Successfully reported this slideshow.
1<br />INTERNATIONAL CONSORTIUM ON GOVERNMENTAL FINANCIAL MANAGEMENT (ICGFM), 24TH ANNUAL INTERNATIONAL <br />CHALLENGES O...
2<br />GOAL AND METHODOLOGY:<br />SHARE A MODEL OF INTERNAL CONTROL BASED ON RISK MANAGEMENT, APPLICABLE TO ANY PUBLIC OR ...
3<br />QUESTION 1<br />HOW MUCH DO YOU KNOW ABOUT INTERNAL CONTROL? <br />A LOT<br />A LITTLE<br />NOTHING<br />
4<br />QUESTION 2<br />HOW MUCH DO YOU KNOW ABOUT INTEGRAL RISK MANAGEMENT? <br />A LOT<br />A LITTLE<br />NOTHING<br />
5<br />KEY FACTORS IN INTERNAL CONTROL AND RISK MANAGEMENT<br />IT SHOULD BE LED BY THE HIGHEST AUTHORITY <br />IT COMMITS...
6<br />“Withself-discipline, <br />anythingispossible.”<br />Teodoro Roosevelt<br />
7<br />MEETING GOALS – SATISFIED USERS <br />COMPONENTS OF INTERNAL CONTROL <br />AND RISK MANAGEMENT<br /> CONTROL ENVIRO...
8<br />ELEMENTS OF THE CONTROL ENVIRONMENT <br />INTEGRITY AND ETHICAL VALUES                           <br />PHILOSOPHY A...
9<br />POINTS TO EVALUATE – CONTROL ENVIRONMENT (1 of 2)<br />
10<br />POINTS TO EVALUATE – CONTROL ENVIRONMENT (2 of 2)<br />
11<br />QUESTION 3<br />HOW TO QUALIFY THE COMMITTMENT OF THE HIGHEST AUTHORITY OF YOUR INSTITUTION TO STRENGTHEN INTERNAL...
12<br />POINTS TO EVALUATION – INFORMATION AND COMMUNICATION <br />
13<br />POINTS TO EVALUATE -- SUPERVISION<br />
14<br />QUESTION 4<br />WHAT DO YOU THINK THE ATTITUDE OF THE INTERNAL AUDITOR SHOULD BE TOWARD THE DESIGN AND IMPLIMENTAT...
15<br />SETTING OF GOALS<br />IDENTIFICATION OF EVENTS<br />EVALUATION OF RISKS<br />RESPONSE TO RISKS<br />CONTROL ACTIVI...
16<br />POINTS OF CONTROL – SETTING GOALS<br />STRATEGIC, OPERATIONAL, INFORMATIONAL AND ENFORCEMENT GOALS <br />SPECIFIC ...
17<br />POINTS OF CONTROL – IDENTIFICATION OF EVENTS<br />PARTICIPATION OF INTERNAL AND EXTERNAL EXPERTS <br />STATISTICAL...
18<br />GOAL.  INCREASE USER SATAISFACTION BY 25%. EXTERNAL EVENTS<br />POLITICAL CONTROL<br />THREATS, BLACKMAIL, OFFERS	...
19<br />GOAL.  INCREASE USER SATAISFACTION BY 25%. INTERNAL EVENTS<br />DEFICIENT SYSTEM OF HUMAN RESOURCES<br />UNETHICAL...
20<br />POINTS OF CONTROL – EVALUATION OF RISKS<br />MEASURE PROBABILITY  <br />MEASURE IMPACTS	<br />PREPARE THE RISK MAP...
21<br />RISK MAP<br />E<br />X<br />P<br />L<br />I<br />C<br />A<br />C<br />I<br />Ó<br />N<br />Excess of acceptableris...
22<br />“THE APPROACH THAT WE HAVE TAKEN IN FINANCIAL AND BUSINESS RISK IS TO TRY TO QUANTIFY WHAT WE CAN AND NOT NECESSAR...
23<br />POINTS OF EVALUATION – RESPONSE TO RISKS<br />ACCEPT<br />PREVENT<br />SHARE<br />REDUCE<br />LEAVE EVIDENCE OF CO...
24<br />POINTS TO EVALUATE – CONTROL ACTIVITIES<br />ACTIONS TO MITIGATE RISKS <br />REDUCE MISTAKES OR IRREGULARITIES<br ...
25<br />CONTROL ACTIVITIES<br />CODE OF ETHICS FULLY APPLIED – EXAMPLE OF AUTHORITIES<br />ETHICS COMMITTEE AT WORK TO HAN...
MATRIX FOR THE RISK MANAGEMENT PROCESS<br /><ul><li>GOAL: Haverecommendationsmetby 95%
ACCEPTABLE RISK: 95%; RISK TOLERANCE: 5%</li></ul>RESPONSE:<br />P= Prevent             A = Accept<br />R = Reduce        ...
27<br />QUESTION 5<br />DO YOU BELIEVE THAT YOU CAN PROMOTE STRENGTHENING OF THE INTERNAL CONTROL OF YOUR ENTITY? <br />YE...
Model for the design and self-evaluation of a System of Internal Control based on Risk Management<br />See Example<br />28...
29<br />NO ONE LIKES CONTROL, BUT IF ITS POSITIVE EFFECTS ARE PROVEN, PEOPLE CAN TOLERATE IT AND SUPPORT ITS APPLICATION<b...
Upcoming SlideShare
Loading in …5
×

