Page 1 Internal Control Internal Audit External Audit Workshop on Internal Audit Sarajevo, June 5, 2007
Page 2 Agenda * Introduction * Overview of different control functions * Relations and differences * The Austrian Court of Audit * Internal Audit in the Austrian Federal Ministries
Page 3 Control functions: Definitions, relations and differences * Internal Control * Internal Audit * External Audit
Page 4 Control functions Control systems internal external process integrated = Internal Control process independent = Internal Audit External Audit
Page 5 Internal Control * Process integrated into the ordinary workflow of an organization * Effected by an entity s management and other personnel * Designed to address and control risks * Providing reasonable assurance * Regarding the achievement of objectives in the following categories:
Page 6 Internal Control * Orderly and ethical performance of operations * Economy, effectiveness and efficiency of operations * Reliability of financial reporting * Fulfilling accountability obligations * Compliance with applicable laws and regulations * Safeguarding resources against loss, misuse and damage
Page 7 International Standards und Developments Committee of the Sponsoring Organizations of the Treadway Commission (COSO): Internal Control - Integrated Framework, 1992 Enterprise Risk Management - Integrated Framework, 2004 INTOSAI Guidelines for Internal Control Standards for the Public Sector
Cornerstones of Internal Control Page 8 Dimensions of the COSO cube model: Four basic objectives Eight components of Internal Control Organizational sturcture (all levels and functions)
Cornerstones of Internal Control * Internal Environment: tone and culture of an organization, influencing the control consciousness of its staff Page 9 * Objective Setting: definition of clear and measurable objectives * Event Identification: risks due to external and internal factors, at both the entity and the activity levels * Risk Assessment: estimating the significance and the likelihood of the risk occurrence * Risk Response: strategies within four types of response (transfer, tolerance, treatment or termination)
Cornerstones of Internal Control Page 10 * Control Activities: policies and procedures established to address risks and to achieve the entity s objectives (e.g. authorization and approval procedures, segregation of duties, reviews of operations, supervision) * Information & Communication: reliable and relevant information to carry out internal control and other responsibilities, documentation of the internal control system * Monitoring: assessment of the quality of the system s performance over time
Internal Audit External Audit Page 11 Audit: The concept and establishment of audit is inherent in public financial administration as the management of public funds requires trust; auditing is an independent activity and not integrated in the ordinary workflow Internal - External Audit: * Internal audit services are established within government * External audit services are supreme audit institutions, reporting and accountable to parliament
Page 12 Internal Audit External Audit Internal Audit shows many of the characteristics of External Audit but at the same time also important differences (e.g. different reporting procedures, different access to the public, insider knowledge, short time availability, special relationship of trust with the management). Common audit objectives: * legality/regularity * economy * efficiency and * effectiveness
Internal Audit Page 13 * Basic Concepts: International Standards for the Professional Practice of Internal Auditing (International Institute of Internal Auditors) INTOSAI guidelines PIFC (Public Internal Financial Control Concept of the EU) * Independent, objective assurance and consulting activity designed to add value and improve an organization s operations * Entrusted by the management with assessing the entity s systems and procedures in order to minimize the likelihood of fraud, errors or inefficient and uneconomic practices * Internal Audit must be independent within the organization and report directly to management
Internal Audit Page 14 * Consulting activities are based on previous audit experiences * Main task is the examination and contribution to the ongoing effectiveness of the internal control system through evaluations and recommendations * No primary responsibility for designing, implementing, maintaining and documenting the internal control system * No substitute for a strong internal control system * Evaluation and improvement of the effectiveness of risk management and governance processes
External Audit * Accountability for the use of public funds is a cornerstone of good financial management. * Supreme Audit Institutions (SAIs) are the national bodies for scrutinizing public expenditure and providing an independent opinion on how the government has used public funds * INTOSAI: International Organization of Supreme Audit Institutions with more than 180 members * The General Secretariat of this worldwide organization is located at the Austrian Court of Audit Page 15
Page 16 External Audit The Lima Declaration on Auditing Precepts (the Magna Charta of INTOSAI ) * independence * relationship to parliament, government and administration * powers of SAIs * audit methods and staff, international exchange of experience * reporting
Austrian Court of Audit Constitutional Status Page 17 The constitution decrees that the Austrian Court of Audit is independent from federal and provincial governments and only subject to the provisions of the law While related to the legislative power the Austrian Court of Audit is also independent from parliament as far as * staffing * planning of audits * scope of audits * reporting is concerned
Austrian Court of Audit Competences Page 18 responsible for the audit of * the Federal Government, * the Provincial Governments * local communities (more than 20.000 inhabitants), * social security, * public enterprises, * statutory professional representations, * certain (independent)entities and * special purpose funds.
