidelines on Good Governance

Guideline 57. Implementation and management of audit findings

The implementation of audit findings and recommendations are time bound and monitored.

Structure
¡¡ Upon approval by the board, the management ensures the implementation of the audit recom-
mendations within the defined timeframes.

Mechanism
¡¡ The internal audit office has a monitoring system that tracks management actions and their
time to completion.
¡¡ The management cascades the audit recommendations to the units concerned for implementation.
Staff are fully informed of their roles and responsibilities, and the implementation timeframe.
¡¡ The internal audit office submits to the board regular monitoring reports on the status of
implementation of the board-approved recommendations.

82 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B.4. Actuarial Soundness

Depending upon the legislation, policy or decree that establishes the social security programme, the
board and management of a social security institution may be duty bound to maintain an adequate level of
funding to deliver the promised benefits to members and beneficiaries of the scheme, and to ensure the
cost effectiveness of the administration of the social security programme.
In this respect, the key challenges will include defining and maintaining the actuarial soundness of the
fund; adopting and complying with the actuarial measures; balancing the inflow of contributions and
income from investments with the outflow of benefit payments; and benchmarking operating expenses.

These four guidelines will help address the actuarial soundness of a social security programme.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 83

ISSA Guidelines on Good Governance

Guideline 58. Actuarial measures of the social security programme

The actuarial measures of the social security programme are well defined and documented to
enhance accountability, transparency and predictability in the administration of each of the
social security programmes established by the institution.

Structure
¡¡ Legislation, policy or decree should identify the competent authority to determine the design,
the actuarial measures and the financial sustainability principles of the social security scheme, to
decide on any changes in its features, and to ensure compliance with these measures or principles.
¡¡ Legislation, policy or decree should designate an authority to monitor compliance with these
measures, and to deliberate and decide on any proposed changes to the measures.

Mechanism
¡¡ The financial sustainability and actuarial measures of the social security programme should be
well defined and documented. These measures may include policies or rules of thumb on the
minimum actuarial life of the funds, a minimum funding ratio and/or benchmarks for returns on
fund investments.
¡¡ A definition of what an “actuarially sustainable programme” means should be given.
¡¡ The setting authority should prescribe a time period for the board and the management to act
on the findings and recommendations of the actuarial report.
¡¡ The actuarial measures of the programme should be published in easy-to-understand language
for the information of all stakeholders, in particular, with reference to how benefit entitlements
are determined vis-à-vis member contributions.

84 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 59. Actuarial valuations of the social security programme

The programme has regular actuarial valuations to monitor sustainability.

Structure
¡¡ The board and/or management should ensure regular actuarial valuations of the social secu-
rity programme.
¡¡ The actuarial reports should be submitted to the board and management as well as to the compe-
tent external authority that exercises supervision and oversight on the social security institution. ¡¡
There should be an independent office that regularly conducts actuarial reviews and actuarial
valuations of the different programmes.
Mechanism
¡¡ The social security institution should have access to the services of competent actuarial services,
whether internal or external, to conduct periodic actuarial reviews of the different programmes. ¡¡
The preparation of the actuarial valuation reports should comply with international standards
such as those prescribed by the International Actuarial Association.
¡¡ The board and/or management may have an independent validation of the actuarial report.
¡¡ The external authority should prescribe a time period for the board and the management to act
upon the findings and recommendations of the actuarial report.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 85

ISSA Guidelines on Good Governance

Guideline 60. Changes in contribution rates and benefit

entitlements
To maintain its financial sustainability, the contribution rates are set according to the
promised benefits of the social security programme.

Structure
¡¡ It is the responsibility of the board and management to ensure that the promised benefits are
supported by the programme contribution rate to ensure the actuarial soundness of the
programme, as defined by its financial sustainability and actuarial measures.
¡¡ The board and/or management may propose to the designated authority changes in contribu-
tion rates and/or benefit entitlements to ensure the financial sustainability of the programme.

Mechanism
¡¡ The actuarial measures may include benchmarks, leading indicators or trigger mechanisms
to indicate when and by how much contribution rates and/or benefit entitlements should be
adjusted to ensure the financial sustainability of the programme.

86 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 61. Investment performance and benchmarks

For institutions that have investment reserve funds, standards and benchmarks are established
for the returns on fund investments to support the financial sustainability of the programme.

Structure
¡¡ The board or external competent authority should direct the management to establish stand-
ards and benchmarks to evaluate, monitor and review the investment performance of the funds.