Mario andrade internal controls and risk management english

917 views

Published on

The speaker will cover the progress made in Ecuador in moving towards a risk based approach to public auditing.

Published in: Business, Economy & Finance
  • Be the first to comment

Mario andrade internal controls and risk management english

  1. 1. 1<br />INTERNATIONAL CONSORTIUM ON GOVERNMENTAL FINANCIAL MANAGEMENT (ICGFM), 24TH ANNUAL INTERNATIONAL <br />CHALLENGES OF THE INTERNAL AUDITOR IN THE DESIGN AND IMPLEMENTATION OF INTERNAL CONTROL AND RISK MANAGEMENT OF PUBLIC AGENCIES<br />FACILITATOR: MARIO ANDRADE<br />MIAMI, MAY, 2010<br />
  2. 2. 2<br />GOAL AND METHODOLOGY:<br />SHARE A MODEL OF INTERNAL CONTROL BASED ON RISK MANAGEMENT, APPLICABLE TO ANY PUBLIC OR PRIVATE ENTITY; WITH OR WITHOUT GREATER STATISTICAL INFORMATION..<br />IT WILL BE MOSTLY PRACTICE.<br />
  3. 3. 3<br />QUESTION 1<br />HOW MUCH DO YOU KNOW ABOUT INTERNAL CONTROL? <br />A LOT<br />A LITTLE<br />NOTHING<br />
  4. 4. 4<br />QUESTION 2<br />HOW MUCH DO YOU KNOW ABOUT INTEGRAL RISK MANAGEMENT? <br />A LOT<br />A LITTLE<br />NOTHING<br />
  5. 5. 5<br />KEY FACTORS IN INTERNAL CONTROL AND RISK MANAGEMENT<br />IT SHOULD BE LED BY THE HIGHEST AUTHORITY <br />IT COMMITS THE WHOLE ORGANIZATION <br />IT INVOLVES ALL PROCESSES AND ACTIVITIES <br />IT ALLOWS MEETING GOALS EFFICIENTLY AND ETHICALLY <br />IT PROVIDES RELIABLE, USEFUL INFORMATION <br />IT PROMOTES ENFORCEMENT OF STANDARDS <br />IT SAFEGUARDS RESOURCES<br />IT INCREASES GOVERNABILITY <br />IT IMPROVES ACCOUNTABILITY <br />IT DOES NOT ELIMINATE RISKS OF MISTAKES AND IRREGULARITIES <br />IC MAY CHANGE IN A VERY SHORT TIME<br />
  6. 6. 6<br />“Withself-discipline, <br />anythingispossible.”<br />Teodoro Roosevelt<br />
  7. 7. 7<br />MEETING GOALS – SATISFIED USERS <br />COMPONENTS OF INTERNAL CONTROL <br />AND RISK MANAGEMENT<br /> CONTROL ENVIRONMENT<br />SETTING OF GOALS<br />C<br />O<br />MM<br />U<br />N<br />I<br />C<br />A<br />T<br />I<br />O<br />N<br />S<br />U<br />P<br />E<br />R<br />V<br />I<br />S<br />I<br />O<br />N<br />I<br />N<br />F<br />O<br />R<br />M<br />A<br />T<br />I<br />O<br />N<br />IDENTIFICATION OF EVENTS<br />EVALUATION OF RISKS<br />RESPONSE TO RISKS<br />AND<br />CONTROL ACTIVITIES<br />RESULT<br />
  8. 8. 8<br />ELEMENTS OF THE CONTROL ENVIRONMENT <br />INTEGRITY AND ETHICAL VALUES <br />PHILOSOPHY AND STYLE OF HIGHEST LEADERSHIP <br />ADMINISTRATIVE BOARD AND COMMITTEES <br />ORGANIZATION AND PROCESSES<br />MANAGEMENT OF HUMAN RESOURCES<br />ACCOUNTABILITY<br />
  9. 9. 9<br />POINTS TO EVALUATE – CONTROL ENVIRONMENT (1 of 2)<br />
  10. 10. 10<br />POINTS TO EVALUATE – CONTROL ENVIRONMENT (2 of 2)<br />
