41387005

8/6/2019 41387005

http://slidepdf.com/reader/full/41387005 1/20

© OECD© OECD

Ajointin

itiativeoftheOE

Ajointinitiativ

eoft

heO

EC

Union,principally

finance

dbyth

Union,princip

allyfinancedbyth

Development of Internal Control:Development of Internal Control:Methodology and Responsibility Methodology and Responsibility

Janet Thomas Janet Thomas

HM Treasury/ National Audit OfficeHM Treasury/ National Audit Office

United KingdomUnited Kingdom

Workshop on “Audit/Evaluation of PIFC Systems”Workshop on “Audit/Evaluation of PIFC Systems”

Ankara 8-9 July 2008Ankara 8-9 July 2008

Janet Thomas Janet ThomasHM Treasury/ National Audit OfficeHM Treasury/ National Audit Office

United KingdomUnited Kingdom

Workshop on “Audit/Evaluation of PIFC Systems”Workshop on “Audit/Evaluation of PIFC Systems”

Ankara 8-9 July 2008Ankara 8-9 July 2008

8/6/2019 41387005


C

Content of presentation

What is internal control?

COSO, Intosai, EU view, UK view

UK “methodology”

Governance, role of audit committee, management of risk, role of internal andexternal audit, statement on internal control

How it all fits together Assessment against COSO/ INTOSAI

Key concepts

Accountability

Delegation

Proportionality

8/6/2019 41387005


What is internal control?COSO (1992)Internal control is broadly defined as a processeffected by an entity’s board of directors,management and other personnel designed toprovide reasonable assurance regarding

achievement of objectives in the followingcategories:

Effectiveness and efficiency of operations

Reliability of financial reporting

Compliance with applicable laws and regulations

8/6/2019 41387005



INTOSAI (2004)

Internal control is an integral process that is effected byan entity’s management and personnel and is designed toaddress risks and to provide reasonable assurance that inpursuit of the entity’s mission, the following generalobjectives are being achieved:

Executing orderly, economical, efficient and effectiveoperations

Fulfilling accountability operations

Complying with applicable laws and regulations

Safeguarding resources against loss, misuse anddamage

8/6/2019 41387005



COSO/ INTOSAI components

Control environment

Risk assessmentControl activities

Information and communication

Monitoring

8/6/2019 41387005



European Commission

Reforms from 2000 onwards – “wise men’s report”

Treaty obligations “legality and regularity”

Financial regulation definition Art 28a

Acquis requirements for accession

Chapter 32 Financial control

Criteria for opening and provisionally closing Ch 32based on development of PIFC strategy and legislation

8/6/2019 41387005


Managerial accountability

Financial management and control systems

developed and monitored by a central

harmonisation unit

Supported by functionally independent

internal audit

The three pillars of PIFC

8/6/2019 41387005



United Kingdom government view

Formerly implicit rather than explicit, but long tradition of internal audit

Acted on Turnbull (1999) and Sharman (2001) recommendations

Focuses on provision of annual “statement on internal control”

Introduction of resource accounting and budgeting, 2001

Treasury guidance from “CHU” on corporate governance, auditcommittee handbook, government internal audit standards andguidance, “managing public money”, management of risk guidance

8/6/2019 41387005


The UK “methodology”Governance is the key

Defined accountability – role of Minister and Accounting Officer, bothresponsible and answerable to Parliament

Corporate Governance Code: Responsibilities of departmental Board

To ensure that effective arrangements exist to provide assurance onrisk management, governance and internal control

Role of Audit Committee

Internal Audit function

8/6/2019 41387005


The UK “methodology”Role of audit committee: 5 principles Supports the Board and the Accounting Officer by reviewing the

comprehensiveness, reliability and integrity of assurances that riskmanagement, governance and internal control are functioning effectively

Independent and objective with a good understanding of the priorities of the organisation

Provides an appropriate mix of skills

Terms of reference to define scope of work Effective communication with Board, Head of Internal Audit, external audit

and other stakeholders

8/6/2019 41387005


The UK “methodology”Role of internal audit:

To provide an independent and objective opinion to theAccounting Officer on risk management, control and governance*,by measuring and evaluating their effectiveness in achieving theorganisation’s agreed objectives.

* The policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and externalreporting and accountability processes, compliance with applicable laws and regulationsand compliance with behavioural and ethical standards.

8/6/2019 41387005


The UK “methodology”Management of risk

All government organisations must have basic risk managementprocesses in place

Guidance provided in “The Orange Book”

Risk should managed to a level which is tolerable

Effectiveness of risk management audited internally and externally

Accounting Officer must comment on risk management in his annual“Statement on Internal Control”

8/6/2019 41387005


The UK “methodology”The Statement on Internal Control

Every Accounting Officer must sign an annual Statement on Internal Control

Prescribed format given in Financial Reporting Manual

Scope of responsibility

Purpose of the system of internal control

Capacity to handle risk

Risk and control framework

Review of effectiveness (significant internal control issues must be mentioned)

8/6/2019 41387005


The UK “methodology”The Statement on Internal Control: examples of significant internal control issues

Failure to achieve a Public Service Agreement target Organisation had to seek additional funding from Treasury

Adverse opinion from external auditor – material impact on the accounts

Head of Internal Audit and/or Audit Committee agree that an issue is significant

Public interest and/or damage to the organisation’s reputation

8/6/2019 41387005


The UK “methodology”Role of external audit (National Audit Office)

To review the Statement on Internal Control for each government organisation

Compliance with Treasury requirements

Consistency with external auditor’s work on financial statements

To provide an assurance to Parliament that the resource accounts have beenproperly prepared, are free from material misstatement, and that transactionshave appropriate Parliamentary authority

To provide value-for-money reports assessing the economy, efficiency andeffectiveness with which public money has been used

8/6/2019 41387005


How it all fits together

Board

Objectives

PSAs and

Performance

Measures

Risk register Business plan

Budget

Accounts Annual report

Risk monitoring

Audit

committee

Internal

audit

NAO

Parliament/ PAC

Accounting Officer

Statement on internalcontrol

8/6/2019 41387005


How do we match up

against COSO/ INTOSAI?Control environment:Accountability to Parliament, Board and Audit Committee

Risk assessment:Risk management systems widespread, audited internally and externally, reportedon in annual Statement on Internal Control

Control activities:

Delegated to the organisation, described in the Statement on Internal ControlInformation and Communication:Annual reports, regular reporting to Board and Audit Committee

Monitoring:Internal audit reports, regular monitoring by Board and Audit Committee, results of monitoring summarised in Annual Statement on Internal Control

8/6/2019 41387005


8/6/2019 41387005


Key conceptsStatement on Internal Control – informs on all aspects

of internal control, published on internet

Accountability – of Minister and Accounting Officer

Delegation – control and management of spendingdelegated to departments, monitored by Treasury

Proportionality – no sledgehammer to crack a nutGuidance – not always prescription

8/6/2019 41387005


Thank you!

Good luck!

All UK guidance is availableAll UK guidance is available

atat

www.hm-treasury.gov.uk www.hm-treasury.gov.uk

and on departmentaland on departmental

websiteswebsites

All UK guidance is availableAll UK guidance is available

atat

www.hm-treasury.gov.uk www.hm-treasury.gov.uk

and on departmentaland on departmental

websiteswebsites

http://www.hm-treasury.gov.uk/






Documents

41387005