The Central Harmonisation function

Transcription

1 1

2 The Central Harmonisation function The role and content of the central harmonisation function (CHF) is not a new topic, but there has been little guidance material available as to the nature of its duties. The CHF exists in some form, in every Member State, depending upon several factors such as the maturity level of the PIC system or the legal and cultural tradition of the Member State. This Discussion Paper aims to create a common understanding of the role of the CHF, provide an overview of the possible tasks of the CHF and to spark discussion on its role and future challenges. It starts with a short historical overview on how the CHF evolved from the beginning and then it gives an overview how this function is implemented in the Member States and how the challenges of the CHF are changing over time. 2

3 TABLE OF CONTENTS 1. INTRODUCTION CHF DEVELOPMENT AND CURRENT STATUS POSSIBLE ROLES OF THE CHF: BEST PRACTICES TOPICS FOR DISCUSSION... 7 ANNEX

4 1. INTRODUCTION Public Internal Control Systems are in place in all Member States, in a variety of different setups. The Position Paper No. 1 Principles of Public Internal Control and the Discussion Paper No. 5 Towards an optimal Internal Control Environment describe the control and accountability dimensions in relation to PIC. When implementing the Internal Control principles and toolkits in practice, one is faced with the question how to ensure homogeneous application in different public sector organisations? Naturally this would require some kind of central coordination in order to achieve similar approaches and desired levels of quality. There have been various solutions. On the one hand, based on EU Accession requirements, the Member States that joined since 2004 had the function centralised, in an administrative structure known as the Central Harmonization Unit. On the other hand, in the remainder of the Member States, the coordination roles are not always contained within one structural unit, however the corresponding co-ordination function does exist. Mostly this function can be found within the Ministry of Finance. Given the various approaches of setup, this document makes reference not to the "unit" but to the Central Harmonisation Function (CHF). The main role of the CHF is to support the development of the Internal Control framework and Internal Audit in the public sector. Naturally the nature of the work is very much dependent on the maturity, setup and effectiveness of the Internal Control system in a particular Member State. As regards the Internal Control framework it firstly relates to the tradition, approaches and culture of the public sector. Secondly, there may be a need or pressure from the environment (economic, political, cultural, EU driven) to apply changes or to introduce new practices regarding control or accountability measures. CHF activities towards Internal Audit depend on, or are influenced by, policy initiatives that may have been taken in relation to internal auditing. For example, if there are requirements set for audit work and coverage, there may be a need to foresee and implement qualitative changes such as adapting audit standards or certification requirements. Those decisions are for the Member State to take and they create the environment within which the CHF activities are carried out. It is clear from the preceding, that in relation to PIC and CHF, there is no universal one size fits all model and countries need to adapt the CHF to their own legal and administrative environment. The aim of this Discussion Paper is to: create a common understanding of the nature of the CHF; provide an overview of the (possible) tasks of the CHF; based on best practice within the EU; spark discussion of the role of the CHF and challenges the CHF is facing. 4

5 2. CHF DEVELOPMENT AND CURRENT STATUS During the EU Accession negotiations, the Chapter on Financial Control 1, with regard to the requirement on PIFC, presented the set-up of a Central Harmonisation Unit. The motivation for setting up such a unit was essentially as follows: Given the length of time required to fully implement PIFC and the scope of the task of harmonising the approach across all levels of government, it is vital to have in place a central structure referred to as the Central Harmonisation Unit (CHU) that is empowered to manage the development of PIFC. The CHU is responsible for developing and promoting internal control and audit methodologies on the basis of internationally accepted standards and best practice and for co-ordinating the implementation of new legislation on managerial accountability (financial management and control systems) and internal audit. The CHU is best placed in the Ministry of Finance. This is the logical choice because the issue of adequate internal control is at the heart of sound financial management of the national budget. A CHU is such a fundamental condition to the successful introduction and development of PIFC that in reality the concept has become part of PIFC itself. 2 The added value of establishing CHUs in the process of Accession emerged from the fact that a central Contact Point was created with an overall view on PIC reforms in the country and it became a centre of excellence on Internal Control. With the support of the CHU, Internal Control reforms were implemented to meet the Accession criteria and to ensure better governance. CHF activities are dependent on the system maturity. As outlined above, the public sector environment is different across Member States and thus the roles of the CHF may also differ significantly. There are countries where there is a need for reengineering the Internal Control framework; requiring the CHF to concentrate on developing and updating Internal Control principles, toolkits and guidance for internal auditors. In other countries the scope of the CHF is more on maintaining and updating frameworks to match internationally recognised good practice. There are situations where the active work of the CHF during the last decade has produced tangible results; for example, where improvements have already been introduced and enforced in the Internal Control framework, the Internal Audit area is regulated in detail (up to the certification requirements), and therefore there is limited need for further additional measures. There are also countries where, on a political level or top managerial level, the requisition for CHF services is limited. This can be due to the fact that the current system is perceived as performing well and thus there is no real need to upgrade the Internal Control framework (as this carries the risk of creating an additional administrative burden). However the most common scenario is that the actual PIC system still needs maintenance and/or improvements to ensure compatibility with international good practice, and the CHF is tasked with developing proposals that would lead to increased efficiency and effectiveness in the public administration. 1 Chapter 28 until 2004, and Chapter 32 thereafter 2 Welcome to the World of PIFC, European Commission

