Presentation on theme: "Development of internal control: methodology and responsibility"— Presentation transcript:
1Development of internal control: methodology and responsibility Janet ThomasHM Treasury/ National Audit OfficeUnited KingdomPresentation 8 July 2008Workshop on audit/evaluation of PIFC systems, Ankara, Turkey
2Content of presentation What is internal control?COSO, Intosai, EU view, UK viewUK “methodology”Governance, role of audit committee, management of risk, role of internal and external audit, statement on internal controlHow it all fits togetherAssessment against COSO/ INTOSAIKey conceptsAccountabilityDelegationProportionality
3What is internal control? COSO (1992)Internal control is broadly defined as a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding achievement of objectives in the following categories:Effectiveness and efficiency of operationsReliability of financial reportingCompliance with applicable laws and regulations
4What is internal control? INTOSAI (2004)Internal control is an integral process that is effected by an entity’s management and personnel and is designed to address risks and to provide reasonable assurance that in pursuit of the entity’s mission, the following general objectives are being achieved:Executing orderly, economical, efficient and effective operationsFulfilling accountability operationsComplying with applicable laws and regulationsSafeguarding resources against loss, misuse and damage4
5What is internal control? COSO/ INTOSAI componentsControl environmentRisk assessmentControl activitiesInformation and communicationMonitoring5
6What is internal control? European CommissionReforms from 2000 onwards – “wise men’s report”Treaty obligations “legality and regularity”Financial regulation definition Art 28aAcquis requirements for accessionChapter 32 Financial controlCriteria for opening and provisionally closing Ch 32 based on development of PIFC strategy and legislation6
7The three pillars of PIFC Managerial accountabilityFinancial management and control systems developed and monitored by a central harmonisation unitSupported by functionally independent internal auditBuilding up a strong and open communication with MoF and Internal Audit and of course with the CHU. Introduction of PIFC in the whole of the public sector is not easy and it can take a number of years to start to see the change. In Turkey we understand that there are 14 Ministries, 60 Government Agencies and 367 Local Government Bodies.Twinning is working together and designing the programme to meet the needs of Turkey. The methodology and principles that apply to PIFC in other countries can be used as a guide but these will need to be tailored to the Turkey situationWe will work closely with the MoF, CHUs, Internal Audit but also with SAI, PAC and MinistriesThe Polish Ministry of Finance as one CHU which is responsible for both FMC and IA. This work started in 2002 Working with partnership with the Polish MoF will bring an extra bonus to the project as they have implemented PIFC in their country – there is still more refinements that are required but in the main their experience will be useful in especially the delivery of component 1 – FMC.
8What is internal control? United Kingdom government viewFormerly implicit rather than explicit, but long tradition of internal auditActed on Turnbull (1999) and Sharman (2001) recommendationsFocuses on provision of annual “statement on internal control”Introduction of resource accounting and budgeting, 2001Treasury guidance from “CHU” on corporate governance, audit committee handbook, government internal audit standards and guidance, “managing public money”, management of risk guidance8
9The UK “methodology” Governance is the key Defined accountability – role of Minister and Accounting Officer, both responsible and answerable to ParliamentCorporate Governance Code: Responsibilities of departmental BoardTo ensure that effective arrangements exist to provide assurance on risk management, governance and internal controlRole of Audit CommitteeInternal Audit function
10The UK “methodology” Role of audit committee: 5 principles Supports the Board and the Accounting Officer by reviewing the comprehensiveness, reliability and integrity of assurances that risk management, governance and internal control are functioning effectivelyIndependent and objective with a good understanding of the priorities of the organisationProvides an appropriate mix of skillsTerms of reference to define scope of workEffective communication with Board, Head of Internal Audit, external audit and other stakeholders
11The UK “methodology” Role of internal audit: To provide an independent and objective opinion to the Accounting Officer on risk management, control and governance*, by measuring and evaluating their effectiveness in achieving the organisation’s agreed objectives.* The policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and external reporting and accountability processes, compliance with applicable laws and regulations and compliance with behavioural and ethical standards.
12The UK “methodology” Management of risk All government organisations must have basic risk management processes in placeGuidance provided in “The Orange Book”Risk should managed to a level which is tolerableEffectiveness of risk management audited internally and externallyAccounting Officer must comment on risk management in his annual “Statement on Internal Control”
13The UK “methodology” The Statement on Internal Control Every Accounting Officer must sign an annual Statement on Internal ControlPrescribed format given in Financial Reporting ManualScope of responsibilityPurpose of the system of internal controlCapacity to handle riskRisk and control frameworkReview of effectiveness (significant internal control issues must be mentioned)
14The UK “methodology”The Statement on Internal Control: examples of significant internal control issuesFailure to achieve a Public Service Agreement targetOrganisation had to seek additional funding from TreasuryAdverse opinion from external auditor – material impact on the accountsHead of Internal Audit and/or Audit Committee agree that an issue is significantPublic interest and/or damage to the organisation’s reputation
15The UK “methodology” Role of external audit (National Audit Office) To review the Statement on Internal Control for each government organisationCompliance with Treasury requirementsConsistency with external auditor’s work on financial statementsTo provide an assurance to Parliament that the resource accounts have been properly prepared, are free from material misstatement, and that transactions have appropriate Parliamentary authorityTo provide value-for-money reports assessing the economy, efficiency and effectiveness with which public money has been used
16How it all fits together Accounting OfficerBoardObjectivesBusiness planPSAs andPerformance MeasuresRisk registerBudgetRisk monitoringInternal auditAccountsAnnual reportAudit committeeStatement on internal controlNAOParliament/ PAC
17How do we match up against COSO/ INTOSAI? Control environment:Accountability to Parliament, Board and Audit CommitteeRisk assessment:Risk management systems widespread, audited internally and externally, reported on in annual Statement on Internal ControlControl activities:Delegated to the organisation, described in the Statement on Internal ControlInformation and Communication:Annual reports, regular reporting to Board and Audit CommitteeMonitoring:Internal audit reports, regular monitoring by Board and Audit Committee, results of monitoring summarised in Annual Statement on Internal Control
18How do we match up against the Commission guidance? Managerial accountabilityClearly defined and expressed in statement on internal controlFinancial management and control systems developed and monitored by a central harmonisation unitGuidance produced centrally eg on governance; risk managementBut development of systems delegated to Government DepartmentsSupported by functionally independent internal auditInternal audit units in each Government Department
19Key conceptsStatement on Internal Control – informs on all aspects of internal control, published on internetAccountability – of Minister and Accounting OfficerDelegation – control and management of spending delegated to departments, monitored by TreasuryProportionality – no sledgehammer to crack a nutGuidance – not always prescription
20All UK guidance is available at and on departmental websites and on departmental websitesThank you!Good luck!