Workshop on Internal Audit – Sarajevo Page 1
Internal Control – Internal Audit – External Audit Workshop on Internal Audit Sarajevo, June 5, 2007
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 2
Agenda * Introduction
* Overview of different control functions * Relations and differences * The Austrian Court of Audit * Internal Audit in the Austrian Federal Ministries
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 3
Control functions: Definitions, relations and differences * Internal Control * Internal Audit * External Audit
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 4
Control functions Control systems
internal
process integrated = Internal Control Helmut Berger
process independent = Internal Audit
external
External Audit June 5, 2007
Workshop on Internal Audit – Sarajevo Page 5
Internal Control *
Process integrated into the ordinary workflow of an organization
*
Effected by an entity’s management and other personnel
*
Designed to address and control risks
*
Providing reasonable assurance
*
Regarding the achievement of objectives in the following categories:
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 6
Internal Control *
Orderly and ethical performance of operations
*
Economy, effectiveness and efficiency of operations
*
Reliability of financial reporting
*
Fulfilling accountability obligations
*
Compliance with applicable laws and regulations
*
Safeguarding resources against loss, misuse and damage
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 7
International Standards und Developments Committee of the Sponsoring Organizations of the Treadway Commission (COSO): • Internal Control Integrated Framework, 1992 • Enterprise Risk Management Integrated Framework, 2004 INTOSAI Guidelines for Internal Control Standards for the Public Sector Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 8
Cornerstones of Internal Control Dimensions of the COSO cube model: Four basic objectives Eight components of Internal Control Organizational sturcture (all levels and functions) Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 9
Cornerstones of Internal Control * Internal Environment: tone and culture of an organization,
influencing the control consciousness of its staff * Objective Setting: definition of clear and measurable objectives * Event Identification: risks due to external and internal factors, at
both the entity and the activity levels * Risk Assessment: estimating the significance and the likelihood
of the risk occurrence * Risk Response: strategies within four types of response
(transfer, tolerance, treatment or termination) Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 10
Cornerstones of Internal Control * Control Activities: policies and procedures established to
address risks and to achieve the entity’s objectives (e.g. authorization and approval procedures, segregation of duties, reviews of operations, supervision) * Information & Communication: reliable and relevant information
to carry out internal control and other responsibilities, documentation of the internal control system * Monitoring: assessment of the quality of the system’s
performance over time Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 11
Internal Audit – External Audit Audit: The concept and establishment of audit is inherent in public financial administration as the management of public funds requires trust; auditing is an independent activity and not integrated in the ordinary workflow Internal - External Audit: *
Internal audit services are established within government
*
External audit services are supreme audit institutions, reporting and accountable to parliament
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 12
Internal Audit – External Audit Internal Audit shows many of the characteristics of External Audit but at the same time also important differences (e.g. different reporting procedures, different access to the public, insider knowledge, short time availability, special relationship of trust with the management). Common audit objectives: * legality/regularity * economy * efficiency and * effectiveness Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 13
Internal Audit *
Basic Concepts: – International Standards for the Professional Practice of Internal Auditing (International Institute of Internal Auditors) – INTOSAI guidelines – PIFC (Public Internal Financial Control Concept of the EU)
* Independent, objective assurance and consulting activity designed to add value and improve an organization’s operations * Entrusted by the management with assessing the entity’s systems and procedures in order to minimize the likelihood of fraud, errors or inefficient and uneconomic practices * Internal Audit must be independent within the organization and report directly to management Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 14
Internal Audit * Consulting activities are based on previous audit experiences * Main task is the examination and contribution to the ongoing effectiveness of the internal control system through evaluations and recommendations * No primary responsibility for designing, implementing, maintaining and documenting the internal control system * No substitute for a strong internal control system * Evaluation and improvement of the effectiveness of risk management and governance processes Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 15
External Audit *
Accountability for the use of public funds is a cornerstone of good financial management.
*
Supreme Audit Institutions (SAIs) are the national bodies for scrutinizing public expenditure and providing an independent opinion on how the government has used public funds
*
INTOSAI: International Organization of Supreme Audit Institutions with more than 180 members
*
The General Secretariat of this worldwide organization is located at the Austrian Court of Audit
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 16
External Audit The Lima Declaration on Auditing Precepts (the “Magna Charta of INTOSAI“) * * * * *
independence relationship to parliament, government and administration powers of SAIs audit methods and staff, international exchange of experience reporting
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 17
Austrian Court of Audit – Constitutional Status The constitution decrees that the Austrian Court of Audit is independent from federal and provincial governments and only subject to the provisions of the law While related to the legislative power the Austrian Court of Audit is also independent from parliament as far as * staffing * planning of audits * scope of audits * reporting is concerned Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 18
Austrian Court of Audit – Competences responsible for the audit of *
the Federal Government,
*
the Provincial Governments
*
local communities (more than 20.000 inhabitants),
*
social security,
*
public enterprises,
*
statutory professional representations,
*
certain (independent)entities and
*
special purpose funds.
