1 / 21

I nternal Auditing Consultative Forum Establishing Effective Internal Audit – Principles of Good Practice

I nternal Auditing Consultative Forum Establishing Effective Internal Audit – Principles of Good Practice. Gert van der Linde Safari Park, Nairobi, Kenya 2 March 2004. Working for a world free o f poverty. Poverty Reduction: Global Challenge.

yen
Télécharger la présentation

I nternal Auditing Consultative Forum Establishing Effective Internal Audit – Principles of Good Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Auditing Consultative ForumEstablishing Effective Internal Audit – Principles of Good Practice Gert van der Linde Safari Park, Nairobi, Kenya 2 March 2004

  2. Working for a world free of poverty

  3. Poverty Reduction: Global Challenge Of the 4.7 billion people who live in the 100 World Bank client countries: • 3 billion live on less than $2 a day and 1.2 billion on less than $1 a day. • Nearly 3 million children in developing countries die each year from vaccine-preventable diseases. • 113 million children are not in school. • 1.5 billion have no clean drinking water

  4. Poverty Reduction: Africa Challenge • 300 of 600 million people are in absolute poverty • Low HD Indicators • HIV/AIDS: 20 million have died, 30 million are infected and 12 million children orphaned • Relatively Small Economies • 200 million directly affected by conflict and violence • Heavily Aid Dependent • Limited Capacity Callisto E. Madavo, RVP, Africa, January 2003

  5. Four Pillars of AFR Strategy IMPROVE GOVERNANCE AND RESOLVE CONFLICTS INVESTIN PEOPLE IMPROVE COMPETIVENESS AND DIVERSIFY ECONOMIES IMPROVE DEMAND FOR GOOD GOVERNANCE AND TRANSPARENCY POST-CONFLICT ASSISTANCE MODELS (DRC, LICUS) HIV/AIDS AND MAP EDUCATION FOR ALL (13 OF 23 COUNTRIES) DECENTRALIZED SERVICE PRODUCTION AND TRACKING BUSINESS CLIMATE, AGRIBUSINESS, SUPPLY CHAINS INFRASTRUCTURE TRADE AND EXPORT FOCUS BUILD ON NEW PROCESSESS (HIPC, CDF/PRSP, NEPAD) GET RESOURCES TO PEOPLE (CDD AND EXPENDITURE TRACKING) SLASH TRANSACTION COSTS OF AID! REDUCE AID DEPENDENCE & STRENGTHEN PARTNER- SHIPS Source: Can Africa Claim the 21st Century?

  6. Budget Management Comprehensiveness 1. Composition of the budget entity 2. Limitations to use of off-budget transactions 3. Reliability of budget as guide to outturn 4. Data on donor financing Formulation Classification 5. Classification of budget transactions 6. Identification of poverty-reducing expenditure Projection 7. Quality of multi-year expenditure projections Internal Control 8. Level of payment arrears 9. Quality of internal audit Execution 10. Use of tracking surveys Reconciliation 11. Quality of fiscal/banking data reconciliation Reporting 12. Timeliness of internal budget reports Reporting 13. Classification used for budget tracking Final Audited Accounts 14. Timeliness of accounts closure 15. Timeliness of final audited accounts The HIPC Assessment Questionnaire Benchmark Description "Close-fit or better" to GFS definition of general government Extra (or off) budget expenditure is not substantial Level and composition of outturn is "quite close" to budget Both capital and current donor funded expenditures included Functional and/or program information provided Identified through use of classification system (e.g., a virtual poverty fund) Projections are integrated into budget formulation Low-level of arrears accumulated Internal audit function (whether effective or not) Tracking used on regular basis Reconciliation of fiscal and monetary data carried out on routine basis Monthly expenditure reports provided within four weeks of end of month Timely functional reporting derived from classification system Accounts closed within two months of year end Audited accounts presented to legislature within one year

  7. Conclusions & Results, March 2002 Board Paper (Percent of 24 countries not meeting each benchmark) 100% 90% 80% 70% 60% 50% 40% Timely functional reporting from class system Audited accounts to legislature within 1 year Projections integrated into budg. formulation Quality of internal audit (effective or not) Accounts closed within two months of y/e Close fit or better to GFS definition 30% Fiscal & monetary data reconciled Extra (off) budget expend. Pov. Red. Exp. Identified 20% Data on donor financing Classification of budget Low level of arrears Regular tracking Month reports Outturn close? 10% 0% Benchmark number: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Formulation Execution Reporting Source: “Actions to Strengthen the Tracking of Poverty Related Public Spending in Heavily Indebted Poor Countries (HIPCs), World Bank and IMF, March 22, 2002. See http://www.worldbank.org/hipc/hipc-review/tracking.pdf

  8. Effectiveness Considerations • True independence • Have a good understanding of issues facing the organization • Be responsive to management’s needs • Be able to assess, advise and assure on the management of key business risks • Contribute to performance improvement • Be proactive in communication with management • Follow through on implementation of recommendations • Match the skill set to the needs • Use enabling technology and work smarter