6 3. POSSIBLE ROLES OF THE CHF: BEST PRACTICES What are the tasks that the CHF must do, could do or should do? When we look into the practical activities of the CHF, a difference must be made between the possibilities to develop the two areas Internal Audit and Internal Control systems. The CHF is likely to have more possibilities to develop the Internal Audit environment, also in the situation where there is no particular requisition from the political level. There might be also possibilities for synergy through working together with partners who have mutual interest especially if the local IIA Chapter is active and provides effective support through cooperation, training etc. The pillar of Internal Control might be substantially more difficult for the CHF to touch upon. This is due to the seemingly simple question who regulates the Internal Control framework? In reality the majority of elements falling under the Internal Control System are prepared by a variety of policy units. Public expenditure reform might be prepared by the State Budget department, updates to the procurement rules are issued by the responsible unit, changes in the accounting rules are prepared by the Accounting Policy unit, the new IT security rules might come from the Ministry of Economy etc. This leads to the conclusion that there is often no single point that can encompass all activities in relation to the rules and guidance for implementation of all aspects falling under the general umbrella of Internal Control However there are opportunities for the CHF to coordinate all of these various activities. This Discussion Paper tries to collect and systemise the possible content of activities of the CHF. Although an exact list of activities for the CHF cannot be drawn, as it will depend on the particular circumstances, a typical list of CHF tasks could look as follows: 1. legislation on PIC; 2. guidance on PIC; 3. assessment of the PIC system; 4. legislation on internal audit; 5. standards for internal audit; 6. certification of internal auditors (as a policy department); 7. guidance on internal audit; 8. training system for PIC and internal auditors; 9. coordination and networking. More details explanations are given in the Annex which is presented in three columns. The first column describes the tasks of the CHF, the second explains the desired outcome of the activity and the third indicates possible follow-up activities. The list of tasks in the Annex is also divided into three parts. The first tasks are connected to developing the Internal Control framework; the second set of tasks deals with CHF activities aimed at enhancing Internal Audit activities; and the third covers tasks of a more general CHF nature. 6

7 It should be emphasised that these tasks are not mandatory, but represent best practices that have been identified in the EU Member States. The list in the Annex is open for discussion; there might be additional roles to be added or some to be removed. The Annex serves to outline the particular tasks of the CHF in more detail, aims to provide additional indication what could be expected from the CHF and may help to harmonise the approach towards CHF among the EU TOPICS FOR DISCUSSION Do you think that a coordination and harmonisation function is essential for an effective PIC System? If not, what alternative would you suggest? Any other activities that could be added to the list of CHF activities, as currently set out in the Annex? Do you think that one or more of the activities listed in the Annex are not proper to the CHF? 7

8 ANNEX CHF tasks related to the Internal Control Framework 1. Legislation on PIC a) Drafting relevant legislation where the particular areas are in the field of responsibility of the CHF. At the first stage of introducing PIC reform e.g. in the case of applicant countries a gap analysis should be done to identify the areas which need development. This could be the basis of drafting framework legislation on PIC. b) Cooperate with responsible policy units by recommending modifications to legislation which is connected to PIC (e.g. managerial accountability in a wider meaning, accounting, contracting, ethics etc). The relevant legislation is in place in relation to Public Internal Control across the public sector. The thematic legislation prepared by policy units (e.g. accounting, procurement etc) includes necessary internal control elements. All substantial elements of PIC that would need to be present in legislation are included in the respective law and regulations. Periodic monitoring of the legal framework to establish if some provisions need to be amended or added. c) Legal harmonisation with EU regulations where new PIC elements have to be introduced into national legislation. 8

9 CHF tasks related to the Internal Control Framework 2. Guidance on PIC Depending on the legal requirements, the following guidance or manuals can be developed by the CHF: a) Outlining the Internal Control Principles, and general guidance what the concept encompasses, the main elements of control set-up that have to be (or should be) in place in any given administration. b) Elaborating national standards for PIC to facilitate the implementation of the approach by the public administration. c) Outlining the main principles for evaluating and auditing the Internal Control System how to measure the sufficiency and effectiveness of Internal Control. Including self-assessment tools. d) Guidance on how to understand and approach the concept of Governance, particularly in the national context. e) Guidance on risk management (risk-assessment, mitigation of risks, follow-up, responsibilities of managers). f) Elaborating templates for audit trails, reporting, declaration of assurance of managers etc. Production and distribution of relevant manuals and guidance documents. Training programmes and advisory services to top managers (tone at the top for implementation), to middle-level managers (practical implementation) and to internal auditors (auditing the implementation). As a result the aforementioned officials are equipped with adequate technical knowhow to put the PIC rules into practical use within their respective working procedures. Continuous monitoring if there are elements that need to be updated or new methodologies available that would be worthwhile to replace the old ones. Providing follow-up training that addresses gaps identified. 9

