Upload
evelyn-henderson
View
219
Download
4
Embed Size (px)
Citation preview
TR 07- FI- 02
INTERNAL CONTROL – basic course
COSO
RISKS
OBJECTIVES CONTROLS
January 2009
EU Twinning Project TR 07-FI-02
TR 07- FI- 02
THE INSEPARABLE TEAM
vision, mission, OBJECTIVESvalues of the organisation/ business targets
RISKS to achieving objectives
risk appetite
(OPPORTUNITIES) (& costs) gained or lost
CONTROLS addressing risks/opportunities
sufficient for purpose
TR 07- FI- 02
LAW 5018/9
“Public administrations shall:
prepare their budgets on performance basis
and in concordance with
the mission, vision, strategic goals and objectives
included in the strategic plans.”
TR 07- FI- 02
LAW 5018/10
“Ministers shall inform the public
within the first month of every fiscal year:
about the
goals, objectives, strategies, assets, liabilities
and annual performance programs
of their administrations”
TR 07- FI- 02
HIERARCHY OF RISK
uncertainties
Strategic decisions strategic
Decisions transferring programme strategy into action
Decisions required project & operationalto implement
TR 07- FI- 02
HIERARCHY OF RISK
uncertainties
Better Education strategic
E.G.
1 Schools Building programme 2 Curriculum Development
1 Building Contracts 2 Preparing a new course project & operational3 Paying invoices
TR 07- FI- 02
RISK MAP
significance
high impact/ high impact/ low probability high probability
low impact/ low impact/ low probability high probability
probability
TR 07- FI- 02
RESPONSES TO RISK MAP
significance
high impact/ high impact/ low probability high probability
CONTROL PROCEDURES CONTROL PROCEDURES/ CONTINGENCY low impact/ low impact/ low probability high probability
IGNORE CONTINGENCY
probability
TR 07- FI- 02
P.E.S.T.L.E. & S.W.O.T.
EXTERNAL factors INTERNAL
Political Strengths
Economic
Social- Cultural Weaknesses
Technological
Legal Opportunities
Environmental
Threats
TR 07- FI- 02
CONTROL ACTIVITIES
* policies & procedures that help perform management directives
* necessary actions to address risks to achieving objectives
* throughout an organisation – all levels, all functions – not just finance
• can cover a diverse range of activities•
e.g. top level reviews functional or activity management
information processingphysical control segregation of duties WHAT ELSE??
TR 07- FI- 02
CONTROL ACTIVITIES
NOT FOR THEIR OWN SAKE
REDUCE/MINIMISE RISKS TO ACHIEVEMENT
POSITIVE/CONSTRUCTIVE FOCUS ON RESULTS
NB: “Doing the RIGHT THING”
“Doing THINGS RIGHT”
TR 07- FI- 02
Examples of Control Activities
• Separation of duties (such as the person who authorises payment of an invoice being separate from the person who ordered goods) – a control to mitigate the risk of fraud;
• Bank reconciliations (accounting records are reconciled to bank statements) - a control to mitigate the risk of accounting errors and bank errors remaining undetected;
• Public relations (eg only those suitably trained and authorised being permitted to handle media enquiries) a control that reduces the risk of inappropriate comment being made to the press, with consequent reputational damage.
• Health and safety (eg a requirement that protective clothing be worn during the performance of dangerous duties) – a control that reduces the risk that staff will be injured when handling hazardous substances.
TR 07- FI- 02
OBJECTIVE
INHERENT RISK
-
INTERNAL CONTROLS
=
RESIDUAL RISK (EXPOSURE)
~ TOLERANCE/APPETITE
TR 07- FI- 02
GROUP SESSION 4 objectives, risks, controls
1 organise yourselves
2 address the questions in the course outline
FOCUS YOUR THOUGHTS & RESPONSES ON:
THE INSEPARABLE TEAM (O IR – IC = RR ~ RA)
REMEMBER PREVIOUS GROUP SESSIONS