1. PIFC in the Turkish Public Sector Ankara March 30th, 2005 Robert de Koning European Commission DG Budget B.3

2. March 30th, 2005PIFC in the Turkish Public Sector2 1. Previous developments Apr 2000: First contacts with DG BUDG Sep 2001: Administrative Co-operatioin Agreement between MoF and DG BUDG Mar 2002: Chapter 28 Training Seminar in Ankara Jul 2002: PIFC Policy Paper Dec 2004: Turkish involvement in EFCO Contact Group and recent CHU-workshops Jan 2005: PFMC Law enters into force

3. March 30th, 2005PIFC in the Turkish Public Sector3 2. Turkey’s reply to co-operation with DG BUDG A long policy debate from 2001-2003/4 resulting in: –Adoption of a PIFC Strategy Paper –Adoption of the PFMC Law Starting a Transition Period during which: –Transfer of ex ante control to spending centres –Establishment of decentralised Internal Audit –Establishment of central harmonisation in MoF –Timetable to achieve PIFC in due course –Further development of secondary/tertiary regulations

4. March 30th, 2005PIFC in the Turkish Public Sector4 3. Chapter 28: Financial Control Coverage: –PIFC –External Audit (SAIs) –Fight against Fraud and Protection of EU funds Steps for PIFC: –Conceptualisations (Policy Paper) –Legislation stages (Framework Law, secondary and tertiary regulations) –Organisational reform and Implementation –Training of all actors involved

5. March 30th, 2005PIFC in the Turkish Public Sector5 4. PIFC in a nutshell Principles: –Managerial Accountability –Independent Internal Audit –Central Harmonisation Organisation: –Financial management and control systems become responsability of the manager (FMC) –Decentralised Internal Audit and seperate Internal Audit from management and Financial nspection –CHU in the Ministry of Finance to co-ordinate and harmonise the PIFC system

6. March 30th, 2005PIFC in the Turkish Public Sector6 5. Why PIFC? Questionnaire Chapter 28: –Assessments made by DG Budget Old inspection systems versus new requirements (introduction of policy objectives, risk management, etc.) New developments in corporate governance (leading to government governance) Many different players in the field and opinions: confusion in CCs leading to many Requests from CCs to DG BUDG to give indications for a comprehensive, unified and ideal model that could be followed and implemented.

7. March 30th, 2005PIFC in the Turkish Public Sector7 6. Standards for PIFC 1. COSO framework (IIA) (1991 and 2004) for Internal Control the private sector 2. INTOSAI Guidelines for Internal Control in the public sector (2004) 3. SIGMA of OECD, independent experts in public administrative financial reform in the new MS and new CCs;

8. March 30th, 2005PIFC in the Turkish Public Sector8 7. IC Components 1. Control environment (overall quality of IC) 2. Risk assessment (by management) 3. Control activities (strategy to mitigate risks) 4. Information and Communication (vital to run operations and control activities) 5. Monitoring (to help ensure that IC remains tuned to objectives, environment, resources and risks)

9. March 30th, 2005PIFC in the Turkish Public Sector9 8. Monitoring? INTOSAI (Guidelines) distinguishes –Ongoing/routine monitoring (management) –Seperate evaluations (based on RAM) by Self-assessment (management) Internal audit (therefore IC includes IA) External audit (SAI’s and private audit firms) Monitoring ensures that audit findings and recommendations are adequately followed-up

10. March 30th, 2005PIFC in the Turkish Public Sector10 9. Internal Audit IA examines and contributes to the three e’s in the IC system through evaluations/assessments and recommendations. IA is functionally independent from management and cannot therefore share management’s responsibilities for designing, implementing, maintaining and documenting internal control (e.g. Audit trails) Important: make management aware, understanding and appreciative of additional value of IA!!!

11. March 30th, 2005PIFC in the Turkish Public Sector11 10. Internal Audit and Inspection Oct 2001: Contact Group Tallinn discussion –Inspection: Transaction and complaint oriented Aiming at sanctions / investigations Ex post financial control (management) Centralised (fraud or serious irregularities) –Internal audit: Does not assume management responsibilities Does not ensure legality/regularity Is not responsible for financial mismanagement Does not ensure absence of fraud Only assesses IC systems

12. March 30th, 2005PIFC in the Turkish Public Sector12 11. Questions to solve 1. Make the PIFC system so reliable that fraud or serious irregularities (fsi) are minimised. 2. Develop Internal Audit as a management tool that will in the final end act as prevention of fsi and, hopefully, diminish the Financial Inspection repressive functions and help it focus on more specific and essential investigation tasks. 3. Develop Financial Inspection into central fsi investigation service and decentralise monitoring tasks to management (like ex post financial control).

13. March 30th, 2005PIFC in the Turkish Public Sector13 12. Open issues in PFMC Law? Some FMC issues in the PFMC Law for further consideration: –management responsibilities Minister is not included in delegation chain (HPA – authorising officers and further sub-delegation); is this wise and does that protect the minister from fsi? Transitional arrangements for decentralising ex ante control to financial services: are there benchmarkers for measuring progress? Are there adequate procedures in case of visa refusal? (passer outre, information to IA)? Lack of organisational status of the CHU-FMC?

14. March 30th, 2005PIFC in the Turkish Public Sector14 13. Open issues in PFMC Law? Some IA issues in the PFMC Law for further consideration: Are there still areas in the act that mix specific managerial and audit tasks, e.g. in the area of monitoring? The tasks of the CHU/ACB for Internal Audit: –Should it be involved in audit planning? –Should it develop audit trails? –Should it deal with measures to eliminate fraud and irregularities?

15. March 30th, 2005PIFC in the Turkish Public Sector15 14. Audit Co-op Board or CHU? A CHU should be: –Engine of propagation of PIFC principles –Centre of excellence for questions from management and auditors on daily basis –Networker and upgrader of IA standing –Quality raiser of IA profession –Promotor of visibility in the entire public sector –Assessor of training needs for all PIFC actors –Stimulator of co-operation with SAI, IIA, EC etc. Can the ACB function as a proper day-to-day CHU organisation?

16. March 30th, 2005PIFC in the Turkish Public Sector16 15. Experience in New MS The Compendium of PIFC IA Legislation in the new MS and CCs (september 2004) provides info on the achievements in new MS and CC’s to date. –Experience shows that main issues remain: Overall implementation delays (cultural changes take much time) Unsatisfactory levels of management awareness and support for IA Mixing responsibilities of internal audit with management or between internal audit and inspection Status of the CHU’s in administration sometimes not optimal insufficiently trained staff or lack of suitable staff –DG BUDG organises annual meetings for all national CHUs to provide for general platform to discuss PIFC progress and outstanding matters

17. March 30th, 2005PIFC in the Turkish Public Sector17 16. Further Actions Turkish/French twinning project for PIFC Turkish/UK twinning project for SAI Another project for the Board of Treasury Controllers (EU funds) Close DG BUDG monitoring in framework of the ACA between MoF and DG BUDG of: –Secondary legislation –Tertiary regulation (IA Charter, IA Code of Ethics, Standard and Practice Advisories, etc...) –Implementation and Training in accordance to time tables

18. March 30th, 2005PIFC in the Turkish Public Sector18 17. Information sources All of the previously discussed material can be found on our FccWebsite : http://forum.europa.eu.int/Members/irc/budg/Ho me/mainhttp://forum.europa.eu.int/Members/irc/budg/Ho me/main And on the websites of INTOSAI, IIA, SIGMA. Çok teşekkűrler ve çalısmalarınızda başarılar!