The control environment

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

Organizational Governance
Internal Control–Integrated Framework
Post Award MUHAS, Dartmouth, UCSF Basics of Internal Controls Tuesday October 21, 2014.
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Presented By: Donna Denker, CPA Donna Denker & Associates.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
Internal Auditing and Outsourcing
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Central Piedmont Community College Internal Audit.
Changes to the Internal Control Integrated Framework Cliff Flood.
Chapter 3 Internal Controls.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Introduction In 1992, the Committee Of Sponsoring Organizations of the Treadway Commission (COSO) published Internal Control-Integrated Framework (1992.
Internal Control in a Financial Statement Audit
Practice Management Quality Control
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Evaluation of Internal control mechanism in Audit of Autonomous Bodies.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Internal Control Systems
S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.
Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
INTERNAL AUDIT PROCESS PRE-AUDIT PRESENTATION. OBJECTIVES OF PRESENTATION  PROVIDE A BASIC UNDERSTANDING OF INTERNAL AUDIT  PROVIDE A BASIC AWARENESS.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Company LOGO Chapter4 Internal control systems. Internal control  It is any action taken by management to enhance the likelihood that established objectives.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Roadmap For An Effective Compliance And Ethics Program
Principles of Good Governance
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
Internal Control Principles
Providing assurance on risk management and controls
Internal Control in a Financial Statement Audit
How to Survive an External Quality Assessment
Understanding the Principles and Their Effect on the Audit
Построение культуры integrity в компании Aнар Каримов партнёр «ЭКВИТА»
PEM PAL IA COP Internal Control Working Group COSO Principles
Internal Control Integrated Framework
Office of Internal Audits
A Framework for Control
Building the Foundation of Compliance
Setting Actuarial Standards
Defining Internal Control
Competency Based Learning and Development
Building the Foundation of Compliance
COSO Internal Control s Framework
Internal control - the IA perspective
Revision of the Internal Control Framework in the European Commission PEMPAL Internal Audit Community of Practice (IACOP) Brussels, 27th February 2017.
Performance Management
Internal Controls Policies and Procedures
The Elements of appropriate Internal Controls
Mr Mirco Barbero European Commission, IAS.C1
Leveraging COSO across the three lines of defense
An overview of Internal Controls Structure & Mechanism
Monitoring Activities
Shasta CCD Board Retreat CEO Search, Accreditation & Student Success
HR AUDIT (An Early Evaluation System) (An Early Evaluation System) S.Jayaprakash., M.Sc (IT), PGD.HRM, DLL & AL.
Presentation transcript:

The control environment Presentation to PEMPAL IACOP meeting in Georgia 29-30 October 2018 Richard maggs

goals of the presentation TO Provide A very quick refresher on internal control To present the first component of COSO - the control environment TO outline the five principles used by Coso on the control environment TO explain the approach proposed in the discussion paper on each principle and how this can be improved through discussion in Georgia

A quick refresher on internal control Definitions limitations

The definition of Internal Control This means that: C COSO defines Internal Control as: A Internal Contol is everyone’s business Its about Operations Reporting Compliance A process effected by an organization's governing bodies, management and other personnel There is no such things as perfect control designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance Control is aimed at achieving the organizations objectives Internal Control is therefore: B Effected by People It is not simply a set of manuals forms and checklists It is people who set objectives and who put controls in place to achieve them. 1 Able to provide reasonable assurance but not absolute assurance, to senior management and the Governing Bodies 2 Extends to operational activities and is not limited to reporting and compliance 3 A continuous process Internal Control is not one event or circumstance but a series of ongoing tasks and activities. It’s a means to an end, not an end in itself. 4

Limitations Internal control cannot influence external factors e.g. changes of policies Internal control cannot change a poor manager into a good one Inherent limitations include human fraility Faulty human judgement in decision-making Simple human error and mistakes Cannot always protect against fraud Collusion by two or more people Management override of controls

Internal control components

Monitoring Activities A dynamic and iterative process for identifying and analyzing risks to the achievement of the organization’s objectives, which forms a basis for determining how risks should be managed. Risk Assessment 2 The actions needed to manage risks to the achievement of objectives The control environment is the foundation for all other components of internal control. This sets the tone of an organization, influencing the control consciousness of staff Control Environment 1 Internal control systems need to be monitored to assess the systems’ performance over time and and to ensure that internal control continues to operate effectively The means of assessing the quality of the internal control system's performance over time Monitoring Activities 5 Internal Control Framework Control activities help ensure that necessary actions are taken to address risks to the achievement of the organization’s objectives. Control activities are performed at all levels of the organization, at various stages of business processes and over the technology environments. The controls put in place to respond to risks, and the policies and procedures that help ensure that management directives are carried out Control Activities 3 Effective communication is the lifeblood of internal control. The process of escalating information for consideration by senior management is particularly crucial for the effectiveness of internal control. The information needed to help people to carry out their responsibilities Information & Communication 4

Control environment

CONTROL ENVIRONMENT PRINCIPLES The organization demonstrates a commitment to integrity and ethical Values 1 The Governing Bodies demonstrate independence from management and exercises oversight of the development and performance of internal control 2 Management establishes, with governing body oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 3 The organization demonstrates a commitment to attract develop and retain individuals 4 The organization holds individuals accountable for their Internal Control responsibilities in the pursuit of objectives 5

