SlideShare a Scribd company logo

Risk Management and Internal Control in the Public Sector

International Federation of Accountants
International Federation of Accountants

Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, at the Municipal Control: A Different Contribution to Governance, in Santiago,Chile, January 2015.

Business
1 of 45
Page 1 | Confidential and Proprietary Information Risk Management and Internal Control in the Public Sector Vincent Tophoff, International Federation of Accountants (IFAC) Contraloría General de la República (CGR) Seminario Unidades de Control Interno: Gestión de Riesgos y Control Interno en el Sector Público Santiago, Chile, January, 2015
Page 2 | Confidential and Proprietary Information International Federation of Accountants • Global organization of the accountancy profession • Supports professional accountants in following areas: – Governance and ethics – Risk management and internal control (RM/IC) – Sustainability and corporate responsibility – Financial and performance management – Business reporting – Promoting and contributing to the value of professional accountants • All areas of critical importance to professional accountants (and for CGRs & public sector entities too…)
Page 3 | Confidential and Proprietary Information Relation of Public Sector Governance, Risk Management & Internal Control • How do you think that governance, risk management & internal control are related to each other?
Page 4 | Confidential and Proprietary Information Relation of Public Sector Governance, RM & IC
Page 5 | Confidential and Proprietary Information Today’s Agenda  The Pitfalls – Setting the Scene  Current Thinking  COSO /ISO 31000 Standards  Risk Management & Internal Control Maturity  CGR “Call to Action”  Q&A
Page 6 | Confidential and Proprietary Information The Pitfalls – Setting the Scene
Page 7 | Confidential and Proprietary Information Serious Risk Management & Internal Control Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that entities need to take risk in pursuit of their objectives • Risk management & internal control that is overly focused on external financial reporting • Regarding risk management & internal control as a separate function or process • Viewing risk management & internal control as predominantly important for operations
Page 8 | Confidential and Proprietary Information Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the entity Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
Page 9 | Confidential and Proprietary Information Global Crisis Global Crisis, according to IFAC research, was caused by:  Ethical flaws  Governance, risk management in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk & control systems too narrowly focused on only financial reporting controls Conclusions from the crisis:  Entities should take a broader approach in risk management & internal control  Appropriate application of risk management & internal control standards and principles is often the problem
Page 10 | Confidential and Proprietary Information Current Thinking
Page 11 | Confidential and Proprietary Information Current Thinking About Risk The safest place for a ship… … is to stay in the harbor But that’s not what ships were made for…
Page 12 | Confidential and Proprietary Information … Instead, ships were made to transport people & goods to other destinations… … And that involves risk… So, what is risk? • Risk is nowadays defined as “the effect of uncertainty on (setting and achieving) the entity’s objectives” (ISO 31000) • No Objectives = No Risk. Therefore, risk should always be assessed in light of (setting and achieving) the entity’s objectives! Current Thinking About Risk
Page 13 | Confidential and Proprietary Information Current Thinking About Risk Management Q: “How does your entity address uncertainty in achieving its strategic objectives?” A: “Through our strategic management system;” – Line management engaged in plan-do-check-act cycle – Focused on achieving the entity’s objectives Q: “How does your entity address risk?” A: “Through our risk management system;” – (separate) risk and control system, staff functionaries, risk register – Focused on mitigating risk
Page 14 | Confidential and Proprietary Information What does this example tell us? • That we, risk management professionals, have made great progress in the area of risk management & internal control… • …But that we, in the process, lost the other people in our entity! Risk Management Rest of the entity Current Thinking About Risk Management
Page 15 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management
Page 16 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players 2. Captain 3. Coach 4. Referee 5. FIFA
Page 17 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players (Operational Staff) 2. Captain (Supervisor /Line Manager) 3. Coach (Risk Manager) 4. Referee (Internal Auditor) 5. FIFA (SAI / External Auditor) Line Support
Page 18 | Confidential and Proprietary Information Current Thinking About the Risk Manager Biggest risk facing an entity: Disconnect between those responsible for achieving strategic objectives vs. those responsible for managing risk Solution: Making those responsible for achieving strategic objectives also responsible for managing related risks! Key objective for risk manager is to ensure that risk management is fully integrated in line management!
