The EU Model of PIC Raymond Hill Team Leader, PIC Task Force European Commission PEMPAL – 24 March 2016

Contents Getting the terminology right – PIFC or PIC PIC and governance - why its important The importance of Managerial Accountability Internal audit – friend or foe? Don’t look to me – look to the CHU! Challenges and lessons learned

PIC or PIFC PIC – diverse range of Internal Control systems in the EU Member States PIFC – EU model for the reengineering of national internal control systems

EU framework for Internal Control reform in the public sector COSO model - tailored to the Public sector Internal Audit Based on IPPF Standards Central Harmonisation Unit Decentralised managerial accountability for stewardship of the organisation Functionally independent advisory and consulting service Driving force for managing and monitoring the reform

Internal Control and Governance – COSO and ISO A process, effected by an entity's board of directors, management and other staff, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance in the following categories: efficiency and effectiveness of operations, safeguarding of assets reliability of reporting (financial and non-financial, internal and external) compliance with laws and regulations The combination of processes and structures implemented by the Board and management to inform, direct, manage and monitor the activities of the organisation towards the achievement of its objectives.

Achievement of objectives - Managerial Accountability Focused on compliance with rules and administrative/legal provisions (input oriented) Compliance with rules and focussed on the achievement of organisational objectives and efficient, economic and effective use of public money (output oriented)

Managerial Accountability Accountability has "turned into a garbage can filled with good intentions, loosely defined concepts and vague images of good governance." * Professor Bovens " A framework for the analysis and assessment of accountability arrangements in the public domain"

Measures of effective accountability Accountability for results Accountability for financial elements of decision- making Accountability for the management of financial resources

Accountability for results Results can be in terms of outputs produced as well as outcomes achieved Accountability for achieving outcomes should be to the extent of control over the resources that could influence the outcome Rules should provide flexibility for achieving results rather than adhering to the letter of the law Accountability for results presumes a system of Key Performance Indicators

Accountability for financial elements of decision making Decisions to be taken with due regard for probity, prudence and value for money Conscious analysis of economy and efficiency aspects before a decision is taken

Accountability for the management of resources Delegation of financial authority to be defined clearly and in writing Delegation of authority does not absolve the delegating officers from their responsibility for the proper spending Top manager remains accountable for keeping an accurate record of all transactions, with proper audit trails

Internal Audit Internal audit should assess and make appropriate recommendations for improving governance processes. Internal audit should evaluate the effectiveness of, and contribute to the improvement of, the risk management processes. Internal audit must evaluate the effectiveness and efficiency of controls and promote continuous improvement.

Centralised Financial Inspection Although not included in the PIFC concept, centralised financial inspection can be critical to the successful implementation of PIFC. Where existing, centralised financial inspection is to be clearly separated from the internal audit function. Centralised financial inspection refers to: Fight against fraud and corruption only. Operations performed on an ex-post basis only. Specialised investigations, acting on complaints or request only.

Role of the Central Harmonisation Unit Coordination and harmonisation of IC and IA: Development and implementation of strategy and legal framework Development of methodologies and guidelines Networking and promoting best practice Overseeing systems development (Annual) assessment and reporting

Change management challenges Having managers that are 'in control' without them controlling everything Making Risk Management better understood and more-widely used Keeping Internal Controls under review to ensure that they remain necessary and fit for purpose Raising the effectiveness of Internal Audit – especially at local level

Some lessons learned Re-engineering internal control is long-term – political support is mostly short-term Address resistance to change: get top managers to accept that reform is necessary Great law – but nobody cares… CHU to monitor reform progress and reported annually to government PIFC is not sufficient to drive managerial reforms High-level coordination function to ensure synergy with PAR and PFM reforms

Questions Who should be accountable – individuals or organisations? How should accountability be demonstrated? Does being held accountable for your actions make it less likely that I will take any professional risks? In your organisation, are middle managers objectives directly linked to the budget allocation process?