Documente Academic
Documente Profesional
Documente Cultură
with all aspects of resource mobilization and expenditure management in government. It is an essential part of the governance process. Public Finance Management includes the following Resource Mobilization Prioritization of programmes The budgetary process Efficient management of resources and exercising controls
2
Budgeting
Generally,
the public finance management in developing countries is poor as a result of lack of transparency and accountability which result in high level of corruption and wastages of public resources.
Outline
I.
a.
Framework
b.
c.
II.
a. b.
Good Practices
Basic Institutions Core processes
III.
a. b. c.
d. e. f.
Expenditure review
Institutions
Accountability
Source: Adapted from Integrated Financial Management. Michael Parry, International Management Consultants Limited. Training Workshop on Government Budgeting in Developing Countries. THE UNITED NATIONS. December 1997.
Accuracy
record actual transactions and flows
Annuality
cover a defined period of time (e.g. one year budget, multi-year
forecasts)
Authoritativeness
only spend as authorized by law
Transparency
information on spending is public, timely, understandable
10
C a s h M g m n t
D e b t
M g m n t
M u l t iy e Practices a Organizationsr A
I n t e r n a lLaws
u d i t
P l a n
C o m p r E h e n s I v e
R e p o r t i n g
External Audit
11
Core Processes
- Budget Allocations - Supplemental Budgets - Virements - In-year monitoring and correction
Ministry of Finance
- Warrants (cash allocations) - Cash Flow Management (forecasting, planning, sequestration) - debt management - financial asset management - accounting (policy, system management, chart of accounts) - make payments - collect revenues - account management and reconciliation - Central Bank relations
Treasury
Spending Ministry
Spending Unit
- internal control - program management - spending (commitments) - recording & reporting - payment orders - verification of receipt of goods/services - program/cash plans
Financial Management is Everyones Responsibility And Service Delivery is also MoFs Responsibility
12
through spending unit advance planning, efficient administration enable program managers to achieve objective
13
Accounting (policy, chart of accounts, general ledger) and reporting Revenue collection, forecasting Account management (payment, collection, reconciliation) Central Bank relations
14
Contingent liabilities
Government acts as a guarantor of debt
repayment in the event that the borrower cannot make repayment, or of payment under certain conditions
Loan, pension benefit, bank deposit, agricultural
price
Contingent debt must be managed with the same detail as direct debt. As with direct debt these contingent debts must be inventoried and monitored in a central location Active identification, monitoring, management
of risk important
15
Ex Poste
Central internal audit, external audit Regular reporting Quarterly close-outs
Internal
16
General Tensions
Central control Agent accountability for results + + Agent Incentive for offbudget activity
Financial Management authority
18
Commitments
Arrears Contingent liabilities New legislation/mandates Off-budget activity Understanding future impact of current decisions
19
Definitions
What is an FMIS?
Financial management system:
Information system that tracks financial events and
summarizes information supports adequate management reporting, policy decisions, fiduciary responsibilities, and preparation of auditable financial statements Should be designed with good relationships between software, hardware, personnel, procedures, controls and data
20
Definitions
21
Definitions
*from Core Financial System Requirement. JFMIP-SR-02-01. Joint Financial Management Improvement Program. Washington, D.C., November 2001.
22
consistent information Provide adequate management reporting Support government-wide and agency policy decisions Support budget preparation and execution Facilitate financial statement preparation Provide information for central agency budgeting, analysis and government-wide reporting Provide complete audit trail to facilitate audits
*from Core Financial System Requirement. JFMIP-SR-02-01. Joint Financial Management Improvement Program. Washington, D.C., November 2001. 23
26
The financial Regulation is a body of Rules that provide guiding principles, methods and uniformity in the conduct, recording and controlling financial transactions, events and position in government. They are designed to achieve probity and accountability in government. They are made to guide and regulate actions of executives in order to enable them to make decisions that are rational and non personal.
27
Government Vehicles
Store Accounting and Custody Loss of Government Fund
Stock Verification
Public Procurement Contracts Offences and Sanction. Pension Scheme in the Public service. Financial guidelines for the operations of parastatals.
Discuss in class the relevant provisions directly from the 2009 Revised Edition of Finance Regulation.