Page 19 | Confidential and Proprietary Information Current Thinking About Internal Control Hindering the entity Enabling the entity Good internal control = The Invisible Hand From To
Page 20 | Confidential and Proprietary Information COSO Frameworks (also adopted by INTOSAI)
Page 21 | Confidential and Proprietary Information 2013 COSO Internal Control Cube
Page 22 | Confidential and Proprietary Information 2004 COSO ERM Cube Will be revised soon!
Page 23 | Confidential and Proprietary Information COSO IC vs. COSO ERM
Page 24 | Confidential and Proprietary Information ISO 31000 Risk Management Standard
Page 25 | Confidential and Proprietary Information ISO 31000 Principles, Framework & Process
Page 26 | Confidential and Proprietary Information ISO 31000 Risk Management Principles • Creates Value • Integral Part of Organizational Processes • Part of Decision-Making • Explicitly Addresses Uncertainty • Systematic, Structured & Timely • Based on “Best Available Information” • Tailored • Considers Human & Cultural Factors • Transparent & Inclusive • Dynamic, Iterative & Responsive to Change • Facilitates Continuous Improvement
Page 27 | Confidential and Proprietary Information ISO 31000 Risk Management Framework
Page 28 | Confidential and Proprietary Information ISO 31000 Risk Management Process To be applied in every decision making process and subsequent execution!
Page 29 | Confidential and Proprietary Information COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
Page 30 | Confidential and Proprietary Information Risk Management & Internal Control Maturity
Page 31 | Confidential and Proprietary Information RM/IC Maturity Levels
Page 32 | Confidential and Proprietary Information • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve its objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of a Public Sector Entity
Page 33 | Confidential and Proprietary Information Argument for Integrating Risk Management & IC • So, risk management & internal control are not objectives in themselves, but means to an end… … Making sound (SWOT) decisions and execute subsequent actions to achieve the entity’s objectives without surprises! … Risk management & internal control should therefore be fully integrated into a public sector entity's overall system of management, including governance, strategy development and planning, operations, reporting, and accountability
Page 34 | Confidential and Proprietary Information Risk Is Inherent to Setting Your Objectives
Page 35 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 1
Page 36 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 2 Strategic, tactical, and operational planning & control cycles A P D C
Page 37 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 3
Page 38 | Confidential and Proprietary Information RM/IC Integral to Achieving Your Objectives
Page 39 | Confidential and Proprietary Information • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
Page 40 | Confidential and Proprietary Information CGR “Call to Action”
Page 41 | Confidential and Proprietary Information CGR “Call to Action” CGRs play important roles in implementing good risk management & internal control in public sector entities: • Build subject-matter-expertise regarding RM/IC (incl. INTOSAI standards & guidance, COSO Frameworks, ISO 31000) • Educate the governing bodies, audit committees, management teams & staff of the relevant public sector entities • Champion the importance of good RM/IC: fully integrated in the entity’s overall system of management • Support public sector entities through the provision of high-quality assurance, advice & insight
Page 42 | Confidential and Proprietary Information CGR’s Role - #1 Champion importance of good risk management: • CGRs communicate with public sector entity’s leadership • Attitude and actions of CGR sets tone for good risk management in public sector entities • Promote integrating risk management into line management of a public sector entity! • Most important element: making RM/IC part of every decision making process and subsequent execution in the entity!
Page 43 | Confidential and Proprietary Information CGR’s Role - #2 Support line management by providing high- quality assurance, advice & insight: • Decisions should only be taken with explicit understanding of related risks and their potential consequences for achieving an entity’s objectives • Therefore, decision makers require relevant and reliable information for their decision making and control processes
Page 44 | Confidential and Proprietary Information Key Take Aways • There are many flaws in current risk management and internal control practice • Achieving the entity’s objectives is the overall goal; risk is inherent part of that • Risk management should, therefore, be fully integrated in the entity’s system of management • CGRs support RM/IC in various ways in the public sector entities they oversee • IFAC supports professional accountants / CGRs • However, no matter the guidance provided…
Page 45 | Confidential and Proprietary Information There will always be some … … who do it their own way!

