© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA risk assessment José Viegas Ribeiro IGF, Portugal.

Slides:

Advertisements

Similar presentations

1 The PEFA Program – and the PFM Performance Measurement Framework Washington DC, May 1, 2008 Bill Dorotinsky IMF.

Advertisements

The Managing Authority –Keystone of the Control System

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

RELATIONSHIP BETWEEN THE MANAGING AUTHORITIES AND THE PAYING AGENCIES IN THE MANAGEMENT OF RURAL DEVELOPMENT PROGRAMMES Felix Lozano, Head of.

Training for Participants Date, Location, Venue 1 Welcome! Welcome to PEM 2 Module!

 Capacity Development; National Systems / Global Fund Summary of the implementation capacities for National Programs and Global Fund Grants For HIV /TB.

Evaluating public RTD interventions: A performance audit perspective from the EU European Court of Auditors American Evaluation Society, Portland, 3 November.

Development of internal control: methodology and responsibility

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

Auditing A Risk-Based Approach To Conducting A Quality Audit

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Internal Control in a Financial Statement Audit

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Purpose of the Standards

Learning Objectives LO1 Describe the finance and investment process: risk assessment, typical transactions, source documents, controls, and account balances.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Welcome to the Board! (and did we mention your Fiduciary Responsibility?)

PAD190 PRINCIPLES OF PUBLIC ADMINISTRATION

Audit Commission Presentation Salford City Council Consideration of the financial statements.

SEMINAR on the EEA Financial Mechanism THE EUROPEAN COMMISSION DIRECTORATE- GENERAL REGIONAL POLICY Brussels 13 June 2005 Control and Audit Nicholas Martyn.

Effective Management and Compliance 1 ANA GRANTEE MEETING  FEBRUARY 5, 2015.

Audit objectives, Planning The Audit

New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 5 Internal Control over Financial Reporting

Internal Control in a Financial Statement Audit

How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,

NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.

Internal Control in a Financial Statement Audit

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 8.1 Control Risk,

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.

Evaluation of Internal Control System

Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.

REPUBLIC OF TURKEY PRIME MINISTRY Undersecretariat of Treasury REGIONAL COMPETITIVENESS OPERATIONAL PROGRAM (RCOP) Ankara, 27 June 2012 AUDIT AUTHORITY.

Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.

Slide 1 Federation des Experts Comptables Méditerranéens 4 th FCM Conference Capri, 3-4 May 2004 The Globalisation of Small and Medium-sized Enterprises.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.

Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.

EN DG Regional Policy & DG Employment, Social Affairs & Equal Opportunities EUROPEAN COMMISSION Luxembourg, May 2007 Management and control arrangements.

S&E and BMW Regional Operational Programmes 14 – 20 Training for Local Authorities involved in DUCGS projects, 21st April 2016 REPORTING, DATA COLLECTION.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

AUDIT QUALITY AND ASSURANCE 2 ND AND 3 RD OCTOBER 2014 HILTON HOTEL MATERIALITY IN PLANNING AND PERFORMING THE AUDIT (ISA 320) 1.

Regional Accreditation Workshop For Asia and Eastern Europe Manila, Philippines th March, 2012.

©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.

Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.

F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.

AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Finance & Human Resources

Presentation to the Portfolio Committee on Finance

Internal control - the IA perspective

Draft OECD Best Practices for Performance Budgeting

Role & Responsibilities

Management Verifications & Sampling Methods

Management Verifications & Sampling Methods

An IT Viewpoint Darin Kreimeyer, Senior Manager Newel Linford, Manager

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Good practices for risk assessment and control activities

International Triathlon Union

Portfolio Committee on Communications

Presentation transcript:

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA risk assessment José Viegas Ribeiro IGF, Portugal SIGMA PEM PAL workshop Lviv, 8/9 October

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA outline 1. Why risk assessment 2. Risk assessment at macro level (per Ministry) – a key tool for audit planning in Portugal 3. Risk assessment at micro level (per organization) - a key tool for auditing the internal control systems

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Risk assessment – Why ? Basis for the audit strategy Planning audit work (risk-based plan) Prioritise audit work, consistent with the organization’s goals Mitigate the risks ASAP Increase audit efficiency/focus on risk areas Consider expectations of senior management, the board and other stakeholders 3

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Why risk assessment – ISA 315 and 330 ISA 315 gives an overview of the procedures that the auditor should follow in order to obtain a sufficient understanding to assess audit risks, and these risks must then be considered when designing the audit plan. Of central importance to both ISA 315 and ISA 330 is the recognition that assessing risks is at the core of the audit process, and these two ISAs specify that the auditor is required to obtain an understanding of the key risks (sometimes described as 'significant' risks) relevant to the financial statements. 4

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA audit standards ISA Identifying and assessing the risks of material misstatement through understanding the entity and its environment ISA The Auditor’s responses to assessed risks IASB Performance standard Planning

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA A- Risk assessment at macro level (Ministry) – a key tool for audit planning in Portugal Steps: 1 - Understanding the entities and their functions, business and environment; gathering information (also using in house information and available recent data) 2 - Risk assessment check list (per each organization of each Ministry) 3 – Assessment of the results (per organization of each Ministry) 4 – Setting priorities for the audit annual plan