  9. Internal Audit Processes • Annual Audit Coverage Planning • Assignment Planning • Risk Assessment • Control Identification • Control Assurance • Reporting

  10. Annual Audit Coverage Planning • Determine audit universe • Compile audit coverage plan • Prioritisation and rating of areas • Type of assignment e.g. Business process, Product, Branch audit, etc. • Contract with line manager & SBU Exco • Approval by Group Exco • Approval by GACC • Deliverable: Annual Audit Coverage Plan

  11. Assignment Planning • Preliminary review • Obtain background information of audit area • Determine assignment scope & objectives • Risk Management Plan, Control Adequacy Evaluation, Control Effectiveness Evaluation • Develop Assignment Planning Memorandum • Sign-off by Line manager • Notification to / Sign-off by SBU Exco member • Sign-off by Audit Services Section Head • Deliverable: Assignment Planning Memorandum

  12. Risk Assessment • Identify functional areas • Identify risk areas • Identify risks • Identify risk elements • Prioritisation of risks & risk elements • Deliverable: Risk Profile

  13. 11 10 9 8 7 6 5 4 3 2 1 0 1 2 3 5 6 0 4 7 8 9 10 11 A “Risk Profile” Risk areas 1 - Implementation of trading strategy 2 - Marketing of products / services 3 - Market / product liquidity 4 - Obtaining of credit approvals 5 - Security documentation 6 - Management of counterparty exposures 7 - Dealing and pricing systems 8 - Quoting of rates 9 - Trading 10 - Income generation 11 - Fee / commission structure 12 - Position revaluation 13 - VaR / Sensitivity Analysis TREASURY - AGRIS Control Profile 42 43 44 45 46 47 48 78 58 49 52 53 54 55 56 50 59 65 61 62 63 64 57 66 67 68 51 74 70 71 72 73 75 60 76 69 77 25 79 81 82 83 84 85 87 40 88 39 38 37 36 35 34 41 33 32 86 80 26 30 24 23 22 21 29 20 18 17 16 15 14 13 19 31 Seriousness High Risk Areas 2 1 6 4 9 13 10 8 7 3 12 11 5 Medium Risk Areas Low Risk Areas Probability

  14. Control Identification • Identify preventative controls • Identify contingent controls • Determine responsibility for controls • Deliverable: Risk Management Plan

  15. Control Assurance • Perform control adequacy evaluation • Ensure existence of controls • Evaluate economy and efficiency of application • Perform control effectiveness evaluation • Provide an opinion on the level of effectiveness of adequate controls • Perform substantive testing • To substantiate the impact where no controls exist • Deliverable: Audit Findings

  16. Reporting and follow-up • Present findings and recommendations • Obtain management responses • Rank findings, using standard rating tables • Compile an Executive Summary • Critical and significant findings • Audit opinion on area audited • Risk Management Plan • Detailed findings • GACC reporting • Critical findings • Unacceptable audit opinion • Follow up actions • Together with risk owners, monitored by SBU Exco • Deliverable: Audit Assignment Report

  17. Reporting Challenges • 800+ audit assignments • 5 Audit Committee meetings per year • Different views and needs • Risk owners • SBU Management / Exco • Audit Committee • The past, present and future Security documentation: Controls to ensure timely collection of security documentation were found to be ineffective as a result of a inadequate information. (Rating: Significant)

  18. 1 - Implementation of trading strategy 2 - Marketing of products / services 3 - Market / product liquidity 4 - Obtaining of credit approvals 5 - Security documentation 6 - Management of counterparty exposures 7 - Dealing and pricing systems 8 - Quoting of rates 9 - Trading 10 - Income generation 11 - Fee / commission structure 12 - Position revaluation 13 - VaR / Sensitivity Analysis TREASURY - AGRIS 6 = Risk area Control Profile 32 20 15 16 53 14 17 21 19 13 31 22 23 24 25 18 33 48 26 42 34 35 36 37 38 39 40 41 50 43 44 51 46 47 49 29 45 52 62 56 57 58 59 60 70 61 63 64 65 66 67 68 69 71 73 55 80 81 75 76 77 78 79 30 82 72 83 84 85 86 87 88 54 74 11 10 9 8 7 Seriousness High Risk Areas 2 6 1 6 5 4 4 9 13 3 10 8 7 3 12 2 11 1 5 Medium Risk Areas 0 Low Risk Areas 1 2 3 5 6 0 4 7 8 9 10 11 Probability Challenge – Maintain a “Control Profile”

  19. Reporting to Audit Committees

  20. Root Cause Analysis

  21. Effectiveness Considerations • True independence • Have a good understanding of issues facing the organization • Be responsive to management’s needs • Be able to assess, advise and assure on the management of key business risks • Contribute to performance improvement • Be proactive in communication with management • Recommendations are implemented • Match the skill set to the needs • Use enabling technology and work smarter

More Related