Recommended

Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceAnand Subramaniam
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceAliza Racelis
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlInternational Federation of Accountants
 
Public Sector Enterprise Risk Management
Public Sector Enterprise Risk ManagementPublic Sector Enterprise Risk Management
Public Sector Enterprise Risk ManagementDr David Hancock
 
Risk culture presentation
Risk culture presentationRisk culture presentation
Risk culture presentationBenjamin Kpodo
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 

Recommended

Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceAnand Subramaniam
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceAliza Racelis
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlGovernance, Risk Management, and Internal Control
Governance, Risk Management, and Internal ControlInternational Federation of Accountants
 
Public Sector Enterprise Risk Management
Public Sector Enterprise Risk ManagementPublic Sector Enterprise Risk Management
Public Sector Enterprise Risk ManagementDr David Hancock
 
Risk culture presentation
Risk culture presentationRisk culture presentation
Risk culture presentationBenjamin Kpodo
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
ESG-ROADMAP
ESG-ROADMAPESG-ROADMAP
ESG-ROADMAPGinio Franker
 
Governance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorGovernance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorInternational Federation of Accountants
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
Organizational Risk Management
Organizational Risk Management Organizational Risk Management
Organizational Risk Management Abdullah Ahmed, PMP, RMP
 
The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.JacobReynolds24
 
Functional and dysfunctional conflicts
Functional and dysfunctional conflictsFunctional and dysfunctional conflicts
Functional and dysfunctional conflictsEbi Pearlin
 
organisational development ppt
organisational development pptorganisational development ppt
organisational development pptkohlisudeep18
 
Corporate governance
Corporate governanceCorporate governance
Corporate governanceUjjwal 'Shanu'
 
Corporate governance
Corporate governanceCorporate governance
Corporate governanceIqra Afsar
 
Crisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation SlidesCrisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation SlidesSlideTeam
 
Organization culture
Organization cultureOrganization culture
Organization cultureStudsPlanet.com
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate GovernanceMaroof Hussain Sabri
 
Risk management
Risk management Risk management
Risk management mamta bhaurya
 
international business management
international business managementinternational business management
international business managementFaizan Rasool
 
CSR in Global Context and in International Business
CSR in Global Context and in International BusinessCSR in Global Context and in International Business
CSR in Global Context and in International BusinessNiña Mae Alota
 
Change Management PPT Slides
Change Management PPT SlidesChange Management PPT Slides
Change Management PPT SlidesYodhia Antariksa
 
Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility MEKUANINT ABERA
 
Good Governance in the Public Sector
Good Governance in the Public SectorGood Governance in the Public Sector
Good Governance in the Public SectorInternational Federation of Accountants
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 

More Related Content

What's hot

Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.JacobReynolds24
 
Functional and dysfunctional conflicts
Functional and dysfunctional conflictsFunctional and dysfunctional conflicts
Functional and dysfunctional conflictsEbi Pearlin
 
organisational development ppt
organisational development pptorganisational development ppt
organisational development pptkohlisudeep18
 
Corporate governance
Corporate governanceCorporate governance
Corporate governanceIqra Afsar
 
Crisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation SlidesCrisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation SlidesSlideTeam
 
international business management
international business managementinternational business management
international business managementFaizan Rasool
 
CSR in Global Context and in International Business
CSR in Global Context and in International BusinessCSR in Global Context and in International Business
CSR in Global Context and in International BusinessNiña Mae Alota
 
Change Management PPT Slides
Change Management PPT SlidesChange Management PPT Slides
Change Management PPT SlidesYodhia Antariksa
 
Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility MEKUANINT ABERA
 

What's hot (20)

Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Risk identification
Risk identificationRisk identification
Risk identification
 
ESG-ROADMAP
ESG-ROADMAPESG-ROADMAP
ESG-ROADMAP
 
Governance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public SectorGovernance, Risk Management, and Internal Control in the Public Sector
Governance, Risk Management, and Internal Control in the Public Sector
 
Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management Framework
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdf
 
Organizational Risk Management
Organizational Risk Management Organizational Risk Management
Organizational Risk Management
 
The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.The Rise, Impact, and Challenges of ESG Factor Based Investing.
The Rise, Impact, and Challenges of ESG Factor Based Investing.
 
