1. Seoul, Korea – October, 2014 Brazilian Court of Accounts

2.  Objective  Why PDIS should be evaluated  Brazil – economics indicators  Background  ISSAI 5450 – improvements and changes  Comparison: 2 nd and 3 rd version of ISSAI 5450  Next steps

3. To help the WGPD to develop a guidance on audit of Public Debt Information Systems (PDIS) that can be useful for all the INTOSAI community What are we doing? Auditing on general controls and application controls of Public Debt Information Systems What is the object of guidance?

4. ISSAI 300 - Principles of Performance Auditing Auditors should choose a result-, problem- or system- oriented approach, or a combination thereof, to facilitate the soundness of audit design. - a system-oriented approach examines the proper functioning of management systems, e.g. financial management systems

5. ISSAI 5410 - Guidance for Planning and Conducting an Audit of Internal Controls of Public Debt Computer-based debt information systems have major implications for audits of sovereign debt operations. Auditors must have sufficient computer expertise to perform tests of the internal controls built into computer systems, which are commonly classified into general and application controls.

6. UNCTAD: Principles on promoting responsible sovereign lending and borrowing Debtors should make public disclosure of their financial and economic situation, providing among others the following information: (i) accurate and timely fiscal data; (ii) level and composition of external and domestic sovereign debt including maturity, currency, and forms of indexation and covenants; (iii) external accounts; (iv) the use of derivative instruments and their actual market value; (v) amortization schedules and, (vi) details of any kind of implicit and explicit sovereign guarantees. (11. Disclosure and publication)

7. IMF: Revised Guidelines for Public Debt Management Debt management activities should be audited annually by external auditors. Information technology (IT) systems and risk control procedures should also be subject to external audits. In addition, there should be regular internal audits of debt management activities, and of systems and control procedures. (Transparency and Accountability)

8. Relevant info for decision making demands security, reliability, accuracy and readiness from the information systems

9. GDP REAL GROWTH (%)

11. GROSS DEBT R$ billionGROSS DEBT – GDP (%)

12.  Brazilian Court of Accounts headed the investigation theme “Evaluation on Information Systems Related to Public Debt Management” in July 2009 (Kyiv, Ukraine)  First version draft presented in the WGPD meeting in September, 2012 (Helsinki, Finland)  The draft was submitted to the WGPD members for comments  Comments from Lithuania, USA, Moldova

13.  The exposure draft of the ISSAI 5450 “Guidance of Auditing on Public Debt Information System” has been approved by the Steering Committee of the Knowledge Sharing Committee (KSC)  WGDP Secretariat submitted to INTOSAI Professional Standards Committee (PSC) in June, 2013  PSC submitted the Exposure draft of the ISSAI 5450 to INTOSAI community for comments in July, 2013  Comments received until November, 2013

14. Comments ArgentinaMalaysia AustraliaMoldova CanadaNetherlands ChileOman ChinaPoland HondurasThailand HungaryUnited States of America IndiaUnited Arab Emirates KazakhstanUnited Kingdom KuwaitVietnam LatviaZambia

15. ImprovementWho did suggest?Where is it? Description of the importance of auditing the system public debt and the possible consequences of not performing it Austrália, LatviaPage 1 Description of the objectives of the debt information system AustraliaPage 1 Explanation about the importance of this guide within a large context United Kingdom, Latvia, IndiaPages 1, 2 Indication of the necessity of a process mapping Argentina, Australia, United Arab Emirates Pages 6, 7, 20 Setting out the importance of a risk based audit approach Australia, United Kingdom, United Arab Emirates, Hungary Pages 6, 7, 21 Highlight in Application ControlsUnited Kingdom, Honduras, Chile, United Arab Emirates, Poland, Netherlands, India, Hungary Pages 11 to 18

16. ImprovementWho did suggest?Where is it? Creation of a specific list of application controls (testing matrix) Chile, United Arab EmiratesPages 27 to 37 (matrix) Mention of the functions, queries and connections that the public debt system should provide Hungary, ChilePages 27 to 37 (matrix) Making references to INTOSAI documentsUnited Kingdom, India, USA, Hungary Pages 7, 9, 18 Indication of the necessity of an IT expert (the table of sophistication level was removed) Argentina, Kwait, ChilePage 6 Modification on the document structureAustralia, United Kingdom, Hungary Entire document Improvement of the text structureAustralia, Canada, Malaysia, Hungary Entire document

17. Matrix Structure REQUIREMENT/ FUNCTIONALITY GENERAL/APPLICATION CONTROL TESTING PROCEDURES TESTING AREAS GENERAL CONTROLS APPLICATION CONTROLS -Organizational controls -Physical Access controls -Logical Access controls -Environmental controls -Program Change controls -Business Continuity Planning and Disaster Recovery -Documentation standards -Input controls -Processing controls -Output controls

18. Pages 2nd version 3rd version 11 1421 167 65 24

19.  The approval of the last version of the ISSAI 5450 – Guidance of Auditing on Public Debt Information System  Becoming a INTOSAI document at the INCOSAI 2016

20. Seoul, Korea - October, 2014