Mechanism
¡¡ The management should evaluate, monitor and review the performance of its fund managers,
whether internal, external or both, to ensure that returns to member funds and the cost of fund
management services to members are within the prescribed standards and benchmarks.
¡¡ Whether by policy or rule of thumb, a minimum rate of return on fund investments may be
established to support the financial viability of the programme (the so-called actuarial hurdle
rate) and/or ensure the sufficiency of accumulated member accounts for the contingencies
covered by the programmes.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 87

ISSA Guidelines on Good Governance

B.5 Enforcing the Prudent Person Principle in Investment Management

For social security institutions that have a mandate to manage the investment reserve funds of the
programme, whether through internal and/or external fund managers, the board and the management are
duty bound to ensure that the funds are invested in accordance with basic prudential rules such as
profitability, safety, liquidity and diversification.

There are many areas to be addressed in enforcing the prudent person principle in the investment of
social security funds. These nine guidelines are addressed specifically to: (a) institutions with internal
investment units; (b) institutions with external fund managers; and (c) institutions that have representation
on the boards of companies where they have significant asset holdings.

The ISSA Guidelines on Investment of Social Security Funds provides guidance on a progressive process
of governance that starts with establishing the various structures involved in the investment process,
through defining their roles and how they interact, to processes to be set up to ensure that governance
objectives are met.

B.5.1. Guidelines for institutions with internal investment units

There are many areas to be addressed in enforcing the prudent person principle in the investment of
social security funds. These nine guidelines are addressed specifically to: (a) institutions with internal
investment units; (b) institutions with external fund managers; and (c) institutions that have representation
on the boards of companies where they have significant asset holdings.

88 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 62. Prudent person principle

The investment unit follows the prudent person principle in managing the funds of the
institution. The prudent person principle is integral to the fiduciary duties of the board and
management in administering and managing the funds of the institution.

Structure
¡¡ There should be minimum suitability standards for all staff in the investment unit.
¡¡ All staff should be bound by a code of ethics and conduct.
¡¡ There should be an office external to the investment unit, to monitor compliance with the min-
imum suitability standards and the code of ethics and conduct.
¡¡ To establish clear accountability, the organizational structure of the investment unit should reflect
the investment decision-making process and should embed a system of checks and balances. ¡¡
The internal audit office should dedicate competent staff to the investment unit.
¡¡ There should be an office external to the investment unit to evaluate, monitor and review the
overall risk of the investment portfolio.
Mechanism
¡¡ The management should establish standards and benchmarks to evaluate the performance of
the investment unit, noting that the performance evaluation period should take into consideration
the nature of the assets invested in.
¡¡ Manuals of procedures should document how investment policies are to be implemented in
accordance with the prudent person principle.
¡¡ Compliance with the manuals of procedures must be monitored and reviewed.
¡¡ Staff compensation should provide the appropriate incentives to do right and not to do wrong.
¡¡ The decision-making process must be clear and transparent.
¡¡ The liability of the officers and staff of the investment unit must be clearly established.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 89

ISSA Guidelines on Good Governance

Guideline 63. Investment policies

The investment unit of the institution efficiently implements the investment policies set
out by the board or management.

Structure
¡¡ To establish clear accountability, the organizational structure of the investment unit should reflect
the investment decision-making process and should embed a system of checks and balances. ¡¡
The internal audit office should dedicate competent staff to the investment unit.
¡¡ There should be an office external to the investment unit to evaluate, monitor and review the
overall risk of the investment portfolio.
Mechanism
¡¡ The management should establish standards and benchmarks to evaluate the performance of
the investment unit.
¡¡ Manuals of procedures should document how investment policies are to be implemented.
¡¡ Compliance with the manuals of procedures must be monitored and reviewed.
¡¡ Staff compensation should provide the appropriate incentives to do right and not to do wrong.
¡¡ The liability of the officers and staff of the investment unit must be clearly established.

90 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 64. Due diligence

The board and management have the technical expertise to determine whether investment
proposals have undergone due diligence, and act upon their determination.

Structure
¡¡ The investment unit should have a clear, implementable and verifiable definition of what
due diligence means in general, and set due diligence guidelines for each type of investment
instrument in particular.
¡¡ The investment unit should have clear, transparent and verifiable methods to implement the
due diligence guidelines set by the board and/or management.
¡¡ A competent office external to the investment unit should monitor compliance with the due
diligence guidelines. This may be the internal or external audit office.

