1 / 22

A responsibility of the Group Leader INTERNAL CONTROL

A responsibility of the Group Leader INTERNAL CONTROL . Core Development Package for CERN Group Leaders 21 June 2011. My objectives. Underline one of your responsibilities ... Partly known , not labelled as Internal control! Clarify what this responsibility consists of

keefer
Download Presentation

A responsibility of the Group Leader INTERNAL CONTROL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A responsibility of the Group Leader INTERNAL CONTROL Core Development Package for CERN Group Leaders 21 June 2011 DG-IA 11-25 Internal Audit

  2. My objectives • Underline one of your responsibilities ... Partly known , not labelled as Internal control! • Clarify what this responsibility consists of • Give hints on how to exercise it • Introduce Internal Audit as one of the many actors of Internal Control Core development package for Group Leaders DG-IA/11-25

  3. A responsibility? • Financial rules – Section 4 : “A management and control system meeting the requirements specified in the provisions of this section shall ensure: • the effectiveness and efficiency of CERN operations, • the reliability of financial reporting and • the compliance with the relevant applicable regulations This system shall be based in particular, on the principles of transparency, integrity and accountability” Core development package for Group Leaders DG-IA/11-25

  4. What is Internal Control ? • In 1992, a group of professionals from all horizons, including public and private sectors, has reflected upon what makes an organization/firm successful? => .i.e. what allows an organization to stay in control of its operations and to reach its objectives? • The result of this research has been published under the title COSO, Internal Control Integrated Framework. • The COSO remains today the reference on issues of governance, risk management and control DG-IA/11-25 Core development package for Group Leaders

  5. What is Internal Control ? COSO definition : “Internal Control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations; • Reliability of financial reporting; • Compliance with laws and regulations.” DG-IA/11-25 Core development package for Group Leaders

  6. Categories of business objectives Compliance with rules & regulations Effectiveness & efficiency of operations Reliability of financial reporting Core development package for Group Leaders DG-IA/11-25

  7. Key players of Internal Control Internal Players: • Council and its bodies • Director-General • Senior Management • Management • Staff Members • Internal Audit External Players: • External Auditors • Third Party Auditors Core development package for Group Leaders DG-IA/11-25

  8. Components of internal control C OPERATIONS FINANCIAL INFO COMPLIANCE B MONITORING A INFORMATION & COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT Core development package for Group Leaders DG-IA/11-25

  9. Control environment • Management’s philosophy and operating style: the tone at the top! • Integrity and ethical values • Assignment of authority and responsibility • Organizational structure • Commitment to competence • Human Resources policies and practices • Ask yourself for your group: • Is the group’s mission statement up to date and are staff aware of it? • Are the responsibility of my group and within my group clearly defined? • Do formal job descriptions and analyses of the required knowledge and skills exist? • Have I communicated regarding acceptable business practice with external parties? Core development package for Group Leaders DG-IA/11-25

  10. Components of internal control C OPERATIONS FINANCIAL INFO COMPLIANCE B MONITORING A INFORMATION & COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT Core development package for Group Leaders DG-IA/11-25

  11. Risk assessment • Setting objectives and identify critical success factors • Identify risks due to internal or external factors • Assess risks and decide on response • Manage changes • Ask yourself for your group: • What could go wrong in our business? • Do we identify critical success factors? • What assets do we need to protect? • Do we anticipate and react to events that might affect the achievement of the group ‘s objectives? • Are we conscious of fraud risks? Core development package for Group Leaders DG-IA/11-25

  12. Components of internal control C OPERATIONS FINANCIAL INFO COMPLIANCE B MONITORING A INFORMATION & COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT DG-IA/11-25 Core development package for Group Leaders

  13. Control activities • The policies and procedures that help ensure management directives are carried out and necessary actions taken to address risks • A diverse range of activities such as approvals, authorizations, verifications, reconciliations, reviews, segregation of duties, controls over information systems etc. • The costs vs. benefits of control activities must be carefully evaluated. • Ask yourself for your group: • Have we set up efficient preventive and detective measures that address risks? • Do we have formally written procedures where appropriate? • Did we set appropriate access rights or protection measures to the data I am responsible for? • Do I exercise adequate supervision? Core development package for Group Leaders DG-IA/11-25

  14. Components of internal control C Operations Financial reporting Compliance B MONITORING A INFORMATION & COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT Core development package for Group Leaders DG-IA/11-25

  15. Information and communication • Reliable and relevant information should be identified, collected and distributed so that people may carry out their responsibilities, make informed decisions. • Effective information must flow down across and up the Organization as well as to external parties. • Ask yourself for your group : • Are necessary reports provided to management on your group’s performance, relative to established objectives? • Does the right information reach the right people at the right hierarchical level in sufficient detail and on time to enable them to carry out their responsibilities ? • Are control duties and responsibilities are effectively communicated? • Do we make outside parties aware of the organization’s ethical or professional standards? • Do we take timely and appropriate action resulting communications received from customers, vendors, regulators or other external parties? Core development package for Group Leaders DG-IA/11-25

  16. Components of internal control C OPERATIONS FINANCIAL INFO COMPLIANCE B MONITORING A INFORMATION & COMMUNICATION CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT Core development package for Group Leaders DG-IA/11-25

  17. Monitoring • The effectiveness, efficiency and reliability of the Internal Control process must be monitored over time by ongoing monitoring activities, i.e. adequate supervision of operations • Separate evaluations (e.g. audits) • Ask yourself for your group : • What gives me , on a regular basis, the assurance that the controls I have put in place actually work? • Do we examine regular reports, key indicators? • Do group meetings provide feedback on whether controls operate effectively? • Do I know what Internal Audit can do for my business? Core development package for Group Leaders DG-IA/11-25

  18. What is Internal Audit? Institute of Internal Auditors definition: “An independent , objectiveassurance and consulting activities designed to add value and improve the Organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.” Core development package for CERN Group Leaders DG-IA/11-25

  19. Sample of Internal Audit engagements • Assurance Reviews • Audit of CHIS • Audit of Qualiac (IT) • Audit of General Infrastructure Consolidation Programme • Audit of the operation of the LHC and its injectors • Audit of Housing Fund • Audit of Outreach • Audit of Communication • Audit of Medium Term Plan and Budget execution • Audit of Space Management • Various ad hoc checks • Consulting services • Risk management system, • Code of conduct, • Stores internal control, • Fraud policy Core development package for Group Leaders DG-IA/11-25

  20. The Fraud issue • No specific framework currently for prevention, reporting and investigation • Recent cases • DG has asked Internal Audit to make a proposal • Project sponsored by Director of Administration & General Infrastructure • In the meantime • Think of fraud risks – they are not just everywhere else! • Contact Internal Audit if in doubt – Confidentiality guaranteed Core development package for CERN Group Leaders DG-IA/11-25

  21. Internal Audit - In other words • We provide an independent and objective assurance directly to the Director-General • We audit processes and not persons and we make value-added recommendations to help you to improve your business • We perform audits according to an annual plan approved by the DG and based on a risk analysis • We work according to International Standards • We follow up on recommendations resulting from audits • We provide consultancy on risk management, internal control and governance. • More info at: http://internal-audit.web.cern.ch/internal-audit/ Core development package for Group Leaders DG-IA/11-25

  22. Thankyou Core development package for Group Leaders DG-IA/11-25

More Related