Page 19 Austrian Court of Audit Key figures Budget 2007: Personnel: 25,9 mill Euro (relation to total government spending: 0,04 %) 320 employees 260 in audit service 5 sections 35 departments
Page 20 Austrian Court of Audit Organization * Headed by a president * The President is elected by the national Parliament following nomination by the standing committee. * The term of office is 12 years and re-election is not possible. * According to the constitution the President has equal position and responsibility as a member of government
Austrian Court of Audit Organization Page 21 Organizational Chart President Section Section Section Section Section 5 sections Department with 7 departments each
Austrian Court of Audit Relations with parliament Page 22 * all audit reports are submitted to the respective parliaments (federal or local) * the audit reports may be discussed in special audit committees * in those committees the President may explain the audit findings * the President also has the right of speech in the plenary session
Page 23 Austrian Court of Audit Transparency: * After submitting the audit reports to the parliaments they are made public * Presented on the website of the Austrian Court of Audit * Presented in special convened press conferences or in the media
Internal Auditing in the Austrian Federal Ministries Page 24 * Twelve Federal Ministries - each with a seperate internal audit unit * One small coordination unit with support tasks only * Internal instrument of self-control for the individual minister * Responsibilities: audits (ex post control) accompanying control of procurements and grants advice other tasks
Different positions in the organizational chart A B C Page 25 Minister IA Minister Minister CAS IA SG IA CAS= Central Administrative Section SG = Secretary General IA = Internal Audit
Page 26 Staffing of the internal audit units * one to nineteen auditors per internal audit unit * one auditor per 1900 employees * one auditor per EUR 500 million budget
Staffing Page 27 20 18 18,85 16 14 14 12 10 8 6 4 2 3,53 3 5,4 4 4 9,06 1 7,5 2 5 0
Staffing relations Page 28 60.000 employees per ministry 5,41 6 employees per ministry 50.000 40.000 30.000 20.000 10.000 3,57 internal auditors per 1000 employees 1,96 1,66 0,54 0,26 0,11 0,12 2,28 3,18 1,75 1,38 5 4 3 2 1 internal auditors per 1000 employees 0 BKA BMaA BMBWK BMF BMI BMJ BMLV BMLFUW BMLS BMSG BMVIT BMWA 0
Audit of the Internal Audit Function in the Austrian Government Page 29 Audit approach * Supporting and strengthening the internal audit function * Audit across all twelve Federal Ministries * Audit focus on institutional framework and internal control environment * Description of best practice models
Methods employed Page 30 Questionnaire (sent to each ministry) 3 audit teams 2 auditors each 1-2 weeks Interviews Studying of relevant documents Audit reports: General Part Individual Part
Findings and Recommendations Poor legal basis Improve the legal basis Page 31 Frequently no direct communication with and access to the minister Position internal audit close to the top management Too many different tasks and responsibilities for some internal audit units Define ex post control (auditing, revision) as the main task Insufficient number of internal auditors especially in big ministries Staff internal audit units sufficiently
Page 32 Findings and Recommendations Lack of qualification, different levels of job classification for internal auditors Adjust job classification to qualification requirements Strengthening the position of Internal Audit necessary Assign potential savings to audit recommendations Improvement of audit planning required Follow the concept of risk based audit planning Lack of coordination of audit activities Strengthen coordination and harmonization unit
Page 33 Internal Control Internal Audit External Audit Workshop on Internal Audit Sarajevo, June 5, 2007