JK Consulting
34
(i)
(ii) The Accountant-General of the Federation (iii) The Auditor-General for the Federation (vi) The Accounting Officers (i.e. the Permanent Secretary and Head of Extra-Ministerial Departments and Agencies (v) The Treasury Accountants (i.e. the DFAs etc.) (vi) The Treasury Inspectorate Staff
The functions include: formulate fiscal policies of government. Harmonizes fiscal and monetary policies of government. Handles the formulation, preparation, execution and monitoring of budget of government. Issues financial warrant without which the Accountant-General cannot release funds to the ministries and extra-ministerial departments. Receives statutory financial statements of accounts from the Accountant-General of the Federation. Debt management of the country.
36
The Accounting Officers: (Permanent Secretary of the respective ministries and Heads of Extra-ministerial departments) are entrusted with the financial stewardship of safeguarding the public funds. Functions include ensuring that; proper budgetary and accounting systems are established in the ministry or agency. there is proper internal control, accountability and transparency. management tools are put in place to avoid financial waste and fraud. all government revenues are collected and paid to CRF. Monthly and periodical accounting returns and transcripts are rendered to OAGF. prudence, safety and proper maintenance of all government monies and assets under his custody. accurate and prompt collection of, and accounting for, all public monies received and expended. responsibility for answering all audit queries (from Auditor and PAC) pertaining to his/her ministry or office.
38
(4) Treasury Accountants (DFAs, etc): The functions include: Posted from the OAGF (Treasury) to all ministries. They are to enforce compliance with all the provisions of the FR. They are to assist the accounting officer to improve the quality of financial management and control in the public sector. (5) Treasury Inspectorate Staff: They are from the Headquters of the Office the Accountant General of the Federation. They carry out: Inspection of the books and records of accounts of ministries etc. to ensure compliance with FR. Investigation of reported cases of breach of financial regulation and fraud. Recommendation of appropriate disciplinary action against erring officers. (6) Internal Auditors: The functions include: Carry out pre-payment audit of vouchers to ensure they comply with provisions of financial regulations. Enforce financial regulations
39
Sub-Accounting Officers: The officers include: i. The Sub-Treasurer of the Federation ii. The Federal Pay Officers iii. The Police Pay Officer iv. The Army Pay Officer v. The Custom Area Pay Officer vi. The Pension Pay Officer The functions include: Ensures the disbursement of public money Reports to the Accountant-General of the Federation. (9) Revenue Collectors and Imprest Holder: The Revenue Collector: Is an officer, other than a Sub-Accounting Officer entrusted with an official receipt, license or ticket booklet for the regular collection of some particular form of revenue. The Imprest Holder: Is an officer, other than a Sub-Accounting Officer, entrusted with the disbursement of public money for which vouchers cannot be presented immediately to a Sub-Accounting Officer for payment. Keeps a petty cashbook.
(8)
41
42
Introduction
Originally, internal auditing is an attestation to the accuracy of financial matters only;
In modern time, it incorporates services like examination and appraisal of controls, performance, risk and governance to the original role; Modern Internal Auditor is no more a clients enemy, but pursues cooperative, friendly and productive working relationship with clients
All for the purpose of consulting with mgt. and for assisting members of the org. in the effective discharge of their governance responsibilities.
Sources: IIAs Internal Auditing Standard Board (1999)
Internal audit can be divided based on the audit techniques or objective. They are as follows:
System based audit performance Performance audit or operational audit otherwise called value-for-money Financial or accounting audit Compliance audit Internal Audit. Based on audit techniques or objectives
System based audit Performance audit or operational audit (otherwise called valued-for-money audit) Financial or accounting audit Compliance audit
As part of content, internal units are mandatory established in government services. Paragraph 2001 of the FR (financial Regulations) provides the accounting officer of a ministry or extra ministerial department shall ensure that an internal audit is established to provide a complete and continuous audit of the accounts and records of revenue and expenditure, plants, allocated stores and then unallocated stores where applicable. Internal audit units exist in:
-
All self accounting ministries, agencies, offices and Parastatals of government (MDAs). All federal pay offices in the state of the federation. Police Pay Offices. The Army Pay Offices. The legislative arm (the parliament) The judiciary
(c)
Focuses on the accuracy and understanding of historical events as expressed in the financial statement. Is incidentally concerned with prevention and detection of fraud but directly concerned with when the financial statements may be materially attached. Is independent of management and board of directors.
(d)
(e)
Is independent of the activities audited, but ready to respond to all elements of management. Revenue activities continually.
(f)
Internal auditors must have open communication ties with top management to enable them assist and support the management.
