WIXLIB

PEMPALPEMPAL TCoPTreasury Internal s to Internal ControlPIFCCOSOBasis for TreasuryInternal Control2Michael Parry Presentation1

PEMPALPublic Internal FinancialControl (PIFC) EU concept– Applicable to member and accession countries– Model of best practice for all countries PIFC aims– “to provide a reasonable assurance that publicfunds are being used for the objectives selectedby the budgetary authority [and] preventingcorruption and fraud” Financial Management (or Internal) Control akey component of PIFC– Based on COSO framework3COSO COSO – Committee of SponsoringOrganisations– 5 US professional accounting and auditingbodies Developed internationally recognisedInternal Control (IC) Framework– Generic for all public and private sector entities– Principle based– Suitable basis for Treasury Internal Control New COSO Internal Control Framework tobe issued in 2013– This presentation based on Exposure Draft fornew COSO framework4Michael Parry Presentation2

PEMPALCOSO definition of internalcontrolInternal control is a process, effected by anentity’s board of directors, managementand other personnel, designed to provide areasonable assurance regarding theachievement of the objectives in thefollowing categories:– Effectiveness and efficiency of operations– Reliability of financial reporting– Compliance with applicable laws andregulations5COSO Internal Control Framework & ternalControlAcAviAes4.InformaAon&CommunicaAons rganisaAonidenAfied acAviAesimplementedinaccordancewithpolicies ointernalcontrol 5.MonitoringInternal el Parry Presentation3

PEMPALApplying COSO to Treasury:The Groups of ObjectivesOpera2onal lec2ons eofmoney Minimizingtransac2oncosts UseofmoneyforpurposeintendedRepor2ng ng rol rdancewithinternaAonalstandardsCompliance CompliantwithnaAonallawsandregulaAons ROLPEMPALKiev2013Michael Parry Presentation84

PEMPAL1. Treasury Internal Control (IC)Environment1.1Integrityðicalvalues Managementcommitment Ethicsincludedwithinstafftraining oversight zaAonUnit AcAonsonidenAfiedissues1.3Organisa2onalstructure Clearlydefinedroles&responsibiliAes JobdescripAons SegregaAonofduAes1.4Commitmenttocompetence 1.5Accountability IdenAfiedresponsibilityleadstoaccountability InternalandexternalaccountabilityforacAons fessionalizaAon92. Treasury Risk Assessment2. Identify andAnalyses Risks QuanAfycost&probability1. Riskobjectives4. Changes IdenAfyTreasuryobjecAves3. Risk of Fraud Internalorexternalchangesthatimpactonrisk IdenAfyandquanAfyrisks10Michael Parry Presentation5

PEMPALCostifriskeventoccursAnalysing ccurring11Balance of risk and costAmount &probability ofpotential lossCost ofreducing riskof potentialloss12Michael Parry Presentation6

PEMPALTreasury Risk Framework Internal Strategic RisksTreasury policyTreasury managementAllocation of resources Operational RisksTheftAccidental lossFraud and corruptionInefficiency and wasteErrors and mistakes Internal Reporting RisksNo or inadequate reportsFailure to identify risks orfailures Failure to identifyopportunitiesExternal Strategic RisksWorld economyInternational directivesGov’t policyCompliance RisksMoney not spent forintended purposeNon-compliance with lawAccounting system/processfailuresExternal Reporting RisksInadequate reporting laws/standards Delayed reports Unreliable or inaccuratereports Unexpectedmajor events133. Treasury IC activities (1)Processcontrols Documentedprocedures Stafftrainedinprocedures ganiza2onalcontrols disciplinaryprocedures3.2Budget xecu2oncontrols itmentmanagement) ntrols Proceduresforcashmanagement anpaymentcontrols Debtmanagementsystemintegratedwithdebtpayments Loan/interestpaymentsmadeonAmeMichael Parry Presentation147

PEMPAL3. Treasury IC activities (2)Paymentprocedures 3.5Payrollcontrols erpayments Approvedlistofsuppliers dtopaymentauthorizaAon Earlyrecordinginvoices/bills(accrualaccounAng) nalevidence Iden2fiedanddocumentedgovernmentbankaccounts ems RegularreconciliaAonwithsupplierrecords153. Treasury IC activities (3)Advancesandprepayments3.8Advancesandprepayments imits3.9Recordsmanagement Documentsfiledandaccessible Electronicauthoriza2on- n PoliciesondocumentretenAon3.10Physicalcontrols Physicalsecurityofcashandassets Securityofcashintransit3.11Revenueand ,e.g.othercashreceiptstaxdemands SegregaAonrevenuedemandsfromreceivingcash Banktransfersand/orautomaAcreceipAngmachines ipts16Michael Parry Presentation8

PEMPAL3. Treasury IC Activities (4) – ITSystemdevelopmentcontrols uirements Rigorousanddocumentedsystemtes2ng Controloveropeningbalances gedandno“backdoors”)3.12Managementand Non- ‐ITmanagerstrainedtomanageITfuncAonssupervision Controlsoverdatainput Systemgeneratedlogsofcontrolissues,excepAons,etc. Regularreviewandfollowupoflogs3.13Processcontrols Systemcontrols,e.g.authorizaAons,parameters ecurity Non- nddata Accesscontrols(passwordorbiometric) Controlstopreventunauthorizedaccessandviruses Physicalsecurityofsystems,networksandhardware17The Big Man ProblemYou are a junior clerk responsiblefor paymentsOne day the Minister approachesyou personally and says “Makethis payment NOW – on myauthority”You know this is an improper payment – but how can you sayno? Your career will be at risk.BUT you can say NO if there is a good internal controlsystem:“Minister I want to help – but the system will not allow me tomake this payment unless proper procedures are followed.” The Minister is controlled by the system The junior clerk is protected by the systemMichael Parry Presentation189

PEMPAL3. Treasury IC activities (5) –Disaster & business continuity3.15 Contingency plans for physical orsystem disasters/failures3.16 Data regularly backed up asmulti generation off site records3.17 Contingency provision for off sitedata processing3.18 All business continuityprocedures regularly tested194. Treasury IC Information &CommunicationReportstosupportinternalcontrol Logs,excepAonreports,reconciliaAons,etc. rnalaudit FollowupacAononreports4.1Internalrepor2ng Managementreportstosupportdecisionmakingandcontrol Reliable,understandable,Amelyandrelevantreports ReportsuAlisedbymanagement4.2Externalrepor2ng ndards entsaddscredibility albulleAns StaAsAcalreportstointernaAonalagencies,e.g.IMFGFS ichael Parry Presentation10

PEMPAL5. Treasury IC MonitoringMonitoringprocess udit Monitoringofneworemergingrisks,e.g.cyberaTacks ndresponses5.1Evalua2onofinternalcontrolissues cAonstoaddressissue Referredtomanagement Decisiononac2ons5.2Correc2veac2ons AcAontaken Followupreviewandevalua2on21Treasury Internal Control:Conclusions1. Internal Control part of good governance––Essential for EU membership as part of PIFCGood practice for all governments2. Treasury internal control––Key component of public sector internal controlCash receipts and payments especiallyvulnerable3. No system of internal control can providecomplete protection–Balance of cost of controls compared to amountand probability of loss22Michael Parry Presentation11

New COSO Internal Control Framework to be issued in 2013 - This presentation based on Exposure Draft for new COSO framework 4 . PEMPAL Michael Parry Presentation 3 COSO definition of internal control Internal control is a process, effected by an