TR 07- FI- 02 INTERNAL CONTROL – basic course COSO RISKS OBJECTIVES CONTROLS January 2009 EU Twinning Project TR 07-FI-02

TR 07- FI- 02 THE INSEPARABLE TEAM vision, mission, OBJECTIVES values of the organisation/ business targets RISKS to achieving objectives risk appetite (OPPORTUNITIES) (& costs) gained or lost CONTROLS addressing risks/opportunities sufficient for purpose

TR 07- FI- 02 LAW 5018/9 “Public administrations shall: prepare their budgets on performance basis and in concordance with the mission, vision, strategic goals and objectives included in the strategic plans.”

TR 07- FI- 02 LAW 5018/10 “Ministers shall inform the public within the first month of every fiscal year: about the goals, objectives, strategies, assets, liabilities and annual performance programs of their administrations ”

TR 07- FI- 02 HIERARCHY OF RISK uncertainties Strategic decisions strategic Decisions transferring programme strategy into action Decisions required project & operational to implement

TR 07- FI- 02 HIERARCHY OF RISK uncertainties Better Education strategic E.G. 1 Schools Building programme 2 Curriculum Development 1 Building Contracts 2 Preparing a new course project & operational 3 Paying invoices

TR 07- FI- 02 RISK MAP significance high impact/ high impact/ low probability high probability low impact/ low impact/ low probability high probability probability

TR 07- FI- 02 RESPONSES TO RISK MAP significance high impact/ high impact/ low probability high probability CONTROL PROCEDURES CONTROL PROCEDURES/ CONTINGENCY low impact/ low impact/ low probability high probability IGNORE CONTINGENCY probability

TR 07- FI- 02 P.E.S.T.L.E. & S.W.O.T. EXTERNAL factorsINTERNAL P olitical S trengths E conomic S ocial- Cultural W eaknesses T echnological L egal O pportunities E nvironmental T hreats

TR 07- FI- 02 CONTROL ACTIVITIES * policies & procedures that help perform management directives * necessary actions to address risks to achieving objectives * throughout an organisation – all levels, all functions – not just finance can cover a diverse range of activities e.g.top level reviews functional or activity management information processing physical control segregation of duties WHAT ELSE??

TR 07- FI- 02 CONTROL ACTIVITIES NOT FOR THEIR OWN SAKE REDUCE/MINIMISE RISKS TO ACHIEVEMENT POSITIVE/CONSTRUCTIVE FOCUS ON RESULTS NB: “Doing the RIGHT THING” “Doing THINGS RIGHT”

TR 07- FI- 02 Examples of Control Activities Separation of duties (such as the person who authorises payment of an invoice being separate from the person who ordered goods) – a control to mitigate the risk of fraud; Bank reconciliations (accounting records are reconciled to bank statements) - a control to mitigate the risk of accounting errors and bank errors remaining undetected; Public relations (eg only those suitably trained and authorised being permitted to handle media enquiries) a control that reduces the risk of inappropriate comment being made to the press, with consequent reputational damage. Health and safety (eg a requirement that protective clothing be worn during the performance of dangerous duties) – a control that reduces the risk that staff will be injured when handling hazardous substances.

TR 07- FI- 02 OBJECTIVE INHERENT RISK - INTERNAL CONTROLS = RESIDUAL RISK (EXPOSURE) ~ TOLERANCE/APPETITE

TR 07- FI- 02 GROUP SESSION 4 objectives, risks, controls 1 organise yourselves 2 address the questions in the course outline FOCUS YOUR THOUGHTS & RESPONSES ON: THE INSEPARABLE TEAM (O IR – IC = RR ~ RA) REMEMBER PREVIOUS GROUP SESSIONS