Internal auditors must keep the management aware of their concern, duties and discuss any misunderstanding/faulty expectations that management may have as to auditors and duties and responsibility. The relationship with management is interactive and they are the specialist controls.
functions efficiently economically and effectively in the following areas: - Setting and achievement of objectives and results. - Risk analysis and management. - Quality and continuous improvement of operations. - Organizational functions. - Economical use of resources. - Safeguarding of assets. - Compliance with laws, regulations by the supervisory authorities.
Fraud can therefore be described as a false representation or concealment of a material fact to induce someone to part with something or value. There are two types of fraud:(i) Employee fraud fraud against company/office
(ii)
Management fraud.
Internal Audit
A systematic examination of the activities and status of an entity, based primarily on investigation and analysis of its systems, controls and records (CIMA)
Types of audit
Financial audit
Compliance audit
Performance audit Best value audit (VFM audit) Post-completion audit Environmental audit
Transactions audit
Systems-based audit Risk-based audit
Management audit
Internal audit
An independent appraisal function established within an organisation to examine its activities The objective is to assist members of the organisation in the effective discharge of their responsibilities (CIMA)
Systems-based audit
Identify system objectives Identify procedures Identify risk to achievement of objectives Identify ways to manage the risk Decide whether controls are adequate Test to see whether controls are effective Report findings Monitor implementation of recommendations
Audit plan
Terms of reference System definition Risks Scope of work Milestones and resources Reporting and review Audit programme and techniques Staff allocated
Analytic review
Ratio analysis Benchmarking Inspection Corroboration
Surveys/questionnaires
Reconciliation
Internal control
The whole system of internal controls, financial and otherwise, established in order to provide reasonable assurance of:
Effective and efficient operation Internal financial control Compliance with laws and regulations (CIMA)
Control environment
Risk assessment
Control activities
Monitoring Information and communication
COSO
Control environment The control environment can be thought of as managements attitude, actions and awareness of the need for internal controls. If senior management do not care about internal controls and feel that it is not worthwhile introducing internal controls then the control system will be weak. Management can try to summarise their commitment to controls in a number of ways:
Classification of controls
Financial controls
Cash controls
Banking
Payments
Bank accounts
Transfers
Authorisation
Signatories
Cash forecasting
Debtor controls
Invoice recording Collection activity
Receipt recording
Credit notes
Disputed amounts
Credit checking
Verification of balances
Inventory controls
Physical count Storage and security
Valuation
Stock in transit
Periodic review
Valuation
Amortisation
Security
Checking
Depreciation
Obsolescence
Creditors
Authorisation Invoice recording Payment authorisation
Receipt of goods
Invoice checking
Documentation
Loans
Recording Interest
Authorisation
Loan provisions
Cost recording
Authorisation
Payroll controls
Recruitment New employee authorisation Rates of pay Time recording Leave, sickness and absenteeism Termination of employment
No ghosts
Payroll reconciliation Deductions Benefits
What is fraud?
Dishonestly obtaining an advantage, avoiding an obligation or causing a loss to another party, including crimes against:
Customers/clients Employers Employees Financial institutions Government Major organisations
Fraud prevention
Dishonesty:
Pre-employment checks Supervision Discipline Leadership
Opportunity:
Separation of duties Input controls Processing controls Output controls Physical security
Motive:
Employment conditions Dismissals Complaints procedure
Warning signs
Culture Poor internal controls Poor accounting management History of legal violations Strained relationship with auditors Lack of supervision Inadequate recruitment process Redundancies Dissatisfied employees Unusual staff behaviour Personal financial pressures Discrepancy between earnings and lifestyle
Low salaries Unsocial hours Not taking leave Lack of job segregation Lack of asset identification Poor management reporting Alteration of documents Photocopies of documents Missing authorisations Poor physical security Poor IT access controls .etc.!
Fraud identification
Fraud response
Prevention
Anti-fraud culture Risk awareness Whistle blowing Sound internal controls
Identification
Perform regular checks
Whistleblowers
Response (i)
Disciplinary action
Civil litigation
Criminal prosecution
Response (ii)
Allocate responsibility to:
Managers Finance director Personnel Audit committee Internal auditors External auditors Legal advisors Public relations department Police Insurers
Computer fraud
Control and testing of program changes Physical IT security Password controls Output controls
Management fraud
Distortion of results Capitalisation of expenses Under-provision Over-valuation of inventory
are desirable of auditors. They are to guide the ethical conduct of auditors. Principles Auditors are expected to apply & uphold certain fundamental principles. - Integrity: which establishes trust and provides basis for reliance on the their judgment. - Objectivity. - Confidentially. - Competency: must apply knowledge, skills & experience needed.
