It is based in a german project (http://www.egroupware.org/)

Cool. Since they think that project is more secured than MS Outlook, I wonder if the government has requested to audit or not.

The (brazilian) government is the maintainer of the software. Why would it require an audit?

They are making the claim that they are doing it for security reasons, why wouldn't they want the code audited? A gov't employee could write a backdoor just like a private sector employee.

Ok, maybe I should rephrase that.

Who would do an audit?

Because the obvious candidate is Serpro, but they are already developing it. Anyway, it's open source, so if any part of the government (military maybe, ABIN, or some university) thinks that it deserves an audit, it can simply do it, no need for formalization.