Functional and dysfunctional conflicts
Functional and dysfunctional conflictsFunctional and dysfunctional conflicts
Functional and dysfunctional conflicts
 
organisational development ppt
organisational development pptorganisational development ppt
organisational development ppt
 
Corporate governance
Corporate governanceCorporate governance
Corporate governance
 
Corporate governance
Corporate governanceCorporate governance
Corporate governance
 
Crisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation SlidesCrisis Management Powerpoint Presentation Slides
Crisis Management Powerpoint Presentation Slides
 
Organization culture
Organization cultureOrganization culture
Organization culture
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate Governance
 
Risk management
Risk management Risk management
Risk management
 
international business management
international business managementinternational business management
international business management
 
CSR in Global Context and in International Business
CSR in Global Context and in International BusinessCSR in Global Context and in International Business
CSR in Global Context and in International Business
 
Change Management PPT Slides
Change Management PPT SlidesChange Management PPT Slides
Change Management PPT Slides
 
Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility Business Ethics and Corporate Social Responsibility
Business Ethics and Corporate Social Responsibility
 

Viewers also liked

Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Implementation guidelines: ACE School Management and Leadership (PDF)
Implementation guidelines: ACE School Management and Leadership (PDF)Implementation guidelines: ACE School Management and Leadership (PDF)
Implementation guidelines: ACE School Management and Leadership (PDF)Saide OER Africa
 
Internal control services
Internal control servicesInternal control services
Internal control servicessandesh mundra
 
Best practice finance diagnostic review long
Best practice finance diagnostic review longBest practice finance diagnostic review long
Best practice finance diagnostic review longconradfsr
 
Construction business training
Construction business trainingConstruction business training
Construction business trainingveritama
 
Course Outline for Advanced Certificate: Education School Management And Lead...
Course Outline for Advanced Certificate: Education School Management And Lead...Course Outline for Advanced Certificate: Education School Management And Lead...
Course Outline for Advanced Certificate: Education School Management And Lead...Saide OER Africa
 
Deloitte CFO and finance discussion document
Deloitte CFO and finance discussion documentDeloitte CFO and finance discussion document
Deloitte CFO and finance discussion documentMarc Joiner
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Principles, Steps of programme planning, evaluation and monitoring of program...
Principles, Steps of programme planning, evaluation and monitoring of program...Principles, Steps of programme planning, evaluation and monitoring of program...
Principles, Steps of programme planning, evaluation and monitoring of program...GBPUA&T, Pantnagar
 
Corporate Performance Measurement In Strategic Planning
Corporate Performance Measurement In Strategic PlanningCorporate Performance Measurement In Strategic Planning
Corporate Performance Measurement In Strategic PlanningKenny Ong
 
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...virgilio gundayao
 
Menaxhimi i riskut ne Sigurime
Menaxhimi i riskut ne SigurimeMenaxhimi i riskut ne Sigurime
Menaxhimi i riskut ne SigurimeAgron Berisha
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Menaxhimi i riskut dhe i sigurimeve
Menaxhimi i riskut dhe i sigurimeveMenaxhimi i riskut dhe i sigurimeve
Menaxhimi i riskut dhe i sigurimeveBlueWesT
 
Public Policy & Program Administration
Public Policy & Program AdministrationPublic Policy & Program Administration
Public Policy & Program AdministrationJo Balucanag - Bitonio
 
Hyrja ne Menaxhimin e riskut
Hyrja ne Menaxhimin e riskut Hyrja ne Menaxhimin e riskut
Hyrja ne Menaxhimin e riskut Denis Panxha
 

Viewers also liked (20)

Good Governance in the Public Sector
Good Governance in the Public SectorGood Governance in the Public Sector
Good Governance in the Public Sector
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Implementation guidelines: ACE School Management and Leadership (PDF)
Implementation guidelines: ACE School Management and Leadership (PDF)Implementation guidelines: ACE School Management and Leadership (PDF)
Implementation guidelines: ACE School Management and Leadership (PDF)
 
Internal control services
Internal control servicesInternal control services
Internal control services
 
Best practice finance diagnostic review long
Best practice finance diagnostic review longBest practice finance diagnostic review long
Best practice finance diagnostic review long
 
(CAPACITY PLANNIG)
(CAPACITY PLANNIG)(CAPACITY PLANNIG)
(CAPACITY PLANNIG)
 
Construction business training
Construction business trainingConstruction business training
Construction business training
 
Course Outline for Advanced Certificate: Education School Management And Lead...
Course Outline for Advanced Certificate: Education School Management And Lead...Course Outline for Advanced Certificate: Education School Management And Lead...
Course Outline for Advanced Certificate: Education School Management And Lead...
 