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 1st step – Understanding the entity and its business/environment and gathering information ISA 315 gives detailed guidance about the understanding required of the entity and its environment by auditors, including the entity’s internal control systems. Understanding of the entity and its environment is important for the auditor in order to help identify the risks, to provide a basis for designing and implementing responses to assessed risk (see also ISA 330, The Auditor’s Responses to Assessed Risks), and to ensure that sufficient appropriate audit evidence is collected.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 2nd step – Risk assessment check list Risk assessment summary table with the key risk factors Risk assessment detailed table (risk factors break down)

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 2nd step – Risk assessment summary table quantitative assessment RISK FACTORS Maximum Score F1Nature of the Department/Unit2 F2Materiality3 F3Expenditure Structure10 F4Own Resources10 F5European Union financing8 F6Debt management7 F7Financial and Economic indicators10 F8Internal Control28 F9Results of previous audits22 MAXIMUM SCORE100

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 2nd step – Risk assessment check list Check list as a section of the audit manual check list detailing each risk factor, with a maximum score per factor (example of the check list shown in a separate file) applied to each organization of each Ministry (eg, general directorates, agencies, departments) Input from senior management (eg, interviews or revising management documentation) basis for audit priorities and annual planning

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 2nd step – Risk assessment (included in the score of factor F8) Probability assessment Level Not verified in previous audits1Ocasional Verified in 5% of the expenditure audited in previous audits2Possible Verified in more than 5% of the expenditure audited in previous audits3Frequent Impact assessmentLevel Does not afect expenditure1Low Does not afect expenditure in a material way2Moderate Affects expenditure in a material way3High

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 3rd step – Risk assessment results from quantitative to qualitative assessment AssessmentLower LimitHigher Limit Very Low2036 Low3652 Medium5268 High6884 Very High84100

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 3rd step – Risk assessment results

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Verifications carried out should allow the auditor to issue a final audit opinion on the internal control system Work Well : if key risks are properly addressed by controls operating effectively Work, but minor improvements are needed: if key risks are properly addressed by controls operating effectively, with some minor exceptions Work, but important improvements are needed : if some risks are addressed by controls, that in relevant situations are weak and not operating effectively Does not work : major key risks are not properly addressed by controls and/or key controls are not operating effectively 14 3rd step – Risk assessment results another method – European Commission final audit systems assessment

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA B - Risk assessment at micro level (per organization) a key tool for auditing the internal control systems 1 – focus on key internal control areas (COSO based) 2 - internal control check list (key controls) 3 – guidance note for the auditors – how to use 4 – final assessment of the results (clear indication of the high risk internal control areas – important for the management, the board and the audited organization)

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Terms of Reference Key principles of an internal control system Clear allocation of roles and responsibilities Appropriate segregation of functions Reliable management accountant and information systems Key Controls over operations and transactions 16

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Control Environment Management awareness on the importance of internal control Risk Assessment Assessing the inherent risks of the entity, Internal Control Procedures Procedures adopted by the management to address and mitigate the risks Information and Communication Information systems allowing for an effective internal control Monitoring Continuous assessment procedure of internal control quality performance 17 Terms of Reference - Internal control components

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA Organization structure Segregation of functions Operations key controls Accounting and financial controls Record-keeping of documents in a sequence/order Qualified and accountable staff Clear authorization and approval procedures Physical controls Management supervision Cost-benefit approach documentation 18 Terms of Reference – internal control elements

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 19 focus on Internal control example of a check list

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA 20 focus on Internal control example of a detailed internal control check list (key controls)

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA final assessment table an example for internal control areas 21 0 – Non existent 1 – Very Poor 2 – Poor 3 – Sufficient 4 – Good 5 – Excellent Control environment Organizational structure Budget preparation, execution Treasury management Asset management RevenuesAcquisitions and Procurement HR managementInformation systems Annual accounts

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA RA areas to follow and improve - I RA is key for the auditor - need to have a deep and comprehensive understanding of the audited organization business and environment ( auditor must not feel “lost in the forest”, but going straight to the “right trees”) Without a robust RA it’s not possible to have a good planning, and without a good planning it’s very difficult to have an effective and valuable audit report Need to improve the reliability of the inherent risk assessment, in particular in organizations with complex and composite financial transactions and several sources of funding

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA RA areas to follow and improve - II Example of operations of this nature, which are often difficult to the auditors – revenue generating projects, financial engineering operations, state aid operations Also public procurement, concessions and PPP’s are areas of high materiality and complexity and increasing difficulties in RA (both inherent and control risk), requiring specific knowledge and fine tuning RA Example of the most common findings requiring experienced auditors – additional works, modification of the physical object of the contract and artificial splitting of the contracts

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Σ SIGMA RA areas to follow and improve - III From our experience, public procurement, concessions and PPP’s are responsible for some of the most material and important audit findings (also deviations and errors) accordingly, we decided to improve the risk assessment and also to develop a separate and very detailed check list to audit public procurement, concessions and PPP’s (that was included as an additional annex to the audit manual – other high risk areas will be subject to specific check lists as well) auditing management information systems, running in high complex IT platforms (even when not a IT audit, IT capabilities are very useful).