Mechanism
¡¡ There should be manuals of procedure on how to conduct due diligence across all types of
allowed investment instruments.
¡¡ The management should ensure that staff compensation provides incentives to do right and
not to do wrong.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 91

ISSA Guidelines on Good Governance

Guideline 65. Valuation of the investment portfolio

The board and management ensure that the valuation of the investment portfolio is in
accordance with international market standards on fair market value.

Structure
¡¡ There should be a unit external to the investment unit to ensure that the investment unit com-
plies with international market standards in the valuation of the investment portfolio, and in the
management and disposal of illiquid assets.

Mechanism
¡¡ The management should prescribe the use of the generally accepted accounting principles
(GAAP) and the international financial reporting standards (IFRS) for the valuation of the
institution’s investment assets.
¡¡ The investment unit should have a manual of procedures consistent with international best
practice on the valuation methodology of investment assets and the management and disposal of
illiquid assets.
¡¡ There should be a manual of procedure consistent with international best practice on the
marking-to-market of the institution’s investment assets and the establishment of allowances for
probable loss.

92 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 66. External safekeeping measures

The board and/or management ensure the professional safekeeping of the investment assets of
the institution.

Structure
¡¡ There should be an independent custodian appointed, reporting directly to the board and/or
management, to ensure the physical safety of the assets of the institution.

Mechanism
¡¡ The custodian should regularly check the assets under custody against the accounting registra-
tion of transactions and balances.

B.5.2. Guidelines for institutions with external fund managers

There are many areas to be addressed in enforcing the prudent person principle in the investment of
social security funds. These nine guidelines are addressed specifically to: (a) institutions with internal
investment units; (b) institutions with external fund managers; and (c) institutions that have representation
on the boards of companies where they have significant asset holdings.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 93

ISSA Guidelines on Good Governance

Guideline 67. Selection process for external fund managers

The board and/or management use best practice to select the fund managers for the
investment reserve funds of the institution.

Structure
¡¡ To enhance accountability, transparency and predictability, there should be a written process,
established in the by-laws of the institution, to select its external fund managers and to establish
the type of mandate given to them.
¡¡ The board should direct the management to document and implement the policies, criteria and
requirements to support the mandated process.
¡¡ The internal audit office should be part of the checks and safeguards to ensure compliance
with the process.

Mechanism
¡¡ The board and/or management should establish minimum suitability standards, performance
history requirements and a code of ethics for external fund managers.
¡¡ The board and/or management should also define the grounds for liability of and mismanage-
ment by the external fund managers.
¡¡ Targets, standards and benchmarks should be established to evaluate the performance of each
external fund manager, noting that the performance evaluation period should take into con-
sideration the nature of the assets invested in.

94 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 68. Alignment of incentives

The board and/or management ensure the alignment of external fund managers’ incentives
with the overall investment objectives of the institution.

Structure
¡¡ The board should establish the policy that sets the standards, criteria and benchmarks for the
evaluation of external fund managers, in terms of variables such as fees, returns and portfolio
composition, among others.
¡¡ The management should ensure that the policy is implemented and adhered to by external
fund managers.

Mechanism
¡¡ The board and/or management should establish targets, standards and benchmarks to evalu-
ate the performance of external fund managers.
¡¡ The board and/or management may use a policy of rewards and penalties to correspond to
the performance of external fund managers above or below pre-set standards or benchmarks,
noting that the performance evaluation period should take into consideration the nature of the
assets invested in.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 95

ISSA Guidelines on Good Governance

Guideline 69. Custody of investment assets

The institution ensures the separation of the investment assets that are managed by external
fund managers from its own operating assets, to enhance accountability and transparency.

Structure
¡¡ There should be a custodian appointed or approved by the board for the safekeeping of the
institution’s assets.
¡¡ The custodian should be independent and not related to the business interests of the external
fund manager.

Mechanism
¡¡ The custodian should regularly check the assets under custody against the accounting regis-
tration of transactions and balances, and regularly report to the board and/or management of the
institution.

B.5.3. Guidelines for institutions with representation on boards of companies

There are many areas to be addressed in enforcing the prudent person principle in the investment of
social security funds. These nine guidelines are addressed specifically to: (a) institutions with internal
investment units; (b) institutions with external fund managers; and (c) institutions that have representation
on the boards of companies where they have significant asset holdings.