Deloitte CFO and finance discussion document
Deloitte CFO and finance discussion documentDeloitte CFO and finance discussion document
Deloitte CFO and finance discussion document
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Good Governance in the Public Sector Presentation
Good Governance in the Public Sector PresentationGood Governance in the Public Sector Presentation
Good Governance in the Public Sector Presentation
 
Principles, Steps of programme planning, evaluation and monitoring of program...
Principles, Steps of programme planning, evaluation and monitoring of program...Principles, Steps of programme planning, evaluation and monitoring of program...
Principles, Steps of programme planning, evaluation and monitoring of program...
 
Corporate Performance Measurement In Strategic Planning
Corporate Performance Measurement In Strategic PlanningCorporate Performance Measurement In Strategic Planning
Corporate Performance Measurement In Strategic Planning
 
Excellence In Execution
Excellence In ExecutionExcellence In Execution
Excellence In Execution
 
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...
Strategic Planning, Implementation, Monitoring and Evaluation (SPIME) for Edu...
 
Menaxhimi i riskut ne Sigurime
Menaxhimi i riskut ne SigurimeMenaxhimi i riskut ne Sigurime
Menaxhimi i riskut ne Sigurime
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Menaxhimi i riskut dhe i sigurimeve
Menaxhimi i riskut dhe i sigurimeveMenaxhimi i riskut dhe i sigurimeve
Menaxhimi i riskut dhe i sigurimeve
 
Public Policy & Program Administration
Public Policy & Program AdministrationPublic Policy & Program Administration
Public Policy & Program Administration
 
Hyrja ne Menaxhimin e riskut
Hyrja ne Menaxhimin e riskut Hyrja ne Menaxhimin e riskut
Hyrja ne Menaxhimin e riskut
 

Similar to Risk Management and Internal Control in the Public Sector

Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurancewisnu wardhana, i nyoman
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementCMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementInternational Federation of Accountants
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
Doron Rozenblum - Effective Cimmunication In Internal Audit
Doron Rozenblum - Effective Cimmunication In Internal AuditDoron Rozenblum - Effective Cimmunication In Internal Audit
Doron Rozenblum - Effective Cimmunication In Internal Auditalmatotals
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...International Federation of Accountants
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core ConsultingCORE Consulting
 
Treasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersTreasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersFIS
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best PracticeDigicomp Academy AG
 
Farid Aractingi - The changing face of the Internal Audit in Europe
Farid Aractingi - The changing face of the Internal Audit in EuropeFarid Aractingi - The changing face of the Internal Audit in Europe
Farid Aractingi - The changing face of the Internal Audit in Europealmatotals
 

Similar to Risk Management and Internal Control in the Public Sector (20)

Gestión de Riesgos y Control Interno en el Sector Público
Gestión de Riesgos y Control Interno en el Sector PúblicoGestión de Riesgos y Control Interno en el Sector Público
Gestión de Riesgos y Control Interno en el Sector Público
 
#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent Tophoff#corpriskforum2016 - Vincent Tophoff
#corpriskforum2016 - Vincent Tophoff
 
Pursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management GuidelinesPursuing Global Alignment of Risk Management Guidelines
Pursuing Global Alignment of Risk Management Guidelines
 
Erm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assuranceErm overview of auditing fraud and revenue assurance
Erm overview of auditing fraud and revenue assurance
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk ManagementCMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
CMA as a Game Changer in Supporting Sustainable Strategies: Risk Management
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]
 
Doron Rozenblum - Effective Cimmunication In Internal Audit
Doron Rozenblum - Effective Cimmunication In Internal AuditDoron Rozenblum - Effective Cimmunication In Internal Audit
Doron Rozenblum - Effective Cimmunication In Internal Audit
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
Emerging Trends in the Public Sector: Governance, Risk Management & Internal ...
 