Rules of Conduct Integrity Auditors: (i) Shall perform their work with honesty and responsibility; (ii) Shall observe the laws, rules and regulations expected of them. (iii) Shall not knowingly be party to any illegal activity. Objectivity Auditors: (i) Shall not participate in any activity or relationship that may impair their unbiased assessment. (ii) Shall not accept anything that may impair or be presumed to impair their professional judgment. (iii) shall disclose all materials, facts known to them that if not disclosed, may distort their reporting of operations under review.
2.
3. Confidentiality Auditors: (i) Shall be prudent in the use of information acquired in the course of their duties. (ii) Shall not use information for any personal gain or detrimental to the interest or welfare of the org. 4. Competency Auditors: (i) Shall engage only in those services for which they have the necessary knowledge, have skills and experience. (ii) Shall continually improve proficiency and effectiveness and quality of their service. (iii) shall perform services in accordance with the standards of PPA (professional practice of auditing).
PERFORMING AN IS AUDIT
What is auditing? Auditing can be defined as a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an economic entity or event for the purpose of forming an opinion about and reporting on the degree to which the assertion conforms to an identified set of standards.
97
Classification of audits
Financial audits
Objective of this type of audit is to establish the
integrity and reliability of entitys financial statements Will generally involve detailed substantive testing of transactions and balances
Operational audits
Designed to evaluate the internal control structure
98
Classification of audits
Integrated audits Combination of both financial and operations audit with the objectives of
Safeguarding the assets of the company Efficiency and compliance of internal/applications controls
Administrative audits This relates to operational efficiency and productivity within the organization
99
Classification of audits
Information systems audits - establishes within the
Specialized Audits commissioned and geared towards evaluating internal controls within and
Classification of audits
Forensic Audit usually establish evidence of irregularities
or fraud for application by law enforcement agencies and the judiciary. It covers areas in Corporate fraud investigation Cyber crimes investigation may cover: Computer hard disks Switches Routers Hubs and other electronic devices
Audit programs for the above listed systems audits, are based on the objective and scope of the particular assignment.
101
Classification of audits
General audit procedures are the basic steps in the
performance of an audit and usually include: Obtaining and recording an understanding of the audit area/subject Risk assessment and general audit plan and schedule Detailed audit planning Preliminary review of audit area/subject Evaluating audit area/subject Compliance testing (often referred to as tests of controls) Substantive testing Reporting (communicating results) Follow up
102
and evaluating IS control and may include the following: The use of generalized audit software to survey the contents of data files (including systems logs) The use of specialized software to assess the contents of operating systems parameter files, (or detect deficiencies in system parameters setting) Flow-charting techniques for documenting automated applications and business process The use of audit reports available in operating systems Documentation review observation
103
Controls Classifications
Corrective Controls minimize the impact of a threat.
Remedy problems discovered by detective controls Identify the cause of a problem Correct errors arising from a problem Modify the processing system (s) to minimize future occurrences of the problem Contingency planning Backup procedures Rerun procedures
104
Audit Phases
Audit phase
Audit Objective
Identify the purpose of the audit. For example , an objective might be to determine that program source code changes occur in a well-defined and controlled environment. Identify the specific systems, function or unit of the organization to be included in the review. For example, in the previous program changes example, the scope statement night limit the review to a single application system or to a limited period of time.
Audit Scope
Pre-audit Planning
Identify technical skills and resources needed. Identify the sources of information for test or review such as functional flowcharts, policies, standards, procedures and prior audit work papers. Identify locations or facilities to be audited.
Identify and select the audit approach to verify and test the controls. Identify a list of individuals to interview. Identify and obtain departmental policies, standards and guidelines for review. Develop audit tools and methodology to test and verify control.
105
Organization specific
Organization specific
Identify follow-up review procedures. Identify procedures to evaluate/test operational efficiency and effectiveness. Identify procedures to test controls. Review and evaluate the soundness of documents, policies and procedures.
106
AUDIT METHODOLOGY
A product of the audit process is an audit program that
becomes a guide for documenting the various audit steps performed and the extent and types of evidential matter review. It provides a trail of the process used to perform the audit as well as accountability of performance.
107
AUDIT METHODOLOGY
Although an audit program does not necessarily follow
a specific set of steps, the IS auditor typically would follow sequential program steps to
gain an understanding of the entity under audit,
108
Audit objectives
An audit objective refers to the specific goals of an audit. An audit may have several audit objectives. They often center on substantiating that internal controls exist to minimize business risks. They include assuring compliance with legal and regulatory requirements as well as the confidentiality, integrity, reliability and availability of information resources.