96 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 70. Objectives of representatives on boards of companies

The board ensures that its representatives on the boards of companies represent the
interests of the social security institution. To avoid potential conflicts of interest, there
is a priori alignment and compatibility between the institution’s objectives and the
corporate objectives of the company.

Structure
¡¡ There should be a clear, written policy on the role that the institution should play on the boards
of companies in which it has significant asset holdings.

Mechanism
¡¡ Verifying the alignment and compatibility of the social security institution’s objectives with
those of the company should be part of the due diligence process of the board and management. ¡¡
The board must have a system in place to verify that its representatives on the boards of com-
panies uphold the interest of the institution at all times.
¡¡ The board should have a policy to publish how its representatives on the boards of companies
have exercised their votes.
¡¡ There should be a clear policy on the incomes and/or profits that board members are entitled
to, if any, by virtue of their board membership in these companies.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 97

ISSA Guidelines on Good Governance

B.6. Prevention and Control of Corruption and Fraud in Contributions and Benefits
The board and management are duty bound to prevent and control any form of corruption and fraud in the
collection of contributions for and the payment of benefits of the social security programme.
Corruption and fraud undermine the credibility of the programme to stakeholders, which can lead to a
weakening or withdrawal of stakeholder support.

These two guidelines will help prevent and control corruption and fraud in the collection of contributions
and the distribution of benefits.

The ISSA Guidelines on Contribution Collection and Compliance provides further guidance on fraud control
and the implementation of contribution collection processes.

98 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 71. Prevention and control of corruption and fraud in

contributions
The board and management protect the institution from all forms of corruption and fraud in
the collection of programme contributions.

Structure
¡¡ The board should establish the policies and measures to be implemented by the management
to prevent and control corruption and fraud in the collection of contributions.
¡¡ The internal audit office should monitor and audit the performance of control activities against
corruption and fraud, both within the institution and in coordination with entities external to the
institution.

Mechanism
¡¡ The management should design and implement systems and procedures to circumvent all
known and potential modes of corrupt and fraudulent activities in the collection of programme
contributions, focusing on core values which should constitute the basis for the daily operation of
the institution, such as impartiality, legality and integrity.
¡¡ The following mechanisms may be established:
• A tamper-proof system of member identification;
• Checks and balances at key points in the collection process;
• Simplified and documented procedures to minimize areas of staff discretion;
• Automation of the collection process to facilitate direct remittance of contributions to the
institution and to minimize human intervention;
• Publicity of payment procedures to increase the vigilance of paying members against
fraudulent practices;
• Regular statements of account sent to members to verify the correctness of their contri-
bution records;
• Prosecution of entities which engage in fraudulent activities;
• Enforcement of compliance through strengthened inspection;
• Cross-checking of contributions records with data from other authorities.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 99

ISSA Guidelines on Good Governance

Guideline 72. Prevention and control of corruption and

fraud in benefits
The board and management protect the institution from all forms of corruption and fraud in
the payment of programme benefits.

Structure
¡¡ The board should establish the policies and measures to be implemented by the management
to prevent and control corruption and fraud in the payment of benefits.
¡¡ The internal audit office should monitor and audit the performance of control activities against
corruption and fraud, both within the institution and in coordination with entities external to the
institution.

Mechanism
¡¡ The management should design and implement systems and procedures to circumvent all
known and potential modes of corrupt and fraudulent activities in the payment of benefits.
¡¡ The following mechanisms may be established:
• A tamper-proof system of beneficiary identification;
• Regular verification of the prevalence of the beneficiary’s condition on which the benefit
entitlement is based;
• Checks and balances at key points in the benefit payment process;
• Simplified and documented procedures to minimize areas of staff discretion;
• Automation of the benefit distribution process to minimize human intervention;
• Publicity of payment procedures to increase the vigilance of beneficiaries against fraud-
ulent practices;
• Regular statements of account sent to beneficiaries to verify their benefit entitlements;
• Access to an Ombudsperson or a similar authority to assist members and beneficiaries in
the filing and resolution of complaints against the institution;
• Prosecution of entities which engage in fraudulent activities;
• Reconciliation of bank accounts in which benefit payments are deposited, regarding
resources received from the social security institution and payments made.

100 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B.7. Service Standards for Members and Beneficiaries

The raison d’être of a social security institution is to administer the rights and obligations of members and
beneficiaries. Efficient administration and the provision of quality service strengthen the credibility of the
institution and enhance member and beneficiary support for it.