  11. 11. 11<br />QUESTION 3<br />HOW TO QUALIFY THE COMMITTMENT OF THE HIGHEST AUTHORITY OF YOUR INSTITUTION TO STRENGTHEN INTERNAL CONTROL? <br /> VERY COMMITTED<br /> SOMEWHAT COMMITTED<br /> NO COMMITMENT<br />
  12. 12. 12<br />POINTS TO EVALUATION – INFORMATION AND COMMUNICATION <br />
  13. 13. 13<br />POINTS TO EVALUATE -- SUPERVISION<br />
  14. 14. 14<br />QUESTION 4<br />WHAT DO YOU THINK THE ATTITUDE OF THE INTERNAL AUDITOR SHOULD BE TOWARD THE DESIGN AND IMPLIMENTATION OF INTERNATL CONTROL – IC? <br />RECOMMEND THE DESIGN AND IMPLIMENTATION OF IC<br />DISSEMINATE THE LEGAL AND CONCEPTUAL FRAMEWORK OF IC <br />PROMOTE (push) THE DESIGN, IMPLILMENTATION AND SELF-EVALUATION OF IC<br />
  15. 15. 15<br />SETTING OF GOALS<br />IDENTIFICATION OF EVENTS<br />EVALUATION OF RISKS<br />RESPONSE TO RISKS<br />CONTROL ACTIVITIES<br />PROCESS FOR RISK MANAGEMENT<br />
  16. 16. 16<br />POINTS OF CONTROL – SETTING GOALS<br />STRATEGIC, OPERATIONAL, INFORMATIONAL AND ENFORCEMENT GOALS <br />SPECIFIC GOALS AT EACH LEVEL <br />ALIGNMENT OF INSTITUTIONAL GOALS WITH NATIONAL GOALS, MISSION…<br />INDICATORS, REPORTS<br />DISSEMINATION <br />EVALUATION <br />
  17. 17. 17<br />POINTS OF CONTROL – IDENTIFICATION OF EVENTS<br />PARTICIPATION OF INTERNAL AND EXTERNAL EXPERTS <br />STATISTICAL OR QUALITATIVE INFORMATION <br />EXTERNAL EVENTS: Polítical, social, economic, environmental, technological<br />INTERNAL EVENTS: Human, financial, and technologicalresources; processes, infrastructure<br />INVENTORY OF EVENTS ASSOCIATED WITHGOALS<br />
  18. 18. 18<br />GOAL. INCREASE USER SATAISFACTION BY 25%. EXTERNAL EVENTS<br />POLITICAL CONTROL<br />THREATS, BLACKMAIL, OFFERS <br />LACK OF CREDIBILITY<br />BAD PRACTICES ACCEPTED BY SOCIETY AND PROFESSIONS<br />OBSOLETE OR INSUFFICIENT LEGAL PROVISIONS<br />LACK OF ALLOCATION OF RESOURCES<br />LACK OF TRANSPARENCY OF THE SYSTEM<br />INSUFFICIENT USE OF TECHNOLOGY AND NEW PROVISIONS <br />NO COORDINATION AMONG LAW-ENFORCEMENT AGENCIES <br />GOVERNMENT AGENCIES AND INEFFICIENT CONTROL<br />SOCIETY WITHOUT TOOLS TO EXERCISE SOCIAL CONTROL<br />GENERAL RESISTENCE TO CHANGE<br />….<br />
  19. 19. 19<br />GOAL. INCREASE USER SATAISFACTION BY 25%. INTERNAL EVENTS<br />DEFICIENT SYSTEM OF HUMAN RESOURCES<br />UNETHICAL BEHAVIOR OF PERSONNEL <br />LACK OF PROFESSIONAL COMPETENCE <br />LOW SALARIES<br />INADEQUATE ORGANIZATION<br />ABSENCE OF PROCESSES AND PROCEDURES WITH INDICATORS<br />LACK OF ADEQUATE, TIMELY SUPERVISION<br />NO SANCTIONS APPLIED OR RULES MAKE APPLICATION DIFFICULT<br />LACK OF INVESTIGATION PLANS<br />INVESTIGATION WITHOUT INTENSIVE USE OF TECHNOLOGY<br />NEW FORMS OF INVESTIGATION HAVE NOT BEEN INCORPORATED<br />INADEQUATE OR INSUFFICIENT RESOURCES AVAILABLE<br />……<br />