CONTROL ENVIRONMENT: PRINCIPLES AND POINTS OF FOCUS The organization demonstrates a commitment to integrity and ethical Values PF 1.1 Sets the tone at the top PF 1.3 Checks adherence to standards of conduct PF 1.4 Addresses deviations promptly PF 1.2 Establishes standards of conduct 1 The Governing Bodies demonstrate independence from management and exercises oversight of the development and performance of internal control PF 2.1 Establishes oversight responsibilities PF 2.2 Has access to relevant Skills PF 2.3 Operates independently PF 2.4 Provides oversight of the system of internal control 2 Management establishes, with governing body oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. PF 3.1 Considers all Structures of the organization PF 3.2 Establishes reporting lines PF 3.3 Defines, assigns and limits authorities and responsibilities 3 The organization demonstrates a commitment to attract develop and retain individuals PF 4.3 Attracts develops and retains individuals PF 4.4 Plans and prepares for succession PF 4.2 Evaluates competence and addresses shortcomings PF 4.1 Establishes policies and practice 4 5 The organization holds individuals accountable for their Internal Control responsibilities in the pursuit of objectives PF 5.1 Enforces accountability through structures authorities and responsibilities PF 5.4 Considers excessive pressures PF 5.5 Evaluates performance and rewards or disciplines individuals PF 5.2 Establishes performance measures incentives and rewards PF 5.3 Evaluates Performance measure relevance

IN depth consideration of the principles Discussion paper contains diagrams which aim to aid the interpretation of the principles A short commentary on each principle A set of questions that auditors may ask under each principle During the seminar we will have a lot of discussion which should help us improve the initial draft paper in ways which are more meaningful to auditors working in pempal countries?

A quick look at each of the five principles

PF 1.1 Sets the tone at the top The organization demonstrates a commitment to integrity and ethical Values 1 Values Behavior Operating Style PF 1.1 Sets the tone at the top Management sets high personal standards of behavior PF 1.2 Establishes standards of conduct Policy on sexual harassment Whistleblower protection policy Anti fraud and corruption policy Code of conduct PF 1.4 Addresses deviations promptly Regular reports to staff of disciplinary action taken Takes disciplinary action when needed PF 1.3 Evaluate adherence to standards of conduct Management reviews Personal performance assessments Investigations

PF 2.2 Has access to relevant skills The Governing Bodies demonstrate independence from management and exercise oversight of the development and performance of internal control 2 PF 2.2 Has access to relevant skills Policy skills? Financial skills? Investigation skills? Governing Body considers skills needed and addresses gaps in skills PF 2.1 Establishes oversight responsibilities Governing Body rules of procedure provide for effective oversight Legal framework specifies oversight responsibilities Considers oversight body reports PF 1.4 Provides Oversight of system of Internal Control Reports of oversight bodies at second and third line of defence Governing bodies retain oversight responsibility for the way management has designed Internal Control PF 2.3 Operates Independently Governing Body Members are independent from managers Any conflicts of interest are identified by Governing Bodies

First line Second line Third line Management establishes, with governing body oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 3 PF 3.1 Considers all structures Internal structures Regional units? Operating units? Product units? External structures Partnerships? Outsourced service providers? PF 3.3 Defines, assigns and limits authorities and responsibilities Establishes Limits of authority Lists of delegated responsibilities Manuals & guides PF 3.2 Establishes reporting lines Organization charts Uses the Three Lines of Defence model First line Second line Third line Management and other personnel on the front line responsible for providing effective internal control day to day. Support functions who provide guidance on internal control requirements and evaluate adherence to defined standards Independent functions, specifically the Internal Auditor and any evaluation function assessing and reporting on internal control and recommending corrective action

PF 4.2 Evaluates competence and addresses shortcomings The organization demonstrates a commitment to attract develop and retain competent individuals in alignment with objectives 4 Identification of staff competence and skills needed to achieve objectives PF 4.2 Evaluates competence and addresses shortcomings Career Frameworks Job profiles Job descriptions PF 4.1 Establishes policies and procedures Policies reflect expectation of competence needed Human resource strategy, policies, manuals and guidance PF 4.4 Plans and prepares for succession Identify essential functions that need succession planning Establish plan for succession PF 4.3 Attracts develops and retains individuals Develop staff through training coaching and mentoring. Evaluate performance well Retain staff by providing incentives to motivate good performance Attract the right candidates through effective recruitment

PF 5.2 Establishes performance measures incentives and rewards The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives 5 PF 5.1 Enforces accountability through structures authorities and responsibilities Establish mechanisms to hold individuals accountable for Internal Control responsibilities PF 5.2 Establishes performance measures incentives and rewards Establish performance measure incentives and rewards appropriate for all levels in the organization PF 5.3 Evaluates performance measure relevance Ensure that performance measures and incentives are appropriate and do not result in perverse incentives Regular Performance Appraisal reports PF 5.5 Evaluates performance and rewards or disciplines individuals Effective process for assessing individual performance in line with objectives PF 5.4 Considers excessive pressures Ensure staff are not facing excessive pressures to perform tasks that could result in poor internal control

Further consideration of principles How should the principles be interpreted for application in the public sector? How do we translate a board of directors into the public sector context? HOW far is “tone at the top” a political issue? How do we deal with lack of freedom of some public sector institutions to take action e.g. in setting performance rewards relevant to their work?

Thankyou