This document summarizes a presentation on internal control and risk management for public agencies. It discusses key factors like having control led by top authority and involving all processes. It outlines components of internal control like setting goals, risk identification, evaluation and response. Elements of control environment are examined. The role of the internal auditor in promoting internal control design and implementation is discussed. A model for risk-based internal control design and self-evaluation is presented. Active participation and buy-in from all levels is emphasized for effective internal control.

1. 1 INTERNATIONAL CONSORTIUM ON GOVERNMENTAL FINANCIAL MANAGEMENT (ICGFM), 24TH ANNUAL INTERNATIONAL CHALLENGES OF THE INTERNAL AUDITOR IN THE DESIGN AND IMPLEMENTATION OF INTERNAL CONTROL AND RISK MANAGEMENT OF PUBLIC AGENCIES FACILITATOR: MARIO ANDRADE MIAMI, MAY, 2010

2. 2 GOAL AND METHODOLOGY: SHARE A MODEL OF INTERNAL CONTROL BASED ON RISK MANAGEMENT, APPLICABLE TO ANY PUBLIC OR PRIVATE ENTITY; WITH OR WITHOUT GREATER STATISTICAL INFORMATION.. IT WILL BE MOSTLY PRACTICE.

3. 3 QUESTION 1 HOW MUCH DO YOU KNOW ABOUT INTERNAL CONTROL? A LOT A LITTLE NOTHING

4. 4 QUESTION 2 HOW MUCH DO YOU KNOW ABOUT INTEGRAL RISK MANAGEMENT? A LOT A LITTLE NOTHING

5. 5 KEY FACTORS IN INTERNAL CONTROL AND RISK MANAGEMENT IT SHOULD BE LED BY THE HIGHEST AUTHORITY IT COMMITS THE WHOLE ORGANIZATION IT INVOLVES ALL PROCESSES AND ACTIVITIES IT ALLOWS MEETING GOALS EFFICIENTLY AND ETHICALLY IT PROVIDES RELIABLE, USEFUL INFORMATION IT PROMOTES ENFORCEMENT OF STANDARDS IT SAFEGUARDS RESOURCES IT INCREASES GOVERNABILITY IT IMPROVES ACCOUNTABILITY IT DOES NOT ELIMINATE RISKS OF MISTAKES AND IRREGULARITIES IC MAY CHANGE IN A VERY SHORT TIME

6. 6 “Withself-discipline, anythingispossible.” Teodoro Roosevelt

7. 7 MEETING GOALS – SATISFIED USERS COMPONENTS OF INTERNAL CONTROL AND RISK MANAGEMENT CONTROL ENVIRONMENT SETTING OF GOALS C O MM U N I C A T I O N S U P E R V I S I O N I N F O R M A T I O N IDENTIFICATION OF EVENTS EVALUATION OF RISKS RESPONSE TO RISKS AND CONTROL ACTIVITIES RESULT

8. 8 ELEMENTS OF THE CONTROL ENVIRONMENT INTEGRITY AND ETHICAL VALUES PHILOSOPHY AND STYLE OF HIGHEST LEADERSHIP ADMINISTRATIVE BOARD AND COMMITTEES ORGANIZATION AND PROCESSES MANAGEMENT OF HUMAN RESOURCES ACCOUNTABILITY

9. 9 POINTS TO EVALUATE – CONTROL ENVIRONMENT (1 of 2)

10. 10 POINTS TO EVALUATE – CONTROL ENVIRONMENT (2 of 2)

11. 11 QUESTION 3 HOW TO QUALIFY THE COMMITTMENT OF THE HIGHEST AUTHORITY OF YOUR INSTITUTION TO STRENGTHEN INTERNAL CONTROL? VERY COMMITTED SOMEWHAT COMMITTED NO COMMITMENT

12. 12 POINTS TO EVALUATION – INFORMATION AND COMMUNICATION

13. 13 POINTS TO EVALUATE -- SUPERVISION

14. 14 QUESTION 4 WHAT DO YOU THINK THE ATTITUDE OF THE INTERNAL AUDITOR SHOULD BE TOWARD THE DESIGN AND IMPLIMENTATION OF INTERNATL CONTROL – IC? RECOMMEND THE DESIGN AND IMPLIMENTATION OF IC DISSEMINATE THE LEGAL AND CONCEPTUAL FRAMEWORK OF IC PROMOTE (push) THE DESIGN, IMPLILMENTATION AND SELF-EVALUATION OF IC

15. 15 SETTING OF GOALS IDENTIFICATION OF EVENTS EVALUATION OF RISKS RESPONSE TO RISKS CONTROL ACTIVITIES PROCESS FOR RISK MANAGEMENT

16. 16 POINTS OF CONTROL – SETTING GOALS STRATEGIC, OPERATIONAL, INFORMATIONAL AND ENFORCEMENT GOALS SPECIFIC GOALS AT EACH LEVEL ALIGNMENT OF INSTITUTIONAL GOALS WITH NATIONAL GOALS, MISSION… INDICATORS, REPORTS DISSEMINATION EVALUATION

17. 17 POINTS OF CONTROL – IDENTIFICATION OF EVENTS PARTICIPATION OF INTERNAL AND EXTERNAL EXPERTS STATISTICAL OR QUALITATIVE INFORMATION EXTERNAL EVENTS: Polítical, social, economic, environmental, technological INTERNAL EVENTS: Human, financial, and technologicalresources; processes, infrastructure INVENTORY OF EVENTS ASSOCIATED WITHGOALS

