Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | marjory-hodges |
View: | 213 times |
Download: | 0 times |
Internal Auditing Consultative Forum
Establishing Effective Internal Audit – Principles of Good Practice
Gert van der Linde
Safari Park, Nairobi, Kenya
2 March 2004
Working for a world free of poverty
Poverty Reduction: Global Challenge
Of the 4.7 billion people who live in the 100 World Bank client countries:
3 billion live on less than $2 a day and 1.2 billion on less than $1 a day.
Nearly 3 million children in developing countries die each year from vaccine-preventable diseases.
113 million children are not in school.1.5 billion have no clean drinking water
Poverty Reduction: Africa Challenge
• 300 of 600 million people are in absolute poverty
• Low HD Indicators• HIV/AIDS: 20 million have
died, 30 million are infected and 12 million children orphaned
• Relatively Small Economies• 200 million directly affected by
conflict and violence• Heavily Aid Dependent• Limited Capacity
Callisto E. Madavo, RVP, Africa, January 2003
Four Pillars of AFR Strategy
Source: Can Africa Claim the 21st Century?
IMPROVE DEMANDFOR GOOD
GOVERNANCEAND
TRANSPARENCY
POST-CONFLICTASSISTANCE
MODELS(DRC, LICUS)
HIV/AIDS AND MAP
EDUCATION FOR ALL(13 OF 23
COUNTRIES)
DECENTRALIZEDSERVICE
PRODUCTION ANDTRACKING
BUSINESS CLIMATE,AGRIBUSINESS,SUPPLY CHAINS
INFRASTRUCTURE
TRADE AND EXPORT FOCUS
BUILD ON NEWPROCESSESS
(HIPC, CDF/PRSP,NEPAD)
GET RESOURCESTO PEOPLE(CDD AND
EXPENDITURETRACKING)
SLASH TRANSACTIONCOSTS OF AID!
IMPROVEGOVERNANCEAND RESOLVE
CONFLICTS
INVESTIN PEOPLE
IMPROVECOMPETIVENESSAND DIVERSIFY
ECONOMIES
REDUCE AIDDEPENDENCE
& STRENGTHENPARTNER-
SHIPS
Benchmark Description
"Close-fit or better" to GFS definition of general governmentExtra (or off) budget expenditure is not substantialLevel and composition of outturn is "quite close" to budgetBoth capital and current donor funded expenditures included
Functional and/or program information providedIdentified through use of classification system(e.g., a virtual poverty fund)
Projections are integrated into budget formulation
Low-level of arrears accumulatedInternal audit function (whether effective or not)Tracking used on regular basis
Reconciliation of fiscal and monetary data carried out on routine basis
Monthly expenditure reports provided within four weeks of end of month
Timely functional reporting derived from classification system
Accounts closed within two months of year endAudited accounts presented to legislature within one year
Comprehensiveness1. Composition of the budget entity2. Limitations to use of off-budget transactions3. Reliability of budget as guide to outturn4. Data on donor financingClassification
5. Classification of budget transactions6. Identification of poverty-reducing expenditure
Projection7. Quality of multi-year expenditure projections
Internal Control8. Level of payment arrears9. Quality of internal audit10. Use of tracking surveysReconciliation
11. Quality of fiscal/banking data reconciliation
Reporting12. Timeliness of internal budget reports
13. Classification used for budget trackingFinal Audited Accounts14. Timeliness of accounts closure15. Timeliness of final audited accounts
For
mu
lati
onE
xecu
tion
Rep
orti
ng
Budget Management
The HIPC Assessment Questionnaire
Source: “Actions to Strengthen the Tracking of Poverty Related Public Spending in Heavily Indebted Poor Countries (HIPCs), World Bank and IMF, March 22, 2002. See http://www.worldbank.org/hipc/hipc-review/tracking.pdf
(Percent of 24 countries not meeting each benchmark)
Conclusions & Results, March 2002 Board Paper
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15Benchmark
number:
Clo
se f
it o
r b
ette
r to
GF
S d
efin
itio
n
Dat
a on
don
or f
inan
cin
g
Cla
ssif
icat
ion
of
bu
dge
t
Pov
. Red
. Exp
. Id
enti
fied
Pro
ject
ion
s in
tegr
ated
into
bu
dg.
for
mu
lati
on
Low
leve
l of
arre
ars
Qu
alit
y of
inte
rnal
au
dit
(ef
fect
ive
or n
ot)
Reg
ula
r tr
ack
ing
Fis
cal &
mon
etar
y d
ata
reco
nci
led
Mon
th r
epor
ts
Tim
ely
fun
ctio
nal
rep
orti
ng
from
cla
ss s
yste
m
Acc
oun
ts c
lose
d w
ith
in t
wo
mon
ths
of y
/e
Au
dit
ed a
ccou
nts
to
legi
slat
ure
wit
hin
1 y
ear
Ou
ttu
rn c
lose
?
Ext
ra (
off)
bu
dge
t ex
pen
d.
ReportingExecutionFormulation
Effectiveness Considerations
True independence Have a good understanding of issues facing the organization Be responsive to management’s needs Be able to assess, advise and assure on the management of
key business risks Contribute to performance improvement Be proactive in communication with management Follow through on implementation of recommendations Match the skill set to the needs Use enabling technology and work smarter
Internal Audit Processes
• Annual Audit Coverage Planning
• Assignment Planning
• Risk Assessment
• Control Identification
• Control Assurance
• Reporting
Annual Audit Coverage Planning
• Determine audit universe
• Compile audit coverage plan
– Prioritisation and rating of areas
– Type of assignment e.g. Business process, Product, Branch audit, etc.