10 CHF tasks related to the Internal Control Framework 3. Assessment of the PIC systems Annually carrying out an assessment or providing a viewpoint on the overall level of Internal Control systems and of arrangement for the Internal Audit function. Regular (annual) reporting on the state of play of the PIC system (how it is established and operating in the public sector) to relevant bodies (reporting line from bottom upwards) final recipient could be the Government or the Parliament. An assessment on the completeness and functioning of the PIC environment and Internal Audit in the public sector. If needed, it could outline the additional measures that should be considered in the future. Periodical monitoring of the Internal Control framework and the Internal Audit environment to gain assurance that necessary elements continue to be in place and function as foreseen, and that previously identified gaps are plugged. CHF tasks in relation to Internal Audit 4. Legislation on Internal Audit Drafting legislation in relation to Internal Audit activities. Taking into consideration the specific national approach; if all the relevant aspects are described in the legislation or, for example, if the IIA Professional Practice Framework or other recognised Standards are made mandatory. Internal Audit activities are comprehensively regulated, allowing internal auditors to independently and effectively carry out their duties and thus provide assurance to the Board/Audit Committee/Management regarding the functioning of the organisation and advice for further development. Monitoring the situation and proposing amendments to the Internal Audit legislation when needed. 10

11 CHF tasks in relation to Internal Audit 5. Standards for Internal Audit Deciding on the use of auditing standards (in case the legislation is not explicit). The approaches may vary; audit could be performed according to national standards, IIA or INTOSAI. Also, it must be made clear if the standards are mandatory or if they are to be treated as guidance to be followed. Comprehensive and regulated system for the use of standards in order to ensure the high quality of audit work and homogeneous approach throughout the public sector. Where applicable, there should be a system for regular (internal and external) quality assessments. Continuous monitoring regarding the use and compliance with the applicable standards. 6. Certification of Internal Auditors Establishing policies regarding the certification of Internal Auditors. This requirement is optional but different Member States can opt for it in order to help assure the quality and competence levels of internal auditors. For choosing the certification method, different possibilities could be considered: a) it can be done internally by the CHF, b) it might be outsourced, c) the IIA exams might be made mandatory, d) the exams for Chartered Accountants (private sector auditors) might be used. Establishment of a system for internal auditors to participate in preparatory training and subsequently take exams for certification. Adequate training for internal auditors and (national) certification programme. Continuous management of the training and certification system to ensure the inclusion of new internal audit staff and the continuous professional education for already certified auditors (possibly also for retaining the certification). 11

12 CHF tasks in relation to Internal Audit 7. Guidance on Internal Audit Providing or outsourcing different audit manuals, starting from more general ones like performance audit through to specific ones like procurement, audit of accounts etc. The presence of relevant guidance for internal auditors (including auditors working with EU funds) to carry out the work in the best possible way. Periodical review of the guidance/manuals (including feedback form auditors) to see if updates are needed. CHF general tasks 8. Training Establishing the framework of regular and sustainable training for PIC topics and for internal auditors. Elaboration of new training courses and materials, training of trainers, co-operation with universities and other educational organisations etc. It should be clear that the provision of training is not a primary role of the CHF; rather it should act as coordinator of training policy. In case the local IIA chapter and private training institutes provide adequate level of training then the CHF involvement in providing training can be limited. If others can t provide adequate training then a more hands-on CHF involvement may be considered. Adequate and sustainable training possibilities in relation to PIC and internal audit activities. Continuous oversight of the training market situation and/or sustainable running of the CHF organised training programme. 12

13 CHF general tasks 9. Coordination and Networking Different reporting, coordination and information exchange activities: a) Organising the information exchange for and between internal auditors. b) Establishing and maintaining oversight committee(s) for PIC. c) Organising conferences, seminars. d) Identification and promotion of good practices. e) Advising and helping the budgetary institutions to develop well-functioning internal control systems. f) Contact point for the European Commission. g) Networking with other CHFs, through the PIC network or directly with other Member States, to exchange experiences. h) Promoting relations and networking (information exchange and co-operation) with the local IIA chapter, organisation for Chartered Accountants, National Audit Office, Financial Inspection (if it exists) etc. The information distribution and exchange between Internal Auditors and persons involved with PIC on a procedural level has been ensured. Establishment of the CHF as a Centre of Excellence on Internal Control. Continually seek for areas of development in better information exchange. 13

14 CHF general tasks i) Promoting Public Internal Control and Internal Audit and raising awareness. j) Maintaining an Ethical Committee for supporting the independence of auditors. etc. 14