Upload
kashif-ahmad
View
225
Download
0
Embed Size (px)
Citation preview
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 1/20
© OECD© OECD
Ajointin
itiativeoftheOE
Ajointinitiativ
eoft
heO
EC
Union,principally
finance
dbyth
Union,princip
allyfinancedbyth
Development of Internal Control:Development of Internal Control:Methodology and Responsibility Methodology and Responsibility
Janet Thomas Janet Thomas
HM Treasury/ National Audit OfficeHM Treasury/ National Audit Office
United KingdomUnited Kingdom
Workshop on “Audit/Evaluation of PIFC Systems”Workshop on “Audit/Evaluation of PIFC Systems”
Ankara 8-9 July 2008Ankara 8-9 July 2008
Janet Thomas Janet ThomasHM Treasury/ National Audit OfficeHM Treasury/ National Audit Office
United KingdomUnited Kingdom
Workshop on “Audit/Evaluation of PIFC Systems”Workshop on “Audit/Evaluation of PIFC Systems”
Ankara 8-9 July 2008Ankara 8-9 July 2008
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 2/20
C
Content of presentation
What is internal control?
COSO, Intosai, EU view, UK view
UK “methodology”
Governance, role of audit committee, management of risk, role of internal andexternal audit, statement on internal control
How it all fits together Assessment against COSO/ INTOSAI
Key concepts
Accountability
Delegation
Proportionality
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 3/20
What is internal control?COSO (1992)Internal control is broadly defined as a processeffected by an entity’s board of directors,management and other personnel designed toprovide reasonable assurance regarding
achievement of objectives in the followingcategories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 4/20
What is internal control?
INTOSAI (2004)
Internal control is an integral process that is effected byan entity’s management and personnel and is designed toaddress risks and to provide reasonable assurance that inpursuit of the entity’s mission, the following generalobjectives are being achieved:
Executing orderly, economical, efficient and effectiveoperations
Fulfilling accountability operations
Complying with applicable laws and regulations
Safeguarding resources against loss, misuse anddamage
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 5/20
What is internal control?
COSO/ INTOSAI components
Control environment
Risk assessmentControl activities
Information and communication
Monitoring
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 6/20
What is internal control?
European Commission
Reforms from 2000 onwards – “wise men’s report”
Treaty obligations “legality and regularity”
Financial regulation definition Art 28a
Acquis requirements for accession
Chapter 32 Financial control
Criteria for opening and provisionally closing Ch 32based on development of PIFC strategy and legislation
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 7/20
Managerial accountability
Financial management and control systems
developed and monitored by a central
harmonisation unit
Supported by functionally independent
internal audit
The three pillars of PIFC
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 8/20
What is internal control?
United Kingdom government view
Formerly implicit rather than explicit, but long tradition of internal audit
Acted on Turnbull (1999) and Sharman (2001) recommendations
Focuses on provision of annual “statement on internal control”
Introduction of resource accounting and budgeting, 2001
Treasury guidance from “CHU” on corporate governance, auditcommittee handbook, government internal audit standards andguidance, “managing public money”, management of risk guidance
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 9/20
The UK “methodology”Governance is the key
Defined accountability – role of Minister and Accounting Officer, bothresponsible and answerable to Parliament
Corporate Governance Code: Responsibilities of departmental Board
To ensure that effective arrangements exist to provide assurance onrisk management, governance and internal control
Role of Audit Committee
Internal Audit function
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 10/20
The UK “methodology”Role of audit committee: 5 principles Supports the Board and the Accounting Officer by reviewing the
comprehensiveness, reliability and integrity of assurances that riskmanagement, governance and internal control are functioning effectively
Independent and objective with a good understanding of the priorities of the organisation
Provides an appropriate mix of skills
Terms of reference to define scope of work Effective communication with Board, Head of Internal Audit, external audit
and other stakeholders
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 11/20
The UK “methodology”Role of internal audit:
To provide an independent and objective opinion to theAccounting Officer on risk management, control and governance*,by measuring and evaluating their effectiveness in achieving theorganisation’s agreed objectives.
* The policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and externalreporting and accountability processes, compliance with applicable laws and regulationsand compliance with behavioural and ethical standards.
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 12/20
The UK “methodology”Management of risk
All government organisations must have basic risk managementprocesses in place
Guidance provided in “The Orange Book”
Risk should managed to a level which is tolerable
Effectiveness of risk management audited internally and externally
Accounting Officer must comment on risk management in his annual“Statement on Internal Control”
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 13/20
The UK “methodology”The Statement on Internal Control
Every Accounting Officer must sign an annual Statement on Internal Control
Prescribed format given in Financial Reporting Manual
Scope of responsibility
Purpose of the system of internal control
Capacity to handle risk
Risk and control framework
Review of effectiveness (significant internal control issues must be mentioned)
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 14/20
The UK “methodology”The Statement on Internal Control: examples of significant internal control issues
Failure to achieve a Public Service Agreement target Organisation had to seek additional funding from Treasury
Adverse opinion from external auditor – material impact on the accounts
Head of Internal Audit and/or Audit Committee agree that an issue is significant
Public interest and/or damage to the organisation’s reputation
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 15/20
The UK “methodology”Role of external audit (National Audit Office)
To review the Statement on Internal Control for each government organisation
Compliance with Treasury requirements
Consistency with external auditor’s work on financial statements
To provide an assurance to Parliament that the resource accounts have beenproperly prepared, are free from material misstatement, and that transactionshave appropriate Parliamentary authority
To provide value-for-money reports assessing the economy, efficiency andeffectiveness with which public money has been used
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 16/20
How it all fits together
Board
Objectives
PSAs and
Performance
Measures
Risk register Business plan
Budget
Accounts Annual report
Risk monitoring
Audit
committee
Internal
audit
NAO
Parliament/ PAC
Accounting Officer
Statement on internalcontrol
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 17/20
How do we match up
against COSO/ INTOSAI?Control environment:Accountability to Parliament, Board and Audit Committee
Risk assessment:Risk management systems widespread, audited internally and externally, reportedon in annual Statement on Internal Control
Control activities:
Delegated to the organisation, described in the Statement on Internal ControlInformation and Communication:Annual reports, regular reporting to Board and Audit Committee
Monitoring:Internal audit reports, regular monitoring by Board and Audit Committee, results of monitoring summarised in Annual Statement on Internal Control
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 18/20
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 19/20
Key conceptsStatement on Internal Control – informs on all aspects
of internal control, published on internet
Accountability – of Minister and Accounting Officer
Delegation – control and management of spendingdelegated to departments, monitored by Treasury
Proportionality – no sledgehammer to crack a nutGuidance – not always prescription
8/6/2019 41387005
http://slidepdf.com/reader/full/41387005 20/20
Thank you!
Good luck!
All UK guidance is availableAll UK guidance is available
atat
www.hm-treasury.gov.uk www.hm-treasury.gov.uk
and on departmentaland on departmental
websiteswebsites
All UK guidance is availableAll UK guidance is available
atat
www.hm-treasury.gov.uk www.hm-treasury.gov.uk
and on departmentaland on departmental
websiteswebsites