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 19
Austrian Court of Audit – Key figures
Budget 2007:
25,9 mill Euro (relation to total government spending: 0,04 %)
Personnel:
320 employees 260 in audit service 5 sections 35 departments
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 20
Austrian Court of Audit – Organization * Headed by a president * The President is elected by the national Parliament following nomination by the standing committee. * The term of office is 12 years and re-election is not possible. * According to the constitution the President has equal position and responsibility as a member of government
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 21
Austrian Court of Audit – Organization Organizational Chart President Section
Section
Section
Section
Section
5 sections Department
Helmut Berger
with 7 departments each
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 22
Austrian Court of Audit – Relations with parliament *
all audit reports are submitted to the respective parliaments (federal or local)
*
the audit reports may be discussed in special audit committees
*
in those committees the President may explain the audit findings
*
the President also has the right of speech in the plenary session
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 23
Austrian Court of Audit – Transparency: *
After submitting the audit reports to the parliaments they are made public
*
Presented on the website of the Austrian Court of Audit
*
Presented in special convened press conferences or in the media
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 24
Internal Auditing in the Austrian Federal Ministries * Twelve Federal Ministries - each with a seperate internal audit unit * One small coordination unit with support tasks only * Internal instrument of self-control for the individual minister * Responsibilities: – audits (ex post control) – accompanying control of procurements and grants – advice – other tasks Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 25
Different positions in the organizational chart A B Minister
IA
Minister
Minister
IA
CAS
C
SG
IA CAS= Central Administrative Section SG = Secretary General IA Helmut Berger
= Internal Audit June 5, 2007
Workshop on Internal Audit – Sarajevo Page 26
Staffing of the internal audit units
* one to nineteen auditors per internal audit unit * one auditor per 1900 employees * one auditor per EUR 500 million budget
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 27
Staffing
18,85
20 18 16
14
14 12
9,06
10
7,5
8
5,4
6 4
3,53
2
3
4
5
4 1
2
0
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 28
Staffing relations 60.000
6
internal auditors per 1000 employees
employees per ministry
50.000
40.000
5
4
3,57 3,18
30.000
3 2,28 1,96
20.000
1,75
1,66
2 1,38
10.000
1
0,54 0,11
0,26
0,12
0
0 BKA
Helmut Berger
internal auditors per 1000 employees
5,41
employees per ministry
BMaA
BMBWK
BMF
BMI
BMJ
BMLV
BMLFUW
BMLS
BMSG
BMVIT
BMWA
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 29
Audit of the Internal Audit Function in the Austrian Government Audit approach *
Supporting and strengthening the internal audit function
*
Audit across all twelve Federal Ministries
*
Audit focus on institutional framework and internal control environment
*
Description of best practice models
Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 30
Methods employed
Studying of relevant documents
Audit reports: General Part Individual Part
Interviews
Questionnaire (sent to each ministry) Helmut Berger
• 3 audit teams • 2 auditors each • 1 - 2 weeks
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 31
Findings and Recommendations Poor legal basis Ö Improve the legal basis Frequently no direct communication with and access to the minister Ö Position internal audit close to the top management Too many different tasks and responsibilities for some internal audit units Ö Define ex post control (auditing, revision) as the main task Insufficient number of internal auditors especially in big ministries Ö Staff internal audit units sufficiently Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 32
Findings and Recommendations Lack of qualification, different levels of job classification for internal auditors Ö Adjust job classification to qualification requirements Strengthening the position of Internal Audit necessary Ö Assign potential savings to audit recommendations Improvement of audit planning required Ö Follow the concept of risk based audit planning Lack of coordination of audit activities Ö Strengthen coordination and harmonization unit Helmut Berger
June 5, 2007
Workshop on Internal Audit – Sarajevo Page 33
Internal Control – Internal Audit – External Audit Workshop on Internal Audit Sarajevo, June 5, 2007
Helmut Berger
June 5, 2007