  20. 20. 20<br />POINTS OF CONTROL – EVALUATION OF RISKS<br />MEASURE PROBABILITY <br />MEASURE IMPACTS <br />PREPARE THE RISK MAP WITH THE PARTICIPATION OF THOSE DIRECTLY INVOLVED<br />RISK MANAGEMENT MUST BE STARTED EVEN WITHOUT STATISTICAL INFORMATION<br />
  21. 21. 21<br />RISK MAP<br />E<br />X<br />P<br />L<br />I<br />C<br />A<br />C<br />I<br />Ó<br />N<br />Excess of acceptablerisk<br />Impact<br />LowMediumHigh<br />Withinacceptablerisk<br />LowMediumHigh<br />Probability<br />
  22. 22. 22<br />“THE APPROACH THAT WE HAVE TAKEN IN FINANCIAL AND BUSINESS RISK IS TO TRY TO QUANTIFY WHAT WE CAN AND NOT NECESSARILY WORRY ABOUT EVERYTHING THAT WE CANNOT CAPTURE IN OUR MEASUREMENTS”<br />DIRECTOR OF CORPORATE FINANCES <br /> MICROSOFT CORP. 2006<br />
  23. 23. 23<br />POINTS OF EVALUATION – RESPONSE TO RISKS<br />ACCEPT<br />PREVENT<br />SHARE<br />REDUCE<br />LEAVE EVIDENCE OF COMMITMENTS <br />
  24. 24. 24<br />POINTS TO EVALUATE – CONTROL ACTIVITIES<br />ACTIONS TO MITIGATE RISKS <br />REDUCE MISTAKES OR IRREGULARITIES<br />RAISE THE POSSIBILITY OF MEETING GOALS<br />POINTS OF INTERNAL CONTROL, NOT ONLY FINANCIAL AND ADMINISTRATIVE, BUT RATHER MISSION OPERATIONS <br />POINTS OF SOCIAL CONTROL<br />INSPECTIONS, VERIFICATIONS, CONCILIATIONS, CONFIRMATIONS, SUPERVISION, INFORMATION, ACCOUNTABILITY, SEPARATION OF FUNCTIONS, ELECTRONIC AND MANUAL CONTROLS…<br />
  25. 25. 25<br />CONTROL ACTIVITIES<br />CODE OF ETHICS FULLY APPLIED – EXAMPLE OF AUTHORITIES<br />ETHICS COMMITTEE AT WORK TO HANDLECOMPLAINTS<br />FACILITATE THE RESPONSIBLE SUBMISSION OF COMPLAINTS<br />TRANSPARENT SYSTEM OF HUMAN RESOURCE MANAGEMENT<br />ORGANIZATION BY PROCESSES <br />COMPLETE MANUAL OF PROCESSES AND PROCEDURES<br />INTEGRATED SYSTEM OF INVESTIGATION AND ACCUSATION<br />USE OF TECHNOLOGY IN THE PRE-PROCESS AND PROCESS STAGES<br />OBJECTIVE, PERMANENT SUPERVISION<br />USE OF INDICATORS AND INFORMATION SYSTEMS<br />OBJECTIVE EVALUATIONS AND PROFESSIONAL CAREERS<br />GOVERNMENTPOLICY TO PROVIDE RESOURCES** <br />MODERNIZE THE RULES **<br />……<br />
  26. 26. MATRIX FOR THE RISK MANAGEMENT PROCESS<br /><ul><li>GOAL: Haverecommendationsmetby 95%
  27. 27. ACCEPTABLE RISK: 95%; RISK TOLERANCE: 5%</li></ul>RESPONSE:<br />P= Prevent A = Accept<br />R = Reduce S = Share<br />H = High 3<br />M = Medium 2<br />L= Low1<br />26<br />26<br />
  28. 28. 27<br />QUESTION 5<br />DO YOU BELIEVE THAT YOU CAN PROMOTE STRENGTHENING OF THE INTERNAL CONTROL OF YOUR ENTITY? <br />YES<br />NOT VERY LIKELY<br />NO<br />
  29. 29. Model for the design and self-evaluation of a System of Internal Control based on Risk Management<br />See Example<br />28<br />
  30. 30. 29<br />NO ONE LIKES CONTROL, BUT IF ITS POSITIVE EFFECTS ARE PROVEN, PEOPLE CAN TOLERATE IT AND SUPPORT ITS APPLICATION<br />
  31. 31. 30<br />Thanks very much for your attention!<br />mgandradet@gmail.com<br />

×