109
Audit objectives
In planning an IS audit, a key element is to translate basic audit objectives into specific IS audit objectives. One of the basic purposes of any IS audit is to identify control objectives and the related controls that address the objective. An Auditor may alternatively assist in assessing the integrity of financial reporting data which is referred to as substantive testing, through computer assisted audit techniques (CAATs).
110
Compliance VS. Substantive Testing testing is a procedure, by which the IS auditor Compliance
gathers evidence for the purpose of testing an organization's compliance with control procedures. Substantive testing is gathering evidence for evaluating the integrity of individual transactions, data or other information. Compliance test determines if controls are being applied in a manner that complies with management policies and procedures. It can be used to test the existence and effectiveness of a defined process, which may include a trail of documentary and/or automated evidence.
111
112
Use two types of substantive tests to evaluate the validity of the data.
113
Evidence
Evidence is any information used by the IS auditor to determine whether the entity or data being audited follows the established audit criteria or objectives. It is a requirement that the auditors conclusion must be based on sufficient, relevant and competent evidence. It may include the IS auditors observations, notes taken from interviews, material extracted from correspondence and internal documentation, or the results of audit test procedures.
114
Evidence
Determinants for evaluating the reliability of audit
evidence include:
Independence of the provider of the evidence. Qualifications of the individual providing the information/evidence Objectivity of the evidence objective evidence is more reliable
than evidence that requires judgment or interpretation. E.g. a cash count. Timing of the evidence e.g. evidence through EDI, DIP (document image processing), may not be retrievable after a specified period of time if changes to the files are not controlled or the files are not backed up.
feasibility study) Functional requirements and design specifications Test plans and reports Program and operations documents Program change logs and histories
116
117
processing environments. They enable IS auditor in performing audits to gather information independently They provide a means to gain access and analyze data for a predetermined audit objective and to report the audit findings with emphasis on the reliability of the records produced and maintained in the system. The reliability of the source of the information used provides reassurance on findings generated. They include:
Generalized audit software Utility software Test data, etc.
118
CAATs (contd)
Generalized audit software (GAS) refers to standard software that has
the capacity to directly read and access data from various database platforms, flat-file systems and ASCII formats. It supports the following functions:
file Data selection global filtration conditions and selection criteria Statistical functions - sampling, stratification and frequency analysis Arithmetical functions arithmetic operators and functions
File access reading of different record formats and file structures File reorganization indexing, sorting, merging and linking with another
119
CAATs (contd)
Utility software the subset of software, such as database
management systems report generators, that provides evidence to the auditors about system control effectiveness Test data involve the auditors using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives. Audit-expert system will give direction and valuable information to all levels of auditors while carrying out the audit because the query-based system is built on the knowledge base of the senior auditors or managers.
120
The auditor should have a thorough understanding of CAATs and know where and when to apply them.
121
CAATs Summary
CAATs offer the following advantages:
Improved audit efficiency Reduced level of audit risk Greater independence from the auditee Broader and more consistent audit coverage Faster availability of information Greater flexibility of run times Improved exception identification Greater opportunity to quantify internal control weaknesses Enhanced sampling Cost savings over time.
122
CAATs summary
Issues to consider before developing CAATs are:
Ease of use, both for existing audit staff and future staff Training requirements Complexity of coding and maintenance Flexibility of uses Installation requirements Processing efficiencies (esp. With a PC CAAT)
for analysis.
123
Sample reports
Record and file layouts Field definitions
Operating instructions
Description of applicable source documents
124
125
Care, is particularly important to the IS auditor in evaluating audit strengths and weaknesses. The IS auditor should assess the results of the evidence gathered for compliance with the control requirements or objectives established during the planning stage of the audit. Considerable judgment is required as controls are often unclear. In essence, controls should be in place to remove or minimize every perceived risk or threat to the entity being audited.
126
127
areas where controls have been identified as weak. Compensating control situation occurs when one stronger control supports a weaker one. Overlapping controls are two strong controls. E.g. a data center employs a card key system to control physical access and a guard inside the door requires employees to show their card key or badge. Either control might be adequate to restrict access and the two complement each other.
128
one control adequate. The IS auditor should perform a variety of testing procedures and evaluate how these relate to one another. An IS auditor should always review for compensating controls prior to reporting a control weakness.
129