These three guidelines will assist in providing service quality standards to programme members and
beneficiaries.

The ISSA Guidelines on Contribution Collection and Compliance provides further guidance on the
implementation of contribution collection processes and fraud control. Further guidance on how to
ensure service quality in social security is provided in the ISSA Guidelines on Service Quality.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 101

ISSA Guidelines on Good Governance

Guideline 73. Contribution collection services

The institution provides its members with quality service in the collection of programme
contributions.

Structure
¡¡ The board and/or management should establish an efficient, cost-effective and streamlined
organizational structure that provides members with quality service in the collection of
programme contributions.
¡¡ The organizational structure should be staffed by competent officers and personnel, and a
responsive ICT infrastructure.
¡¡ Help desks, one-stop assistance centres and a responsive institutional website can facilitate
and expedite the handling of inquiries, requests and complaints concerning member accounts.
¡¡ A unit external to the collection unit should monitor and audit performance.

Mechanism
¡¡ The management should establish a set of quantitative and qualitative standards and bench-
marks, including manuals of procedures, to ensure efficiency and consistency in the delivery of
quality service in the collection process.
¡¡ Indicators may be set to trigger corrective measures when observed deviations exceed these
standards and benchmarks.
¡¡ There should be cross-linkages to benefit distribution services to facilitate determination of a
person’s benefit entitlements vis-à-vis contribution record.

102 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 74. Benefit distribution services

The institution provides its members with quality service in the distribution of programme benefits.

Structure
¡¡ The board and/or management should establish an efficient, cost-effective and streamlined
organizational structure that provides members with quality service in the distribution of
programme benefits.
¡¡ The organizational structure should be staffed by competent officers and personnel, and a
responsive ICT infrastructure.
¡¡ Help desks, one-stop assistance centres, and a responsive institutional website can facilitate
and expedite the handling of inquiries, requests and complaints from member beneficiaries.
¡¡ A unit external to the benefits distribution unit should monitor and audit performance.

Mechanism
¡¡ The management should establish a set of quantitative and qualitative standards and bench-
marks, including manuals of procedures for all types of member benefits and services, to
ensure efficiency and consistency in the delivery of quality service in the distribution and
payment of benefits.
¡¡ Indicators may be set to trigger corrective measures when observed deviations exceed these
standards and benchmarks.
¡¡ There should be cross-linkages to contribution collection services to facilitate determination of
a person’s benefit entitlements vis-à-vis contribution record.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 103

ISSA Guidelines on Good Governance

Guideline 75. Developing new services for members and

beneficiaries
The board and management continually aim to improve and to develop new services for
members and beneficiaries.

Structure
¡¡ Board members who represent stakeholders should provide feedback on how member services
could be improved.
¡¡ The management should establish a unit dedicated to process suggestions from within and
outside the institution, and to develop new service products for members and beneficiaries.

Mechanism
¡¡ The board and/or management should introduce cost-effective innovations that improve on the
efficiency and equity of the social security programme being administered.
¡¡ The management may regularly conduct member surveys to gauge satisfaction with the quality
of services being provided by the institution.

104 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B.8. Human Resources Policies: Development, Retention and Succession

People - and the talent, experience and capacities that they have - are key to an organization’s perfor-
mance, resilience and dynamism. The board and management must continually ensure that the institu-
tion’s human resources policies are able to attract, develop and retain competent staff, and inspire staff
loyalty to the institution. Effectively managing the institution’s human resources - hiring, compensating,
retaining, training, mentoring and developing - is key to the successful governance of any organization.

These seven guidelines focus on recruitment, performance appraisal, development, retention, succession,
decent work and the promotion of corporate values.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 105

ISSA Guidelines on Good Governance

Guideline 76. Recruitment, selection and promotion policies

The institution’s human resources policies, rules and regulations are fair, impartial, well
defined, documented and widely disseminated to all staff to protect the integrity of the recruit-
ment process, to minimize political considerations and to enhance transparency and predicta-
bility. These include a policy of employment equity and protection against harassment.