18. 18 GOAL. INCREASE USER SATAISFACTION BY 25%. EXTERNAL EVENTS POLITICAL CONTROL THREATS, BLACKMAIL, OFFERS LACK OF CREDIBILITY BAD PRACTICES ACCEPTED BY SOCIETY AND PROFESSIONS OBSOLETE OR INSUFFICIENT LEGAL PROVISIONS LACK OF ALLOCATION OF RESOURCES LACK OF TRANSPARENCY OF THE SYSTEM INSUFFICIENT USE OF TECHNOLOGY AND NEW PROVISIONS NO COORDINATION AMONG LAW-ENFORCEMENT AGENCIES GOVERNMENT AGENCIES AND INEFFICIENT CONTROL SOCIETY WITHOUT TOOLS TO EXERCISE SOCIAL CONTROL GENERAL RESISTENCE TO CHANGE ….

19. 19 GOAL. INCREASE USER SATAISFACTION BY 25%. INTERNAL EVENTS DEFICIENT SYSTEM OF HUMAN RESOURCES UNETHICAL BEHAVIOR OF PERSONNEL LACK OF PROFESSIONAL COMPETENCE LOW SALARIES INADEQUATE ORGANIZATION ABSENCE OF PROCESSES AND PROCEDURES WITH INDICATORS LACK OF ADEQUATE, TIMELY SUPERVISION NO SANCTIONS APPLIED OR RULES MAKE APPLICATION DIFFICULT LACK OF INVESTIGATION PLANS INVESTIGATION WITHOUT INTENSIVE USE OF TECHNOLOGY NEW FORMS OF INVESTIGATION HAVE NOT BEEN INCORPORATED INADEQUATE OR INSUFFICIENT RESOURCES AVAILABLE ……

20. 20 POINTS OF CONTROL – EVALUATION OF RISKS MEASURE PROBABILITY MEASURE IMPACTS PREPARE THE RISK MAP WITH THE PARTICIPATION OF THOSE DIRECTLY INVOLVED RISK MANAGEMENT MUST BE STARTED EVEN WITHOUT STATISTICAL INFORMATION

21. 21 RISK MAP E X P L I C A C I Ó N Excess of acceptablerisk Impact LowMediumHigh Withinacceptablerisk LowMediumHigh Probability

22. 22 “THE APPROACH THAT WE HAVE TAKEN IN FINANCIAL AND BUSINESS RISK IS TO TRY TO QUANTIFY WHAT WE CAN AND NOT NECESSARILY WORRY ABOUT EVERYTHING THAT WE CANNOT CAPTURE IN OUR MEASUREMENTS” DIRECTOR OF CORPORATE FINANCES MICROSOFT CORP. 2006

23. 23 POINTS OF EVALUATION – RESPONSE TO RISKS ACCEPT PREVENT SHARE REDUCE LEAVE EVIDENCE OF COMMITMENTS

24. 24 POINTS TO EVALUATE – CONTROL ACTIVITIES ACTIONS TO MITIGATE RISKS REDUCE MISTAKES OR IRREGULARITIES RAISE THE POSSIBILITY OF MEETING GOALS POINTS OF INTERNAL CONTROL, NOT ONLY FINANCIAL AND ADMINISTRATIVE, BUT RATHER MISSION OPERATIONS POINTS OF SOCIAL CONTROL INSPECTIONS, VERIFICATIONS, CONCILIATIONS, CONFIRMATIONS, SUPERVISION, INFORMATION, ACCOUNTABILITY, SEPARATION OF FUNCTIONS, ELECTRONIC AND MANUAL CONTROLS…

25. 25 CONTROL ACTIVITIES CODE OF ETHICS FULLY APPLIED – EXAMPLE OF AUTHORITIES ETHICS COMMITTEE AT WORK TO HANDLECOMPLAINTS FACILITATE THE RESPONSIBLE SUBMISSION OF COMPLAINTS TRANSPARENT SYSTEM OF HUMAN RESOURCE MANAGEMENT ORGANIZATION BY PROCESSES COMPLETE MANUAL OF PROCESSES AND PROCEDURES INTEGRATED SYSTEM OF INVESTIGATION AND ACCUSATION USE OF TECHNOLOGY IN THE PRE-PROCESS AND PROCESS STAGES OBJECTIVE, PERMANENT SUPERVISION USE OF INDICATORS AND INFORMATION SYSTEMS OBJECTIVE EVALUATIONS AND PROFESSIONAL CAREERS GOVERNMENTPOLICY TO PROVIDE RESOURCES** MODERNIZE THE RULES ** ……

27. ACCEPTABLE RISK: 95%; RISK TOLERANCE: 5%RESPONSE: P= Prevent A = Accept R = Reduce S = Share H = High 3 M = Medium 2 L= Low1 26 26

28. 27 QUESTION 5 DO YOU BELIEVE THAT YOU CAN PROMOTE STRENGTHENING OF THE INTERNAL CONTROL OF YOUR ENTITY? YES NOT VERY LIKELY NO

29. Model for the design and self-evaluation of a System of Internal Control based on Risk Management See Example 28

30. 29 NO ONE LIKES CONTROL, BUT IF ITS POSITIVE EFFECTS ARE PROVEN, PEOPLE CAN TOLERATE IT AND SUPPORT ITS APPLICATION

31. 30 Thanks very much for your attention! mgandradet@gmail.com