• Contract with line manager & SBU Exco
• Approval by Group Exco
• Approval by GACC
• Deliverable: Annual Audit Coverage Plan
Assignment Planning
• Preliminary review– Obtain background information of audit area
• Determine assignment scope & objectives– Risk Management Plan, Control Adequacy Evaluation,
Control Effectiveness Evaluation• Develop Assignment Planning Memorandum
– Sign-off by Line manager– Notification to / Sign-off by SBU Exco member– Sign-off by Audit Services Section Head
• Deliverable: Assignment Planning Memorandum
Risk Assessment
• Identify functional areas• Identify risk areas• Identify risks• Identify risk elements• Prioritisation of risks & risk elements
• Deliverable: Risk Profile
A “Risk Profile”
1314151617181920212223242526293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
Probability0 1 2 3 4 5 6 7 8 9 10 11
1
2
3
4
5
6
7
8
9
10
11
0
Ser
iou
snes
s
TREASURY - AGRIS
Control Profile
6
13
2
1
4
5
3
9
8
Risk areas
12
107
11
Low Risk AreasMedium Risk Areas
High Risk Areas
1 - Implementation of trading strategy
2 - Marketing of products / services
3 - Market / product liquidity
4 - Obtaining of credit approvals
5 - Security documentation
6 - Management of counterparty exposures
7 - Dealing and pricing systems
8 - Quoting of rates9 - Trading10 - Income generation11 - Fee / commission
structure12 - Position revaluation13 - VaR / Sensitivity
Analysis
Control Identification
• Identify preventative controls• Identify contingent controls• Determine responsibility for controls
• Deliverable: Risk Management Plan
Control Assurance• Perform control adequacy evaluation
– Ensure existence of controls– Evaluate economy and efficiency of application
• Perform control effectiveness evaluation– Provide an opinion on the level of effectiveness
of adequate controls• Perform substantive testing
– To substantiate the impact where no controls exist
• Deliverable: Audit Findings
Reporting and follow-up• Present findings and recommendations• Obtain management responses• Rank findings, using standard rating tables• Compile an Executive Summary
– Critical and significant findings– Audit opinion on area audited
• Risk Management Plan– Detailed findings
• GACC reporting– Critical findings– Unacceptable audit opinion
• Follow up actions– Together with risk owners, monitored by SBU Exco
• Deliverable: Audit Assignment Report
Reporting Challenges
• 800+ audit assignments
• 5 Audit Committee meetings per year
• Different views and needs– Risk owners– SBU Management / Exco– Audit Committee
• The past, present and future
Security documentation: Controls to ensure timely collection of security documentation were found to be ineffective as a result of a inadequate information. (Rating: Significant)
Challenge – Maintain a “Control Profile”
1314151617181920212223242526293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
Probability0 1 2 3 4 5 6 7 8 9 10 11
1
2
3
4
5
6
7
8
9
10
11
0
Ser
iou
snes
s
TREASURY - AGRIS
Control Profile
6
13
2
1
4
5
3
9
8
= Risk area6
12
107
11
Low Risk AreasMedium Risk Areas
High Risk Areas
1 - Implementation of trading strategy
2 - Marketing of products / services
3 - Market / product liquidity
4 - Obtaining of credit approvals
5 - Security documentation
6 - Management of counterparty exposures
7 - Dealing and pricing systems
8 - Quoting of rates9 - Trading10 - Income generation11 - Fee / commission
structure12 - Position revaluation13 - VaR / Sensitivity
Analysis
Fig.1 - CUMULATIVE % AUDIT ASSIGNMENTS RATED "ACCEPTABLE"
0%
50%
100%
150%
DIVISIONS
% A
CC
EP
TAB
LE
% ACCEPTABLE TARGET 75% 75% 75% 75% 75% 75% 75%
% ACCEPTABLE 2002/2003 97% 91% 97% 88% 0% 75% 100%
% ACCEPTABLE 2001/2002 97% 91% 100% 100% 90% 64% 100%
% ACCEPTABLE 2000/2001 69% 87% 63% 100% 100% 56% 100%
RETAIL BANKING
WHOLESALE BANKING
COMMERCIAL BANKING
FINANCIAL SERVICES
OTHER SUBSIDIARIES
GROUP ITGROUP
SPECIALIST SERVICES
Reporting to Audit Committees
Root Cause Analysis
0%
20%
40%
60%
80%
100%TOTAL
COMMERCIAL BANKING DIVISIONS
FINANCIAL SERVICES
GROUP IT
GROUP SPECIALIST SERVICES
OTHER SUBSIDIARIES
RETAIL BANKING DIVISIONS
WHOLESALE BANKING DIVISIONS
Policy Standards People Procedure Information Technology
Effectiveness Considerations
True independence Have a good understanding of issues facing the
organization Be responsive to management’s needs Be able to assess, advise and assure on the
management of key business risks Contribute to performance improvement Be proactive in communication with management Recommendations are implemented Match the skill set to the needs Use enabling technology and work smarter