TR 07- FI- 02

INTERNAL CONTROL – basic course

COSO

RISKS

OBJECTIVES CONTROLS

January 2009

EU Twinning Project TR 07-FI-02

TR 07- FI- 02

THE INSEPARABLE TEAM

vision, mission, OBJECTIVESvalues of the organisation/ business targets

RISKS to achieving objectives

risk appetite

(OPPORTUNITIES) (& costs) gained or lost

CONTROLS addressing risks/opportunities

sufficient for purpose

TR 07- FI- 02

LAW 5018/9

“Public administrations shall:

prepare their budgets on performance basis

and in concordance with

the mission, vision, strategic goals and objectives

included in the strategic plans.”

TR 07- FI- 02

LAW 5018/10

“Ministers shall inform the public

within the first month of every fiscal year:

about the

goals, objectives, strategies, assets, liabilities

and annual performance programs

of their administrations”

TR 07- FI- 02

HIERARCHY OF RISK

uncertainties

Strategic decisions strategic

Decisions transferring programme strategy into action

Decisions required project & operationalto implement

TR 07- FI- 02

HIERARCHY OF RISK

uncertainties

Better Education strategic

E.G.

1 Schools Building programme 2 Curriculum Development

1 Building Contracts 2 Preparing a new course project & operational3 Paying invoices

TR 07- FI- 02

RISK MAP

significance

high impact/ high impact/ low probability high probability

low impact/ low impact/ low probability high probability

probability

TR 07- FI- 02

RESPONSES TO RISK MAP

significance

high impact/ high impact/ low probability high probability

CONTROL PROCEDURES CONTROL PROCEDURES/ CONTINGENCY low impact/ low impact/ low probability high probability

IGNORE CONTINGENCY

probability

TR 07- FI- 02

P.E.S.T.L.E. & S.W.O.T.

EXTERNAL factors INTERNAL

Political Strengths

Economic

Social- Cultural Weaknesses

Technological

Legal Opportunities

Environmental

Threats

TR 07- FI- 02

CONTROL ACTIVITIES

* policies & procedures that help perform management directives

* necessary actions to address risks to achieving objectives

* throughout an organisation – all levels, all functions – not just finance

• can cover a diverse range of activities•

e.g. top level reviews functional or activity management

information processingphysical control segregation of duties WHAT ELSE??

TR 07- FI- 02

CONTROL ACTIVITIES

NOT FOR THEIR OWN SAKE

REDUCE/MINIMISE RISKS TO ACHIEVEMENT

POSITIVE/CONSTRUCTIVE FOCUS ON RESULTS

NB: “Doing the RIGHT THING”

“Doing THINGS RIGHT”

TR 07- FI- 02

Examples of Control Activities

• Separation of duties (such as the person who authorises payment of an invoice being separate from the person who ordered goods) – a control to mitigate the risk of fraud;

• Bank reconciliations (accounting records are reconciled to bank statements) - a control to mitigate the risk of accounting errors and bank errors remaining undetected;

• Public relations (eg only those suitably trained and authorised being permitted to handle media enquiries) a control that reduces the risk of inappropriate comment being made to the press, with consequent reputational damage.

• Health and safety (eg a requirement that protective clothing be worn during the performance of dangerous duties) – a control that reduces the risk that staff will be injured when handling hazardous substances.

TR 07- FI- 02

OBJECTIVE

INHERENT RISK

-

INTERNAL CONTROLS

=

RESIDUAL RISK (EXPOSURE)

~ TOLERANCE/APPETITE

TR 07- FI- 02

GROUP SESSION 4 objectives, risks, controls

1 organise yourselves

2 address the questions in the course outline

FOCUS YOUR THOUGHTS & RESPONSES ON:

THE INSEPARABLE TEAM (O IR – IC = RR ~ RA)

REMEMBER PREVIOUS GROUP SESSIONS