Structure
¡¡ The board and/or management should establish the recruitment, selection and promotion pol-
icies for all positions in the organization.
¡¡ The board and/or management should designate the office to implement the recruitment,
selection and promotion policies; to establish safeguards to protect the integrity of the process;
and to ensure that evaluations are based on merit and protected from lobbying or influence.
¡¡ The board and/or Head of Management should be designated as the approving authority for
staff appointments.
¡¡ The internal audit office should serve as part of the checks and safeguards of the recruitment,
selection and promotion process.
¡¡ An external authority may be designated to receive and resolve complaints.

Mechanism
¡¡ Human resources policies on recruitment, selection and promotion should be documented and
widely disseminated, as should vacancies, selection criteria and personnel movements.
¡¡ There should be a staff training and development programme and policies on employment
equity and protection against harassment.
¡¡ If there are cases in which the board or management may waive any recruitment, selection
and/or promotion policies and exercise a prerogative to make its own selection, this prerog-
ative should be governed by a clear, well-defined, documented and published policy. There
should be accountability, transparency and full disclosure in the exercise of this prerogative.
¡¡ The management may ask all staff for a regular evaluation of the effectiveness of the institu-
tion’s human resources unit.

106 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 77. Performance appraisals of personnel

Performance appraisal is embedded in the institution. The objectives of individual staff
members are clearly aligned with the strategic objectives of the institution.

Structure
¡¡ The board should direct the management to establish a staff performance appraisal system.
¡¡ The management should designate the office to implement staff performance appraisals.
¡¡ The internal audit office should serve as part of the checks and safeguards of the appraisal system.
¡¡ An external authority may be designated to receive and resolve complaints.

Mechanism
¡¡ The performance appraisal system should provide the appropriate incentives to promote excel-
lence in staff performance.
¡¡ The appraisal system should be documented, well understood and widely disseminated. Staff
should receive orientation and training on the system.
¡¡ The appraisal system should include objective and verifiable performance criteria, a clear
assessment of staff development needs, and a feedback mechanism at least between the
evaluator and the staff.
¡¡ Performance ratings should be linked to staff compensation, promotion and/or the institution’s
staff succession plan.
¡¡ The board and/or management should ensure that the staff incentive and promotion process is
independent from lobbying or political influence.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 107

ISSA Guidelines on Good Governance

Guideline 78. Development and training

To ensure a competent, dynamic and dedicated workforce, the board establishes policies
and programmes that provide for the continual development, upgrading of skills and train-
ing of staff.

Structure
¡¡ The management should submit for board approval an annual staff development programme
to upgrade the skills of the institution’s workforce.
¡¡ The board or a subgroup of the board should ensure that the staff development programme
responds to the human resources needs of the institution and is consistent with the principles
of equity, fairness and impartiality.
¡¡ The management implements the staff development programme through its human resources unit.

Mechanism
¡¡ The management should regularly conduct a workforce skills and needs assessment in light of
the institution’s strategic plan, the ageing of the workforce and technological advances, and
should base its strategic headcount planning on the outcome of this assessment.
¡¡ The qualification criteria and selection process for the staff development programme should be
documented and widely disseminated, along with the types of development programmes available.
¡¡ If the board or management were to waive the criteria and selection process, the exercise of this
prerogative should be governed by a well-defined, documented and published policy. There
should be accountability, transparency and full disclosure in the exercise of this prerogative.
¡¡ The staff development programme should be linked with the staff performance appraisal sys-
tem. There should be clear policies that apply to employees who consistently show less than
satisfactory or poor performance.
¡¡ The management should secure the service commitment of staff who are supported by the staff
development programme.

108 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 79. Talent management and retention

The board establishes human resources policies that enable the management to identify,
develop and retain talented staff who could take on greater responsibilities in the institu-
tion. Policies based on the principles of transparency and merit are fundamental to profes-
sional fulfilment, staff morale and personal satisfaction. The work environment and insti-
tutional culture, more than monetary compensation, draws and keeps skilled and talented
people in the institution.

Structure
¡¡ The management should submit for board approval policies to support the attraction, devel-
opment and retention of talented people. The policies should be grounded on the principles of
transparency and merit.
¡¡ The human resources unit should identify to the management those staff who have critical
skills and whose career paths may be developed. The board should be informed accordingly.