Angela Witzany
Angela WitzanyAngela Witzany
Angela Witzany
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core Consulting
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Treasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for TreasurersTreasury Risk Management and Regulations: Tough Questions for Treasurers
Treasury Risk Management and Regulations: Tough Questions for Treasurers
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3
 
IT-Risk-Management Best Practice
IT-Risk-Management Best PracticeIT-Risk-Management Best Practice
IT-Risk-Management Best Practice
 
Farid Aractingi - The changing face of the Internal Audit in Europe
Farid Aractingi - The changing face of the Internal Audit in EuropeFarid Aractingi - The changing face of the Internal Audit in Europe
Farid Aractingi - The changing face of the Internal Audit in Europe
 

More from International Federation of Accountants

Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...International Federation of Accountants
 
Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...International Federation of Accountants
 

More from International Federation of Accountants (20)

Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024Closing Remarks International Women's Day 2024
Closing Remarks International Women's Day 2024
 
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDEIFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
IFAC Principios revisados de Gobierno Corporativo del G20 y de la OCDE
 
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
IFAC Presentación IGEP sobre OCDE-G20, Febrero 2024
 
Preparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance EngagementsPreparing for High Quality Sustainability assurance Engagements
Preparing for High Quality Sustainability assurance Engagements
 
Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...Otros pronunciamientos: Información financiera según la base contable de efec...
Otros pronunciamientos: Información financiera según la base contable de efec...
 
Otros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas RecomendadasOtros pronunciamientos: Guías de Prácticas Recomendadas
Otros pronunciamientos: Guías de Prácticas Recomendadas
 
Otros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptualOtros pronunciamientos: Marco conceptual
Otros pronunciamientos: Marco conceptual
 
Adopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengoAdopción por primera vez de las NICSP de base de devengo
Adopción por primera vez de las NICSP de base de devengo
 
Moneda Extranjera
Moneda ExtranjeraMoneda Extranjera
Moneda Extranjera
 
Presentación de la información presupuestaria
Presentación de la información presupuestariaPresentación de la información presupuestaria
Presentación de la información presupuestaria
 
Revelaciones de partes relacionadas
Revelaciones de partes relacionadasRevelaciones de partes relacionadas
Revelaciones de partes relacionadas
 
Estado de Flujos de Efectivo
Estado de Flujos de EfectivoEstado de Flujos de Efectivo
Estado de Flujos de Efectivo
 
Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...Presentación de los Estados Financieros Estados de situación financiera, rend...
Presentación de los Estados Financieros Estados de situación financiera, rend...
 
Combinaciones del sector público
Combinaciones del sector públicoCombinaciones del sector público
Combinaciones del sector público
 
Consolidación
ConsolidaciónConsolidación
Consolidación
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – RevelacionesInstrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivadosInstrumentos financieros – Cobertura y derivados
Instrumentos financieros – Cobertura y derivados
 
Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos Instrumentos financieros – Conceptos básicos
Instrumentos financieros – Conceptos básicos
 
Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones Instrumentos financieros – Revelaciones
Instrumentos financieros – Revelaciones
 
Instrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivadosInstrumentos financieros – Coberturas y derivados
Instrumentos financieros – Coberturas y derivados
 

Recently uploaded

NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 

Recently uploaded (20)

NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 

Risk Management and Internal Control in the Public Sector

  • 1. Page 1 | Confidential and Proprietary Information Risk Management and Internal Control in the Public Sector Vincent Tophoff, International Federation of Accountants (IFAC) Contraloría General de la República (CGR) Seminario Unidades de Control Interno: Gestión de Riesgos y Control Interno en el Sector Público Santiago, Chile, January, 2015
  • 2. Page 2 | Confidential and Proprietary Information International Federation of Accountants • Global organization of the accountancy profession • Supports professional accountants in following areas: – Governance and ethics – Risk management and internal control (RM/IC) – Sustainability and corporate responsibility – Financial and performance management – Business reporting – Promoting and contributing to the value of professional accountants • All areas of critical importance to professional accountants (and for CGRs & public sector entities too…)
  • 3. Page 3 | Confidential and Proprietary Information Relation of Public Sector Governance, Risk Management & Internal Control • How do you think that governance, risk management & internal control are related to each other?
  • 4. Page 4 | Confidential and Proprietary Information Relation of Public Sector Governance, RM & IC
  • 5. Page 5 | Confidential and Proprietary Information Today’s Agenda  The Pitfalls – Setting the Scene  Current Thinking  COSO /ISO 31000 Standards  Risk Management & Internal Control Maturity  CGR “Call to Action”  Q&A
  • 6. Page 6 | Confidential and Proprietary Information The Pitfalls – Setting the Scene
  • 7. Page 7 | Confidential and Proprietary Information Serious Risk Management & Internal Control Flaws • Having a compliance-only mentality • Treating risk as only negative and overlooking idea that entities need to take risk in pursuit of their objectives • Risk management & internal control that is overly focused on external financial reporting • Regarding risk management & internal control as a separate function or process • Viewing risk management & internal control as predominantly important for operations
  • 8. Page 8 | Confidential and Proprietary Information Bad vs. Good RM/IC Practices RM/IC as objective in itself vs. RM/IC to help achieve objectives Auditor / staff driven vs. Driven from top down Rules-based vs. Performance & principles-based Off-the-shelf systems vs. Tailored to the entity Focused on loss minimization vs. Also focused on value creation Mainly hard controls vs. Recognizing culture & attitude Imposed vs. Implemented organically Stand-alone / “bolt-on” vs. Integrated / ”built-in” Static, out-of-date vs. Dynamic, evolving Seen as overhead vs. Seen as a sound investment Abandoned vs. Integrated in governance
  • 9. Page 9 | Confidential and Proprietary Information Global Crisis Global Crisis, according to IFAC research, was caused by:  Ethical flaws  Governance, risk management in name, but not in spirit  Regulatory overload, leading to legalistic compliance  Risk & control systems too narrowly focused on only financial reporting controls Conclusions from the crisis:  Entities should take a broader approach in risk management & internal control  Appropriate application of risk management & internal control standards and principles is often the problem
  • 10. Page 10 | Confidential and Proprietary Information Current Thinking
  • 11. Page 11 | Confidential and Proprietary Information Current Thinking About Risk The safest place for a ship… … is to stay in the harbor But that’s not what ships were made for…
  • 12. Page 12 | Confidential and Proprietary Information … Instead, ships were made to transport people & goods to other destinations… … And that involves risk… So, what is risk? • Risk is nowadays defined as “the effect of uncertainty on (setting and achieving) the entity’s objectives” (ISO 31000) • No Objectives = No Risk. Therefore, risk should always be assessed in light of (setting and achieving) the entity’s objectives! Current Thinking About Risk
  • 13. Page 13 | Confidential and Proprietary Information Current Thinking About Risk Management Q: “How does your entity address uncertainty in achieving its strategic objectives?” A: “Through our strategic management system;” – Line management engaged in plan-do-check-act cycle – Focused on achieving the entity’s objectives Q: “How does your entity address risk?” A: “Through our risk management system;” – (separate) risk and control system, staff functionaries, risk register – Focused on mitigating risk
  • 14. Page 14 | Confidential and Proprietary Information What does this example tell us? • That we, risk management professionals, have made great progress in the area of risk management & internal control… • …But that we, in the process, lost the other people in our entity! Risk Management Rest of the entity Current Thinking About Risk Management
  • 15. Page 15 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management
  • 16. Page 16 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players 2. Captain 3. Coach 4. Referee 5. FIFA
  • 17. Page 17 | Confidential and Proprietary Information Five lines of defense: Current Thinking About Risk Management 1. Players (Operational Staff) 2. Captain (Supervisor /Line Manager) 3. Coach (Risk Manager) 4. Referee (Internal Auditor) 5. FIFA (SAI / External Auditor) Line Support
  • 18. Page 18 | Confidential and Proprietary Information Current Thinking About the Risk Manager Biggest risk facing an entity: Disconnect between those responsible for achieving strategic objectives vs. those responsible for managing risk Solution: Making those responsible for achieving strategic objectives also responsible for managing related risks! Key objective for risk manager is to ensure that risk management is fully integrated in line management!
