TR 07- FI- 02
INTERNAL CONTROL
Basic
Course
-
MONITORING
build in from the start
January 2010
EU Twinning Project TR 07-FI-02
TR 07- FI- 02
COSO MONITORING MODEL
ESTABLISH A tone at the top
FOUNDATION organisational structure
baseline understanding of IC effectiveness
DESIGN & prioritise tasks
EXECUTE identify controls
identify persuasive information on controls
implement monitoring procedures
ASSESS & prioritise findings
REPORT report results to the appropriate level
follow up on corrective action
SUPPORTED CONCLUSIONS RE- CONTROL EFFECTIVENESS
TR 07- FI- 02
ESTABLISH A FOUNDATION
TONE AT THE TOP * communicate expectations
* take action when control problems identified
STRUCTURE * identify who does what at what level:
& * monitors risk (who ‘owns’ the risk?)
ROLES * oversees quality & reliability
* oversees audit activities
with Competence and Objectivity
BASELINE * understand ic system design
UNDERSTANDING * implemented fully?
OF IC EFFECTIVENESS * identify changes ~ risk assessment (external environment, control
operation)
* manage change – establish new baseline
* control revalidation/update – for continuous baseline assurance
TR 07- FI- 02
DESIGN & EXECUTE
4 Develop & implement 1 Understand & prioritise
cost-effective procedures risks to organisational
to evaluate the objectives
evidenced information
3 Identify reliable information 2 Identify key controls across
that will indicate whether the the internal control system
internal control system is that address those
operating effectively prioritised risks
TR 07- FI- 02
EVIDENCED INFORMATION
Evidenced information:
* Relevant
* Reliable
* Timely
* Sufficient
TR 07- FI- 02
IMPLEMENTING MONITORING DECISIONS
* Integrate with operations
* Provide objective assessments
* Use knowledgeable personnel
* Consider feedback
* Adjust scope & frequency
TR 07- FI- 02
ASSESS & REPORT RESULTS
Findings: to individual who owns the process & related controlsto (at least) 1 management level above
Deficiencies: report significant to top management
Corrections: timely actionsinternal & external sources
PRIORITISE AND COMMUNICATE:
Risk of achievement of objective(s)
Effectiveness of compensatory controls
Aggregate effect of multiple deficiencies
TR 07- FI- 02
ASSESS & REPORT RESULTS
QUESTIONS:
How can the right people receive the right information?
How can management provide sufficient oversight to gain
assurance corrective actions have been taken?
TR 07- FI- 02
INTERNAL CONTROL & INTERNAL AUDIT
Support Management: a helpful not combatitive service
Planned System Reviews: including those related to FMC
e.g. activity reports, assurance declarations
Plan & Implement Sampling: throughout the year
Regular unrestricted Reporting: all relevant levels of management,
incl. Top Managers
Source of advice & help: to all internally
TR 07- FI- 02
SDUs/CHU & INTERNAL CONTROLat organisational & national levels respectively
Coordinate: standards & appropriate practices
implementation
guidance
training needs & delivery
Communicate: standards & appropriate practices
implementation
guidance
training needs & delivery
Monitor: standards & appropriate practices
implementation
guidance
training needs & delivery
TR 07- FI- 02
GROUP SESSION 8 monitoring
1 introduce & organise yourselves
2 address the questions in the outline
FOCUS YOUR THOUGHTS & RESPONSES ON:
THE MONITORING MODEL & SDUs/CHU, INFO &
COMMUNICATION
& THE OTHER SESSIONS
ANY QUESTIONS?