Mechanism
¡¡ Policies on the management and retention of talented staff should be documented and widely
disseminated. The implementation of these policies should be consistent with the principle of
transparency to leave no room for arbitrary staff movements or patronage.
¡¡ The staff performance appraisal system should provide the appropriate monetary and non-mon-
etary incentives to promote performance excellence. Career development should be linked to the
staff performance appraisal system.
¡¡ All staff should receive regular training in the proper use of the performance appraisal system.
Both the evaluator and the person being evaluated should have a clear understanding of all the
parameters involved.
¡¡ The management should secure the service commitment of staff who are supported by the staff
development programme.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 109

ISSA Guidelines on Good Governance

Guideline 80. Succession planning

The management purposefully nurtures the leadership capacities of talented staff. It may
define a succession plan, based on the principles of transparency and merit, to develop
understudies for key positions in the institution.

Structure
¡¡ The management should submit policies on succession planning for board approval. The poli-
cies may include a provision allowing the management to open any position in the succession
plan to external competition.
¡¡ The management should submit the institution’s succession plan for board approval. It should
regularly review the plan and inform the board accordingly.

Mechanism
¡¡ The policies on succession planning should be grounded on the principles of transparency and merit.
¡¡ The qualification criteria and selection processes should be well defined, documented and
widely disseminated.
¡¡ The management, in collaboration with the human resources unit, should define the compe-
tence profile of future leaders in terms of responsibility, capability and role, within a clearly
defined timeframe.
¡¡ The training and development of future leaders should be tailored and timely. The manage-
ment should secure the service commitment of staff who are supported by the staff development
programme.

110 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 81. Personnel morale, compensation policy and

decent work
The board ensures that the institution’s human resources policies promote decent work
conditions which, as defined by the International Labour Organization (ILO), are based on
the understanding that work is a source of personal dignity, family stability and peace in
the community. This includes providing a work environment that is safe, allows adequate
rest and time for family, provides adequate compensation and access to social security pro-
tection, and respects the rights of workers regardless of gender, race or creed.

Structure
¡¡ The board should ensure that the human resources policies submitted for approval by the
management promote decent work conditions in the institution.
¡¡ The board may delegate a subgroup of the board to process all matters pertaining to human
resources policies and to submit corresponding recommendations for the action of the full
board. This subgroup should work in close collaboration with the management in the formulation
and review of the institution’s human resources policies.

Mechanism
¡¡ The board should clearly define and document the powers and responsibilities of its subgroup
on human resources policies.
¡¡ The board should direct the management to develop quantitative and qualitative indicators to
monitor personnel morale and work conditions in the institution.
¡¡ The management should ensure that its human resources unit has expertise on the ILO’s decent
work conditions and that the institution’s human resources policies are aligned with these. ¡¡
Published market data may be used as a reference point for the institution’s compensation
packages. Policies and rules on compensation, non-monetary incentives, recognition and
rewards should be well defined, documented and transparent to all staff.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 111

ISSA Guidelines on Good Governance

Guideline 82. Promoting corporate values

The management ensures that the officers and staff are loyal to the institution and its mandate.

Structure
¡¡ An office should be designated to promote and monitor compliance with the code of conduct.
¡¡ The internal audit office should be part of the checks and safeguards in promoting the code of conduct.
¡¡ An external authority may be designated to receive and resolve complaints.

Mechanism
¡¡ The board and/or management should establish a code of conduct for the officers and staff of
the institution.
¡¡ The code of conduct should be documented, well understood and widely disseminated.
¡¡ The staff should receive orientation, training and periodic refresher courses on the code of conduct.

112 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

B.9. Investments in ICT Infrastructure

ICT is an indispensable enabler in the administration of social security programmes. It often determines
whether services and processes can or cannot be done, within the institution and between the institution and
its external partners. For this reason, the board and management must promote an efficient and
adequate ICT infrastructure to support programme administration and operations.
Taking into account the rapid evolution of ICT products, investment proposals for (new) ICT should be
considered with care, diligence and prudence. Board and management concerns often arise not from the
size of an investment per se but from issues stemming mainly from the degree of confidence that can
be attached to, for example, the suitability of recommended technology vis-à-vis the needs of the insti-
tution; the delivery of promised capacities and services; or the anticipated impact upon and interaction
with existing ICT platforms, as well as any hidden and indirect costs for complementary or maintenance
products and services.

These three guidelines will assist in evaluating new ICT investment proposals, ex-post evaluation and
infrastructure maintenance. The ISSA Guidelines on Information and Communication Technology provides
further guidance on ICT investments and technical advice on the governance and management of ICT in
social security institutions.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 113

ISSA Guidelines on Good Governance

Guideline 83. Standard policies and procedures

Investments in ICT respond to the short- and medium-term needs of the institution and are
always aligned with its strategic plan. The management establishes a standard system of pol-
icies and procedures to evaluate and decide on proposals for investments in ICT infrastruc-
ture, to enhance accountability, transparency, predictability, participation and dynamism.