  • 19. Page 19 | Confidential and Proprietary Information Current Thinking About Internal Control Hindering the entity Enabling the entity Good internal control = The Invisible Hand From To
  • 20. Page 20 | Confidential and Proprietary Information COSO Frameworks (also adopted by INTOSAI)
  • 21. Page 21 | Confidential and Proprietary Information 2013 COSO Internal Control Cube
  • 22. Page 22 | Confidential and Proprietary Information 2004 COSO ERM Cube Will be revised soon!
  • 23. Page 23 | Confidential and Proprietary Information COSO IC vs. COSO ERM
  • 24. Page 24 | Confidential and Proprietary Information ISO 31000 Risk Management Standard
  • 25. Page 25 | Confidential and Proprietary Information ISO 31000 Principles, Framework & Process
  • 26. Page 26 | Confidential and Proprietary Information ISO 31000 Risk Management Principles • Creates Value • Integral Part of Organizational Processes • Part of Decision-Making • Explicitly Addresses Uncertainty • Systematic, Structured & Timely • Based on “Best Available Information” • Tailored • Considers Human & Cultural Factors • Transparent & Inclusive • Dynamic, Iterative & Responsive to Change • Facilitates Continuous Improvement
  • 27. Page 27 | Confidential and Proprietary Information ISO 31000 Risk Management Framework
  • 28. Page 28 | Confidential and Proprietary Information ISO 31000 Risk Management Process To be applied in every decision making process and subsequent execution!
  • 29. Page 29 | Confidential and Proprietary Information COSO ERM vs. ISO 31000 Many entities use both COSO ERM & ISO 31000… … Biggest challenge is that concepts are not aligned COSO ISO 31000 Lengthy vs. Short Focused on ERM vs. General approach to managing risk One cube vs. Principles, framework & process Skewed to negative vs. Risk can be positive or negative Risk already exists vs. Risk tied to achieving objectives Risk & opportunities vs. Opportunities also source of risk More sequential process vs. More iterative process
  • 30. Page 30 | Confidential and Proprietary Information Risk Management & Internal Control Maturity
  • 31. Page 31 | Confidential and Proprietary Information RM/IC Maturity Levels
  • 32. Page 32 | Confidential and Proprietary Information • Is not to have effective controls… • Is not to effectively manage risk… But to • Properly set & achieve its objectives • Avoid too many surprises along the way • And create sustainable value Main Objective of a Public Sector Entity
  • 33. Page 33 | Confidential and Proprietary Information Argument for Integrating Risk Management & IC • So, risk management & internal control are not objectives in themselves, but means to an end… … Making sound (SWOT) decisions and execute subsequent actions to achieve the entity’s objectives without surprises! … Risk management & internal control should therefore be fully integrated into a public sector entity's overall system of management, including governance, strategy development and planning, operations, reporting, and accountability
  • 34. Page 34 | Confidential and Proprietary Information Risk Is Inherent to Setting Your Objectives
  • 35. Page 35 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 1
  • 36. Page 36 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 2 Strategic, tactical, and operational planning & control cycles A P D C
  • 37. Page 37 | Confidential and Proprietary Information Achieving Your Objectives Through Planning & Control 3
  • 38. Page 38 | Confidential and Proprietary Information RM/IC Integral to Achieving Your Objectives
  • 39. Page 39 | Confidential and Proprietary Information • Use the Frameworks • Consider good practice developments • Perform gap analysis • Determine performance • Look at audit results • Analyze serious flaws • … • Continuously move to improvement! Thoughts on Assessing RM/IC Maturity
  • 40. Page 40 | Confidential and Proprietary Information CGR “Call to Action”
  • 41. Page 41 | Confidential and Proprietary Information CGR “Call to Action” CGRs play important roles in implementing good risk management & internal control in public sector entities: • Build subject-matter-expertise regarding RM/IC (incl. INTOSAI standards & guidance, COSO Frameworks, ISO 31000) • Educate the governing bodies, audit committees, management teams & staff of the relevant public sector entities • Champion the importance of good RM/IC: fully integrated in the entity’s overall system of management • Support public sector entities through the provision of high-quality assurance, advice & insight
  • 42. Page 42 | Confidential and Proprietary Information CGR’s Role - #1 Champion importance of good risk management: • CGRs communicate with public sector entity’s leadership • Attitude and actions of CGR sets tone for good risk management in public sector entities • Promote integrating risk management into line management of a public sector entity! • Most important element: making RM/IC part of every decision making process and subsequent execution in the entity!
  • 43. Page 43 | Confidential and Proprietary Information CGR’s Role - #2 Support line management by providing high- quality assurance, advice & insight: • Decisions should only be taken with explicit understanding of related risks and their potential consequences for achieving an entity’s objectives • Therefore, decision makers require relevant and reliable information for their decision making and control processes
  • 44. Page 44 | Confidential and Proprietary Information Key Take Aways • There are many flaws in current risk management and internal control practice • Achieving the entity’s objectives is the overall goal; risk is inherent part of that • Risk management should, therefore, be fully integrated in the entity’s system of management • CGRs support RM/IC in various ways in the public sector entities they oversee • IFAC supports professional accountants / CGRs • However, no matter the guidance provided…
  • 45. Page 45 | Confidential and Proprietary Information There will always be some … … who do it their own way!