Structure
¡¡ The board and/or management, with the assistance of the ICT unit, should establish the stand-
ard policies and procedures, including the evaluation and approval system, that apply to
investment proposals for new ICT infrastructure.
¡¡ These policies must take into account the short- and medium-term needs of the institution as
elaborated by its annual and strategic plans.
¡¡ To establish accountability, the roles and responsibilities of the units involved in the evaluation
and approval process should be well defined and documented.
¡¡ The ICT unit should implement and coordinate the implementation of this system.
¡¡ The internal audit office should be part of the checks and safeguards to verify compliance with
the established system of evaluation and approval.

Mechanism
¡¡ To ensure that staff work on the ICT investment proposal is comprehensive, the management
should prescribe a standard set of documents to support the proposal. This package should include:
• The institution’s annual and strategic plans;
• ICT standards, tactical and strategic plans, including technology evolution strategy, to
avoid obsolescence;
• Procurement and contracting rules for the different kinds of infrastructure and associated services;
• Templates and guidelines to specify anticipated benefits and services;
• Templates and guidelines to prepare cost-benefit analysis.
¡¡ Documents should state how investments fit into long-term, medium-term and project plans
and how they contribute to accomplishing their objectives.
¡¡ Investing in a particular ITC product or hardware should not restrict the institution’s future
choices in terms of supplementing the initial acquisition.
¡¡ In evaluating ICT investments, special attention should be paid to indirect and hidden costs,
notably long-term licensing and service contracts, data and application migrations, and other
impacts on the ICT platform.

114 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

 ISSA Guidelines on Good Governance

Guideline 84. Ex-post evaluation of new ICT infrastructure

The management establishes a standard system of policies and procedures for the ex-post
evaluation of new investments in ICT, to ensure delivery of promised benefits, services and
improvements with respect to project goals, as contained and justified in the project proposal.

Structure
¡¡ The ICT unit, in coordination with other units in the institution, should define service perfor-
mance goals in the context of the institution’s annual and strategic plans to improve social
security services.
¡¡ The internal audit office should conduct ex-post evaluations of new ICT investments to ensure
that the promised benefits and services are delivered within the projected timeframe, as justified
by the project proposal.
¡¡ The intended users, beneficiaries and/or stakeholders should provide feedback as part of the
ex-post evaluations of the new ICT investment.

Mechanism
¡¡ The management may set up a standard procedure to conduct ex-post evaluations of (new) ICT
investments, including all the tasks involved in the ICT operation and usage, to assess actual
versus expected service delivery as contained in the project proposal.
¡¡ In order to facilitate these validations, the concrete goals of the project should be specified a
priori including the associated infrastructure service level agreements.

INTERNATIONAL SOCIAL SECURITY ASSOCIATION 115

ISSA Guidelines on Good Governance

Guideline 85. Maintenance of ICT infrastructure

The management ensures the integrity of existing ICT infrastructure and averts any threat of
system failure. The overall goal is to ensure the high availability of the social security services.

Structure
¡¡ The ICT unit should develop business continuity plans to ensure service availability at all times.
¡¡ The management should consider having the institution’s ICT architecture and infrastructure
periodically audited by external experts with appropriate ICT skills.

Mechanism
¡¡ The ICT unit should develop medium-term plans for the management of ICT infrastructure and resources.
¡¡ The institution’s business continuity plans should anticipate possible contingencies and should
take into account the useful life of infrastructure and technical support deadlines.
¡¡ The ICT unit should develop service availability plans, which include a backup system or disas-
ter recovery plan for all records and databases.
¡¡ It is highly recommended to apply infrastructure management procedures like the ones pro-
posed in the Information Technology Infrastructure Library (ITIL) and to define medium-term
plans for ICT management.
¡¡ Other key aspects to consider are the cost-result balance of high availability services as well
as the dynamic evolution of technologies and the cross-impacts between different products.

116 INTERNATIONAL SOCIAL SECURITY ASSOCIATION

4 route des Morillons T: +41 22 799 66 17
Case postale 1 F: +41 22 799 85 09
CH-1211 Geneva 22 E: [email protected] | www.issa.int